#Fields: id timestamp timestamp_end time-taken c-ip cs-username c-port r-ip r-port cs-uri cs-bytes sc-bytes cs-bodylength sc-bodylength cs-headerlength sc-headerlength cs(User-Agent) rs(Content-Type) cs-method sc-status cs(Referer) N/A N/A N/A x-risk-score rs(Location) s-action label 1 1489588456.36 1489588458.68 2321 192.168.1.116 - 52886 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KoLvzFTKTNumiSWHv1h6O/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2 1489588650.79 1489588651.42 623 192.168.1.116 - 52887 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dIqnz63CNrgz2vFudIk/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3 1489588843.47 1489588844.08 608 192.168.1.116 - 52888 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/56LiX9LDb8kRZ645TGu/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4 1489589036.2 1489589036.82 620 192.168.1.116 - 52889 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fJV2rZZS2zb7ys0lixAYbXtiio9t/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5 1489589229.95 1489589230.57 619 192.168.1.116 - 52890 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s4t26qsYAczy1wDEeAgu/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6 1489589422.68 1489589423.28 604 192.168.1.116 - 52891 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6TuAlYxGL8Vo77cIcyNgdMYs/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7 1489589615.44 1489589616.06 622 192.168.1.116 - 52892 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I26xL6JiyFZNQybhDM/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 8 1489589808.29 1489589808.91 619 192.168.1.116 - 52893 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9yqN1qTCUgxQr4yY1t4JO2FN/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 9 1489590001.05 1489590001.68 626 192.168.1.116 - 52894 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d8udZNINXlhbRVUZMBxGE6S5Ej8/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 10 1489590193.66 1489590194.27 609 192.168.1.116 - 52895 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AWQ1BvfNfqk5WBWEJWO/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 11 1489590386.28 1489590386.89 606 192.168.1.116 - 52896 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3r7BywuVTkyXr9fUL/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 12 1489590578.84 1489590579.42 574 192.168.1.116 - 52897 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DSx0t9z5zbTaSSArTcVRhebRPvi6ABCI/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 13 1489590771.36 1489590771.94 579 192.168.1.116 - 52898 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mu1jyHBcjT9KyukRLaVdWlsRejN/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 14 1489590963.86 1489590966.21 2346 192.168.1.116 - 52899 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 45261 0 45120 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 14 1489590975.74 1489590976.38 641 192.168.1.116 - 52899 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HtVTWH9SouDVO5Zz4bIoEY/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 15 1489591168.34 1489591168.91 566 192.168.1.116 - 52900 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nlyaF6Kmqu1WPnKCrC6V60MsreFO/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 16 1489591360.83 1489591362.06 1232 192.168.1.116 - 52901 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 16 1489591368.67 1489591369.28 617 192.168.1.116 - 52901 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yo1X0X6r2A3JqV19uiebgLP885Gil/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 17 1489591561.21 1489591561.79 580 192.168.1.116 - 52902 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Vf22j4as94AJRFijcci9nU/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 18 1489591753.71 1489591754.28 576 192.168.1.116 - 52903 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sGF7M3URkvdUWMzfkFVQX8cagfQXa/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 19 1489591946.28 1489591946.89 611 192.168.1.116 - 52904 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AIKo9OJjaE0FcFgZreDNL/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 20 1489592138.84 1489592139.41 572 192.168.1.116 - 52905 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aUYY0q5pC4y458tS6lfmnxHsx/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 21 1489592331.33 1489592331.91 580 192.168.1.116 - 52906 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IIUbW1ednmTxSpXEHWeImwsyQgVcZ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 22 1489592523.82 1489592524.4 576 192.168.1.116 - 52907 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a9PPr5jFjYSKWnZM5bSgfUtG/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 23 1489592716.3 1489592716.88 578 192.168.1.116 - 52908 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WXxdsh5DVqBoXxmJZogCLoaAmuTQx/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 24 1489592908.81 1489592909.39 583 192.168.1.116 - 52909 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TCrj7mvAruRGJxEtaCmUMFaHk2A/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 25 1489593101.31 1489593101.89 577 192.168.1.116 - 52910 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/orZ0sQJj6k4BNZJou234IcgJFyaprJ/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 26 1489593293.84 1489593294.41 567 192.168.1.116 - 52911 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m2WiTRvTkLShHk4jfZRyjEBZTk/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 27 1489593486.35 1489593486.92 568 192.168.1.116 - 52912 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1c71r3x9tBtGo5gSki/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 28 1489593678.87 1489593679.44 570 192.168.1.116 - 52913 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ahYmiXPTt3ECc9Ywb5KJ5fV/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 29 1489593871.39 1489593872.0 610 192.168.1.116 - 52914 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PcxtwE3OFzB4WotE9/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 30 1489594063.95 1489594064.52 569 192.168.1.116 - 52915 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QrvkpwJR4roEdbB1DmGGZ/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 31 1489594256.49 1489594257.07 577 192.168.1.116 - 52916 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XjlMfWGSDumzijKPtRGixkXHoR6/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 32 1489594449.05 1489594449.68 633 192.168.1.116 - 52917 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OYLfMR2Y6vKJHA8H36nrrUPWJZt6Q/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 33 1489594641.63 1489594642.19 567 192.168.1.116 - 52918 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zLwqEpyMoTwLAdtnqMdNh2lGYqm/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 34 1489594834.11 1489594834.7 587 192.168.1.116 - 52919 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fn1DgKDynCZbIPtjfzXXiKGgGotJhD/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 35 1489595026.62 1489595027.2 573 192.168.1.116 - 52920 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AcFzb223sRnB7p9rYQe2U7/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 36 1489595219.15 1489595219.76 607 192.168.1.116 - 52921 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vkzr5UP5PykZe4Q2X1HKICgspwKZ7Zv/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 37 1489595417.71 1489595418.32 609 192.168.1.116 - 52922 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 38 1489595435.06 1489595435.69 634 192.168.1.116 - 52923 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 39 1489595452.47 1489595453.08 614 192.168.1.116 - 52924 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 40 1489595469.85 1489595470.42 569 192.168.1.116 - 52925 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SG8ANgMRstdmamJ2f8EKLQraG4rd/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 41 1489595662.34 1489595662.91 570 192.168.1.116 - 52926 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xsxYY6YAuf5ETF2a8VAJQDchcDL3E/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 42 1489595855.02 1489595855.63 608 192.168.1.116 - 52927 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/63xkQcbAeO3oMgsT6mdIu4sBgtvKq5/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 43 1489596047.55 1489596048.12 569 192.168.1.116 - 52928 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cSh2tiKcHhT5Yh2sitWl7x/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 44 1489596240.08 1489596240.7 614 192.168.1.116 - 52929 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KdjqeXdsBRM1kBMBfQOwXME/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 45 1489596432.55 1489596435.68 3129 192.168.1.116 - 52930 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 45261 0 45120 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 45 1489596444.02 1489596444.57 544 192.168.1.116 - 52930 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b4OR3VqWCP4K6fiv/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 46 1489596636.42 1489596636.95 536 192.168.1.116 - 52931 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PT8g3Kciq9ZKxmN9GnmJV4DeF5oGC/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 47 1489596828.79 1489596829.86 1072 192.168.1.116 - 52932 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 47 1489596836.81 1489596837.37 560 192.168.1.116 - 52932 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9va9etvrXD3sPtX6AYJR/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 48 1489597029.24 1489597029.81 572 192.168.1.116 - 52933 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TaPBR0qZkWmzSFzYlvEdZPUoIrUN/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 49 1489597221.69 1489597222.23 540 192.168.1.116 - 52934 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3NvW9rNiT7WOOimbkrT1KKTZq6q7OTw/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 50 1489597414.02 1489597414.53 512 192.168.1.116 - 52935 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NAKxrS0Aklm30svkZKEeBDB6x/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 51 1489597606.39 1489597606.97 576 192.168.1.116 - 52936 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 51 1489597612.94 1489597613.55 603 192.168.1.116 - 52936 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cQXX3D6bp0OFlsbLxKzlm19EBfm/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 52 1489597805.44 1489597805.98 540 192.168.1.116 - 52937 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CYKLlVpyVKQs3AaHm2kY29lTY9UU/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 53 1489597997.79 1489597998.32 532 192.168.1.116 - 52938 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LFMamAjHzaivtlmsXbjQeBDp/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 54 1489598190.28 1489598190.88 605 192.168.1.116 - 52939 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 55 1489598192.0 1489598192.23 236 192.168.1.116 - 52940 107.21.201.183 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 54 1489598192.44 1489598193.12 682 192.168.1.116 - 52939 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/xVeIkaGEt55wtZ7LhjyQRgY3It5/ 329 517 0 374 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 54 1489598193.75 1489598194.32 573 192.168.1.116 - 52939 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/LNYBOGMWMTHIVO/1/ 221 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 56 1489598197.07 1489598197.69 626 192.168.1.116 - 52941 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 57 1489598200.47 1489598201.08 611 192.168.1.116 - 52942 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 58 1489598202.84 1489598203.46 621 192.168.1.116 - 52943 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 59 1489598206.24 1489598206.81 569 192.168.1.116 - 52944 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sGtW0L9Dvu0iY0rVbHY5cmT/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 60 1489598398.84 1489598399.44 607 192.168.1.116 - 52945 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DIwwy205g045q1eKs/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 61 1489598591.42 1489598591.99 569 192.168.1.116 - 52946 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b6tfAtKmUsnxJwmXIQThNBRLoeFW/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 62 1489598783.97 1489598784.58 605 192.168.1.116 - 52947 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mgpaBAQawyJAOPi2PYmEGaGP8Aqr1o/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 63 1489598976.55 1489598977.12 569 192.168.1.116 - 52948 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XUlWtDGJW4w9tQ749ScKz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 64 1489599169.06 1489599169.63 569 192.168.1.116 - 52949 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xqufhV0VL7YXw3VvbTBMauvll8yJWJ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 65 1489599361.57 1489599362.21 637 192.168.1.116 - 52950 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JvdvkraZpiuZHNxPysgS7fYYbMc5N/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 66 1489599554.21 1489599554.78 566 192.168.1.116 - 52951 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CtrQPGWpgLB0ToBAcaTqCcq/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 67 1489599746.74 1489599747.31 573 192.168.1.116 - 52952 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/od6yknHBnWOYz3q9F9iNMGzHk/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 68 1489599939.25 1489599939.9 641 192.168.1.116 - 52953 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yPQ5jOKUPOulKOgyiXJbkn1qWAD/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 69 1489600131.92 1489600132.55 635 192.168.1.116 - 52954 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/caNw1do8CSUwZ2ynXKKZalt5/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 70 1489600324.49 1489600325.06 570 192.168.1.116 - 52955 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a5lAsDSApKA6CQjMG/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 71 1489600517.04 1489600517.65 610 192.168.1.116 - 52956 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O8vxX8QVZhEnq8ltod5gy0gpM7/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 72 1489600709.88 1489600710.48 603 192.168.1.116 - 52957 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rf2y6D5FwQX0nohce5/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 73 1489600902.44 1489600903.01 569 192.168.1.116 - 52958 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UfqN4widAs5yOoUj9/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 74 1489601095.05 1489601095.67 621 192.168.1.116 - 52959 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ILKZaPJddDijAeEyHLixznhoSU6Z/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 75 1489601287.77 1489601288.41 635 192.168.1.116 - 52960 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9IA2ocaSZUJumwMnWRE3MYFMP/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 76 1489601480.38 1489601480.95 567 192.168.1.116 - 52961 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oYypUjGDSuJlmFX1/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 77 1489601672.94 1489601673.51 573 192.168.1.116 - 52962 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UwutS6N85kFRee6s291zYABrKd/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 78 1489601865.48 1489601867.74 2257 192.168.1.116 - 52963 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 78 1489601876.14 1489601876.76 629 192.168.1.116 - 52963 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fZ2Bp5j2cNA7Dd7qygrW84F/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 79 1489602068.73 1489602069.3 571 192.168.1.116 - 52964 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BB8UdKiqzq4NggdjHnWoMgTOS6NPV9rf/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 80 1489602261.34 1489602262.56 1220 192.168.1.116 - 52965 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 80 1489602269.15 1489602269.77 619 192.168.1.116 - 52965 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KjocsIq8jd6JDZuzkCJZUe/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 81 1489602461.85 1489602462.48 629 192.168.1.116 - 52966 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sWoryLRJG4XWn0YWU3p/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 82 1489602654.5 1489602655.11 605 192.168.1.116 - 52967 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BpJXvTY7FkkWlW5jiWA3oy8Zfmi0ybz/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 83 1489602848.24 1489602848.89 645 192.168.1.116 - 52968 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sJgc3iqO5mfeyjC7YhvV9Hu/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 84 1489603041.19 1489603041.81 620 192.168.1.116 - 52969 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QlD4GQb4LpIsSwstVTN8/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 85 1489603233.78 1489603234.41 635 192.168.1.116 - 52970 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/drcTcAXP75hD9annx2l2BOkt0mptLu/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 86 1489603426.53 1489603427.16 632 192.168.1.116 - 52971 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m4bmO7PeTWAlbmQWeyUsqJmSoaU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 87 1489603619.12 1489603619.73 611 192.168.1.116 - 52972 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XavC4KjgdFEHOuZhA8PsdjxxbJnTuKK/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 88 1489603811.73 1489603813.94 2215 192.168.1.116 - 52973 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jw8W63wRb8JUSbw2trFgHHkde/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 89 1489604006.0 1489604006.62 622 192.168.1.116 - 52974 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xZ2FrehvobjHE9V5NB8HKLFBKdl7/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 90 1489604198.56 1489604199.17 609 192.168.1.116 - 52975 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0CukkGg2k7ZLyWwxy71HVaZ4f6Y/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 91 1489604391.17 1489604391.78 611 192.168.1.116 - 52976 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a19wFztJHPzcI78fuF/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 92 1489604583.88 1489604584.52 638 192.168.1.116 - 52977 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EWaWPsjPsdqVoEgc80ARqFuJhAmT/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 93 1489604776.51 1489604777.13 618 192.168.1.116 - 52978 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yNk5TaoFTcgCpIim13Aowqs7/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 94 1489604969.12 1489604969.69 569 192.168.1.116 - 52979 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TEjBfarzZCoWgEqj3BvMiV4ceN/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 95 1489605161.77 1489605162.4 624 192.168.1.116 - 52980 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EZ6RvUgPkld10kE4KulsN1/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 96 1489605354.4 1489605354.96 567 192.168.1.116 - 52981 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BsIqOzDfObuDH42XKFUu2uQDJ8n51/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 97 1489605546.96 1489605547.53 569 192.168.1.116 - 52982 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DnU3ErXuhMkkIueSw1R5/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 98 1489605739.47 1489605740.1 631 192.168.1.116 - 52983 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JGnRuKeGR4z1tA09IsKh/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 99 1489605932.09 1489605932.7 607 192.168.1.116 - 52984 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yufV6VBmQgQS5YkVn7jlvD49oS71t2a/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 100 1489606124.65 1489606125.21 567 192.168.1.116 - 52985 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qqQWnKwpL0JV0nY3co/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 101 1489606317.15 1489606317.79 635 192.168.1.116 - 52986 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bWKdnx5Ba6Ysc2oLZVK94cSeq60kT/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 102 1489606509.76 1489606510.33 570 192.168.1.116 - 52987 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S19sriQtbofdAp5T5HQ0BOIxYAy3Gu/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 103 1489606702.34 1489606702.96 612 192.168.1.116 - 52988 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tOQl6c4YElTZ7RtTuyPVjp0kuIVz16NG/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 104 1489606894.92 1489606895.53 610 192.168.1.116 - 52989 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uwPOBXXSH0kODCTSGTqczUSJengOAbyp/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 105 1489607087.48 1489607088.12 635 192.168.1.116 - 52990 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lD0NIhqQnHGX8b5o49lb4Qvd7yyw/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 106 1489607280.06 1489607282.32 2259 192.168.1.116 - 52991 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 106 1489607290.49 1489607291.12 628 192.168.1.116 - 52991 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EGQ90DnUulhw3ucmUAN5WNjj3adj6/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 107 1489607483.1 1489607483.73 634 192.168.1.116 - 52992 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0o6KxsybBsBJP4djF3Ob9shmzqe7teV/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 108 1489607675.69 1489607676.83 1139 192.168.1.116 - 52993 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 108 1489607683.61 1489607684.21 592 192.168.1.116 - 52993 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uFckhUphvRCzeuOj/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 109 1489607876.44 1489607877.06 613 192.168.1.116 - 52994 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3oCmtaB7oLLGp86icVKYil4EkazAvlaT/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 110 1489608069.02 1489608069.63 604 192.168.1.116 - 52995 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fF9EdM4mV946zgJgt9R/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 111 1489608261.61 1489608262.19 574 192.168.1.116 - 52996 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cWEtdJTVYUSHU856MSM/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 112 1489608456.55 1489608457.17 620 192.168.1.116 - 52997 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 113 1489608460.38 1489608462.03 1642 192.168.1.116 - 52998 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 113 1489608467.98 1489608468.64 653 192.168.1.116 - 52998 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cTS85oOvHsw4Hwz6n8pq0Kv8dOjL/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 114 1489608660.65 1489608661.27 620 192.168.1.116 - 52999 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JOfKOIYnqnfE95bkb/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 115 1489608853.41 1489608854.05 638 192.168.1.116 - 53000 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WjXhJl7EbduCnDViStOylRk7/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 116 1489609046.02 1489609046.66 633 192.168.1.116 - 53001 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FDAcywau30lwcLaJ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 117 1489609238.6 1489609239.21 610 192.168.1.116 - 53002 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ncHHkTuV0XbWVUBEv8N/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 118 1489609431.36 1489609431.93 572 192.168.1.116 - 53003 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/euFVu0XGVb8v5WiXSSKTznrT9V5e/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 119 1489609623.95 1489609624.56 611 192.168.1.116 - 53004 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/83EwvZtR1plcpTCZAUa5sc6OF9wDBDbD/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 120 1489609816.54 1489609817.11 567 192.168.1.116 - 53005 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hP18fdXgMxFJuBl3pmev/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 121 1489610015.15 1489610015.76 606 192.168.1.116 - 53006 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 122 1489610032.55 1489610033.16 613 192.168.1.116 - 53007 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 123 1489610049.92 1489610050.52 604 192.168.1.116 - 53008 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 124 1489610067.3 1489610067.95 652 192.168.1.116 - 53009 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0al2WRwrNhEHzWC6YIzj/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 125 1489610259.93 1489610260.54 607 192.168.1.116 - 53010 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B2S6tY80LbubwUDgHDyc/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 126 1489610452.49 1489610453.1 608 192.168.1.116 - 53011 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pd4KmVj8kyvUdZ3wQZBAeoOQQ1oPe0O/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 127 1489610645.08 1489610645.72 635 192.168.1.116 - 53012 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fX5H7Uu8Pm1DKrdxqfLXYbef/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 128 1489610837.75 1489610838.36 612 192.168.1.116 - 53013 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tYTUqj3nRSfQ8yK23OTpkD9U2M1FeL/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 129 1489611030.47 1489611031.1 621 192.168.1.116 - 53014 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UlPav1ke2cysoBrxPAfxK/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 130 1489611223.09 1489611223.71 617 192.168.1.116 - 53015 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bul9rDa1Pp8sDu8ddwpEhBN0b71Hrnz/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 131 1489611415.72 1489611416.34 616 192.168.1.116 - 53016 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1PistjMrRpZs69iUAFsr5V95/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 132 1489611608.34 1489611608.94 605 192.168.1.116 - 53017 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c1WHAMTIbgUnArYZooJ4QF1g64/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 133 1489611800.97 1489611801.59 613 192.168.1.116 - 53018 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rCdacYHNZG1v8B58g/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 134 1489611993.62 1489611994.23 619 192.168.1.116 - 53019 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HXUE69O0Gl6NTOdeGnMkOk/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 135 1489612186.17 1489612186.74 572 192.168.1.116 - 53020 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oSklefNbPJQ4IqCjZCSTBwsl/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 136 1489612378.72 1489612379.34 617 192.168.1.116 - 53021 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xeJI9rx2bESFJ6rVax73gA3LzRpu/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 137 1489612571.33 1489612571.94 612 192.168.1.116 - 53022 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3003hu7WwzfsI7T8/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 138 1489612764.21 1489612766.57 2360 192.168.1.116 - 53023 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 138 1489612775.21 1489612775.82 616 192.168.1.116 - 53023 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WlScUA6vLk75i5Kjmcb9LmtwwO1atcPZ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 139 1489612969.03 1489612969.64 608 192.168.1.116 - 53024 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XCA08fAeg1K79hinQc8AvjVPAkWOQwG/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 140 1489613161.7 1489613162.97 1268 192.168.1.116 - 53025 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 140 1489613169.85 1489613170.49 633 192.168.1.116 - 53025 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SkPnmpPW9NdbYOde8BjU4s/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 141 1489613362.5 1489613363.11 603 192.168.1.116 - 53026 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nf0t763KJjX31pd1P5Az/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 142 1489613555.09 1489613555.71 615 192.168.1.116 - 53027 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A6vOUz09def1lnmQ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 143 1489613747.72 1489613748.34 620 192.168.1.116 - 53028 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4kHAjAHThGaANVDpezeL3HbZkGvH0/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 144 1489613940.38 1489613940.99 608 192.168.1.116 - 53029 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GTrdwfrGaE1LUJR3fPSBTGJpb/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 145 1489614132.98 1489614133.59 615 192.168.1.116 - 53030 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e4oYDLC6bURxHQQqdmBG/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 146 1489614325.52 1489614326.09 569 192.168.1.116 - 53031 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1mxT7YB2TM4wR9JKDDUeaaBBii6c/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 147 1489614518.07 1489614518.7 633 192.168.1.116 - 53032 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YiykXgoiMRpW0oH4/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 148 1489614710.74 1489614711.35 604 192.168.1.116 - 53033 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/icVlroSutahLVD5YFQfr/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 149 1489614903.35 1489614903.98 624 192.168.1.116 - 53034 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7eTI8JAkupakd7n7XP7Wo/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 150 1489615096.0 1489615096.61 609 192.168.1.116 - 53035 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9fAIxMif838qlrBEOHdw6pJS8mNSis/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 151 1489615288.6 1489615289.21 605 192.168.1.116 - 53036 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CRLrW8LOBDGeTme56FXMqSF/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 152 1489615481.19 1489615481.82 633 192.168.1.116 - 53037 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z64PUmfJQPvCcFyNBNG5Wi3EK8B3lci/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 153 1489615673.74 1489615674.32 580 192.168.1.116 - 53038 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dUkI5BTtMIxCBdNNasTr/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 154 1489615866.31 1489615866.94 631 192.168.1.116 - 53039 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XssJ17jeJI3tVnpawKS7jd/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 155 1489616058.95 1489616059.58 633 192.168.1.116 - 53040 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5navtPs3WPJaUFp3IMxqiJpo8/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 156 1489616251.5 1489616252.08 577 192.168.1.116 - 53041 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/40NKF7vzVv5cfHjePmkBSDAuZC7Y3/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 157 1489616444.04 1489616444.61 572 192.168.1.116 - 53042 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6nzLLcHR89SZB8eFrq984/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 158 1489616636.54 1489616637.11 568 192.168.1.116 - 53043 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GzZhNzcJrNfzGajdqF/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 159 1489616829.09 1489616829.67 575 192.168.1.116 - 53044 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q8ug0lCBiPFPfCl3F1uE7H2EmP/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 160 1489617021.67 1489617023.82 2150 192.168.1.116 - 53045 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kK8uVA7mdEc1FlQTk9IwtG30Wzxk0Cua/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 161 1489617215.93 1489617216.54 607 192.168.1.116 - 53046 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6YSHtNPbHPevcoXbfn4icN/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 162 1489617408.49 1489617409.06 575 192.168.1.116 - 53047 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XohGQ13EdMfPetoG9Z2bkddz/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 163 1489617600.93 1489617601.48 545 192.168.1.116 - 53048 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 163 1489617601.85 1489617602.55 704 192.168.1.116 - 53048 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/VVw7uHfndQ4m33w4xGxNU977w89J9XU/ 335 521 0 378 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 163 1489617603.16 1489617603.69 524 192.168.1.116 - 53048 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/IPMWHYRVCP/1/ 219 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 164 1489617605.38 1489617605.96 575 192.168.1.116 - 53049 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 165 1489617608.59 1489617609.16 572 192.168.1.116 - 53050 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 166 1489617610.8 1489617611.37 571 192.168.1.116 - 53051 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 167 1489617614.02 1489617614.56 538 192.168.1.116 - 53052 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XdRvYzoa7tmjfJSJnE0SZ0szLbbCLw/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 168 1489617806.44 1489617806.98 539 192.168.1.116 - 53053 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CMahtZ8cRZdvR2SW2vqONa9L/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 169 1489617998.92 1489618000.9 1983 192.168.1.116 - 53054 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ulAyMbRhNowJEy82K8X1xLQLnph/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 170 1489618192.75 1489618194.87 2121 192.168.1.116 - 53055 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 45261 0 45120 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 170 1489618203.34 1489618203.9 560 192.168.1.116 - 53055 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EaMqUXqZX57LV1H2eAGTWpMT3zGKTCq/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 171 1489618395.78 1489618396.3 521 192.168.1.116 - 53056 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pChKKfSr5nWBs8SACcVQDSOQREXhd/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 172 1489618589.72 1489618590.8 1083 192.168.1.116 - 53057 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 172 1489618597.93 1489618598.46 535 192.168.1.116 - 53057 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SWaotpiC41GBgGYWuk7rirtDddbeqH/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 173 1489618790.34 1489618790.92 579 192.168.1.116 - 53058 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ApQyBFCeaDx9TkrxL5Z/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 174 1489618982.76 1489618983.34 572 192.168.1.116 - 53059 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HlZcu4rDs5KnEGPpQTLLua8YsCMje3/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 175 1489619176.75 1489619177.29 541 192.168.1.116 - 53060 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NcBNf2gF7IaUFeUtyieEY/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 176 1489619369.15 1489619369.72 571 192.168.1.116 - 53061 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 176 1489619375.69 1489619376.21 528 192.168.1.116 - 53061 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YI6RCQOjnOrc0xnD7HGp8zJKeoR/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 177 1489619568.02 1489619568.56 536 192.168.1.116 - 53062 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F6pCPqYR26lmSdBw2/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 178 1489619760.41 1489619760.98 576 192.168.1.116 - 53063 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O7koHfcXjBxQd105KFw2U/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 179 1489619952.88 1489619953.4 520 192.168.1.116 - 53064 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qRKtfx5zq1W0IrSkz3/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 180 1489620145.22 1489620145.76 540 192.168.1.116 - 53065 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MKda4nC2HEmKDfXarA/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 181 1489620337.68 1489620338.2 526 192.168.1.116 - 53066 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5sjyjFoP2ZOntwFhsMD9hB/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 182 1489620530.12 1489620530.64 526 192.168.1.116 - 53067 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d3vgoH1fUG08iSEnYnO7uCx6s6gbBto/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 183 1489620722.48 1489620724.55 2073 192.168.1.116 - 53068 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jGqM70fpMHUDsQqhXbljwh0JiRYyK1/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 184 1489620916.43 1489620917.0 570 192.168.1.116 - 53069 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Cwb6ngj8ldNnMUFyRnN/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 185 1489621108.88 1489621109.42 536 192.168.1.116 - 53070 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RnlhhICoWbrtJioc/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 186 1489621301.29 1489621301.83 541 192.168.1.116 - 53071 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cem2HMbexJ3sLA5BI37ZshxBIvBs/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 187 1489621494.8 1489621495.35 545 192.168.1.116 - 53072 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A7YyuU8raJKZJzKK4vb95v8qtObhc/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 188 1489621687.25 1489621687.79 542 192.168.1.116 - 53073 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/80b2c6t8455CP0NI46j/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 189 1489621879.83 1489621880.41 585 192.168.1.116 - 53074 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y0fFcGIBaQCUre3cXqL7iprh2MJOJ6wR/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 190 1489622072.23 1489622072.75 523 192.168.1.116 - 53075 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HyEeoyggVAQFd5MRrqs/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 191 1489622264.56 1489622265.1 537 192.168.1.116 - 53076 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5a57bOHFw1attSYK/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 192 1489622457.0 1489622457.58 581 192.168.1.116 - 53077 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/62crwjT6nVeiFIizurkc8wyqOxyaT/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 193 1489622649.51 1489622650.05 540 192.168.1.116 - 53078 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EeQ9LlCM7NP5kPLs9q/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 194 1489622841.9 1489622842.42 521 192.168.1.116 - 53079 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oCbPvbBWAz472MWGA0TVsDOAtyH8Y3W/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 195 1489623034.32 1489623034.84 525 192.168.1.116 - 53080 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xyjuDfWVflMtbf90W/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 196 1489623226.67 1489623227.21 540 192.168.1.116 - 53081 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WhJplxxn42J48rdG3AMfS/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 197 1489623419.13 1489623419.71 582 192.168.1.116 - 53082 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dOuYsZt9OBuxhOCifswF7PrIuVR/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 198 1489623611.58 1489623613.66 2079 192.168.1.116 - 53083 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 45261 0 45120 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 198 1489623621.82 1489623622.39 567 192.168.1.116 - 53083 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a6YH2u0TZZUPJLZfB0PGRSLY3ECmtph/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 199 1489623814.23 1489623814.77 539 192.168.1.116 - 53084 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JnEKiwuR0HJMZNk6wlqn0o8EEHOl3FLL/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 200 1489624006.66 1489624007.73 1078 192.168.1.116 - 53085 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 200 1489624014.32 1489624014.88 559 192.168.1.116 - 53085 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7DRnmjCI0ATXfOOxeDiPS90/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 201 1489624206.71 1489624207.25 537 192.168.1.116 - 53086 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b3L7t1NCIQEqxBb3FHuKGgB/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 202 1489624399.2 1489624399.78 576 192.168.1.116 - 53087 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yk7oOEKNHUudItuYqnIKFEM/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 203 1489624597.72 1489624598.29 570 192.168.1.116 - 53088 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 204 1489624615.04 1489624615.58 536 192.168.1.116 - 53089 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 205 1489624632.26 1489624632.84 581 192.168.1.116 - 53090 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 206 1489624649.54 1489624650.06 518 192.168.1.116 - 53091 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F1n8p55djYJQyzNEvBQPOXjJ/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 207 1489624842.9 1489624843.44 536 192.168.1.116 - 53092 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pcR7d0fI21EqrNnKl4JZDNeHlWITq1/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 208 1489625035.32 1489625035.89 577 192.168.1.116 - 53093 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hR7JF0vshpnZTgcBy9S/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 209 1489625227.72 1489625228.26 539 192.168.1.116 - 53094 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AlqUAuMaENsHc1Q4fd1coYmE8VZA/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 210 1489625420.25 1489625420.83 574 192.168.1.116 - 53095 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0kNlINR8AP5OcQ5e0L4xU4DKfDjLO/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 211 1489625612.87 1489625613.44 575 192.168.1.116 - 53096 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EEvgFUYPOaxcXn94jDi6/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 212 1489625805.33 1489625805.85 524 192.168.1.116 - 53097 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nabANzI4HxWfDu3E7r5TI/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 213 1489625997.69 1489625998.26 572 192.168.1.116 - 53098 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ShQcVnfjzw1WugveEBkLLvWBe5/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 214 1489626190.16 1489626190.71 550 192.168.1.116 - 53099 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6OVzCuiwEe6hVpIdW5As5HxhLa6prmy/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 215 1489626382.66 1489626383.18 527 192.168.1.116 - 53100 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l0xE8TA5IEcVJwMFKxG0cjEFJqci/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 216 1489626575.03 1489626575.55 519 192.168.1.116 - 53101 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m4gss5VtggmEiZXFcjbmdl/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 217 1489626767.61 1489626768.2 587 192.168.1.116 - 53102 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LJoa9TV52TwtbHIg2ZF6/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 218 1489626960.11 1489626960.65 543 192.168.1.116 - 53103 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LtDDHTeITfNDqSet4zqskAT7gD/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 219 1489627153.63 1489627154.2 576 192.168.1.116 - 53104 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PfLE4dfoUE8sLbk807KubY4CKTF0ErAc/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 220 1489627347.7 1489627348.3 599 192.168.1.116 - 53105 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YPz7pD2dOhUYQQaoTdVu5Pk81bmIMg/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 221 1489627540.22 1489627540.74 521 192.168.1.116 - 53106 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TooNqyXva8ZpX8KU2/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 222 1489627732.59 1489627733.16 570 192.168.1.116 - 53107 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SH52t4NmhdkTUHV0uzVNsU3tA/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 223 1489627925.04 1489627925.56 521 192.168.1.116 - 53108 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ckw0GrdQ73XxhMf/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 224 1489628117.41 1489628117.93 521 192.168.1.116 - 53109 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E25UJT5yb9185p8O/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 225 1489628309.76 1489628310.31 553 192.168.1.116 - 53110 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GxEQrBpHBxZEuVz0QePnk59zyKh8pxT/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 226 1489628502.24 1489628502.76 519 192.168.1.116 - 53111 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Sf8xbGkm0Lm8y4N3c78wV/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 227 1489628694.65 1489628695.24 584 192.168.1.116 - 53112 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cizS1ugDekE2jWHGzyGbME/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 228 1489628887.1 1489628887.64 537 192.168.1.116 - 53113 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5CQxHTiXosM4zkmqhQHwvCSDU/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 229 1489629079.46 1489629081.55 2097 192.168.1.116 - 53114 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 45261 0 45120 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 229 1489629089.94 1489629090.54 596 192.168.1.116 - 53114 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/71d4CiuZ16XZEKzG2tyeBdslpy15y/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 230 1489629282.41 1489629282.99 574 192.168.1.116 - 53115 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4zoPJCxfMg1QeJ1CX/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 231 1489629475.04 1489629476.14 1107 192.168.1.116 - 53116 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 231 1489629483.26 1489629483.8 541 192.168.1.116 - 53116 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8vludpOU0W2J59EPbzZgk6sz/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 232 1489629675.72 1489629676.26 537 192.168.1.116 - 53117 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9lxHiq9GdzyJ5ioIxnT/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 233 1489629868.14 1489629868.65 512 192.168.1.116 - 53118 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nuHiMhEhna0EaDQDSQ/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 234 1489630060.49 1489630061.03 538 192.168.1.116 - 53119 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8qbF83qEGC2NwOi8B86kdzL9GZQDKqjU/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 235 1489630252.86 1489630253.47 611 192.168.1.116 - 53120 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 235 1489630259.43 1489630260.01 578 192.168.1.116 - 53120 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DKC7QhFjqB0VFrjR7OZ1F/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 236 1489630451.89 1489630452.41 521 192.168.1.116 - 53121 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uON5pJqBJcEkXBeUVSwRJH839NL7mc/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 237 1489630644.24 1489630644.78 536 192.168.1.116 - 53122 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KoPMrZIajhR8Mn02r8qgiYb/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 238 1489630836.66 1489630837.27 609 192.168.1.116 - 53123 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dMyRbVBhjjmHn8gYiZT7FnCRh0q/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 239 1489631029.13 1489631029.67 539 192.168.1.116 - 53124 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ph6BexVh83VVT3IsB9AP/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 240 1489631221.55 1489631222.08 538 192.168.1.116 - 53125 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J8WPjqG4ecq6ZRkgg36NyTUyr0Ai8s/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 241 1489631413.97 1489631414.49 513 192.168.1.116 - 53126 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xP5RjbXI9aaFgJlo3lOMuEQDhDlI3NzH/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 242 1489631606.43 1489631606.96 536 192.168.1.116 - 53127 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/umAxkRnmUyebvITg/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 243 1489631798.84 1489631799.39 548 192.168.1.116 - 53128 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7nCWjeoJaceXhwhyxCFK/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 244 1489631991.26 1489631991.84 579 192.168.1.116 - 53129 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0v4hophEDcWY35UKGbOOlP4jGKH4Ed/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 245 1489632183.64 1489632184.16 523 192.168.1.116 - 53130 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HZA7XceJH3bcqPJU4uUqFUanJgSer8/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 246 1489632376.01 1489632376.55 539 192.168.1.116 - 53131 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Zdn0yiof9twSrLXlPUX1YHrKAdUxpW/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 247 1489632569.37 1489632569.93 554 192.168.1.116 - 53132 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lBlghmSwadbfBicDMIHySvLndZv0elD/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 248 1489632762.8 1489632763.32 521 192.168.1.116 - 53133 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mHVLESt0BzXM3qZIjfXeCJ2ozlOgkD/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 249 1489632955.15 1489632955.69 542 192.168.1.116 - 53134 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MU8KzDoEPuySpMOrbXzV/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 250 1489633147.48 1489633148.05 571 192.168.1.116 - 53135 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pszm0ZnsMSg8zQAOKP/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 251 1489633339.97 1489633340.49 520 192.168.1.116 - 53136 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S3sdSXpkIploIJ4zt8Hr/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 252 1489633532.32 1489633532.85 524 192.168.1.116 - 53137 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ba6zluw1KZhHh3iJWLISUUbgE3Wn/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 253 1489633724.72 1489633725.28 569 192.168.1.116 - 53138 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CFqwR2h5rxz4tJymGNbtt/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 254 1489633917.23 1489633917.8 573 192.168.1.116 - 53139 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6EBub2sp05A3X2bLQa1/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 255 1489634109.64 1489634110.19 551 192.168.1.116 - 53140 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UUirzaQi6GDr3YOHd9DnsS2OTqwV/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 256 1489634302.07 1489634302.59 520 192.168.1.116 - 53141 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CEvwaf6AALmpqLQ4MehSBa/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 257 1489634494.43 1489634496.53 2101 192.168.1.116 - 53142 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 45261 0 45120 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 257 1489634504.72 1489634505.31 590 192.168.1.116 - 53142 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DpoW5uDnKHCzAUg04MhxO/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 258 1489634697.23 1489634697.75 520 192.168.1.116 - 53143 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eHiKEVVWNFlpPbKywp/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 259 1489634889.64 1489634890.78 1140 192.168.1.116 - 53144 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 259 1489634897.88 1489634898.44 554 192.168.1.116 - 53144 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1ZZedsJ21Skk9XWVqfhxuMyIBhPN/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 260 1489635091.4 1489635091.92 522 192.168.1.116 - 53145 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2oZiyalCvlEKEe0gw1W2Na/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 261 1489635283.78 1489635284.36 576 192.168.1.116 - 53146 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rwQ71RRVXGWPbfM5il/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 262 1489635476.26 1489635476.83 571 192.168.1.116 - 53147 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dH2H7TPuLZuvcB0B62ImlYwE/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 263 1489635668.67 1489635669.19 519 192.168.1.116 - 53148 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g7BPJSgrGVJfX004fj/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 264 1489635861.28 1489635861.81 525 192.168.1.116 - 53149 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3Lm81yAtzuYfUtnmAG/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 265 1489636053.67 1489636054.2 523 192.168.1.116 - 53150 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4sNKuKR7JlsKVYtiRaswbDlnAHuep/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 266 1489636246.22 1489636246.77 552 192.168.1.116 - 53151 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P87a99BOON8L3gZlx7x/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 267 1489636438.67 1489636439.23 565 192.168.1.116 - 53152 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g5HZJkMQlDu8A9pFsBfKZgqZvoo/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 268 1489636631.06 1489636631.58 512 192.168.1.116 - 53153 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FyEI41fpp9z9s0fw0XL1B7NkrfdB/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 269 1489636823.36 1489636823.87 512 192.168.1.116 - 53154 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jJD0dXGdEYvgY5dQ27QVlVTYgHs7/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 270 1489637015.84 1489637016.21 374 192.168.1.116 - 53155 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 271 1489637017.84 1489637018.06 222 192.168.1.116 - 53156 23.21.70.163 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 270 1489637018.27 1489637018.7 437 192.168.1.116 - 53155 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/JVu1HbH7qDSGh40Z1eE/ 320 509 0 366 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 270 1489637019.2 1489637019.58 378 192.168.1.116 - 53155 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/RWEKUHSHAREE/1/ 218 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 272 1489637020.67 1489637021.19 521 192.168.1.116 - 53157 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 273 1489637022.19 1489637022.62 422 192.168.1.116 - 53158 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 274 1489637023.76 1489637024.24 472 192.168.1.116 - 53159 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 275 1489637026.28 1489637026.62 336 192.168.1.116 - 53160 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5niYUsgkz9AifQAS7spd/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 276 1489637218.89 1489637219.23 337 192.168.1.116 - 53161 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PEwCGwv4IZumExR0H7aZYatuUNozJ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 277 1489637412.53 1489637412.94 412 192.168.1.116 - 53162 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 278 1489637415.02 1489637415.4 382 192.168.1.116 - 53163 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2lIV7C2sCMtx4KLeA/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 279 1489637606.61 1489637606.95 340 192.168.1.116 - 53164 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ajEDgCBg15u3Eeyelt/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 280 1489637798.23 1489637798.6 371 192.168.1.116 - 53165 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RpCHuJ3RJ6igBpjRg/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 281 1489637989.85 1489637990.22 370 192.168.1.116 - 53166 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9J9nwqlzmhHStgrweiCujY/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 282 1489638182.47 1489638182.8 335 192.168.1.116 - 53167 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xYTnMTCjr5LbiuRsvAe71eQorqjHEa/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 283 1489638374.15 1489638374.52 371 192.168.1.116 - 53168 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/22mdpdAyY7ly1JxXUOwhckS/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 284 1489638565.8 1489638566.14 336 192.168.1.116 - 53169 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s0k1dstkSPOszG8y8Iq/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 285 1489638757.44 1489638757.82 371 192.168.1.116 - 53170 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PI3jucyFgZd2LcinF7uV/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 286 1489638949.06 1489638949.46 399 192.168.1.116 - 53171 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VknOzjja7IwA0JQ7j1C/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 287 1489639146.85 1489639147.23 381 192.168.1.116 - 53172 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 288 1489639163.38 1489639163.78 407 192.168.1.116 - 53173 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 289 1489639179.91 1489639180.32 408 192.168.1.116 - 53174 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 290 1489639196.42 1489639196.79 371 192.168.1.116 - 53175 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vmDG9wEM1RvKIhPbUdP8yEXqyXLvqhGk/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 291 1489639388.13 1489639388.5 370 192.168.1.116 - 53176 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uC2sQAMqK3hOecItx/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 292 1489639579.81 1489639580.23 412 192.168.1.116 - 53177 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MhLrfnqw6i6XwyHQaFrI3/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 293 1489639772.2 1489639772.58 376 192.168.1.116 - 53178 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nHVoiZqdBOOPbDDyUlTYCutOhA98rw3/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 294 1489639963.84 1489639965.14 1301 192.168.1.116 - 53179 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 45261 0 45120 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 294 1489639973.54 1489639973.88 342 192.168.1.116 - 53179 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4Yr8YCSD7p6STaA9tLyEf8S/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 295 1489640165.22 1489640165.6 383 192.168.1.116 - 53180 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mayGUeAgYYc687Zw61bxj21ViNK/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 296 1489640356.91 1489640357.62 711 192.168.1.116 - 53181 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 296 1489640364.2 1489640364.67 464 192.168.1.116 - 53181 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WQr9dMa0ubd2heYmPgd6h187dhMPo/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 297 1489640556.01 1489640556.38 366 192.168.1.116 - 53182 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QUB1sqVD9egYiUApWQrts5/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 298 1489640747.7 1489640748.08 381 192.168.1.116 - 53183 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EHaieo2IYhsUL1FZakRgDiuWqKUBEXe/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 299 1489640939.44 1489640939.81 372 192.168.1.116 - 53184 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BKOZ8JXARAME4t6aJy/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 300 1489641132.32 1489641132.69 374 192.168.1.116 - 53185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 300 1489641138.66 1489641139.04 389 192.168.1.116 - 53185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KgZhA75CdBUq8MkIC/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 301 1489641331.12 1489641331.64 516 192.168.1.116 - 53186 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WDyn31e6XTHJ6QIjLwpSh2sBIBLvfq5/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 302 1489641523.02 1489641523.38 368 192.168.1.116 - 53187 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mv0ildOrxnq4YggwxTS/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 303 1489641714.69 1489641715.06 374 192.168.1.116 - 53188 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2lnlgtxZcKBOhBkPHCdzbPkT/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 304 1489641906.28 1489641906.61 327 192.168.1.116 - 53189 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rzSTaDozr4zyfbzyAWKy7xHBbJo7zS/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 305 1489642097.87 1489642098.25 373 192.168.1.116 - 53190 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Czgw8jUWo8MydFfeZ2ZZNveLwbNd/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 306 1489642290.59 1489642290.97 379 192.168.1.116 - 53191 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LHIzSJRqLuiAhOflRLB4TNgss9rOE/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 307 1489642484.31 1489642484.71 397 192.168.1.116 - 53192 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fVpFUpRtVd4wG74tY5/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 308 1489642683.14 1489642683.47 339 192.168.1.116 - 53193 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ww5rSf3pTnJsV6OMfuFUSc7ykjc/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 309 1489642874.8 1489642875.18 382 192.168.1.116 - 53194 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aY0MvybMs18jwoIFYba/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 310 1489643066.49 1489643066.86 375 192.168.1.116 - 53195 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7x9vaF7KGsTfi12bU1SVgbV/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 311 1489643259.07 1489643259.44 369 192.168.1.116 - 53196 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gHPswDxlREtTLlZQF9wy4IrYvYSA0LBy/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 312 1489643451.74 1489643452.17 433 192.168.1.116 - 53197 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H68g2zOE1d5p1ZdfF5iQcjPlih/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 313 1489643643.65 1489643645.07 1416 192.168.1.116 - 53198 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P2mbXXbDpXK6trVB9nKvH1yU5FA/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 314 1489643837.12 1489643837.48 367 192.168.1.116 - 53199 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EtmxWw7fBZffQBglVxyruNiK/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 315 1489644029.84 1489644030.21 372 192.168.1.116 - 53200 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ylLMgWL6ZvSqd1Z1sI2s1FXju8HT/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 316 1489644221.66 1489644222.03 370 192.168.1.116 - 53201 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xrerma43cOfvZONOZcoDnmTMX7IaMuDz/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 317 1489644413.52 1489644413.94 422 192.168.1.116 - 53202 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BFpcZTcEx1ZLxhcn1V2Ckntj/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 318 1489644605.38 1489644605.79 409 192.168.1.116 - 53203 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wA9SjqlL4vEFbPUKr56MPeFgs/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 319 1489644797.22 1489644797.6 381 192.168.1.116 - 53204 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J36wRwGhz6beXwTdrSTY4ZXSSnWTYNw8/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 320 1489644988.94 1489644989.3 369 192.168.1.116 - 53205 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q6SPMv7hZJ1IIZn4/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 321 1489645180.56 1489645180.93 372 192.168.1.116 - 53206 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0LB3ebPRYlxVsagkyZOAPGuY/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 322 1489645372.23 1489645373.85 1617 192.168.1.116 - 53207 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 45261 0 45120 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 322 1489645382.24 1489645382.64 406 192.168.1.116 - 53207 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rJraIgro1EoBk9D6T0dXqc/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 323 1489645573.93 1489645574.31 374 192.168.1.116 - 53208 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HVfX8dKGbhTU1YdgnuyK/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 324 1489645765.63 1489645766.37 738 192.168.1.116 - 53209 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 324 1489645773.28 1489645773.66 382 192.168.1.116 - 53209 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K5IDcfLeeaNZ8XykLbBi5eUB1nxfkE/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 325 1489645964.94 1489645965.28 334 192.168.1.116 - 53210 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kNuZQYTSrkwl331mkeDG4HKt/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 326 1489646156.61 1489646156.99 376 192.168.1.116 - 53211 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5egcudsJvTnDLaoS03xMND7/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 327 1489646348.27 1489646348.65 385 192.168.1.116 - 53212 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mk3IPBlYmPdCm0PVzOK/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 328 1489646540.02 1489646540.39 370 192.168.1.116 - 53213 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bJlgx3EnnFCpoyM9IKxMU8Dm/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 329 1489646731.75 1489646732.18 430 192.168.1.116 - 53214 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VdHnbOCvZfVmS9CNtwq5bHOk2/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 330 1489646923.56 1489646923.93 371 192.168.1.116 - 53215 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SHlhBaSgrGUzuosTeQ8fQF2E6c9FoW/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 331 1489647115.17 1489647115.51 338 192.168.1.116 - 53216 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZUNAAmBOGHUH0qEyE/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 332 1489647306.88 1489647307.29 413 192.168.1.116 - 53217 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SP2JviXDdbYkJ92oGa/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 333 1489647498.63 1489647499.0 373 192.168.1.116 - 53218 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RGLBGqA74egaCiRKnrcyaYHoz/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 334 1489647690.44 1489647690.81 377 192.168.1.116 - 53219 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FW6b733ndHtpAo9PyBOipwE15fr0/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 335 1489647882.03 1489647882.37 339 192.168.1.116 - 53220 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uO1DBHHmo0e6VPBhyg/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 336 1489648073.6 1489648073.92 324 192.168.1.116 - 53221 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RqXfze2n4s0q97Jbz/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 337 1489648265.2 1489648266.43 1223 192.168.1.116 - 53222 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1LVgkjKqRLbkIpNPh0oy/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 338 1489648457.78 1489648458.15 370 192.168.1.116 - 53223 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zAtgaS374eUl55ugMyylSYA6zfICLX/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 339 1489648649.5 1489648649.88 381 192.168.1.116 - 53224 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VRdbOzn6hLuzjxC4JlpzT/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 340 1489648841.24 1489648841.62 380 192.168.1.116 - 53225 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A0G6L07Xnx5qqzJyuWQOewvgw02iN/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 341 1489649033.23 1489649033.7 471 192.168.1.116 - 53226 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T4vxPFbeqbbNpxKZUh1rFYqQY7m/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 342 1489649225.28 1489649225.71 435 192.168.1.116 - 53227 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OqDvKNjzD6FP0lNzFNHzdXBW5gfg/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 343 1489649417.47 1489649417.98 508 192.168.1.116 - 53228 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rYTro3YVhKwPAFSzUwTrkyxIVrEt/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 344 1489649610.65 1489649611.09 438 192.168.1.116 - 53229 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r02h1QxhJ6ZDvufTigSPxsA7/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 345 1489649804.01 1489649804.94 936 192.168.1.116 - 53230 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CGNR3csLhB7LTiVzdXH0OiyMy/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 346 1489649996.89 1489649997.23 338 192.168.1.116 - 53231 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MY4Dya75c8rlsDlRp3B9GjnX/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 347 1489650189.69 1489650190.39 708 192.168.1.116 - 53232 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YfnaaHotgj4Kofaq6s/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 348 1489650385.62 1489650387.54 1915 192.168.1.116 - 53233 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eegsE3ustrn1xQN9g/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 349 1489650579.96 1489650580.53 572 192.168.1.116 - 53234 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/grHjOGYvnq0r7Gq0ZJvfovnJRE/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 350 1489650774.94 1489650775.91 975 192.168.1.116 - 53235 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/my34VnhRRsPYweE5LyAyla/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 351 1489650967.69 1489650969.66 1972 192.168.1.116 - 53236 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 45261 0 45120 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 351 1489650978.22 1489650978.8 579 192.168.1.116 - 53236 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7d1NLPq7X2XTv6xZSF8I2wxEAHr/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 352 1489651170.72 1489651172.14 1419 192.168.1.116 - 53237 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 352 1489651178.91 1489651180.45 1539 192.168.1.116 - 53237 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iPdL6TNccSVWdVcqYo8dAV5p8hzmNI/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 353 1489651372.06 1489651372.54 476 192.168.1.116 - 53238 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mkS8L3oy3debsEQ8nKCDwkdl0UhDCOcF/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 354 1489651564.02 1489651564.45 433 192.168.1.116 - 53239 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pWbrdTsC9tpvXu2tS/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 355 1489651756.15 1489651756.7 551 192.168.1.116 - 53240 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vgN7JVV1k6ocoZalB3ekOFi/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 356 1489651949.16 1489651949.88 721 192.168.1.116 - 53241 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 356 1489651955.84 1489651957.77 1928 192.168.1.116 - 53241 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QhG7A5xVwb4K5bEN1W/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 357 1489652149.57 1489652150.01 438 192.168.1.116 - 53242 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yvMDxMXu1wiquFtup/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 358 1489652341.8 1489652342.31 509 192.168.1.116 - 53243 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ubl3rmnMvvM7YaE00X0VtUiBQ4f/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 359 1489652534.06 1489652536.08 2021 192.168.1.116 - 53244 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7O5U9xe1FAtrvBPepPao4MOAVmy423U/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 360 1489652727.59 1489652728.02 435 192.168.1.116 - 53245 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sO30FwzxAFEH1NaX/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 361 1489652920.31 1489652920.82 505 192.168.1.116 - 53246 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kgSl52lrtcHBroHvisN5xI0Fg/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 362 1489653113.04 1489653113.65 612 192.168.1.116 - 53247 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j8m7mOnavO4UijcOm6X7UHvYiP/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 363 1489653306.5 1489653307.08 577 192.168.1.116 - 53248 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BStPe4FhqxkRjzg5S2AxNMz46VFGUVy/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 364 1489653498.96 1489653499.55 585 192.168.1.116 - 53249 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u3n0uXnIlCxITkSSmsUdZB/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 365 1489653697.53 1489653698.17 640 192.168.1.116 - 53250 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 366 1489653715.67 1489653716.33 669 192.168.1.116 - 53251 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 367 1489653733.1 1489653733.71 611 192.168.1.116 - 53252 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 368 1489653750.7 1489653751.48 779 192.168.1.116 - 53253 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0qemWiBDC0UWxMfML68lpiW/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 369 1489653942.81 1489653943.19 380 192.168.1.116 - 53254 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gxTJAHWC9RY52t6mbaDgjeVgl/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 370 1489654134.57 1489654134.95 374 192.168.1.116 - 53255 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GuBI07Xri2MrdzaxYqwD4P/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 371 1489654326.22 1489654327.56 1333 192.168.1.116 - 53256 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ABX8dTSLhnT6h4IZru7MT1ASEtPp/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 372 1489654518.87 1489654519.26 392 192.168.1.116 - 53257 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d0XL7xMMS6mcaOR12OPcCCJJ3f/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 373 1489654710.57 1489654710.94 369 192.168.1.116 - 53258 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aeIlGuTMK6QUJNcMTJIu9j2rNXCB/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 374 1489654902.25 1489654902.63 381 192.168.1.116 - 53259 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fM5y4GdOT9OtPAwe8M50Q08t1HqwZ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 375 1489655093.99 1489655094.36 373 192.168.1.116 - 53260 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PskBmPkjJrRJqudbcVee2za4eJHd/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 376 1489655294.36 1489655297.19 2825 192.168.1.116 - 53261 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DlKniltG10JyeRCeHZNEiLK/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 377 1489655489.45 1489655489.81 353 192.168.1.116 - 53262 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pojKoPYweKE0adnqw/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 378 1489655681.18 1489655681.62 432 192.168.1.116 - 53263 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/si870qWqIQ1EbFVFwUdGVcoF/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 379 1489655872.97 1489655873.35 374 192.168.1.116 - 53264 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fqr6xxOx4wctaEKui/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 380 1489656064.62 1489656064.95 334 192.168.1.116 - 53265 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FCw3yJIsnpUoHcChtyjOzoqYc/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 381 1489656256.23 1489656256.56 335 192.168.1.116 - 53266 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iYcxYTtkh5BjqPPNCMP3Ujk4Nf9Orm/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 382 1489656447.0 1489656447.14 140 192.168.1.116 - 53267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 382 1489656447.36 1489656447.54 177 192.168.1.116 - 53267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/GQBllwRnl2qHmQIb8/ 319 507 0 364 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 382 1489656447.96 1489656448.12 165 192.168.1.116 - 53267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 382 1489656452.12 1489656452.2 72 192.168.1.116 - 53267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/TLKMHXQPXR/1/ 217 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 383 1489656453.35 1489656453.46 105 192.168.1.116 - 53268 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 384 1489656453.63 1489656453.73 105 192.168.1.116 - 53269 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 385 1489656454.91 1489656455.09 174 192.168.1.116 - 53270 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 386 1489656456.23 1489656456.3 70 192.168.1.116 - 53271 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hfYMJasV8l93NcFu/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 387 1489656646.73 1489656646.84 109 192.168.1.116 - 53272 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 387 1489656653.94 1489656654.03 87 192.168.1.116 - 53272 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DOuaQFFNbeqBGdhLgN4qvEJpDlPV6jm/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 388 1489656844.41 1489656844.48 76 192.168.1.116 - 53273 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YEcpWOzLFASYA2Oie2DaBPuqhHC0/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 389 1489657034.86 1489657034.94 74 192.168.1.116 - 53274 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OZi5P1Jqvp5hBi7drSGuIepDvZN/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 390 1489657225.36 1489657225.43 72 192.168.1.116 - 53275 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2g6irPnbFGhZRBVsCIx/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 391 1489657415.83 1489657415.91 77 192.168.1.116 - 53276 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9QebNCj9wSzPixA2WrgWTNfpd1LpXiA7/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 392 1489657606.3 1489657606.37 75 192.168.1.116 - 53277 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MoYTXU7kNTINR3aq1eYf8LjMRUN/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 393 1489657796.78 1489657796.86 75 192.168.1.116 - 53278 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HtjZsxFb6FAldQgVrcsV3obL/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 394 1489657987.24 1489657987.31 72 192.168.1.116 - 53279 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yoeWBSDBGX0i3SGFlrYCC7wpmLoi0BNX/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 395 1489658177.72 1489658177.79 72 192.168.1.116 - 53280 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/46VNIkuQjV9J6D4B9p2sw/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 396 1489658368.17 1489658368.24 75 192.168.1.116 - 53281 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jwufsKcXwsRTCrI1m2wo/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 397 1489658558.65 1489658558.73 74 192.168.1.116 - 53282 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GID4IwPGLcXI2r9vfuTZbqFx5ZsunjL/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 398 1489658749.11 1489658749.19 82 192.168.1.116 - 53283 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dPMVKdo1kNNcz5yMBhnqicv/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 399 1489658939.63 1489658939.71 81 192.168.1.116 - 53284 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LsWJO8dozxeWX3f306pWkHx/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 400 1489659130.11 1489659130.18 74 192.168.1.116 - 53285 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HPuYS6F4CFZHX9KF6D0ZFUkgk/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 401 1489659320.56 1489659320.63 73 192.168.1.116 - 53286 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fIoh8jcdAp811YwPySTijS1agOBAR/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 402 1489659511.05 1489659511.15 97 192.168.1.116 - 53287 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x56S8S83fgHb1bkP8FBm/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 403 1489659701.56 1489659701.63 77 192.168.1.116 - 53288 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CLC4GLchIJtpBFrFih2bXN7yWWKdNxYA/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 404 1489659892.03 1489659892.11 81 192.168.1.116 - 53289 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CKN46hdV2TJt2FeW/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 405 1489660082.54 1489660082.63 87 192.168.1.116 - 53290 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2wuy0JP8iW7TNSnamjas/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 406 1489660273.03 1489660273.11 74 192.168.1.116 - 53291 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JPTi9erbPPOWNhShNJSyA0lDdwp2L2/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 407 1489660463.49 1489660463.57 76 192.168.1.116 - 53292 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ha34oM5xp1rG1QXdu/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 408 1489660654.0 1489660654.08 74 192.168.1.116 - 53293 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m5ZjlmKw7zf1vEfoQS3CUxZ4HhBMjgFA/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 409 1489660844.5 1489660844.58 77 192.168.1.116 - 53294 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dc4JOKkUhrxPhxQ0rnhQxOgaDAFn/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 410 1489661034.98 1489661035.05 72 192.168.1.116 - 53295 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/chlUFrGJdNdkK4KPAICDTd5K/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 411 1489661225.63 1489661225.7 71 192.168.1.116 - 53296 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s4tHqSXFzaYi4Ug0fe6NVmmhrrXcby/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 412 1489661416.11 1489661416.19 80 192.168.1.116 - 53297 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NL31Mk7Bh17znq1VWVWovm2aIYny/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 413 1489661606.91 1489661606.98 76 192.168.1.116 - 53298 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PAtC9IxLHwJOD9WPg3/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 414 1489661797.38 1489661797.46 76 192.168.1.116 - 53299 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bnk6QYbXzKJOnf1PRSwHDWE52Wu0zHa/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 415 1489661987.87 1489661988.07 199 192.168.1.116 - 53300 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 415 1489661996.47 1489661996.55 78 192.168.1.116 - 53300 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zBR717AG8FlLU5rxa5Tq2XCeoWGbNe/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 416 1489662187.14 1489662187.36 213 192.168.1.116 - 53301 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 416 1489662194.69 1489662194.78 88 192.168.1.116 - 53301 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qAb4U5NBclR6aHsI1sr1WX9JTjN9TmD/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 417 1489662385.17 1489662385.24 72 192.168.1.116 - 53302 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FeJoH7GoBevl1KKV/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 418 1489662575.66 1489662575.74 87 192.168.1.116 - 53303 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cSGoTIuFXHiMWObjN9Nx4zPjF6/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 419 1489662766.11 1489662766.22 111 192.168.1.116 - 53304 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 419 1489662772.18 1489662772.26 81 192.168.1.116 - 53304 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pkKNDU4kxToSDzg4dLQBQlj/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 420 1489662962.67 1489662962.75 78 192.168.1.116 - 53305 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yHo7tBaA6Ha3VflS8A7V6sRcTEPl8c/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 421 1489663153.12 1489663153.2 72 192.168.1.116 - 53306 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QTxU4SaLgdpOh4ZqzWB9M3/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 422 1489663343.58 1489663343.66 79 192.168.1.116 - 53307 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TCBdXO0n8IYbZDQj2bzkogs/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 423 1489663534.07 1489663534.15 74 192.168.1.116 - 53308 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PctHkD5dxzqtwDd7zvmf/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 424 1489663724.55 1489663724.63 79 192.168.1.116 - 53309 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oA7jkpr7UAOyTaAoM/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 425 1489663915.02 1489663915.1 81 192.168.1.116 - 53310 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0rV5FPTRVwpD9Sgpxwmitb7THuyNZTA7/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 426 1489664105.54 1489664105.61 72 192.168.1.116 - 53311 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AYXTPz3A3qvwwlo92ELYKE4lWsbZQ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 427 1489664296.05 1489664296.13 78 192.168.1.116 - 53312 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v2gJLEyBrwJ9zPfV/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 428 1489664486.51 1489664486.58 74 192.168.1.116 - 53313 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MlOqXOTWMUndm29PSeG/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 429 1489664676.99 1489664677.06 77 192.168.1.116 - 53314 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eMXbT7GWrIzhMJusPdA6jt9oFLRsIc/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 430 1489664867.5 1489664867.57 72 192.168.1.116 - 53315 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BMObA1BVe29LEiCIeGv6vHfgVQy8vQ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 431 1489665057.93 1489665058.01 80 192.168.1.116 - 53316 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J6q30JYD3UhiIL7sKLdMFpbe/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 432 1489665248.42 1489665248.51 94 192.168.1.116 - 53317 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eoDWtRW2691TTIhNiy5AIXffCxdbvTct/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 433 1489665438.92 1489665438.99 74 192.168.1.116 - 53318 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GUPuccBvCXov9dpy2Wn3ZJGvA/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 434 1489665629.37 1489665629.44 77 192.168.1.116 - 53319 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j4tCEnetEpxZOLt3N9Bo1yQteO5uO/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 435 1489665819.85 1489665819.93 77 192.168.1.116 - 53320 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BlIv4sWCH7TJdO537bcRiRTMCGlq6SC2/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 436 1489666010.38 1489666010.71 325 192.168.1.116 - 53321 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i4tv5eFtWilXbZO9N4KFAxP/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 437 1489666201.12 1489666201.2 78 192.168.1.116 - 53322 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mkgtMcxmFpd2dqvDZ5rlzyaGjq8V/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 438 1489666392.0 1489666392.14 137 192.168.1.116 - 53323 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 439 1489666392.31 1489666392.38 76 192.168.1.116 - 53324 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BrpLeebCiG2MpYU2tR67Ml3c8Y/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 440 1489666582.76 1489666582.83 75 192.168.1.116 - 53325 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XjeVz93Cy4CZkO1ol60meBP7qljJRV7b/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 441 1489666773.24 1489666773.31 74 192.168.1.116 - 53326 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lI0fWniQDKmZQS3FxXgzu6oBjF/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 442 1489666963.69 1489666963.78 89 192.168.1.116 - 53327 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1pJ1ceyIQszByV4ptaBaLLJDgJri3RJ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 443 1489667154.21 1489667154.28 77 192.168.1.116 - 53328 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xOOVPufVTdSNHvydig6p4Mef36NORgYS/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 444 1489667344.69 1489667344.77 75 192.168.1.116 - 53329 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/twusiSWHeF816hpBny7MIu1/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 445 1489667535.16 1489667535.36 201 192.168.1.116 - 53330 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 445 1489667543.87 1489667544.01 136 192.168.1.116 - 53330 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rseV0cBFaQ8ySM2mu9VW0vmHTk/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 446 1489667734.38 1489667734.5 119 192.168.1.116 - 53331 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 446 1489667741.62 1489667741.69 77 192.168.1.116 - 53331 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/08JO2pStXDoG88oF/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 447 1489667932.14 1489667932.22 80 192.168.1.116 - 53332 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8YZbRU1onEnawm2mv7OHJXxn0rNsLv/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 448 1489668122.6 1489668122.68 78 192.168.1.116 - 53333 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lHLJSYgoCPJPe7dok1ylcRv/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 449 1489668319.07 1489668319.15 76 192.168.1.116 - 53334 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 450 1489668334.37 1489668334.44 77 192.168.1.116 - 53335 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 451 1489668349.65 1489668349.72 66 192.168.1.116 - 53336 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 452 1489668364.96 1489668365.04 83 192.168.1.116 - 53337 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aU9ekjVIs7ld0zrjvhsLcZ6/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 453 1489668555.44 1489668555.52 76 192.168.1.116 - 53338 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SGY0o97SrdtsMIo0KXR1C/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 454 1489668745.93 1489668746.01 82 192.168.1.116 - 53339 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y1lkyhzUkZcv1VrL5puAwCUYIL67ub/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 455 1489668936.42 1489668936.49 77 192.168.1.116 - 53340 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oCJK8fx0ZJQRT8OTi59h9H6m/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 456 1489669126.9 1489669126.98 77 192.168.1.116 - 53341 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cqaAPJTCD8ZX14Olc73ePr/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 457 1489669317.4 1489669317.47 72 192.168.1.116 - 53342 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qfsiwX12qknAof1vlRkOSdTzVkWUTL/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 458 1489669507.85 1489669507.92 70 192.168.1.116 - 53343 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QFi5FCDpiQv82Vz18Af6XH30q/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 459 1489669698.33 1489669698.41 76 192.168.1.116 - 53344 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2hAJxm4eKa0SyOtGb4o/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 460 1489669888.84 1489669888.91 72 192.168.1.116 - 53345 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d7MbLreesV5ldRtsIJTm/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 461 1489670079.36 1489670079.43 74 192.168.1.116 - 53346 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t32O1lJXR0TuX5rjrGaEIXfPhNgv/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 462 1489670269.84 1489670269.92 73 192.168.1.116 - 53347 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sVRDQc5xDcmMWJcv/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 463 1489670460.33 1489670460.64 311 192.168.1.116 - 53348 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qriJuH16zVACZPEgf10UhiuGH34d/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 464 1489670651.15 1489670651.23 80 192.168.1.116 - 53349 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6RQwUAdIdws9piripsRJDK/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 465 1489670841.64 1489670841.71 73 192.168.1.116 - 53350 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5vX0WxZXSiA9EDgxCwfXdavifJm/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 466 1489671032.09 1489671032.17 78 192.168.1.116 - 53351 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TTX5SNxHbl2GnK92mHQpUvGzzC73/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 467 1489671222.6 1489671222.68 76 192.168.1.116 - 53352 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SBjn08qGli0LaOoYGNFmrI/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 468 1489671413.08 1489671413.16 78 192.168.1.116 - 53353 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jjnhKOEU0uIY1mOCKm/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 469 1489671603.92 1489671603.99 72 192.168.1.116 - 53354 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CiGCVlzmYzFrhy7mmP9Ub5p/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 470 1489671794.36 1489671794.44 80 192.168.1.116 - 53355 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vu0BxHfNbgskbrLktlXu/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 471 1489671984.85 1489671984.92 75 192.168.1.116 - 53356 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UH740DJmEqLaMDCN5deaqL2CaIgK/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 472 1489672175.37 1489672175.47 109 192.168.1.116 - 53357 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AvusyGwVZjPdgxRp8E/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 473 1489672365.9 1489672365.97 71 192.168.1.116 - 53358 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2R45rGHMyIL5fkate/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 474 1489672556.38 1489672556.46 81 192.168.1.116 - 53359 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2yqVcBEXhWporSmrUmT4/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 475 1489672746.87 1489672746.95 80 192.168.1.116 - 53360 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UxkWVsgooYRGq24vCK/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 476 1489672937.35 1489672937.43 76 192.168.1.116 - 53361 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/40UXIWCeft0QRMCAt4kBAShJ/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 477 1489673127.82 1489673127.98 164 192.168.1.116 - 53362 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 45261 0 45120 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 477 1489673136.3 1489673136.43 129 192.168.1.116 - 53362 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 477 1489673143.26 1489673143.35 86 192.168.1.116 - 53362 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UApLB9fuR4huXOiL1CR11PFbDi99f/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 478 1489673333.78 1489673333.86 74 192.168.1.116 - 53363 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gW9lM6PWQHA79YHI4Gh6M/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 479 1489673524.29 1489673524.36 73 192.168.1.116 - 53364 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aAOr6enscq0R5naee2c9h3zE68JhN/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 480 1489673714.74 1489673714.86 113 192.168.1.116 - 53365 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 480 1489673720.83 1489673720.91 78 192.168.1.116 - 53365 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CK14BXI8DEZzzWLOUTAP2cyphniW/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 481 1489673911.33 1489673911.41 73 192.168.1.116 - 53366 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gqabOeCEPeWA9AoDtsX/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 482 1489674101.81 1489674101.89 81 192.168.1.116 - 53367 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZkhkhHJvH3aIRtlLZRCSZVWNtZr7/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 483 1489674292.31 1489674292.38 73 192.168.1.116 - 53368 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vN99Z6RuXvvIk1isY7qHKRLUR699/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 484 1489674482.8 1489674482.87 69 192.168.1.116 - 53369 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OP3ZObFVxCZuhEP8JyrKuOElD7Kjsg/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 485 1489674673.34 1489674673.41 72 192.168.1.116 - 53370 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ff088gdG0ZG3NQF28T/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 486 1489674863.81 1489674863.89 77 192.168.1.116 - 53371 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rP6BTBJZhVDaX8twAC3vw3A3/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 487 1489675054.31 1489675054.39 77 192.168.1.116 - 53372 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fzlt7N0wmPnPZweu8eL8xhRme5xm8/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 488 1489675244.81 1489675244.89 79 192.168.1.116 - 53373 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/41G4RaWSeEgCCkPIUlEwLEmBF/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 489 1489675435.29 1489675435.6 311 192.168.1.116 - 53374 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/60fEgcz9vzPTGTqu9Xk2gTIgAW/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 490 1489675627.65 1489675628.27 621 192.168.1.116 - 53375 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 491 1489675629.84 1489675630.06 223 192.168.1.116 - 53376 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 490 1489675630.27 1489675630.95 683 192.168.1.116 - 53375 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/FDdOaw9d2XPgPP4stERr/ 323 510 0 367 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 490 1489675631.47 1489675632.07 605 192.168.1.116 - 53375 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/BHWGAAXOAMCLJXDO/1/ 224 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 492 1489675635.06 1489675635.77 708 192.168.1.116 - 53377 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 493 1489675637.6 1489675638.27 678 192.168.1.116 - 53378 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 494 1489675640.08 1489675642.29 2209 192.168.1.116 - 53379 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 495 1489675645.17 1489675645.78 607 192.168.1.116 - 53380 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fwO3Ai86JYvzUgIbZf3MKVemK/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 496 1489675839.93 1489675840.54 610 192.168.1.116 - 53381 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ebrkXShUc3IAqzsfKjPLZLCk8/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 497 1489676032.55 1489676034.77 2222 192.168.1.116 - 53382 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9RWpU2vhISNvNT92p/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 498 1489676226.73 1489676227.37 637 192.168.1.116 - 53383 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9vMIdk5DpzWB8nnayUiAtkNjRdfjgZ3/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 499 1489676420.52 1489676421.14 615 192.168.1.116 - 53384 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aMb2WVLvkeuZx2iLw83PEikKzMJcqr0/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 500 1489676613.17 1489676613.79 622 192.168.1.116 - 53385 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R7jYD55tBK2zSTsN/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 501 1489676806.85 1489676807.46 612 192.168.1.116 - 53386 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XJR9nbo2nuvDK84fOj0qh/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 502 1489676999.56 1489677000.18 617 192.168.1.116 - 53387 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IiOuXwIq8Yp8wjjgyj0/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 503 1489677192.2 1489677192.81 617 192.168.1.116 - 53388 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zpv4PTowZTA5a9arKfpGn3/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 504 1489677384.85 1489677385.46 616 192.168.1.116 - 53389 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TZ2yMPVwwuhqT6CqUvg20yz/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 505 1489677577.46 1489677578.1 635 192.168.1.116 - 53390 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z1rWLqEiCZ75ZTvxjoGL9/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 506 1489677771.24 1489677771.85 609 192.168.1.116 - 53391 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wONnSuJRtOWjD1PV45P6vGHFl/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 507 1489677963.9 1489677964.52 620 192.168.1.116 - 53392 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8EPMulTENPE3IFHUVfq2Ilet3wMKb835/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 508 1489678156.52 1489678157.15 635 192.168.1.116 - 53393 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YVx9iIVb0vvLrjhiypVVtrkSKqp/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 509 1489678351.34 1489678351.96 623 192.168.1.116 - 53394 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lULyFqMOVam2LN3O3aC5rBuWvBfEWC/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 510 1489678544.11 1489678546.48 2372 192.168.1.116 - 53395 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 510 1489678554.03 1489678558.2 4168 192.168.1.116 - 53395 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 510 1489678565.21 1489678565.82 616 192.168.1.116 - 53395 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ys3TJH3BC9VQlQR5c/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 511 1489678757.87 1489678758.48 605 192.168.1.116 - 53396 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cTxakrUC0p6f6gwlcX/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 512 1489678950.51 1489678951.13 619 192.168.1.116 - 53397 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ijD0zAyl8oZA28pKYaCnGBEv58sOPIP/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 513 1489679144.26 1489679144.86 604 192.168.1.116 - 53398 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rKLBRQOItCosPaKBFLGY3mlY/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 514 1489679337.91 1489679338.51 607 192.168.1.116 - 53399 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7iuXdB6qasmqvHdTHh7/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 515 1489679530.52 1489679531.13 612 192.168.1.116 - 53400 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UCRlOjyvBy0A7ejWVHckOGECF/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 516 1489679723.11 1489679723.74 635 192.168.1.116 - 53401 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3dTlUe9YufDl328CqoKir0i/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 517 1489679915.79 1489679916.4 616 192.168.1.116 - 53402 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/65LzdmrcP6k5uDooSQPg5jnc/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 518 1489680109.58 1489680110.2 620 192.168.1.116 - 53403 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S61ZmToRM38sR3QyUKmUZbC0WiKZ/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 519 1489680302.23 1489680302.85 616 192.168.1.116 - 53404 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hlPzOGrOIEWUur9r6SbRS7B43n/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 520 1489680494.9 1489680495.51 611 192.168.1.116 - 53405 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sYeo7mTKDnG5XAxkrKOrr7Ug0au/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 521 1489680687.65 1489680688.22 568 192.168.1.116 - 53406 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oY1hpwfuzKQyT7IneS4aKR1E/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 522 1489680881.95 1489680882.59 645 192.168.1.116 - 53407 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/642DI3N2uZCD3zeGZbyx/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 523 1489681074.66 1489681075.23 569 192.168.1.116 - 53408 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rnLORSAU9hwz94Wo0YHJXsnDG/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 524 1489681267.26 1489681267.88 621 192.168.1.116 - 53409 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GbMUOhwiTcIJdqFVjWRBL/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 525 1489681459.85 1489681460.46 608 192.168.1.116 - 53410 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o99pHkINHD4QJ9vf6/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 526 1489681657.39 1489681658.01 611 192.168.1.116 - 53411 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3fh8P3rewv1m3m6R5w2Fs9M3PuT/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 527 1489681849.95 1489681850.56 615 192.168.1.116 - 53412 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8x20puWQBmbNyGIo0OaPe0KOBEP/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 528 1489682042.55 1489682043.19 636 192.168.1.116 - 53413 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jJ7f64ysEhzAXJBCL1VExa2qeI/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 529 1489682235.23 1489682235.83 603 192.168.1.116 - 53414 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DIYQkhqxvJYGjPDaPV8q/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 530 1489682427.82 1489682428.43 605 192.168.1.116 - 53415 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q1eT9mKn4uMjk6Sh9zNckglxiYEA/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 531 1489682620.42 1489682621.05 633 192.168.1.116 - 53416 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JW7sYA3HXtZ6PoT2ZAXgFF1Kpzlf/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 532 1489682821.32 1489682821.99 677 192.168.1.116 - 53417 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 533 1489682838.82 1489682839.44 617 192.168.1.116 - 53418 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 534 1489682856.21 1489682856.89 681 192.168.1.116 - 53419 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 535 1489682873.68 1489682874.29 607 192.168.1.116 - 53420 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ShlpK9nXoLcBJrtV4XHZQvvCCEmXBCu/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 536 1489683066.35 1489683066.96 605 192.168.1.116 - 53421 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MrGG3DNQGpV7D6iD8axB/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 537 1489683260.1 1489683260.7 606 192.168.1.116 - 53422 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QMWD5DKZrIUn6KR91pOuLQ9WsoT0/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 538 1489683455.33 1489683455.89 567 192.168.1.116 - 53423 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SYj7tZg1bkkDxN6be2Az3p/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 539 1489683647.94 1489683648.55 612 192.168.1.116 - 53424 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZS5FBovPXwNDCZFI8lt3pzTz/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 540 1489683840.59 1489683841.2 606 192.168.1.116 - 53425 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/phKbEob1BH65Au1waF/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 541 1489684034.44 1489684044.17 9728 192.168.1.116 - 53426 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 541 1489684051.69 1489684061.82 10126 192.168.1.116 - 53426 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 541 1489684069.41 1489684070.03 625 192.168.1.116 - 53426 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EnPboXhwyfLTKymWsdHYUGg5i7Br/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 542 1489684263.21 1489684263.83 614 192.168.1.116 - 53427 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LT8fRjq9Ff1XUY2Q2YEg/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 543 1489684455.87 1489684456.48 613 192.168.1.116 - 53428 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hNsYpjJJ1XgzZkdt4s7CTr/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 544 1489684649.46 1489684651.23 1773 192.168.1.116 - 53429 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 544 1489684657.2 1489684657.82 622 192.168.1.116 - 53429 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3gfR28Py0JQhoX4ixC58aFleN/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 545 1489684849.83 1489684850.44 617 192.168.1.116 - 53430 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zd2YN6QKfc5Z0OV1Ig5XjrmjNMG/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 546 1489685042.62 1489685043.23 611 192.168.1.116 - 53431 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/37pMqO1IqJfjWlMutpgwkWzHV/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 547 1489685235.26 1489685235.83 568 192.168.1.116 - 53432 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kVWsoq5YBj4hb7uZbYlI/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 548 1489685427.86 1489685428.47 614 192.168.1.116 - 53433 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RO2RWjzhHPvTGPwv/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 549 1489685620.55 1489685621.15 604 192.168.1.116 - 53434 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gAR5qRAVpHe2iOilGhohSd/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 550 1489685815.09 1489685815.73 633 192.168.1.116 - 53435 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wOAiInbDK9ehBTl0D/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 551 1489686007.72 1489686008.34 613 192.168.1.116 - 53436 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mvYyuUoOTVVsgFSVxwUeYieqbF/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 552 1489686200.4 1489686201.0 597 192.168.1.116 - 53437 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aylsnMBWvMWqZRq8jWvqIM/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 553 1489686392.97 1489686393.61 637 192.168.1.116 - 53438 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KfCo8a5UY251RtmlQ837wgfKE2/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 554 1489686585.7 1489686586.3 608 192.168.1.116 - 53439 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5UmLZnOdI3G8wjTKifVFgr2QUYbeX72/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 555 1489686778.26 1489686778.83 570 192.168.1.116 - 53440 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OY1I15aiqyFFI0m7CfvPcV/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 556 1489686972.05 1489686972.66 612 192.168.1.116 - 53441 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9JODqj9m8p389zqnu/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 557 1489687164.63 1489687165.26 624 192.168.1.116 - 53442 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LQLtzbbisyNMYk75X/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 558 1489687357.45 1489687358.06 618 192.168.1.116 - 53443 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AIlXysrDD4roTqqEo/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 559 1489687550.07 1489687551.78 1712 192.168.1.116 - 53444 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SPbq12EpL9riseTIUvkqcqJ2Ugo544VG/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 560 1489687745.61 1489687746.22 609 192.168.1.116 - 53445 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OfeDyw7Gvf0Bo5NQDd/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 561 1489687938.25 1489687938.86 613 192.168.1.116 - 53446 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J98I9G3XvQhP5z20sg1RGo1/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 562 1489688133.13 1489688133.74 612 192.168.1.116 - 53447 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UPlNj1wDKJusrf3L7DeUbx9/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 563 1489688331.02 1489688331.66 640 192.168.1.116 - 53449 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p7kqss5ZPXY29lBOo6QsSlfjKOLFbu0w/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 564 1489688523.68 1489688524.29 616 192.168.1.116 - 53450 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CRAY48HQMblEFCQFGK7Qvu/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 565 1489688716.27 1489688716.9 633 192.168.1.116 - 53451 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YoOUDb9ykfekd71aiBbkDyA07rArcC/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 566 1489688914.66 1489688915.26 604 192.168.1.116 - 53452 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WuyKwPhmgnyf2pxDqN/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 567 1489689107.22 1489689109.4 2181 192.168.1.116 - 53453 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aWeMbagntmc2ebRMB6NPYfM/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 568 1489689301.46 1489689302.07 605 192.168.1.116 - 53454 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CzXWrZNdaXnnKLYFVXdRZlap5utPTeH/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 569 1489689494.03 1489689499.26 5230 192.168.1.116 - 53455 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 569 1489689506.83 1489689509.6 2776 192.168.1.116 - 53455 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 569 1489689516.76 1489689518.48 1721 192.168.1.116 - 53455 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YHlzqARbyqcCWW9mj/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 570 1489689710.51 1489689711.12 614 192.168.1.116 - 53456 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yWXddXi5a7UtTxKMMuRmSkJGlcx/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 571 1489689903.15 1489689903.75 605 192.168.1.116 - 53457 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iQNKypCVWoQ32cCT3/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 572 1489690099.36 1489690099.96 604 192.168.1.116 - 53458 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Si8Nx9PNtMhRL0F8/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 573 1489690339.42 1489690339.99 572 192.168.1.116 - 53460 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FKHhb7fNLVyK0m4knWlvimYy2prvQ3f/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 574 1489690532.01 1489690532.64 621 192.168.1.116 - 53461 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i8yfuGmjLm9E3FAtG4S4Z78UrkPM4fd2/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 575 1489690724.67 1489690725.29 611 192.168.1.116 - 53462 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/spsrGsbcYPzHlhgSJD2RZp15yAVLFl/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 576 1489690917.36 1489690917.96 607 192.168.1.116 - 53463 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xow8kznhroU5F5PWKeSdQyOqyUSe/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 577 1489691109.91 1489691110.49 578 192.168.1.116 - 53464 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fXc3V3J08Hvn0DbLku9m/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 578 1489691302.45 1489691303.08 633 192.168.1.116 - 53465 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HotI1dlfCBx4GIgYbq/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 579 1489691495.1 1489691495.71 606 192.168.1.116 - 53466 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0OZhyYClQkdFzs3UhFI/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 580 1489691689.8 1489691690.44 635 192.168.1.116 - 53467 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ru25jA8Zz4HYfhnL4f8/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 581 1489691882.48 1489691883.09 611 192.168.1.116 - 53468 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1npiX5w971eZsKiseoswIdEeqW2/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 582 1489692076.3 1489692076.92 622 192.168.1.116 - 53469 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZoDnBuV6JQbXdhn8VGNg3kAyR/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 583 1489692316.23 1489692316.86 634 192.168.1.116 - 53471 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ezxJISODRnkJ2ENHoyIWilq/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 584 1489692508.94 1489692509.55 610 192.168.1.116 - 53472 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YUFszAFT3QOu1BjkHA9FYKaXQ4HL8gd/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 585 1489692701.54 1489692702.15 607 192.168.1.116 - 53473 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SBo1y3viL3QuCRdUL8hdpJT/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 586 1489692894.2 1489692894.81 610 192.168.1.116 - 53474 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BfoGD9EcAh7k3ykaKfQwWo3GC/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 587 1489693088.65 1489693089.28 627 192.168.1.116 - 53475 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f7TZYmCereWXn2LBqjyG/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 588 1489693283.17 1489693283.77 605 192.168.1.116 - 53476 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hslta2sMV5A6IOTkEbfXjVeOVEYrxmr4/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 589 1489693475.82 1489693476.43 611 192.168.1.116 - 53477 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ugZFXCstH6g9JyR1chfeQKdxdWjqug/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 590 1489693668.46 1489693669.08 614 192.168.1.116 - 53478 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wxytjixP9bHNUnyUh5uJrqyVxSUFg/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 591 1489693861.08 1489693861.68 606 192.168.1.116 - 53479 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fJ8dS0m6DiB0aJ5ktdYrlCqhyz/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 592 1489694053.7 1489694054.34 636 192.168.1.116 - 53480 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fDsfKli66iFSScSVzZm4OkDxPVlJjD0d/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 593 1489694293.66 1489694294.24 575 192.168.1.116 - 53482 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ffCoY9NhBNXY3QO9CY/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 594 1489694486.25 1489694486.87 620 192.168.1.116 - 53483 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dcEsPbDWUsANAqNHYNCABGwjDwX/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 595 1489694678.91 1489694679.52 609 192.168.1.116 - 53484 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/40McoeeiJYDE5MkrUlTKq/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 596 1489694871.55 1489694872.16 610 192.168.1.116 - 53485 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zYw0FKblZUIJ6Lmfza2cRv20Qx/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 597 1489695064.12 1489695066.42 2306 192.168.1.116 - 53486 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 597 1489695073.95 1489695075.72 1764 192.168.1.116 - 53486 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 597 1489695082.7 1489695083.31 611 192.168.1.116 - 53486 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/82Phezr9UiOsjCPEIbRE3jN6TU1OiiUC/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 598 1489695409.58 1489695410.09 504 192.168.1.116 - 53490 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 598 1489695410.32 1489695410.84 520 192.168.1.116 - 53490 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/ZsJYAtM3cqKS1gJZ/ 318 506 0 363 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 598 1489695411.35 1489695411.78 436 192.168.1.116 - 53490 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/PGDVXIBAMWLVXS/1/ 221 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 599 1489695414.36 1489695414.84 477 192.168.1.116 - 53491 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 600 1489695417.19 1489695417.67 481 192.168.1.116 - 53492 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 601 1489695419.07 1489695419.55 481 192.168.1.116 - 53493 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 602 1489695422.31 1489695422.82 509 192.168.1.116 - 53494 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 603 1489695425.17 1489695425.67 505 192.168.1.116 - 53495 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4FCJKJRhLCHxms02PqgCbmMOJA4E6/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 604 1489695617.31 1489695617.78 473 192.168.1.116 - 53496 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 604 1489695623.74 1489695624.19 448 192.168.1.116 - 53496 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MBl4yo0tQvzExfmO3/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 605 1489695815.73 1489695816.18 444 192.168.1.116 - 53497 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9ve1i3qHiqWOGABlo9bziJofA/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 606 1489696007.79 1489696008.23 438 192.168.1.116 - 53498 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f63PZJxLKq4n1vWkrf/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 607 1489696247.33 1489696247.78 451 192.168.1.116 - 53500 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6PK511GuyUu0sH4cF89WcPV83g3RJt59/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 608 1489696439.39 1489696443.47 4078 192.168.1.116 - 53501 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SHswhOM0otou5ucwPFE8iyoClXtFroM/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 609 1489696635.03 1489696635.5 470 192.168.1.116 - 53502 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9j9F01zczgDPZjPL3LGYOKHgBshyrb/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 610 1489696827.08 1489696827.52 439 192.168.1.116 - 53503 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NeWuO76w4KMhbI3fE/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 611 1489697019.11 1489697019.56 450 192.168.1.116 - 53504 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lcRrCkTEs42SrlaJWBWpS1V3yBIudfm/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 612 1489697211.14 1489697211.61 467 192.168.1.116 - 53505 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/umxEUfuUpcaoEcLv8wLVYmRA5/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 613 1489697410.04 1489697410.54 507 192.168.1.116 - 53506 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 614 1489697426.92 1489697427.4 485 192.168.1.116 - 53507 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 615 1489697443.75 1489697444.27 524 192.168.1.116 - 53508 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 616 1489697460.74 1489697461.22 481 192.168.1.116 - 53509 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Iow95r9iGkjhmtly3PnfYowjEP/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 617 1489697652.8 1489697653.24 437 192.168.1.116 - 53510 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8rt6uchMQh4WtPWwT1Qx9SudfFLP4yA/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 618 1489697844.82 1489697845.25 434 192.168.1.116 - 53511 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NBgmmR14IuAJ7wKmh9ZrSChr/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 619 1489698036.84 1489698037.31 472 192.168.1.116 - 53512 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IDtU0zy4wpYYuSGtaAatJ/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 620 1489698276.18 1489698276.62 437 192.168.1.116 - 53514 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y531FPAGacbnR2vug4DK59/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 621 1489698471.19 1489698471.67 476 192.168.1.116 - 53515 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QP6bBcuSSGiwsu8wuYzwVYfZcsjNAT/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 622 1489698663.24 1489698663.71 472 192.168.1.116 - 53516 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gX706ZLktxRQjmHKFxZ/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 623 1489698855.29 1489698855.73 442 192.168.1.116 - 53517 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NvQRTespPxMpElBWnb1P643NxB4tO3/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 624 1489699047.32 1489699047.76 439 192.168.1.116 - 53518 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EMAnqBP4FqA01RuxEPfjR140/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 625 1489699239.36 1489699239.83 473 192.168.1.116 - 53519 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EV9MwZ8ruKTz5yIaHAsd2QdajX6yOO0Q/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 626 1489699431.42 1489699433.09 1675 192.168.1.116 - 53520 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7ZIG48OYxx2kBivJKY3TRtO31T/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 627 1489699624.64 1489699625.08 435 192.168.1.116 - 53521 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gDFa8MwPzK5Tp4Ol51Ub1Qnk2tfFALj/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 628 1489699816.61 1489699817.05 437 192.168.1.116 - 53522 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fMFV1U3PyK9fo5VUBj3/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 629 1489700008.63 1489700009.1 471 192.168.1.116 - 53523 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5EtjiptaM90ZqvxaLkNdOiwJYxDa/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 630 1489700248.05 1489700248.52 469 192.168.1.116 - 53525 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/56JhaEpagK3J0Hq2JGt/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 631 1489700440.07 1489700440.54 471 192.168.1.116 - 53526 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bNPdAkTsLue4XtI0/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 632 1489700632.11 1489700633.42 1315 192.168.1.116 - 53527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 632 1489700641.16 1489700642.09 930 192.168.1.116 - 53527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 632 1489700649.45 1489700651.74 2289 192.168.1.116 - 53527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JZdrr3QDsrWpLWwCrVPSS7vSJ6rc88ew/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 633 1489700844.21 1489700844.68 470 192.168.1.116 - 53528 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s6Lm9fUbInVTo1biDj/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 634 1489701036.25 1489701036.69 435 192.168.1.116 - 53529 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B8ySqDqvbw7aLNSAXL96Cf13tFR4P/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 635 1489701228.25 1489701228.72 469 192.168.1.116 - 53530 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vt5Rkh8SlTlLAX9WVdnaW8DWD2Xv0/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 636 1489701420.46 1489701420.93 473 192.168.1.116 - 53531 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6aIc5w8U1P186dY4N/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 637 1489701612.49 1489701612.96 474 192.168.1.116 - 53532 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mGgEW3pxB9KJzvXJbHxp/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 638 1489701804.51 1489701804.98 469 192.168.1.116 - 53533 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TUiIXPuYxrRYkBrsmodys5ACpevkf/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 639 1489701996.55 1489701997.02 468 192.168.1.116 - 53534 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gGMha2TSczPZzw0iTqD9NQ/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 640 1489702236.03 1489702236.51 478 192.168.1.116 - 53536 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eAtx4cd7YwKb6a0yOdurhSY/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 641 1489702428.94 1489702429.42 476 192.168.1.116 - 53537 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r2DpbtV2uig251dZKF/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 642 1489702620.93 1489702621.37 440 192.168.1.116 - 53538 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8rD8DyF2uXrnVs6P817zDfddgpxIRMcn/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 643 1489702812.95 1489702813.41 467 192.168.1.116 - 53539 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RXJPFOuVfHLEy2dIPyIIPflRMr3h/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 644 1489703006.23 1489703006.67 439 192.168.1.116 - 53540 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h7zYTOBZJTXBo7h1IiXemZdFYPU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 645 1489703198.24 1489703198.74 499 192.168.1.116 - 53541 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/THD6ERlrnDapqPZSMWobNCq/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 646 1489703390.3 1489703390.73 436 192.168.1.116 - 53542 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/htSv84l4LvpMV0wK3f87L9rm/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 647 1489703582.25 1489703582.69 440 192.168.1.116 - 53543 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VrqPQmvkP3rt9OLsxp1vF/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 648 1489703774.23 1489703774.67 437 192.168.1.116 - 53544 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tC7IfoPNLC1662SFFlEb5IiEa/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 649 1489703967.46 1489703967.93 475 192.168.1.116 - 53545 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IySRPZoSyUpGhqFQ1no3BkYsZHlQ7mLc/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 650 1489704206.82 1489704207.33 509 192.168.1.116 - 53547 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iFLdmugYVOUqW6beKof1K57Jfa/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 651 1489704398.9 1489704399.37 469 192.168.1.116 - 53548 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1eUePPYTemLkMtMCkcVq/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 652 1489704591.77 1489704592.21 444 192.168.1.116 - 53549 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zzogrLwgJxA2wv7K/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 653 1489704783.81 1489704784.28 473 192.168.1.116 - 53550 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VYeBhhmHOF02NOsw/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 654 1489704975.83 1489704976.29 466 192.168.1.116 - 53551 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aollCY1Fi5lC46h6DsXWvA43auUgXlq/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 655 1489705167.88 1489705168.39 504 192.168.1.116 - 53552 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NQ2IentVI3eQtFZMZfufYuQu6um7l07e/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 656 1489705360.0 1489705360.43 434 192.168.1.116 - 53553 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DNgk9DLoweQchHm8zTjs/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 657 1489705551.99 1489705552.46 470 192.168.1.116 - 53554 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NYA5Iggh2UkxSs8m/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 658 1489705744.02 1489705744.46 435 192.168.1.116 - 53555 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o3PVLYkYvRUU5t2icWdz9islRJ858BE/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 659 1489705937.31 1489705937.78 471 192.168.1.116 - 53556 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5pltYAduqvRGMp19hUROz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 660 1489706129.33 1489706130.65 1325 192.168.1.116 - 53557 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 660 1489706138.2 1489706139.11 914 192.168.1.116 - 53557 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 661 1489706147.35 1489706147.57 222 192.168.1.116 - 53558 23.21.70.163 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 660 1489706194.99 1489706195.47 481 192.168.1.116 - 53557 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0fNd4JytCG1eAX5S2hSzCa/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 662 1489706387.07 1489706387.5 438 192.168.1.116 - 53560 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MBWOty8QuO1sdOWni9k6bO9eJR/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 663 1489706579.05 1489706579.55 499 192.168.1.116 - 53561 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 663 1489706585.57 1489706586.06 488 192.168.1.116 - 53561 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oQ7htdQa8GuEC81vbGD/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 664 1489706777.82 1489706779.5 1675 192.168.1.116 - 53562 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yG1skkNM0SdPZrr2fflIJ0s/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 665 1489706971.04 1489706971.48 438 192.168.1.116 - 53563 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ohekqJYzTOAB4kcUg/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 666 1489707163.05 1489707163.52 471 192.168.1.116 - 53564 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ay0decMBWqIRRozGtjpzNlor4q/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 667 1489707355.12 1489707355.62 505 192.168.1.116 - 53565 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Drdk5E8BdOPoWzuac6FzWnXfZu/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 668 1489707553.99 1489707554.42 437 192.168.1.116 - 53566 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TSVdAOCZS62Nj2AF5wwqLq4/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 669 1489707745.97 1489707746.41 440 192.168.1.116 - 53567 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UElya8bxgTjwC9y3oYjKunnqdja8DA/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 670 1489707937.93 1489707938.42 485 192.168.1.116 - 53568 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQ8hTo0do6DRpxEg5DvRm07mqjE5OTx/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 671 1489708177.04 1489708177.48 438 192.168.1.116 - 53570 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/maeTth6b7q6zrueOX0KiusoJLqSu/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 672 1489708369.08 1489708369.52 439 192.168.1.116 - 53571 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SDt1C119IBd9WFYjsAqxSG/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 673 1489708561.05 1489708561.49 440 192.168.1.116 - 53572 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vCWUqb0HiTf37j0h1u06T0RUwVZGyzb/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 674 1489708753.09 1489708753.56 471 192.168.1.116 - 53573 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G3kKhzzMJSwTk4xX6RRQ1bvDKQD/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 675 1489708946.18 1489708946.65 476 192.168.1.116 - 53574 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tu3u9LspAPHmkn75lPzwIp/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 676 1489709138.22 1489709138.67 451 192.168.1.116 - 53575 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5oM7ZZEs54m4l91CZ3au4cpBx2jLCIzA/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 677 1489709330.22 1489709330.66 436 192.168.1.116 - 53576 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S8fEfYJ9vQGYe04KDx46/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 678 1489709522.21 1489709522.65 438 192.168.1.116 - 53577 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xdpYi2zCO2P71QoPYiVx/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 679 1489709714.17 1489709714.61 438 192.168.1.116 - 53578 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RrOmhx9llC94M3NLDvszDI4qvnU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 680 1489709906.19 1489709906.69 500 192.168.1.116 - 53579 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DJIjfkPIo0Pz7Xb5Gb5tGS3HN8/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 681 1489710145.76 1489710146.19 436 192.168.1.116 - 53581 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0iVBMvfRs4shVeeah2S0T8Obg3n/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 682 1489710337.82 1489710338.29 473 192.168.1.116 - 53582 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AzktMFUganMiZFSjmepbesaOkKo/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 683 1489710529.9 1489710530.36 467 192.168.1.116 - 53583 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cNSHwNYuQIpKH2dkJuRWDrM2/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 684 1489710721.91 1489710722.35 441 192.168.1.116 - 53584 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8ucSDMQMgxsEj5h4UmTREuly/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 685 1489710913.9 1489710914.37 469 192.168.1.116 - 53585 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pVAmslBMUGzQrjEAM2Tp0E/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 686 1489711105.95 1489711106.39 436 192.168.1.116 - 53586 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nZUmTtGoSEXfUgMBQKuHdRmupH5FZp/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 687 1489711298.82 1489711299.3 476 192.168.1.116 - 53587 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GVX62V7MTNmwNhv6UVxWUYyc2/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 688 1489711490.81 1489711491.25 442 192.168.1.116 - 53588 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nslOovxBS3DcoRVnWU2byyG7w4/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 689 1489711684.93 1489711686.67 1735 192.168.1.116 - 53589 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 689 1489711694.22 1489711695.16 939 192.168.1.116 - 53589 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 689 1489711702.69 1489711703.2 507 192.168.1.116 - 53589 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mvDzPRYFpYOvqtDsqEjddhpD9zf/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 690 1489711900.89 1489711902.56 1671 192.168.1.116 - 53590 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 691 1489711920.13 1489711920.6 468 192.168.1.116 - 53591 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 692 1489711936.95 1489711937.41 468 192.168.1.116 - 53592 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 693 1489712000.99 1489712001.43 439 192.168.1.116 - 53594 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ErRO2UHJVoU71fSWcNZj/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 694 1489712193.0 1489712194.64 1639 192.168.1.116 - 53595 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/swCWdboMrDjuFOrJczg7NFPn/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 695 1489712386.22 1489712386.69 472 192.168.1.116 - 53596 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/62i8AQEIj30gcgIEvdSno/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 696 1489712578.24 1489712578.68 438 192.168.1.116 - 53597 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8FVLcUAkMSdNDNX5twq/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 697 1489712770.24 1489712770.67 438 192.168.1.116 - 53598 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EoZLaCKZbJrMCpTXS0OhgHqqNW7cf/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 698 1489712962.31 1489712962.75 439 192.168.1.116 - 53599 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MZrd9G2zMrZnfGQmry0Jl/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 699 1489713154.3 1489713154.74 441 192.168.1.116 - 53600 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rIqkPcqD589i0xh89DGoWs19/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 700 1489713346.32 1489713346.81 486 192.168.1.116 - 53601 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/swvbZZ1H53uQpkrpktfje5RcufkbmG6/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 701 1489713538.41 1489713538.85 435 192.168.1.116 - 53602 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HpCZwFpW6jBY01oqgew/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 702 1489713730.38 1489713730.81 436 192.168.1.116 - 53603 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IHOswzWNwKUB3z4dsIfIhTQo7q1FkF4X/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 703 1489713969.54 1489713969.98 438 192.168.1.116 - 53605 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ThasrIduQcjuiJSmu/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 704 1489714161.52 1489714161.99 466 192.168.1.116 - 53606 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VhtRK3Tvluhg2Cb8GZJNDXK/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 705 1489714353.51 1489714353.98 474 192.168.1.116 - 53607 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sLhErt5mNLoZwQ9IEAVttnWoTf/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 706 1489714545.54 1489714545.98 435 192.168.1.116 - 53608 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5nEKqgEgMBHX40bZym0Wd9/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 707 1489714737.52 1489714737.99 469 192.168.1.116 - 53609 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ajLrd1c6TQ6R8mL56Sj6sF/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 708 1489714929.6 1489714930.07 477 192.168.1.116 - 53610 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jpKOp9JeTPyopDA0aSJ1DmHvqQFTbvM/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 709 1489715121.64 1489715122.1 467 192.168.1.116 - 53611 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ukJQRuLHISJnnjPIhR7/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 710 1489715313.5 1489715313.97 477 192.168.1.116 - 53612 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 710 1489715314.2 1489715314.62 418 192.168.1.116 - 53612 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/CPULyaaKpBDZAEf6F3Ub/ 323 510 0 367 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 710 1489715315.12 1489715315.49 370 192.168.1.116 - 53612 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/CGNJZEQUWHL/1/ 219 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 711 1489715317.67 1489715318.09 420 192.168.1.116 - 53613 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 712 1489715319.24 1489715319.76 519 192.168.1.116 - 53614 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 713 1489715320.97 1489715321.38 412 192.168.1.116 - 53615 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 714 1489715323.54 1489715323.95 407 192.168.1.116 - 53616 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BqT1fufsQp4mqYQDPc442xkeqqglUm/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 715 1489715515.34 1489715515.77 432 192.168.1.116 - 53617 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JP3SfezkIDOHIwubi0GmfS3IBLXfVU/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 716 1489715707.15 1489715707.56 412 192.168.1.116 - 53618 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k4PzdIJFm2JaHAFJYQv0GR93/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 717 1489715946.5 1489715946.94 436 192.168.1.116 - 53620 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IgcVaP5JGBfjJt3tsHxPklsnr90LMAjy/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 718 1489716138.39 1489716138.8 410 192.168.1.116 - 53621 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tsqG4qhBGTB7BgiodZf6ebuOwkE/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 719 1489716330.21 1489716330.63 414 192.168.1.116 - 53622 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YmY6DV0aYwBA3tB6FrKTQhgN/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 720 1489716521.98 1489716522.36 387 192.168.1.116 - 53623 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kd1Fk1dCtCBJ8KDyhJAoB4RLtN4duQEx/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 721 1489716713.78 1489716714.19 407 192.168.1.116 - 53624 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/noxSW68iaMXDupqdE/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 722 1489716905.6 1489716906.01 412 192.168.1.116 - 53625 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4VWkBIb2V6guybs59Dl/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 723 1489717097.43 1489717098.58 1159 192.168.1.116 - 53626 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 723 1489717106.12 1489717106.95 827 192.168.1.116 - 53626 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 723 1489717113.92 1489717114.34 418 192.168.1.116 - 53626 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GylMKGDKrBihz3ZmsNny6l7a0Sig/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 724 1489717305.73 1489717306.09 368 192.168.1.116 - 53627 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/11n8cyFTDs9SRRitwU/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 725 1489717497.48 1489717497.9 416 192.168.1.116 - 53628 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 725 1489717503.86 1489717504.31 444 192.168.1.116 - 53628 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mI9ISKpG2pTnvDYNUnBGgrZ0/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 726 1489717695.65 1489717696.09 433 192.168.1.116 - 53629 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T10cNekxXisA3GoGXIxC/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 727 1489717934.71 1489717935.13 412 192.168.1.116 - 53631 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tSvxyZUdPNZvJejt6kYXvM/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 728 1489718126.5 1489718126.91 405 192.168.1.116 - 53632 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rcaBQQlM54GbTKc5KsA120HeoCTMXC06/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 729 1489718318.3 1489718318.71 414 192.168.1.116 - 53633 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/auOaZTLmvfCJFm5I8GMeAx6SV2Ph7nN/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 730 1489718510.08 1489718510.52 436 192.168.1.116 - 53634 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jGwDkmq3xBwWF7mlahahuQ47Gf/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 731 1489718702.86 1489718703.23 369 192.168.1.116 - 53635 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a5elWt9NZkT3akDekZzq/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 732 1489718894.66 1489718895.07 411 192.168.1.116 - 53636 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZUOI96MNq2XOFFsA1VzX/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 733 1489719086.43 1489719086.87 434 192.168.1.116 - 53637 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7TtudH9GuMv0W753cDf3jXpWzjhTH/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 734 1489719278.27 1489719278.71 434 192.168.1.116 - 53638 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/37v2pUKTWd5mlIhDo1II/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 735 1489719470.1 1489719470.51 410 192.168.1.116 - 53639 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/loCC6OG3goQ8Kp44dXzDFQxtssIlIA3D/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 736 1489719661.95 1489719662.36 411 192.168.1.116 - 53640 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ocvQnGQbuxO6UHZTWjAvZeECKb/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 737 1489719901.17 1489719901.61 436 192.168.1.116 - 53642 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a9bJwnsJYrHziBYoEavJOfAVlYH/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 738 1489720092.99 1489720093.37 374 192.168.1.116 - 53643 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UeTkxnJmSrfXCv9JKN1SE9uJok/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 739 1489720284.72 1489720285.13 407 192.168.1.116 - 53644 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8lB1k5cuBwtl5fPY/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 740 1489720476.51 1489720476.93 422 192.168.1.116 - 53645 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tGqCAaYhPFRWk301hLv6jUIuYUVnyH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 741 1489720668.3 1489720668.7 405 192.168.1.116 - 53646 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dNra4d7ltoP8qnVvY0g3hhR/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 742 1489720860.03 1489720860.41 373 192.168.1.116 - 53647 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ts3BXYY7Fs7GtSXdk/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 743 1489721051.81 1489721052.22 409 192.168.1.116 - 53648 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6DBkGDTDP863rSCvY53NV7RcOvFYbWFW/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 744 1489721243.67 1489721244.08 408 192.168.1.116 - 53649 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3YCDumJ3yNgsUHIMB984DBu1BECFgmUe/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 745 1489721435.51 1489721435.92 413 192.168.1.116 - 53650 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/20RQtogbCAIQkapYhLS/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 746 1489721627.32 1489721627.73 410 192.168.1.116 - 53651 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HVlsYKdlTzhfLHe5SoJ/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 747 1489721866.3 1489721866.74 434 192.168.1.116 - 53653 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FNcVbUwd6FnFgUfTTNuEqr3Gp/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 748 1489722058.11 1489722058.53 419 192.168.1.116 - 53654 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hvikZ8Fzpg7D3xOWpGxwY0bd/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 749 1489722249.87 1489722250.31 437 192.168.1.116 - 53655 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9r5CrwmGZmAhjZSdYwwYV/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 750 1489722441.65 1489722442.02 369 192.168.1.116 - 53656 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SKYmSq8js2af9sObbGUzouKG/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 751 1489722633.38 1489722634.5 1120 192.168.1.116 - 53657 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 751 1489722642.05 1489722642.83 781 192.168.1.116 - 53657 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 751 1489722649.87 1489722650.31 434 192.168.1.116 - 53657 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZIUWFlg9NLhoUfBCsI0MnG4KJbGTwu/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 752 1489722841.67 1489722842.11 440 192.168.1.116 - 53658 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UrU4vAkTvMHUB5lzR37n/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 753 1489723033.56 1489723033.97 414 192.168.1.116 - 53659 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kjb8Rz8aGNEBdAiEQnGMHEy7UvCrc6c/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 754 1489723225.36 1489723225.78 412 192.168.1.116 - 53660 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Py9PVMO0kc7m9JZwXS/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 755 1489723417.13 1489723417.5 369 192.168.1.116 - 53661 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xfKPRpqiqRBv7cZ7bQ1pY6Am/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 756 1489723608.85 1489723609.22 374 192.168.1.116 - 53662 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UDtXCrLyu0aSMOj2/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 757 1489723847.75 1489723848.18 433 192.168.1.116 - 53664 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RIEm71fKXAy9xwPywqg8yX3Yf/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 758 1489724039.6 1489724040.04 437 192.168.1.116 - 53665 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZzHobyTI0WgIIReH7mWlw11wW4oFwg/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 759 1489724232.18 1489724232.59 412 192.168.1.116 - 53666 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 760 1489724234.79 1489724235.2 411 192.168.1.116 - 53667 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WkVBpma5VAe9hG2MLxi5d2lfBNo/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 761 1489724426.54 1489724426.97 432 192.168.1.116 - 53668 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V6WvMSr72KkplDqBx/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 762 1489724618.32 1489724618.75 432 192.168.1.116 - 53669 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3Lg2Nk5M2fDSy2W4aFjgLeON5yw1J/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 763 1489724810.16 1489724810.57 410 192.168.1.116 - 53670 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DgSjWzjCng3FgTPZ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 764 1489725001.92 1489725002.35 434 192.168.1.116 - 53671 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XfN1skYIlCqgIq0vggsrWfGrIe/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 765 1489725193.69 1489725194.14 449 192.168.1.116 - 53672 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aiGNctFcGXdkcgCmERWxxoA9nxQy/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 766 1489725385.58 1489725385.99 409 192.168.1.116 - 53673 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Egsy53DuNhKAHptXbiTyrfWX/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 767 1489725577.34 1489725577.74 407 192.168.1.116 - 53674 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qL49R53R3tYYPaf32G0mwIdst9S6/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 768 1489725819.11 1489725819.54 436 192.168.1.116 - 53676 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zeBPhmkoMp3reOuVj7c2wXlqIKhU7J/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 769 1489726010.89 1489726011.33 436 192.168.1.116 - 53677 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/slAJe9e2jy6J6hTVda6/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 770 1489726202.71 1489726203.18 470 192.168.1.116 - 53678 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Et5KVMZufS9qxuiZ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 771 1489726400.57 1489726401.0 434 192.168.1.116 - 53679 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 772 1489726418.21 1489726418.63 422 192.168.1.116 - 53680 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 773 1489726434.81 1489726435.23 420 192.168.1.116 - 53681 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 774 1489726451.39 1489726451.76 368 192.168.1.116 - 53682 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wmO5yQ78GArjLhsacoNq/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 775 1489726643.13 1489726643.54 413 192.168.1.116 - 53683 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EKianEQzdgmnLQBGkqutR/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 776 1489726834.93 1489726835.37 435 192.168.1.116 - 53684 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OJ32NFFtqMXPG4FCEHCd7fsBEh7gYiD/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 777 1489727026.79 1489727027.2 407 192.168.1.116 - 53685 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bv392nDsNlc1JXfxT80hYPsk5LK/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 778 1489727218.58 1489727218.95 373 192.168.1.116 - 53686 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V0LKUUP5PU8PxHFSXsVFB5WeseY9QM/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 779 1489727410.28 1489727410.65 375 192.168.1.116 - 53687 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lonvOxoH0nrXMO2c9nET8iDeP/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 780 1489727602.07 1489727602.48 409 192.168.1.116 - 53688 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JKjjrFr5oEpnEJ5Bhg/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 781 1489727842.57 1489727843.01 439 192.168.1.116 - 53690 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6XDVpS0Ras4sgCET0csqQOc2fmu/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 782 1489728034.34 1489728034.78 432 192.168.1.116 - 53691 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RJ1aXcYPBtMg3QyNB2BJfC5zV2y5/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 783 1489728226.17 1489728227.28 1112 192.168.1.116 - 53692 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 783 1489728235.06 1489728235.89 830 192.168.1.116 - 53692 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 783 1489728243.53 1489728243.97 433 192.168.1.116 - 53692 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TS7Eh0EfOGB6wVuR0GIFQB/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 784 1489728435.3 1489728435.71 405 192.168.1.116 - 53693 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 784 1489728441.67 1489728442.11 440 192.168.1.116 - 53693 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sBVm2tju76uZH6NEP0arAzw/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 785 1489728633.65 1489728634.02 369 192.168.1.116 - 53694 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bh0Ph3v0edXvj0d3xnLaAyz9Slxo/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 786 1489728825.42 1489728825.82 405 192.168.1.116 - 53695 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/393aMi0pDWiAKrJe6u3pQLYQvgd4VN/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 787 1489729017.24 1489729017.64 405 192.168.1.116 - 53696 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8JgCq3LAb0iKBNcj4IMd/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 788 1489729209.03 1489729209.44 416 192.168.1.116 - 53697 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/twKen5e4O0SQzRUtqLGxbV0Z/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 789 1489729400.83 1489729401.24 408 192.168.1.116 - 53698 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2U8v9zd0QqhC7QHUBIpzMxj/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 790 1489729592.69 1489729593.11 420 192.168.1.116 - 53699 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EmgvJcCaY4CyMzdxdagob2aOORIyAQx/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 791 1489729833.2 1489729833.57 370 192.168.1.116 - 53701 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rq6O1uGNqZXDnRJVX0xNeEieMFU/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 792 1489730024.98 1489730025.39 414 192.168.1.116 - 53702 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3YzBSLqdpiQNtAOaS3XEVm960PER/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 793 1489730216.83 1489730217.24 410 192.168.1.116 - 53703 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ktLuikjalomf8eb26GwiImgLJX/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 794 1489730408.63 1489730409.04 409 192.168.1.116 - 53704 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iWo6zmFn3DTW8ZiIkc77kewx/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 795 1489730600.5 1489730600.91 411 192.168.1.116 - 53705 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VeCAp9VtuANEbSfDywmzfQlZNwH/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 796 1489730792.3 1489730792.7 406 192.168.1.116 - 53706 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1OucidRdTBot6GqZt1zrfNaayQlNm3K/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 797 1489730984.06 1489730984.47 408 192.168.1.116 - 53707 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/thbGB7tQLvALKYpTpcNmdpqKHs1fQJo/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 798 1489731175.88 1489731176.29 410 192.168.1.116 - 53708 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O7ywrMqEzrMd3L6x133UPFGisYpE/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 799 1489731367.67 1489731368.05 380 192.168.1.116 - 53709 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U4JbXzpPXxGR5hQrJ9WVIGmH1P9UN/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 800 1489731559.41 1489731559.83 425 192.168.1.116 - 53710 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bGFKfZRDMfgCD8M5gB/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 801 1489731802.07 1489731802.44 369 192.168.1.116 - 53712 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/825wQvGC8LDHscNLy1SElrH3/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 802 1489731993.85 1489731994.26 416 192.168.1.116 - 53713 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ulvBlEF1yR1EKkS0xpL5eMohqrXTsKsw/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 803 1489732185.7 1489732186.11 409 192.168.1.116 - 53714 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6Jy4Pr8dWp4LazjQgR/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 804 1489732377.47 1489732377.88 408 192.168.1.116 - 53715 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ekp67biZ5KPWafs2Ve3i/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 805 1489732569.2 1489732569.57 370 192.168.1.116 - 53716 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rOYrlb0LddlJpXtl3wj47Bx0JUlvTQTd/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 806 1489732760.94 1489732761.37 436 192.168.1.116 - 53717 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zxdYAPu5AajIbGq5dK/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 807 1489732952.84 1489732953.26 421 192.168.1.116 - 53718 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qJc13Kl6fBaAt9kt/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 808 1489733144.61 1489733144.98 377 192.168.1.116 - 53719 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TbUbdSB7fN6hwRCZtIIxosCPRAh2ib/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 809 1489733336.38 1489733336.81 434 192.168.1.116 - 53720 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WxZ7Hn2lcuGLRMsS6YHfBfdEBuldsj/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 810 1489733528.22 1489733528.63 406 192.168.1.116 - 53721 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SvQpwJnEzSW17w2cI6Pl6PLFhHou6LYq/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 811 1489733720.25 1489733721.41 1158 192.168.1.116 - 53722 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 811 1489733729.17 1489733730.0 832 192.168.1.116 - 53722 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 811 1489733784.4 1489733784.81 414 192.168.1.116 - 53722 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uaLHMuhvqdmO2UTBSAAzq1/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 812 1489733976.2 1489733976.63 430 192.168.1.116 - 53724 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kP8Uhzn7w3u0tHfvfTxotOlw7r/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 813 1489734168.17 1489734168.58 411 192.168.1.116 - 53725 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NgrJGaHaZGz4bjjOUP7eYyu/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 814 1489734360.02 1489734360.45 435 192.168.1.116 - 53726 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aAzYYVRRQlAHEeo7BGbs2ffN0xdAF8Re/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 815 1489734551.81 1489734553.18 1369 192.168.1.116 - 53727 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KBTgpcmWSpNIuCmvbBh5k099JAMH/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 816 1489734744.52 1489734744.96 438 192.168.1.116 - 53728 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eXdZNpMbgaC3RKtiT4mL/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 817 1489734936.42 1489734936.83 408 192.168.1.116 - 53729 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GAs97VsAYCX2LTpaJr9AfY3mde/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 818 1489735129.06 1489735129.77 704 192.168.1.116 - 53730 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 819 1489735131.09 1489735131.33 236 192.168.1.116 - 53731 23.21.70.163 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 818 1489735131.53 1489735133.61 2079 192.168.1.116 - 53730 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/e3uEeDXPZ2Y5NxxKkQM/ 320 509 0 366 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 818 1489735134.12 1489735134.79 668 192.168.1.116 - 53730 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QZCBRMOGDRY/1/ 217 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 820 1489735136.81 1489735137.52 707 192.168.1.116 - 53732 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 821 1489735140.5 1489735141.22 720 192.168.1.116 - 53733 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 822 1489735143.22 1489735143.93 711 192.168.1.116 - 53734 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 823 1489735148.22 1489735148.89 674 192.168.1.116 - 53735 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HVT55kktHD0IK3Qy/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 824 1489735341.14 1489735341.81 668 192.168.1.116 - 53736 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Yz0B9fn9PghsC0filo2JWOYAqkC/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 825 1489735534.1 1489735536.52 2422 192.168.1.116 - 53737 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XI7qv1ky4CD58SdbTO5VM/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 826 1489735776.81 1489735777.48 672 192.168.1.116 - 53739 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QaO75SBI5fzw90nUSaqWhymqMRCv3cj/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 827 1489735969.71 1489735970.38 670 192.168.1.116 - 53740 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VSH4CTawfvC5RT7QEh4unAif17QoE/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 828 1489736162.64 1489736163.31 670 192.168.1.116 - 53741 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z4s8fdGy4CkSUtDrZ8JgO/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 829 1489736355.87 1489736356.55 675 192.168.1.116 - 53742 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1OQ5ddnjaRSOackLDhXywO5JZ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 830 1489736548.89 1489736549.62 731 192.168.1.116 - 53743 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8h3zBhHw8XUpRuTDTDs/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 831 1489736741.81 1489736742.49 680 192.168.1.116 - 53744 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1lzX2lgFyN9wxQaud/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 832 1489736934.74 1489736935.41 668 192.168.1.116 - 53745 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0kel4vI5iaEECrsVxSc0T/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 833 1489737127.68 1489737128.41 733 192.168.1.116 - 53746 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/57zwAvifkGXvqEzZebaqRwiXR8SdVF7q/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 834 1489737320.66 1489737321.33 670 192.168.1.116 - 53747 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y333cRqryAfBgBDcipxQbJpj/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 835 1489737513.77 1489737514.48 704 192.168.1.116 - 53748 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kttu5axHpWvbVRdSeLgBB/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 836 1489737754.3 1489737754.94 639 192.168.1.116 - 53750 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VjrOmbgyETPNADNkLjsQhFQbx4jprUtC/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 837 1489737947.12 1489737947.8 674 192.168.1.116 - 53751 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Eaq5bAnvJ5PcnuZWu/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 838 1489738139.94 1489738140.57 633 192.168.1.116 - 53752 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5YkLn356yscvJbVTea2qnycsM/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 839 1489738332.64 1489738333.26 628 192.168.1.116 - 53753 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a9pzNw5NBTPmVK8xzE43/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 840 1489738525.29 1489738525.9 606 192.168.1.116 - 53754 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kc8waP2OwTvqA2tkXAuzc6LL7qFv/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 841 1489738717.97 1489738718.58 605 192.168.1.116 - 53755 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tffZ1rdAzs6WW0QtzPEIk/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 842 1489738910.63 1489738911.24 612 192.168.1.116 - 53756 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HWoUVKA6uzTLnmK8/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 843 1489739103.23 1489739103.84 612 192.168.1.116 - 53757 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H8Dd4N8ReMiobFoQHLwrRm99/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 844 1489739295.88 1489739298.19 2314 192.168.1.116 - 53758 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 844 1489739305.8 1489739307.04 1241 192.168.1.116 - 53758 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 844 1489739314.86 1489739316.54 1681 192.168.1.116 - 53758 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 844 1489739322.5 1489739323.08 581 192.168.1.116 - 53758 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FDhTDA2yrswJX1vWPiR1z290xhFz30P/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 845 1489739516.14 1489739516.75 609 192.168.1.116 - 53759 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/frzViZRa97TGEVb060qYZWtkFCoW/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 846 1489739756.99 1489739757.6 615 192.168.1.116 - 53761 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nRzCNTnF9wJSTlWhPzwzHgZgaQndj/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 847 1489739949.64 1489739950.25 610 192.168.1.116 - 53762 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kBuC37yATaBPARkHCWNpvYz29QB/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 848 1489740142.3 1489740142.9 610 192.168.1.116 - 53763 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cWqox6ayFHUQPyAbIv8XIYHKa/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 849 1489740334.94 1489740335.54 607 192.168.1.116 - 53764 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5h9SufDgKTt82eOnARYh64apYzd/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 850 1489740527.62 1489740528.23 614 192.168.1.116 - 53765 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WMXnhURXEMVzdCzas2MiU2a/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 851 1489740720.24 1489740720.85 611 192.168.1.116 - 53766 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PkxUz9koQZsbYjX22GPKrnwX7g2YUd/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 852 1489740918.87 1489740919.49 614 192.168.1.116 - 53767 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 853 1489740936.49 1489740937.1 611 192.168.1.116 - 53768 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 854 1489740953.95 1489740954.56 614 192.168.1.116 - 53769 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 855 1489740972.51 1489740973.13 615 192.168.1.116 - 53770 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vNXcjqVqZP5qTe46KuOZnH5QVk6IeGQ/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 856 1489741165.13 1489741165.74 604 192.168.1.116 - 53771 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5jd8fpnBJargacK0os5TPwwaG4tUoF/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 857 1489741358.88 1489741359.49 610 192.168.1.116 - 53772 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pfiqjXm6afapNLqt/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 858 1489741551.5 1489741552.1 605 192.168.1.116 - 53773 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OtROW3Hwz9RS6aC5xVJ7sGxVsC/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 859 1489741791.49 1489741792.12 634 192.168.1.116 - 53775 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZRuRTzIZO9NsFC3QfXsjS6V/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 860 1489741984.14 1489741984.76 622 192.168.1.116 - 53776 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hp6jGSi5SSw67WDQrShgr17NJ41ToHwe/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 861 1489742176.75 1489742177.36 610 192.168.1.116 - 53777 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dJJ0FksrUczkEoiytllfXnrW1MM/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 862 1489742369.34 1489742369.95 610 192.168.1.116 - 53778 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jr8ea4EtvFhZs9BtnrIGYRBwz05AwZ/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 863 1489742561.95 1489742562.58 635 192.168.1.116 - 53779 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CgZw1gQdhEPw1mZDVRCpwxt4SGncLiWI/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 864 1489742754.65 1489742755.26 603 192.168.1.116 - 53780 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wSdKPA9B95mwpDgScgjuv6ZtoIh/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 865 1489742947.21 1489742947.85 637 192.168.1.116 - 53781 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d0UgrQTLX0PUFf7eTne8LM7IG/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 866 1489743139.63 1489743140.13 504 192.168.1.116 - 53782 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MSphP2qdc1IWzXpOamCf6n7HjMokx/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 867 1489743332.08 1489743332.68 604 192.168.1.116 - 53783 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cv4EZkYjRnXAjq25L9re/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 868 1489743524.66 1489743525.23 569 192.168.1.116 - 53784 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bEdVWYOrWwL1BQHypBnNF86/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 869 1489743764.31 1489743764.88 569 192.168.1.116 - 53786 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mHp9OGDfXNjG8Hwy/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 870 1489743956.75 1489743957.32 574 192.168.1.116 - 53787 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KayHtzCIWrfE1u4kWQBJ/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 871 1489744149.22 1489744149.79 572 192.168.1.116 - 53788 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F0heffNgiRPMzZx8uOy/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 872 1489744341.79 1489744342.4 614 192.168.1.116 - 53789 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wCShwV6VKLeLyliV3sMCx3vgpYYmf/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 873 1489744534.38 1489744535.01 632 192.168.1.116 - 53790 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c65jBre06yLpwwNYO8q5D/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 874 1489744726.78 1489744728.33 1546 192.168.1.116 - 53791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 874 1489744735.77 1489744737.31 1540 192.168.1.116 - 53791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 874 1489744745.06 1489744745.6 541 192.168.1.116 - 53791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ltin7ZfqMqpFJJIsIU34Z9lA/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 875 1489744937.42 1489744937.93 505 192.168.1.116 - 53792 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eRBjLm4KzIJ3J5JyiTDvjkjxl7If7We/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 876 1489745129.69 1489745130.2 511 192.168.1.116 - 53793 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6VWGslEuQ6ZqCHA9gsr5D3SGpaRAtbl/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 877 1489745321.98 1489745322.49 510 192.168.1.116 - 53794 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y7YSupMu8w64gadJ/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 878 1489745514.25 1489745514.76 508 192.168.1.116 - 53795 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9U5MY5huRcpNXT64Gq5DKUt7ybC3lwQ/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 879 1489745753.99 1489745754.5 511 192.168.1.116 - 53797 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ScqWuQ9jyiu90w7x5zOe/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 880 1489745946.31 1489745946.82 509 192.168.1.116 - 53798 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XK8zShsYmIZ8LFxADlvNPP3/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 881 1489746138.62 1489746139.15 526 192.168.1.116 - 53799 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6EbznIFLUbZ7aRpn4gpKo8/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 882 1489746331.01 1489746331.58 573 192.168.1.116 - 53800 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7tZQeRibnIjVK6edplV/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 883 1489746523.46 1489746524.03 569 192.168.1.116 - 53801 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OOpRG3qk6wjvSYuKhw0rMdxJqtgCh7W/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 884 1489746715.91 1489746716.48 572 192.168.1.116 - 53802 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4FI50CTuKEoDxZL7c5SzwzR2Ye4xVXI/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 885 1489746908.39 1489746908.99 598 192.168.1.116 - 53803 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gagGBkSFjAWSw27fu47nCTPZsqU6rGd7/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 886 1489747100.86 1489747101.43 572 192.168.1.116 - 53804 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lr4xEsfrDWuptAmtY5mO0IG/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 887 1489747293.35 1489747293.92 567 192.168.1.116 - 53805 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U1vzMdMmwao6vzO4Prw6k/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 888 1489747485.79 1489747486.33 538 192.168.1.116 - 53806 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aAjq0qDGIv5Gsc4XyVO6u2rLb3HZ/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 889 1489747725.45 1489747725.99 542 192.168.1.116 - 53808 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KQKpa6ZkVjTbENoy/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 890 1489747917.93 1489747918.47 540 192.168.1.116 - 53809 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0Wh65ECcVDn0ICIt/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 891 1489748110.4 1489748110.94 540 192.168.1.116 - 53810 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xNJznuBkbtqqRwrf5GDkxxniPnGOn/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 892 1489748302.82 1489748303.39 576 192.168.1.116 - 53811 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sFDKaNsFm60eZNpvajQvYNuk/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 893 1489748495.28 1489748495.87 584 192.168.1.116 - 53812 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xR6TWX3vQK5BU8JIsyB/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 894 1489748687.75 1489748688.32 574 192.168.1.116 - 53813 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qPdAiytSaqXPtb4g/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 895 1489748880.21 1489748880.79 583 192.168.1.116 - 53814 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UcShVjRN925jivruO9xCdcpHdjUe/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 896 1489749072.83 1489749073.4 576 192.168.1.116 - 53815 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CVkuHktL0rnDFnmRwfVcR/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 897 1489749265.24 1489749265.76 523 192.168.1.116 - 53816 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mmdd9PamtXd8eJft/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 898 1489749457.62 1489749458.16 542 192.168.1.116 - 53817 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SHvnlcPily1mhuBXi8x/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 899 1489749698.6 1489749700.14 1537 192.168.1.116 - 53819 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r8sxbYnvZQrgLfUqLKaAlHKGN/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 900 1489749891.82 1489749892.29 472 192.168.1.116 - 53820 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pFsc54aQSdTklskJUwHw/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 901 1489750084.17 1489750084.75 574 192.168.1.116 - 53821 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vJROCluP2iSk0vCkX789/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 902 1489750276.66 1489750278.36 1692 192.168.1.116 - 53822 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 902 1489750285.68 1489750286.82 1133 192.168.1.116 - 53822 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 902 1489750294.23 1489750294.84 614 192.168.1.116 - 53822 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 902 1489750300.81 1489750301.38 576 192.168.1.116 - 53822 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dQ6l02aGJvdPXBkqaTZp4/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 903 1489750493.34 1489750493.99 642 192.168.1.116 - 53823 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xhgXVVr9HfFRnXYK48k2KQHIo6V/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 904 1489750685.95 1489750686.58 631 192.168.1.116 - 53824 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OBYUVob4VESzzNbLGZhsu0Ck0ILOnOQ/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 905 1489750878.59 1489750879.22 632 192.168.1.116 - 53825 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CV0tfUumgpqd2zpvKRDupDDuCsHrzp/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 906 1489751071.16 1489751071.73 578 192.168.1.116 - 53826 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qQzSptmYa5U3jmbDUcVGa8/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 907 1489751263.81 1489751264.38 569 192.168.1.116 - 53827 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZwJi3VE06Yp6EoIhXwu9/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 908 1489751456.27 1489751456.8 535 192.168.1.116 - 53828 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f4J80UGQoaH6MQZWttTCD/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 909 1489751696.64 1489751697.27 633 192.168.1.116 - 53830 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3FxB2Tn8akUdukq90ANdYfsWegp2y/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 910 1489751889.29 1489751889.91 624 192.168.1.116 - 53831 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rlx9wpPRoVO7RN0BgqlipCal5g/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 911 1489752081.86 1489752082.43 571 192.168.1.116 - 53832 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EarJQu5bEbObh2DffyjyN6zs/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 912 1489752274.39 1489752275.0 609 192.168.1.116 - 53833 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OwU6vW8QJeNqjMnhLnQbtAK7Uwn/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 913 1489752467.04 1489752467.61 570 192.168.1.116 - 53834 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i15TlR9GhBnoVxSiY5Jy/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 914 1489752659.76 1489752660.39 632 192.168.1.116 - 53835 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nkT7IJJbv8iOP8TC24jaoYYmAcZxEJ/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 915 1489752852.42 1489752853.06 635 192.168.1.116 - 53836 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1NIzmSVltzNtp8inXNWQab5/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 916 1489753045.39 1489753046.05 668 192.168.1.116 - 53837 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 917 1489753048.73 1489753049.3 567 192.168.1.116 - 53838 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CbHhHiOUd61AJjjex6AdVc/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 918 1489753241.24 1489753241.88 634 192.168.1.116 - 53839 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zbd0pvtWLwMsVQ5dbq22/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 919 1489753433.85 1489753434.42 574 192.168.1.116 - 53840 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UEnGNx03pQdFt62mNqPdL/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 920 1489753673.8 1489753674.39 595 192.168.1.116 - 53842 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/za9El84N1cLgeSA3bHzD/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 921 1489753866.35 1489753866.92 572 192.168.1.116 - 53843 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vDbwtnbhWqksOQkoqAXYrX9/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 922 1489754058.97 1489754059.58 613 192.168.1.116 - 53844 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rclElLLABFjP8hN4ZFnLzHPX/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 923 1489754251.64 1489754252.25 610 192.168.1.116 - 53845 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hfOcJvtWKhU6Vnzh/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 924 1489754444.3 1489754444.9 605 192.168.1.116 - 53846 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FfCjAit2XjZaFfjknpDq/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 925 1489754637.05 1489754637.69 641 192.168.1.116 - 53847 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DBwdmLU9XwSnK1uX3KKBuT/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 926 1489754829.84 1489754830.46 621 192.168.1.116 - 53848 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uGmsnk3TRFmZH7cZf/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 927 1489755022.46 1489755023.06 603 192.168.1.116 - 53849 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 927 1489755023.31 1489755024.03 725 192.168.1.116 - 53849 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/9vEkAtl7bpqESiWqfeG3UbQhzgQkQ/ 331 519 0 376 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 927 1489755024.87 1489755025.47 592 192.168.1.116 - 53849 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/VDTUDDKAHBUBCND/1/ 222 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 928 1489755027.26 1489755027.89 634 192.168.1.116 - 53850 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 929 1489755030.32 1489755030.94 626 192.168.1.116 - 53851 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 930 1489755032.75 1489755033.38 620 192.168.1.116 - 53852 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 931 1489755035.11 1489755035.68 575 192.168.1.116 - 53853 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jshbsnZkHG6my7xZnf84IVJuFU4stE/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 932 1489755227.65 1489755228.28 633 192.168.1.116 - 53854 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ChjsDOmevGzLqN496SRAG5/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 933 1489755426.64 1489755427.28 640 192.168.1.116 - 53855 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 934 1489755444.04 1489755444.65 610 192.168.1.116 - 53856 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 935 1489755461.48 1489755462.19 707 192.168.1.116 - 53857 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 936 1489755526.25 1489755526.81 566 192.168.1.116 - 53859 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pt3P5p1LMhlQ5F6cqXSW/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 937 1489755718.77 1489755720.48 1712 192.168.1.116 - 53860 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 937 1489755728.04 1489755729.23 1186 192.168.1.116 - 53860 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 937 1489755736.35 1489755736.92 574 192.168.1.116 - 53860 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cERTIIdFPOt8cxzylFCM5Iyi/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 938 1489755928.89 1489755929.46 568 192.168.1.116 - 53861 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/57iin6Ux5ivpYsJzuot00ApZF231uT/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 939 1489756121.43 1489756122.04 609 192.168.1.116 - 53862 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/medWzpWr5fJYof42pjho/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 940 1489756314.99 1489756315.56 576 192.168.1.116 - 53863 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i9Tn4iy5Pc4L4k8myM/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 941 1489756507.51 1489756508.08 576 192.168.1.116 - 53864 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dq5RYlxf8KEmCdgLH/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 942 1489756700.04 1489756700.67 635 192.168.1.116 - 53865 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TxoFhL5FpvVk8jnUDDMbQpp1/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 943 1489756893.85 1489756894.45 603 192.168.1.116 - 53866 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kCn573USti1ctFV8OyMRfwHDzTZ/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 944 1489757086.41 1489757087.02 609 192.168.1.116 - 53867 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nY5ResUhnOVU9IPrQq0hQP/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 945 1489757278.98 1489757279.55 570 192.168.1.116 - 53868 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yc0JruZhri89jRz5X5BeO8QnvPUMw2a/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 946 1489757518.77 1489757519.34 573 192.168.1.116 - 53870 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mdnxFyBrcPORXpfTXWnTgp2j7hSAiNj/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 947 1489757711.3 1489757711.91 607 192.168.1.116 - 53871 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fWcCDhO5sRKNpb1J505t9HP6c/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 948 1489757903.95 1489757904.56 608 192.168.1.116 - 53872 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n3RkuL08cAePZIWF6LCN/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 949 1489758096.53 1489758097.17 642 192.168.1.116 - 53873 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I7u1YfkcASckYfjY41NB3C/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 950 1489758289.16 1489758289.73 568 192.168.1.116 - 53874 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E9HoImb0Crvy5j5OuHBRlOmnG94/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 951 1489758481.65 1489758482.22 571 192.168.1.116 - 53875 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tiNtKDTlGFogfNySUM5d/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 952 1489758674.19 1489758674.76 570 192.168.1.116 - 53876 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mRe2YWJ6Rhu6ibaS26k5a5vz/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 953 1489758866.69 1489758867.33 638 192.168.1.116 - 53877 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Imi8LHsuYxafXQfGXzOJCXbdG3AIT2nB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 954 1489759059.32 1489759059.9 580 192.168.1.116 - 53878 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NWQotbvwABcNgaOMDg2Mnqx/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 955 1489759251.91 1489759252.51 608 192.168.1.116 - 53879 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TaaTig1vmvIPT5Tj8Ixytya7vc/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 956 1489759491.71 1489759492.28 570 192.168.1.116 - 53881 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iwbkTLnHaVZHwdUzy/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 957 1489759684.26 1489759684.83 573 192.168.1.116 - 53882 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zUxBpsGzo8mgQXsmWVaaqfoUDkgwaEsz/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 958 1489759876.85 1489759877.43 581 192.168.1.116 - 53883 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eSUD3q8sbVrS5MZt/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 959 1489760069.55 1489760070.12 571 192.168.1.116 - 53884 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MzQ0Z267iOxFJHQWj/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 960 1489760262.05 1489760262.62 568 192.168.1.116 - 53885 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HEl2OwVJaMIWfeo9KYoYdK/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 961 1489760454.56 1489760455.13 567 192.168.1.116 - 53886 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4so4AZNaOxIoszt6YUa8tmbWyWRhUeR/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 962 1489760647.12 1489760647.9 771 192.168.1.116 - 53887 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OJ5nuadPGqafpGqHKytgtbueZFC/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 963 1489760839.99 1489760840.63 635 192.168.1.116 - 53888 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F0DBTTdQimr8WiMm6hK497G4ozDRNs/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 964 1489761032.6 1489761033.24 640 192.168.1.116 - 53889 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bHOwSjFNGP0lmk6fyOo14M85EvCkD/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 965 1489761225.24 1489761226.95 1705 192.168.1.116 - 53890 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 965 1489761234.5 1489761235.68 1187 192.168.1.116 - 53890 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 965 1489761242.79 1489761243.4 609 192.168.1.116 - 53890 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 965 1489761249.36 1489761249.94 582 192.168.1.116 - 53890 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7B1VbJyziiuINFc7XbaPfIIzM2USLW/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 966 1489761489.3 1489761489.9 604 192.168.1.116 - 53892 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HX3rJJtB5HVrxujEi/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 967 1489761681.84 1489761682.41 568 192.168.1.116 - 53893 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x9nz82qTBHuDhbC6K9YJNj/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 968 1489761874.36 1489761874.93 573 192.168.1.116 - 53894 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L6gpVEWi9YARNn8G5ybQ/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 969 1489762066.92 1489762067.49 568 192.168.1.116 - 53895 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t4TB66Y25Ti1rvlqi0Hd6z4bosYmyUe/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 970 1489762259.48 1489762260.05 574 192.168.1.116 - 53896 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yFOLK5xHDxSL7brna0Dwy/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 971 1489762452.18 1489762452.86 678 192.168.1.116 - 53897 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Om2tvXKB0WHGjUSNzPHQCEnDppYS/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 972 1489762644.93 1489762645.57 639 192.168.1.116 - 53898 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bBjC5ZzTieNWMQS6M/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 973 1489762837.52 1489762838.09 574 192.168.1.116 - 53899 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E2PxJmQm810AbKVceyHknCR7jsrFq3Th/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 974 1489763030.03 1489763030.6 568 192.168.1.116 - 53900 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dqFGK0zGxw5G3sqKl/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 975 1489763222.64 1489763223.25 614 192.168.1.116 - 53901 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ByThtKs9tAUiJrwHQ8yr/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 976 1489763462.58 1489763463.15 569 192.168.1.116 - 53903 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hkT9gvkIoSWSEs5YEaLRiOn6rK/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 977 1489763655.09 1489763655.66 568 192.168.1.116 - 53904 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hcJGZC66kv47NRS3/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 978 1489763847.84 1489763848.47 635 192.168.1.116 - 53905 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sMSj0ZkinKz8ujziLJDYsNfK/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 979 1489764040.48 1489764041.05 574 192.168.1.116 - 53906 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/No7GHlmU3WoPgIzhq3l7A/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 980 1489764233.02 1489764233.59 571 192.168.1.116 - 53907 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PSs6EAL20CNuOsp12eNsujdyKo2LVBk/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 981 1489764425.54 1489764426.1 566 192.168.1.116 - 53908 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bEk74k8NrPA5kYu2vIWLsU1gq/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 982 1489764618.12 1489764618.72 607 192.168.1.116 - 53909 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/do5vU2YrvZIxoB1Z55/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 983 1489764810.71 1489764811.28 571 192.168.1.116 - 53910 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kEK0QDENunW9HxV2xm3/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 984 1489765003.33 1489765003.91 583 192.168.1.116 - 53911 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4SozOHH8PZkgePEpRLQmttVu6XZ7YPz/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 985 1489765195.83 1489765196.4 569 192.168.1.116 - 53912 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SZIPIOLnaeRn9OSzC0QI32zHX2/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 986 1489765388.22 1489765388.46 239 192.168.1.116 - 53913 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 987 1489765437.75 1489765438.32 572 192.168.1.116 - 53915 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wExSfqjjGlvupJ6it/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 988 1489765630.24 1489765630.81 573 192.168.1.116 - 53916 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R95ZFIOKdYRw2kbrXJNAvXG/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 989 1489765822.76 1489765823.33 568 192.168.1.116 - 53917 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bnwwVR9g0trYVlI4LrUFWMnZoOFv/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 990 1489766015.31 1489766015.88 577 192.168.1.116 - 53918 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/af7naeZlShpZ9DgQewVx/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 991 1489766207.87 1489766208.47 605 192.168.1.116 - 53919 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PiBro9DBRiWQ3aIztN2I10xze/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 992 1489766400.45 1489766401.08 634 192.168.1.116 - 53920 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/leLKVDiu2EEr0KCUXxlBMNF/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 993 1489766593.1 1489766593.67 571 192.168.1.116 - 53921 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kNtWzbAE4tHHUVX6LL2yY5ssH0Zr/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 994 1489766785.6 1489766787.31 1711 192.168.1.116 - 53922 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 994 1489766794.91 1489766796.16 1244 192.168.1.116 - 53922 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 994 1489766803.74 1489766804.38 637 192.168.1.116 - 53922 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UVoPiZ8j0bpks0qtUPwZYRH/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 995 1489766996.52 1489766997.13 603 192.168.1.116 - 53923 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HIFxM77lkdy47D3MV5NzyTJ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 996 1489767189.07 1489767189.64 571 192.168.1.116 - 53924 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9zr0VFWh0oy05SDokaaTS2p5v3bMmaw/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 997 1489767429.11 1489767429.74 632 192.168.1.116 - 53926 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bb8nol53LXhSxmDvMrXF3MzeBO/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 998 1489767621.73 1489767622.3 573 192.168.1.116 - 53927 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Tg3ukJPNdHdAgnkCghxy/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 999 1489767814.33 1489767814.95 617 192.168.1.116 - 53928 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zAufl9qwGl5qDBEvpzk0tPtK/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1000 1489768006.96 1489768007.58 613 192.168.1.116 - 53929 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VMoIiBfn5CtLDRGiV0nFKt5K4P1IHh/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1001 1489768199.59 1489768200.16 571 192.168.1.116 - 53930 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WkNHoDxFWCX7aNQLhaNF3M/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1002 1489768392.09 1489768392.66 568 192.168.1.116 - 53931 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JdGiNinaZR3RY1MFQ7nBEv/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1003 1489768584.6 1489768585.24 633 192.168.1.116 - 53932 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KAQc5BoC6TmXnCHdc/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1004 1489768777.19 1489768777.8 608 192.168.1.116 - 53933 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N057c88Hia9dDbHyF3s5/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1005 1489768969.72 1489768970.29 568 192.168.1.116 - 53934 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wieVnde67UvZ0jRkFBWg6tnnJzIGGmwS/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1006 1489769162.3 1489769162.92 619 192.168.1.116 - 53935 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NnJI2xEDwJyoZX1U9/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1007 1489769402.12 1489769402.69 573 192.168.1.116 - 53937 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RQysQKj2rFWKqJbGnBK4j5vl/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1008 1489769594.71 1489769596.9 2187 192.168.1.116 - 53938 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m0wSdfDdjT5coL7Mdtom/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1009 1489769788.87 1489769789.51 637 192.168.1.116 - 53939 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/COssQ3vCpsSEPkFOUAlHe1G2qWL4HA/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1010 1489769987.63 1489769988.27 634 192.168.1.116 - 53940 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1011 1489770005.01 1489770005.64 633 192.168.1.116 - 53941 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1012 1489770022.41 1489770022.98 572 192.168.1.116 - 53942 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1013 1489770039.75 1489770040.32 570 192.168.1.116 - 53943 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VrN2vfwuILiG8y9DiaKPt0/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1014 1489770232.46 1489770233.03 568 192.168.1.116 - 53944 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8d9y2z3VszUneiOEsvOZTLX/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1015 1489770425.0 1489770425.57 571 192.168.1.116 - 53945 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VVTLkYOohVtwCxTUJ9wHFkn/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1016 1489770618.63 1489770619.2 571 192.168.1.116 - 53946 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N3hpfIBNYgv9bygI0ps07OifVCAx/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1017 1489770811.16 1489770811.73 567 192.168.1.116 - 53947 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DPkU3IcBBz1fMcS3xDYDeW1sHLK/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1018 1489771003.76 1489771004.39 631 192.168.1.116 - 53948 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FVWs1HbVfV3kKb2sbzPguofEwZOw/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1019 1489771196.37 1489771196.98 611 192.168.1.116 - 53949 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z35G783a2OPZVmdhCOvrujVs/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1020 1489771436.47 1489771437.08 608 192.168.1.116 - 53951 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9MkjSwMhDyy2cMQg/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1021 1489771629.03 1489771629.61 576 192.168.1.116 - 53952 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/er01qfnn068aApRKYo/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1022 1489771821.61 1489771822.22 607 192.168.1.116 - 53953 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sNj1EkFzI2uIk2yNtLq5YNGjC/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1023 1489772014.22 1489772014.83 611 192.168.1.116 - 53954 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oxm2mXniWLxDiD7lxqTzZ3dGShE1/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1024 1489772206.83 1489772208.55 1722 192.168.1.116 - 53955 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1024 1489772216.33 1489772217.51 1182 192.168.1.116 - 53955 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1024 1489772225.26 1489772225.89 634 192.168.1.116 - 53955 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1024 1489772231.86 1489772232.5 639 192.168.1.116 - 53955 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WqwDGeGu4ZEAnN6q1wOWkInb2CY6Eq/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1025 1489772424.56 1489772425.18 621 192.168.1.116 - 53956 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2HMrSsANbPxjgct0REU2ploZL4/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1026 1489772617.12 1489772617.69 570 192.168.1.116 - 53957 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SnNNFTNYGSsQrtDutf/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1027 1489772809.62 1489772810.26 633 192.168.1.116 - 53958 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LRQ64Itgx4P1R8yIgh3yTBq5fZo3vMq7/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1028 1489773002.22 1489773002.83 608 192.168.1.116 - 53959 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eXbDYECegIWvnTByEAQ/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1029 1489773194.8 1489773195.44 636 192.168.1.116 - 53960 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NOfTurc5zd630uxdQTSeIwKd2oX/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1030 1489773434.77 1489773435.37 607 192.168.1.116 - 53962 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nZJzZP3kO36xPrJKRhmI/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1031 1489773629.02 1489773629.65 635 192.168.1.116 - 53963 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gMbopRin94dfApBCzy7Q38j2g/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1032 1489773821.72 1489773822.33 612 192.168.1.116 - 53964 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AL2Vqs9OaYTxf52RqMV4W7leynFtvSkh/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1033 1489774014.32 1489774014.93 611 192.168.1.116 - 53965 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/64x6VcRNyRC6D7mnZ6WXUsf/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1034 1489774207.01 1489774207.62 608 192.168.1.116 - 53966 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NdTE3V0tOOP9QyTA82mePlS/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1035 1489774399.64 1489774400.28 637 192.168.1.116 - 53967 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q9JygPOoUNbDvM2GLiKw6Vo6dEy/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1036 1489774592.33 1489774592.94 617 192.168.1.116 - 53968 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cJeNawBpiK4dRFXcLV8J2QBYANaPw66Q/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1037 1489774784.96 1489774785.56 603 192.168.1.116 - 53969 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xv24RNvM0lDRffTp70Z/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1038 1489774977.39 1489774977.96 569 192.168.1.116 - 53970 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1038 1489774978.21 1489774978.83 617 192.168.1.116 - 53970 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/ubXFgbmk1Obj7aJ5JoDkRn1zlJ1zWV/ 334 520 0 377 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1038 1489774979.35 1489774979.86 518 192.168.1.116 - 53970 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/RGZLZLHNJNVDT/1/ 222 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1039 1489774981.54 1489774982.11 572 192.168.1.116 - 53971 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1040 1489774984.73 1489774985.36 631 192.168.1.116 - 53972 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1041 1489774986.98 1489774987.54 568 192.168.1.116 - 53973 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1042 1489774990.22 1489774990.74 520 192.168.1.116 - 53974 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7JqT60VqzPajwUiuCtkH/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1043 1489775182.62 1489775183.16 538 192.168.1.116 - 53975 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nTKDvJrquaXVIZskAEdT/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1044 1489775422.34 1489775422.88 549 192.168.1.116 - 53977 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NceQYxTbWap1ulpVJqwEQzzIl/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1045 1489775614.74 1489775615.26 521 192.168.1.116 - 53978 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2YiLSSJldOzL49NEGcuq4r0y8wv/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1046 1489775807.16 1489775807.68 523 192.168.1.116 - 53979 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NYZGZ3LVQj06C7o60Q/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1047 1489775999.51 1489776000.03 520 192.168.1.116 - 53980 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ru7SCEFDrqs0aT8UJsbZ5wPA4/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1048 1489776191.9 1489776192.47 577 192.168.1.116 - 53981 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0R5rB9W2QJ743qIkdvPmA/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1049 1489776384.34 1489776384.9 556 192.168.1.116 - 53982 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZjcmdvyRN7uwDWu0dNxRx4u/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1050 1489776576.81 1489776577.35 544 192.168.1.116 - 53983 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xWq2e3UYKpUvr0dr5sbXS/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1051 1489776769.21 1489776769.73 523 192.168.1.116 - 53984 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KGg95rgWZdILyPNpfIDyYeS4mL6vt4Oc/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1052 1489776961.52 1489776962.04 520 192.168.1.116 - 53985 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PyC7nLTY68v3CANQNgvZD/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1053 1489777153.87 1489777154.41 541 192.168.1.116 - 53986 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oV97Dx2fduFdkn3VDae51zEiIhcT/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1054 1489777393.5 1489777394.05 551 192.168.1.116 - 53988 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GeEjH9EQrH4eQtkOV/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1055 1489777585.96 1489777586.5 546 192.168.1.116 - 53989 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HtAXTC9HibjW9UTP053zEG/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1056 1489777778.3 1489777779.84 1543 192.168.1.116 - 53990 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1056 1489777787.38 1489777788.48 1106 192.168.1.116 - 53990 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1056 1489777795.64 1489777796.23 588 192.168.1.116 - 53990 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EMvi56Y8VfulBKtPCf8UbjVxJ70btvy/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1057 1489777988.04 1489777988.57 526 192.168.1.116 - 53991 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8wjasofeXy3IlIQOj2DgaaA/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1058 1489778180.35 1489778180.87 521 192.168.1.116 - 53992 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DBrS5fpq8TeWG4Nvuqo6kbTbkRB/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1059 1489778372.72 1489778373.24 520 192.168.1.116 - 53993 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gcfxjEc1ZyZM5s8t/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1060 1489778565.03 1489778565.55 520 192.168.1.116 - 53994 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QHuQSk0w67yZVxa19dosteI/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1061 1489778757.38 1489778757.91 528 192.168.1.116 - 53995 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k9aJPYVxxBEJo2Cik/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1062 1489778949.86 1489778950.41 551 192.168.1.116 - 53996 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dSa1Sp35Q5WJDKzmyU4vdlKBldEnRc3/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1063 1489779142.29 1489779142.8 514 192.168.1.116 - 53997 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PXQmFUqCJ9r3EiDRjCJB0/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1064 1489779382.17 1489779382.7 530 192.168.1.116 - 53999 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZZuHgZi5bXxQc9Ksj0wVF0iYcit9gAX/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1065 1489779574.56 1489779575.07 519 192.168.1.116 - 54000 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9boOEAGBsvPIHubYH/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1066 1489779766.89 1489779767.41 519 192.168.1.116 - 54001 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sZDqWeWGdMRKOnfVfJVXZl/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1067 1489779959.28 1489779959.8 520 192.168.1.116 - 54002 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/egBcWAECNiyzYHQMMb/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1068 1489780151.67 1489780152.21 538 192.168.1.116 - 54003 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UQtZzEkbTufmqfZkGDX2AwYYT/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1069 1489780344.06 1489780344.7 644 192.168.1.116 - 54004 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/blRkl15YpverQV2G/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1070 1489780536.51 1489780537.03 519 192.168.1.116 - 54005 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8dyfpF0BaW1FTVRzbBEMj2gR9IWyzQ/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1071 1489780728.89 1489780729.43 542 192.168.1.116 - 54006 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bkxBp2zHBQlmNXlI/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1072 1489780922.44 1489780922.97 537 192.168.1.116 - 54007 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GBAMqN6X3lRsBnd6tQvgcpiW2WVpCr/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1073 1489781114.78 1489781115.32 536 192.168.1.116 - 54008 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U3g10EgPOKSstUBLGsLzc/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1074 1489781354.38 1489781354.92 541 192.168.1.116 - 54010 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M8wIDwpJ3LsMMY9maax26K0irQ9/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1075 1489781546.83 1489781547.37 542 192.168.1.116 - 54011 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/meUVAwU268XJxIZwfx92l1UI/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1076 1489781739.19 1489781739.7 513 192.168.1.116 - 54012 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZrZyPTPS8fMXVuRDzftIQevff/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1077 1489781931.64 1489781932.23 586 192.168.1.116 - 54013 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 218 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1078 1489781935.99 1489781936.56 576 192.168.1.116 - 54014 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tnxzk5pW9Q2mP0vmm3BOQl7SSn2gZsr/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1079 1489782128.41 1489782128.95 540 192.168.1.116 - 54015 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rkMB5JiEhnLvLu6dQADLNtFdu4SqE/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1080 1489782320.83 1489782321.36 537 192.168.1.116 - 54016 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0QckQffsPKUDgcUq9en6feUMjt2/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1081 1489782513.21 1489782513.74 537 192.168.1.116 - 54017 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jgq1cHx7mjjgQUdw4vKbmpVVbl1Y9i8/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1082 1489782705.56 1489782706.09 529 192.168.1.116 - 54018 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oBb9hOTssXXYrv3pvmmwpkxHwxGGf7Fa/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1083 1489782897.94 1489782898.47 536 192.168.1.116 - 54019 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dDSQqundWqlW1P04LpXJWMXYMxGdhhMb/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1084 1489783090.35 1489783090.88 536 192.168.1.116 - 54020 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1084 1489783096.85 1489783097.44 593 192.168.1.116 - 54020 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0moRqHh64Btl9ifUCpFAl/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1085 1489783289.29 1489783290.84 1544 192.168.1.116 - 54021 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1085 1489783298.38 1489783299.49 1107 192.168.1.116 - 54021 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1085 1489783353.88 1489783354.45 575 192.168.1.116 - 54021 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9EqpOUXXzpKtxDkyC/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1086 1489783546.32 1489783546.91 599 192.168.1.116 - 54023 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dCs3IjzMpmCGxMfbX60/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1087 1489783739.8 1489783740.37 568 192.168.1.116 - 54024 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zt57AoAKjBtJnFIxncUPQk/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1088 1489783932.17 1489783932.75 578 192.168.1.116 - 54025 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OVXYOaQRsqh4NHWJEfGygxC5YVKpvpCE/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1089 1489784124.58 1489784125.09 513 192.168.1.116 - 54026 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4axAvk8LA1W1xhzi/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1090 1489784317.2 1489784317.72 515 192.168.1.116 - 54027 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bY1Uc9h4D9y2CaVk/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1091 1489784515.61 1489784516.15 541 192.168.1.116 - 54028 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1092 1489784532.83 1489784533.42 584 192.168.1.116 - 54029 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1093 1489784550.04 1489784550.61 574 192.168.1.116 - 54030 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1094 1489784567.34 1489784567.88 544 192.168.1.116 - 54031 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7VpFblx87IllFEjuSUwYjVbFino/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1095 1489784759.76 1489784760.27 519 192.168.1.116 - 54032 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vFoBJudIHvvwO3R9hm7TCEDhuUWry/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1096 1489784952.08 1489784952.63 550 192.168.1.116 - 54033 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1q4emL4DBahCuV07hjwzUHazy/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1097 1489785144.45 1489785144.97 513 192.168.1.116 - 54034 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZihLgmJ4vmBmQYr9WG5Qe18n/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1098 1489785384.08 1489785384.61 521 192.168.1.116 - 54036 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HfOiO76GaXhlJTextyFC/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1099 1489785579.04 1489785579.61 573 192.168.1.116 - 54037 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6Z3NWchQJppsJ9LoLi/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1100 1489785771.4 1489785771.94 541 192.168.1.116 - 54038 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GK2BbANhvnW2FGQzixlJ/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1101 1489785963.8 1489785964.32 519 192.168.1.116 - 54039 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ah0X1yPezLZvEZdtGI4L/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1102 1489786156.12 1489786156.65 529 192.168.1.116 - 54040 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PEekSip7vSsNkRtS6ida2FHa/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1103 1489786348.48 1489786349.02 539 192.168.1.116 - 54041 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DbsFG4DlnhJrAVIUh8oETDy2S/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1104 1489786542.05 1489786542.59 539 192.168.1.116 - 54042 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BCyi3TQLcxAgaA6mnLx8/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1105 1489786734.5 1489786735.03 536 192.168.1.116 - 54043 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xw4UQUMixGSrlb60Rc8d8nH/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1106 1489786926.89 1489786927.43 536 192.168.1.116 - 54044 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OxA2Xm8zK0OazaAch4Jhafw8O4/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1107 1489787119.3 1489787119.82 520 192.168.1.116 - 54045 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/axl11vXxLX12pKbWm3x9LulN/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1108 1489787359.11 1489787359.61 504 192.168.1.116 - 54047 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ucgo1oF5RTD2b42GcUtsQF34zoz/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1109 1489787551.44 1489787551.96 520 192.168.1.116 - 54048 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yQEz28FUO8F9myIKBXsisJ9bqkGc4Y/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1110 1489787743.81 1489787744.32 510 192.168.1.116 - 54049 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lh6M03c3se2tk3ftuh4tqEotwFFo9U/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1111 1489787936.15 1489787936.67 521 192.168.1.116 - 54050 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lgjKePv86E7IA3GbWGgAFQ2boK086dU/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1112 1489788128.58 1489788129.16 579 192.168.1.116 - 54051 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lHxVsxwsNdozsnRunCtDLFZyI/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1113 1489788321.09 1489788321.66 567 192.168.1.116 - 54052 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lisYmdCfTzfRtgTtQ7fD0RtHl21Z/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1114 1489788513.73 1489788514.3 572 192.168.1.116 - 54053 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JffJi8OXHkr30QBx2bXs4z3/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1115 1489788706.15 1489788707.69 1543 192.168.1.116 - 54054 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1115 1489788715.22 1489788716.34 1122 192.168.1.116 - 54054 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1115 1489788724.07 1489788724.66 586 192.168.1.116 - 54054 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IyCZgHBh1a1opwdbF1q88XZ9wxB/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1116 1489788917.71 1489788918.25 538 192.168.1.116 - 54055 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bUGwN7PP3vzfqorwSPGux/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1117 1489789110.12 1489789110.65 537 192.168.1.116 - 54056 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W4QpebP77D6H7zv44cN66ijc/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1118 1489789349.66 1489789350.21 541 192.168.1.116 - 54058 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6On44tPAAWfsuCKaMBYrUwV8G/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1119 1489789543.09 1489789543.62 537 192.168.1.116 - 54059 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YoVHrncgDy1m8S5kLDEF1O/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1120 1489789735.44 1489789735.95 510 192.168.1.116 - 54060 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n0JLygk3gVBxj6hz14sz6Y63apv/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1121 1489789927.77 1489789928.29 519 192.168.1.116 - 54061 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gDCdvAyt0hwX0skcq/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1122 1489790120.17 1489790120.77 599 192.168.1.116 - 54062 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oXq7AuEgI2l7CqwA/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1123 1489790312.65 1489790313.17 521 192.168.1.116 - 54063 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gDPSRCjikd06E5B1mOHAU5tQ/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1124 1489790505.09 1489790505.63 540 192.168.1.116 - 54064 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GQ6YWdBCUGjABRmGQuGoSTKifjWoaZy/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1125 1489790697.46 1489790697.98 526 192.168.1.116 - 54065 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qb8jNmvxuUgYduwE1qgIQpPTuIqI/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1126 1489790890.0 1489790890.54 543 192.168.1.116 - 54066 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y4x0Fct2DHNK25tFieQHj9qUKaH9Y/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1127 1489791082.39 1489791082.93 541 192.168.1.116 - 54067 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8idXl1dJwV27yR25qFL2AOEqV/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1128 1489791323.19 1489791323.71 521 192.168.1.116 - 54069 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lzsjzodN4ONoLSG8kbmwRmGRUSE/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1129 1489791515.54 1489791516.14 595 192.168.1.116 - 54070 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vXFhhHo82hZ8B8k22R9T5icZNAi/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1130 1489791708.01 1489791708.53 522 192.168.1.116 - 54071 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EitLJbFF7N7HKqpXPSa2Aj/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1131 1489791901.38 1489791901.92 540 192.168.1.116 - 54072 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1ZUFWxvlhRlRRwuAQ4jNSiG1RrB/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1132 1489792093.69 1489792094.24 541 192.168.1.116 - 54073 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lyBlPyf55PtSdkPA/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1133 1489792286.09 1489792286.61 522 192.168.1.116 - 54074 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gyiE7LuSr9eT9XFnVrPY9QkbnBh/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1134 1489792478.52 1489792479.04 514 192.168.1.116 - 54075 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mNVMgRxXK6bD9S48QkvCWX0kNsR/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1135 1489792671.83 1489792672.37 541 192.168.1.116 - 54076 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MUJHAq3OKiQUmtThFG/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1136 1489792864.27 1489792864.79 520 192.168.1.116 - 54077 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/moTqgakkZ3dVwhqXd5SyF/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1137 1489793056.76 1489793057.29 538 192.168.1.116 - 54078 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rR75TET5vEX0pEXU7DR/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1138 1489793297.32 1489793297.86 541 192.168.1.116 - 54080 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UMkyz2Papuwg6wOYQ6TnOzv/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1139 1489793489.75 1489793491.85 2108 192.168.1.116 - 54081 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/78nYHBNrzRm2pUVAoZRy5ELczekLhK/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1140 1489793683.7 1489793684.22 520 192.168.1.116 - 54082 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZcpQDJHQ45RYwS4gujWqGwpf/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1141 1489793876.01 1489793876.56 552 192.168.1.116 - 54083 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/64PYPkKmCkCUvMpkpooVaGB/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1142 1489794068.43 1489794069.0 568 192.168.1.116 - 54084 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1142 1489794074.95 1489794075.54 586 192.168.1.116 - 54084 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4kJhv5dFoMi1eTFidDZz45LH7g/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1143 1489794267.41 1489794268.99 1585 192.168.1.116 - 54085 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1143 1489794276.52 1489794277.61 1082 192.168.1.116 - 54085 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1143 1489794284.78 1489794285.32 542 192.168.1.116 - 54085 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T99Iy7HPC18j7yUXHvUQfY1DczNw/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1144 1489794477.18 1489794477.7 520 192.168.1.116 - 54086 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7MKgROPgqBmSfZko/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1145 1489794669.54 1489794670.08 540 192.168.1.116 - 54087 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uiFyv0C6UKHk577WalV/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1146 1489794861.33 1489794861.71 376 192.168.1.116 - 54088 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1147 1489794863.36 1489794863.6 248 192.168.1.116 - 54089 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 1146 1489794863.81 1489794864.22 411 192.168.1.116 - 54088 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/NWmIkT7LafQ5Eoo6ice/ 320 509 0 366 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1146 1489794864.72 1489794865.09 369 192.168.1.116 - 54088 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/BBXUXVOZTOSBXFX/1/ 221 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1148 1489794867.23 1489794867.64 406 192.168.1.116 - 54090 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1149 1489794868.72 1489794869.14 427 192.168.1.116 - 54091 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1150 1489794870.48 1489794870.9 413 192.168.1.116 - 54092 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1151 1489794871.96 1489794872.36 398 192.168.1.116 - 54093 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k0ExOLTswQOd6rYPiRRQ1s9ygIRT/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1152 1489795063.65 1489795063.99 337 192.168.1.116 - 54094 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cNGeSSCIQ7E3rg8oe3z/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1153 1489795495.43 1489795495.83 405 192.168.1.116 - 54097 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8ouPYNVGZvI4627GWo1J2E/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1154 1489795687.23 1489795687.58 346 192.168.1.116 - 54098 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xGZqjMaeZxHWDjZHwdLjLN/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1155 1489795878.88 1489795879.25 371 192.168.1.116 - 54099 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vix0CjPbPfDyGXwSs5F5fTu0tDePiR/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1156 1489796070.54 1489796070.88 336 192.168.1.116 - 54100 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gtEc7f6NqGrTHekaP7v7hyPckN7/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1157 1489796262.2 1489796262.57 369 192.168.1.116 - 54101 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zHpkSkhS02oSwNMctDE/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1158 1489796453.84 1489796454.18 335 192.168.1.116 - 54102 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6P0pqT1PlNJRArImSsdAiGWCLw9vWd/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1159 1489796645.45 1489796645.83 382 192.168.1.116 - 54103 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xDxOUs5gNWE1OBpUFYI4ByhmCzrCVVQC/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1160 1489796837.16 1489796837.53 368 192.168.1.116 - 54104 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p87tRf42sKX30NrPWBdkG9O2lddD/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1161 1489797028.78 1489797029.1 319 192.168.1.116 - 54105 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ua3SOugLMhWEGlRodB0gpYqii/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1162 1489797459.61 1489797459.99 382 192.168.1.116 - 54108 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1BbtpmVa4NZJgUMr4/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1163 1489797651.32 1489797651.69 368 192.168.1.116 - 54109 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cd6oB1Uv37fiHCw1CcSFVMP05hrD/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1164 1489797843.04 1489797844.38 1341 192.168.1.116 - 54110 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MXDVzIr89xrHwd1SxJ5rlfO/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1165 1489798035.76 1489798036.18 411 192.168.1.116 - 54111 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CVFIodUqg2XQEEvTApyXMGT/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1166 1489798227.44 1489798227.82 371 192.168.1.116 - 54112 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mc5a4t3mcU14IMLylNOkwIwr/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1167 1489798419.13 1489798419.5 371 192.168.1.116 - 54113 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B0Iab43qRKdyTqz61pywGhv1/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1168 1489798610.86 1489798611.26 405 192.168.1.116 - 54114 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/65PGEWMpjoU5bHF2Bv65kX5yHvizo4/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1169 1489798802.57 1489798802.95 381 192.168.1.116 - 54115 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tZIdmOkrB1aB1kg5JcnJsXhwp12N/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1170 1489799000.34 1489799000.75 409 192.168.1.116 - 54116 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1171 1489799016.85 1489799017.23 382 192.168.1.116 - 54117 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1172 1489799033.37 1489799033.79 419 192.168.1.116 - 54118 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1173 1489799049.84 1489799050.18 339 192.168.1.116 - 54119 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jIqgTx0AnyFhBnx2mge/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1174 1489799480.35 1489799480.78 431 192.168.1.116 - 54122 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RgLL5HB2pIGpFw3A6PYvHDWXazFCtIon/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1175 1489799672.15 1489799673.27 1123 192.168.1.116 - 54123 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1175 1489799680.95 1489799681.79 841 192.168.1.116 - 54123 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1175 1489799688.94 1489799689.34 406 192.168.1.116 - 54123 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QeOrUOp2nvRKWS26miLS5qyx2WZ0bxy/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1176 1489799880.71 1489799881.07 368 192.168.1.116 - 54124 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C7MegG9FOTu5Z3k9/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1177 1489800072.46 1489800072.83 374 192.168.1.116 - 54125 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kJ2UGBv9QMSVlUckPieZsCRCBeCa/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1178 1489800264.17 1489800264.55 382 192.168.1.116 - 54126 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gx68uBxoE3gOg4JGBnc32HfoKXyN/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1179 1489800456.01 1489800456.42 410 192.168.1.116 - 54127 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dN4PL7bdTmu49lavlLBN/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1180 1489800647.76 1489800648.19 431 192.168.1.116 - 54128 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZRjsTm5mhFeKgyetZDJ4c3hqFCJ/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1181 1489800839.6 1489800840.01 412 192.168.1.116 - 54129 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pQ4UWN2LreR72pMhFse03zddeUBzdEO/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1182 1489801031.45 1489801031.85 407 192.168.1.116 - 54130 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TyIj9XX8GQapN8jJjsjmkn/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1183 1489801462.11 1489801462.48 368 192.168.1.116 - 54133 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/370acslrL9TtTxAXRSr8GodYH4J3Ir/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1184 1489801653.78 1489801654.16 381 192.168.1.116 - 54134 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ngofP5U7qEG3WSR7kNUyU5uOP8sdFE/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1185 1489801845.49 1489801845.86 373 192.168.1.116 - 54135 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YvwyDc51uJwo6jNIxOi8QSMBivCr/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1186 1489802037.21 1489802037.59 379 192.168.1.116 - 54136 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M40aHTsiNDRAgHdwGJ3ir5caW8dC7Z1/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1187 1489802228.93 1489802229.3 368 192.168.1.116 - 54137 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/roIK2Prppczh5LGlt9DVU5kDdcdI/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1188 1489802420.7 1489802421.1 405 192.168.1.116 - 54138 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2aT2ExmCpfNDgfhZAenvWTKzKmb/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1189 1489802612.47 1489802612.93 468 192.168.1.116 - 54139 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rFwHvjGkL2PbuZEOWdGzmBy/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1190 1489802804.28 1489802804.66 375 192.168.1.116 - 54140 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KHYoTQomcGPx3b2xTnVOFEWE4mt1/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1191 1489802997.03 1489802997.4 369 192.168.1.116 - 54141 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kJQDERIAqS7yfNCHGhf7jJZ3/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1192 1489803427.51 1489803427.85 344 192.168.1.116 - 54144 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fn13V9GYmHatptE02trQZtoS1c74/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1193 1489803619.23 1489803619.63 405 192.168.1.116 - 54145 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s5T28Cob3sqniae0AjPs/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1194 1489803811.08 1489803811.5 415 192.168.1.116 - 54146 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kLy2DxxqLSrHtldtjFJuyS/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1195 1489804002.91 1489804003.32 404 192.168.1.116 - 54147 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vGLCCiIXrvBcpmi8QGOUXm0v4Avi/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1196 1489804194.69 1489804195.8 1109 192.168.1.116 - 54148 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C8SWNNLQ99nFyLQGqy/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1197 1489804387.05 1489804387.42 366 192.168.1.116 - 54149 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4tv9G0uQrac1SzffHH/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1198 1489804578.87 1489804579.28 414 192.168.1.116 - 54150 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/36gvr032SAVYM8LL4vjkY5hNDoaqz6oS/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1199 1489804770.64 1489804771.02 383 192.168.1.116 - 54151 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xvbOlrfWFhkO4njeStkE/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1200 1489804962.43 1489804962.84 405 192.168.1.116 - 54152 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1200 1489804968.8 1489804969.21 414 192.168.1.116 - 54152 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W1Q08nfnkdAwYZOgIoRdviEm23/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1201 1489805160.53 1489805161.59 1061 192.168.1.116 - 54153 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1201 1489805169.12 1489805169.83 710 192.168.1.116 - 54153 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1202 1489805241.34 1489805241.71 371 192.168.1.116 - 54155 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qT4gyhbVqOIrvMXZUHNMjboOGMTG/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1203 1489805433.04 1489805433.41 367 192.168.1.116 - 54156 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N7qcBbjYOlxjAzHVEG/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1204 1489805624.93 1489805625.31 382 192.168.1.116 - 54157 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lNyY6eJkeqACHLalkwnodXISYi2/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1205 1489805816.74 1489805817.14 408 192.168.1.116 - 54158 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bZdkuq0g7GWjbOh7NH2gTdAgg/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1206 1489806008.56 1489806008.98 419 192.168.1.116 - 54159 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uSjO0RuR20DCBdoTXWig7thBXbUGiLp/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1207 1489806200.41 1489806200.83 419 192.168.1.116 - 54160 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/go9CWtHKBAJ0M1x7tn7X7dTzw/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1208 1489806392.13 1489806392.51 373 192.168.1.116 - 54161 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w1Z2vr2z8Imrpacjr/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1209 1489806583.91 1489806584.32 411 192.168.1.116 - 54162 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qjz1sDLPRkgUSpRhxH12A/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1210 1489806775.58 1489806775.95 370 192.168.1.116 - 54163 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xwa8IxDDQaPQ3nd1QPttQO9/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1211 1489806967.22 1489806967.6 379 192.168.1.116 - 54164 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Yl9rNzdaN4mklcA92kp1/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1212 1489807397.86 1489807398.24 380 192.168.1.116 - 54167 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R6FMZlTUBAVDdmpP4/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1213 1489807589.45 1489807589.78 325 192.168.1.116 - 54168 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZXdbJ9lTqPkthUuWbbbnjiUrlVhzL/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1214 1489807781.01 1489807781.38 370 192.168.1.116 - 54169 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z5IuE9IFmwd51fwh/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1215 1489807972.67 1489807973.03 367 192.168.1.116 - 54170 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kJOvmzgr4SgSPwaLnzkMnSvTSGnFAr5/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1216 1489808164.24 1489808164.55 312 192.168.1.116 - 54171 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/szSuolwhhsTyudlq6lovuupsNIvqEMa/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1217 1489808355.88 1489808356.25 377 192.168.1.116 - 54172 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xG0YvrJHXtTVQhRM/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1218 1489808547.52 1489808547.89 374 192.168.1.116 - 54173 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hj1qaM0sKnru6mtnmCVsnkHgomOU/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1219 1489808739.22 1489808739.59 369 192.168.1.116 - 54174 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bethhMZB5kySlUE21nYjAXONRG/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1220 1489808930.88 1489808931.25 369 192.168.1.116 - 54175 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2RfCSPmDBHohdIK0J41MMKMCmR6NCG/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1221 1489809361.35 1489809361.72 373 192.168.1.116 - 54178 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AVMbiXD5MbrCTDWNyxpEoWCv6RHI2p/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1222 1489809552.89 1489809553.2 312 192.168.1.116 - 54179 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6VAbezczCiHUO4CBAsymGvqSsuO/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1223 1489809744.47 1489809744.86 383 192.168.1.116 - 54180 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o3Y9ywBjQDtZmk9VD9rBEF/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1224 1489809936.13 1489809936.47 335 192.168.1.116 - 54181 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1QWMsuRrA6KCtdf5w7Vf6ehXzxvd/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1225 1489810127.87 1489810128.23 366 192.168.1.116 - 54182 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mztDp3oEGxGzdAw10syQfA/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1226 1489810319.49 1489810319.83 336 192.168.1.116 - 54183 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VZJRdfmSUaX2AHfO/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1227 1489810511.04 1489810511.39 346 192.168.1.116 - 54184 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I99M44Mu8hb1kfYasiyDCt4/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1228 1489810703.57 1489810704.64 1076 192.168.1.116 - 54185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1228 1489810712.35 1489810713.08 724 192.168.1.116 - 54185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1228 1489810720.38 1489810720.76 382 192.168.1.116 - 54185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lnN1RYaPgH8canmbWwTjUJc4uOOj6/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1229 1489810912.47 1489810912.82 351 192.168.1.116 - 54186 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1230 1489810913.88 1489810914.22 341 192.168.1.116 - 54187 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hgBzm48t9iwlbn5orArReG7O1ktAQ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1231 1489811345.01 1489811345.35 337 192.168.1.116 - 54190 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vZaHuxF5F6o85VX8HFFmRsv5fsL8/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1232 1489811536.61 1489811536.98 373 192.168.1.116 - 54191 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DWAgEU2IVqgrIW1NDFnhEALCF/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1233 1489811728.35 1489811728.73 373 192.168.1.116 - 54192 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QRqq0mFhB1EhJFBvkspM/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1234 1489811919.99 1489811920.33 338 192.168.1.116 - 54193 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SGadQdI2KB03HwEB83nF/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1235 1489812111.69 1489812112.06 374 192.168.1.116 - 54194 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hvVMPNAstqHEiXJEpWo7SwV8sN3jppU/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1236 1489812303.31 1489812303.67 367 192.168.1.116 - 54195 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rl9bNhfAHHZPv8rSqVKjjapa0SoH6oS/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1237 1489812494.92 1489812495.26 336 192.168.1.116 - 54196 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zxTJAoVgogLg4sMeEeRDydROCsHMkngR/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1238 1489812686.62 1489812686.99 374 192.168.1.116 - 54197 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ayGeDMUUOMXjKlw8AhVT/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1239 1489812878.17 1489812878.48 314 192.168.1.116 - 54198 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nwRq1SRJ7uZxm4XuNHnTywC3/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1240 1489813308.54 1489813308.91 370 192.168.1.116 - 54201 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CpQ9pd8K6YJcemQbubIS557Dpe/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1241 1489813506.19 1489813506.62 434 192.168.1.116 - 54202 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1242 1489813522.61 1489813522.93 312 192.168.1.116 - 54203 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1243 1489813539.09 1489813539.51 425 192.168.1.116 - 54204 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1244 1489813555.59 1489813555.93 342 192.168.1.116 - 54205 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lFoRosQicYTcRf9kZfpr/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1245 1489813747.26 1489813747.64 377 192.168.1.116 - 54206 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hfW5wyTT98qk9I6ImX5nbew/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1246 1489813938.94 1489813939.31 367 192.168.1.116 - 54207 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JPnGNATQYp4814rtGMTivB/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1247 1489814130.58 1489814130.92 337 192.168.1.116 - 54208 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2NhpOCDZscFMZ4UPNGq9WzNEfNRp3/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1248 1489814322.3 1489814322.72 419 192.168.1.116 - 54209 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bkYhWfwxL8yZsQkgaM4v85pAQ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1249 1489814514.01 1489814514.35 338 192.168.1.116 - 54210 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/imfFH3WcrrkYayWmYGcii1d3S/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1250 1489814704.78 1489814704.85 67 192.168.1.116 - 54211 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1250 1489814705.08 1489814705.22 136 192.168.1.116 - 54211 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/hAZHKkqt2rIwbZxblXo/ 321 509 0 366 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1250 1489814705.73 1489814705.8 71 192.168.1.116 - 54211 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/YBDBNLOGWU/1/ 217 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1251 1489814706.98 1489814707.05 71 192.168.1.116 - 54212 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1252 1489814707.25 1489814707.33 72 192.168.1.116 - 54213 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1253 1489814707.5 1489814707.57 72 192.168.1.116 - 54214 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1254 1489814707.75 1489814707.82 73 192.168.1.116 - 54215 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9DKq5G1e9rwqit2nWPBxN6Z/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1255 1489814898.23 1489814898.3 75 192.168.1.116 - 54216 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AO2XusLLXAXhZdARlEqMENJQl7jypISn/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1256 1489815136.04 1489815136.13 89 192.168.1.116 - 54218 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cH2ftJBp7SkNJQw4OA8d58A4pr31/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1257 1489815326.54 1489815326.62 78 192.168.1.116 - 54219 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QBQqjZNBQBqscLQc8Uery/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1258 1489815517.02 1489815517.11 90 192.168.1.116 - 54220 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/crdkCDjpF8jOBXOuYDtR1EFWUCcY/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1259 1489815707.51 1489815707.59 76 192.168.1.116 - 54221 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iIUnQnzNpg3yLqkq3QrVgBjn1lUUOQvT/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1260 1489815898.02 1489815898.08 68 192.168.1.116 - 54222 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1260 1489815904.06 1489815904.23 166 192.168.1.116 - 54222 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kIUeLf6Bww4fKubC3lOXMLs/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1261 1489816094.63 1489816094.7 74 192.168.1.116 - 54223 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BqzaEh5vJnlJHeMDOcZhO4b/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1262 1489816285.1 1489816285.24 140 192.168.1.116 - 54224 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1262 1489816293.01 1489816293.13 119 192.168.1.116 - 54224 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1262 1489816300.93 1489816301.02 85 192.168.1.116 - 54224 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tVg9Y0bD9YdzONRGCi2mX/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1263 1489816491.46 1489816491.54 78 192.168.1.116 - 54225 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0Mj4hXYGpVRzoESa47N0/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1264 1489816681.91 1489816681.99 77 192.168.1.116 - 54226 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9Ea1aeuKzM0qTs7FpTCdoWZXQZ1s/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1265 1489816872.41 1489816872.49 80 192.168.1.116 - 54227 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/thMjI09FhoSsAV6R7nfF3vLCY7PgaU/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1266 1489817110.09 1489817110.17 74 192.168.1.116 - 54229 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8n8WDndS3fIIRb31u/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1267 1489817300.55 1489817300.62 74 192.168.1.116 - 54230 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aUKBgCWdD02vpdilKf6M/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1268 1489817491.05 1489817491.12 70 192.168.1.116 - 54231 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XGQ3x3RgelEzupgclxsuXxZq/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1269 1489817681.49 1489817681.57 73 192.168.1.116 - 54232 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cjTseqBFu8ZuC4NuY/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1270 1489817871.95 1489817872.02 71 192.168.1.116 - 54233 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yjTSRcl4So7eXl0Aca9/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1271 1489818062.39 1489818062.47 79 192.168.1.116 - 54234 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZlSUwOi2bNAgtAstcLOXXYSUbQT/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1272 1489818252.87 1489818252.94 74 192.168.1.116 - 54235 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LjUXLzKxp7dvhnrG1olvUifxlv3/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1273 1489818443.37 1489818443.46 88 192.168.1.116 - 54236 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w4VJDeCd9ZltuG3yfAoZlHyZ4CmHIZd5/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1274 1489818633.86 1489818634.17 306 192.168.1.116 - 54237 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p1fMe1RvKvQIQKOph7WQb2vBSKMLaXP/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1275 1489818824.53 1489818824.6 72 192.168.1.116 - 54238 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xDuNVE7tIMXEfLbGljvRHbhQ/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1276 1489819062.41 1489819062.49 82 192.168.1.116 - 54240 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z56CgBvF997GtfNY3oRtbNNCRLr0au4/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1277 1489819252.88 1489819252.95 76 192.168.1.116 - 54241 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XaFlh63hhyQyDi9iCWXm8ic3LNqj/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1278 1489819443.33 1489819443.4 69 192.168.1.116 - 54242 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gUqwRqYBgtI8BdsFja1rBC7m/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1279 1489819634.07 1489819634.15 76 192.168.1.116 - 54243 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KRLBMLCs77DKiH856LBeiFI0Wg8c9NkQ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1280 1489819824.55 1489819824.63 79 192.168.1.116 - 54244 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W1b1dvoXLZgV9UcNumAPO5Rpbs/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1281 1489820015.05 1489820015.13 74 192.168.1.116 - 54245 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xXBwNjfMlvXSR5Pv8Qekvo6QL6naUyY/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1282 1489820205.48 1489820205.55 73 192.168.1.116 - 54246 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z6jBknKap0iybCLpRNR39cUS/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1283 1489820395.97 1489820396.05 78 192.168.1.116 - 54247 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ia7ZIuHQ5R5egBHNC7arHB2Um/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1284 1489820586.43 1489820586.51 88 192.168.1.116 - 54248 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HRj0ky5YPBJr4JYqCX79plP/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1285 1489820776.91 1489820776.99 72 192.168.1.116 - 54249 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j6ByeGO5IpiP70YksYUWx1WuiV6o3mSC/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1286 1489821014.5 1489821014.57 72 192.168.1.116 - 54251 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZLyBBHD1mszdONKEasNbwhMxdYbB/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1287 1489821204.94 1489821205.01 70 192.168.1.116 - 54252 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CsGtd30lhK6zSaZr1/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1288 1489821395.42 1489821395.49 72 192.168.1.116 - 54253 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b1zNntDs5xiX64ip8ZAeHgbLn0yzu/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1289 1489821585.85 1489821585.93 74 192.168.1.116 - 54254 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ydal48p2j7PTFvaYhRly4aje1n8/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1290 1489821776.33 1489821776.44 117 192.168.1.116 - 54255 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1290 1489821784.14 1489821784.27 130 192.168.1.116 - 54255 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1290 1489821791.33 1489821791.44 105 192.168.1.116 - 54255 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VddULJ08kpu1oCsclz8JVu5/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1291 1489821981.84 1489821981.92 75 192.168.1.116 - 54256 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DVaJfGipmPT6UokV2zx6wr1Osnhh58/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1292 1489822172.33 1489822172.4 78 192.168.1.116 - 54257 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lP00SMSUxDLS1kzwCCjHPZ5M1yo/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1293 1489822362.8 1489822362.87 70 192.168.1.116 - 54258 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TjCRfTA9rEoQBpxc/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1294 1489822553.3 1489822553.38 78 192.168.1.116 - 54259 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VM2WAKFrZwkYaAYiwrMWZaVrRr2Xd/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1295 1489822743.78 1489822743.85 71 192.168.1.116 - 54260 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dAIOqcM6odwusZ9XbjLDfIKzY0tYBY4V/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1296 1489822981.39 1489822981.48 85 192.168.1.116 - 54262 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oEjszc9b8GfCRLeYK2FbHw/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1297 1489823171.91 1489823171.98 74 192.168.1.116 - 54263 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3GkBs5hVbA0eiz8loJOurLl0Ojbpw/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1298 1489823362.41 1489823362.5 94 192.168.1.116 - 54264 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AgjejJWaMkwaXELgV0SYJ2voT/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1299 1489823552.91 1489823552.99 78 192.168.1.116 - 54265 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tpjsH6UH89xmIE3MKG2/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1300 1489823743.38 1489823743.45 74 192.168.1.116 - 54266 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XqaXEZbUGiPM7R0MnohROSaJi1RReF/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1301 1489823933.86 1489823933.94 76 192.168.1.116 - 54267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pLvXqmWyDZfy2CPbMwlvoj/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1302 1489824124.36 1489824124.44 80 192.168.1.116 - 54268 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Od6eaPF6Vx6cVjlxIpnRv/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1303 1489824314.83 1489824314.9 72 192.168.1.116 - 54269 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fyq0PUErGJJ830yVUIe0LGTrtw2QdUu/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1304 1489824505.3 1489824505.38 74 192.168.1.116 - 54270 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OtBV9C2NGyOEtgvpJnZ/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1305 1489824695.86 1489824695.95 87 192.168.1.116 - 54271 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TyKgNTLk4YzeInkhtph3PaqujShl/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1306 1489824886.75 1489824886.99 241 192.168.1.116 - 54272 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 1307 1489824934.76 1489824934.84 80 192.168.1.116 - 54274 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XDkmE1ZGWxO1dP3dfhHKS/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1308 1489825125.23 1489825125.3 71 192.168.1.116 - 54275 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iQzgercqRblz7DnC5VhpH/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1309 1489825315.67 1489825315.74 72 192.168.1.116 - 54276 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q2esO4zbBukQUD1KQ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1310 1489825506.14 1489825506.22 78 192.168.1.116 - 54277 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q3HdxdN2SzY2zWB2x4l/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1311 1489825696.62 1489825696.7 78 192.168.1.116 - 54278 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yOX2KAzDFp37gRM7v5NvgwR5nan4bZvO/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1312 1489825887.34 1489825887.41 74 192.168.1.116 - 54279 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v36Ld6wB3yhia74JQP9WAE/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1313 1489826077.83 1489826077.9 75 192.168.1.116 - 54280 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3C3A0A28IfvcVMsnhVPI1KCExjJsb/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1314 1489826268.28 1489826268.36 78 192.168.1.116 - 54281 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DCfFzKwECRosaQptKtlOGo40g2k/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1315 1489826458.77 1489826458.85 88 192.168.1.116 - 54282 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6ANR8M9qsNybyKzV9mhlTrPGe/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1316 1489826649.25 1489826649.33 74 192.168.1.116 - 54283 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y05VEXzT67B4ZsB2X9rO7/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1317 1489826839.73 1489826839.82 93 192.168.1.116 - 54284 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1317 1489826893.1 1489826893.17 75 192.168.1.116 - 54284 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OpRRDX2im5VrNszFu8/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1318 1489827083.58 1489827083.68 93 192.168.1.116 - 54286 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z4e038ogcAJv0ghvIbLddyf4/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1319 1489827274.06 1489827274.2 144 192.168.1.116 - 54287 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1319 1489827281.97 1489827282.07 104 192.168.1.116 - 54287 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1319 1489827289.79 1489827289.87 77 192.168.1.116 - 54287 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LbUVu6OO3tst4cYaU8XDkdb8TKuH/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1320 1489827480.29 1489827480.36 73 192.168.1.116 - 54288 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RvuE5gJ385loLitqtTKO8bhwmLSDRd7P/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1321 1489827670.77 1489827670.84 75 192.168.1.116 - 54289 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B3z5YUvWMO7J7yQl2GAixJxW8b3/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1322 1489827861.25 1489827861.32 73 192.168.1.116 - 54290 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nNtIAnL2S6VMsmzpbVAGl7Fdy/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1323 1489828057.74 1489828057.82 79 192.168.1.116 - 54291 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1324 1489828074.21 1489828074.28 68 192.168.1.116 - 54292 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1325 1489828089.48 1489828089.55 70 192.168.1.116 - 54293 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1326 1489828104.79 1489828104.86 77 192.168.1.116 - 54294 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UB7lcnXTJiCS3H3Zn8/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1327 1489828295.29 1489828295.38 86 192.168.1.116 - 54295 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mope4TwCI7FNO0YGRJnUws/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1328 1489828485.79 1489828485.88 92 192.168.1.116 - 54296 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FehI7VGftg7hUvUbtY/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1329 1489828676.25 1489828676.32 78 192.168.1.116 - 54297 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mxdRYzIVvAQZesaSPfhdyq/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1330 1489828913.97 1489828914.05 78 192.168.1.116 - 54299 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hx0rmGAgcIbfMnsDRS/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1331 1489829104.46 1489829104.53 76 192.168.1.116 - 54300 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V9Ix9qyHzNZ8qYNpD8F/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1332 1489829294.93 1489829295.0 73 192.168.1.116 - 54301 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RzvhIMAOifxo48dT3rIFg/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1333 1489829485.58 1489829485.66 79 192.168.1.116 - 54302 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wsv9AR1pBxUlhevC1sbf/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1334 1489829676.07 1489829676.14 72 192.168.1.116 - 54303 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iFHX85dqfYmBmxom7SuAND3y/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1335 1489829866.55 1489829866.62 73 192.168.1.116 - 54304 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SLc5l4zBjbdgkL93HWMb7/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1336 1489830057.01 1489830057.09 80 192.168.1.116 - 54305 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XWlotJidUFkCvNH7e/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1337 1489830247.48 1489830247.55 73 192.168.1.116 - 54306 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lXBtltcFy9lmwk9cAziLMVN2l6U84IDn/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1338 1489830437.93 1489830438.01 76 192.168.1.116 - 54307 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0b89r9NOkkEBzEhOH6d/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1339 1489830628.42 1489830628.49 74 192.168.1.116 - 54308 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OfywrVNkKhWNqSqCatufJN/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1340 1489830866.1 1489830866.18 75 192.168.1.116 - 54310 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/14fY6LcIMSN7RHaDV5xgNRm7FPdE2Yp/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1341 1489831056.59 1489831056.67 81 192.168.1.116 - 54311 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XqVh89gPhwNrc3GD60javBaSxyAvK5/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1342 1489831247.07 1489831247.14 73 192.168.1.116 - 54312 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FeoyxHnp86rDVne7xJqseXgkPKSdT/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1343 1489831437.56 1489831437.65 85 192.168.1.116 - 54313 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z1eMT8nGAvwsnnyL2EL/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1344 1489831628.24 1489831628.32 78 192.168.1.116 - 54314 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uoMNgbaDSZa4eTJknfE5OJ3/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1345 1489831818.74 1489831818.83 87 192.168.1.116 - 54315 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mAItT1ADL2HlfMNWvW4m91tOjRQ/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1346 1489832009.24 1489832009.31 69 192.168.1.116 - 54316 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mbZ9JUzMPpV2Lf7NJB3apm/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1347 1489832199.68 1489832199.75 71 192.168.1.116 - 54317 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UdFSLAP1AqQOuJ7GORuKjUZYeS5gq/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1348 1489832390.15 1489832390.22 75 192.168.1.116 - 54318 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D61HYoiuBqjJjF6ezIuvNLAN7vGCS/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1349 1489832580.59 1489832580.67 74 192.168.1.116 - 54319 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hateu3mdcl1Dp6qjCDiR7rEBAzR7em6/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1350 1489832771.09 1489832771.22 137 192.168.1.116 - 54320 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1350 1489832778.8 1489832778.93 133 192.168.1.116 - 54320 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1350 1489832833.57 1489832833.65 81 192.168.1.116 - 54320 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HKQ6FwiijMhRj19bn7yZ0XxI/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1351 1489833024.04 1489833024.11 77 192.168.1.116 - 54322 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1nNoY0JjBaIc91qAhDepJ8dIezxtpgl/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1352 1489833214.53 1489833214.6 77 192.168.1.116 - 54323 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NmndjmdU40kprlOcI5vHqxzWcUaXw/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1353 1489833404.99 1489833405.07 79 192.168.1.116 - 54324 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYkA81W6i0MQzQ4xUjqOEsN12RgVQ8u/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1354 1489833595.48 1489833595.56 73 192.168.1.116 - 54325 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1zv9YiRaCn5DyjQ1yDHNrG7gm6rJ/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1355 1489833785.96 1489833786.04 78 192.168.1.116 - 54326 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BKFvK1aZjxMTSaUzxusksq/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1356 1489833976.42 1489833976.49 73 192.168.1.116 - 54327 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/artnPdoLbYm7S9r4bxdSVfU3/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1357 1489834166.92 1489834166.99 72 192.168.1.116 - 54328 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bBpQcTyTzx5DmaIMPrqn/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1358 1489834360.79 1489834361.43 633 192.168.1.116 - 54329 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1358 1489834361.65 1489834362.34 683 192.168.1.116 - 54329 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/AJtzelCBj25qLcb2UGhnILS/ 326 513 0 370 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1358 1489834362.84 1489834363.44 604 192.168.1.116 - 54329 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/DKDNAVMWDJICOTSJP/1/ 225 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1359 1489834366.2 1489834366.84 642 192.168.1.116 - 54330 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1360 1489834368.61 1489834369.22 619 192.168.1.116 - 54331 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1361 1489834371.09 1489834371.71 622 192.168.1.116 - 54332 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1362 1489834374.5 1489834375.11 613 192.168.1.116 - 54333 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pfjqsevYlUHCHUDyYbWtKE/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1363 1489834567.27 1489834567.87 604 192.168.1.116 - 54334 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CJAdPOd2GgVp4Kt8n8uXijVqywq2ct5/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1364 1489834807.16 1489834807.76 608 192.168.1.116 - 54336 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ydeYJ2hSYkZPo6Yn9vqE9CQvmlKKCL/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1365 1489834999.78 1489835000.38 609 192.168.1.116 - 54337 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ju7f24jik4nOqKOwLyZwI60Y/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1366 1489835192.41 1489835193.02 607 192.168.1.116 - 54338 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FZvjswR5eTkPIWxH0RVrYB/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1367 1489835384.98 1489835385.54 568 192.168.1.116 - 54339 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RZWmXjWhWN62MuLo3zS9Vf2DmtRx/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1368 1489835577.67 1489835578.3 633 192.168.1.116 - 54340 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/feKDg3i3tvrTvI2MP0dSipo/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1369 1489835770.35 1489835770.95 604 192.168.1.116 - 54341 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/61jm8QoIa2t7gtiXddwidYJ2fa4P8/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1370 1489835963.03 1489835963.66 627 192.168.1.116 - 54342 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H1JZ1fo1OG2rZQLBOFIlCXEDV/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1371 1489836155.72 1489836156.33 611 192.168.1.116 - 54343 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HQDnaNESHM79PmZOUKshW/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1372 1489836348.77 1489836349.38 605 192.168.1.116 - 54344 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2Xxen2X3oM66UPtq0eEIL/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1373 1489836541.4 1489836542.11 711 192.168.1.116 - 54345 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RFxcBMDt24XoXmpA/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1374 1489836781.32 1489836781.94 619 192.168.1.116 - 54347 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/grJOyzOumG6sd6TcGwi5Mh9kz/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1375 1489836974.05 1489836974.66 609 192.168.1.116 - 54348 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wFLGk5N1MGHvPUh7xlqk/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1376 1489837166.68 1489837167.29 615 192.168.1.116 - 54349 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3VuK3wMaPPlUVqOZQ9l/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1377 1489837359.31 1489837359.93 622 192.168.1.116 - 54350 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wO3HCh4jmvMsKD9fx8JA3n/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1378 1489837551.89 1489837552.5 611 192.168.1.116 - 54351 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wfQBAADgDb3N9l93l3eJli8Xe0mv/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1379 1489837744.48 1489837745.1 619 192.168.1.116 - 54352 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1379 1489837751.09 1489837751.74 651 192.168.1.116 - 54352 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ex7LuTB2YfizvfZVGuxKQwUvbn/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1380 1489837943.74 1489837944.36 623 192.168.1.116 - 54353 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iwghgkTsTHlqgqabYuvJx/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1381 1489838136.32 1489838136.95 632 192.168.1.116 - 54354 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3yJYrIIpelsgJJ6grKd/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1382 1489838329.01 1489838330.77 1755 192.168.1.116 - 54355 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1382 1489838338.31 1489838340.1 1785 192.168.1.116 - 54355 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1382 1489838347.2 1489838347.82 620 192.168.1.116 - 54355 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E8eHq90qvgQ6CNUBzK/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1383 1489838539.83 1489838540.45 617 192.168.1.116 - 54356 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oToVHpESnrfa9VGK5/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1384 1489838800.42 1489838801.06 637 192.168.1.116 - 54359 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ux1a7BbgbelUBGjAal6xf5QFfVhJGuqQ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1385 1489838993.12 1489838993.73 616 192.168.1.116 - 54360 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T1NZ45gzqRomYrRtPx0VeU/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1386 1489839185.7 1489839186.27 569 192.168.1.116 - 54361 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aMwwAEzm55I7S6RmBx3H/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1387 1489839378.27 1489839378.88 605 192.168.1.116 - 54362 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HaJXD3mQTG8uXgwz5FFpt8EKllOfolvb/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1388 1489839570.86 1489839571.47 609 192.168.1.116 - 54363 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RDMN9fEFujwbNlbPzia2jeHKK/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1389 1489839763.75 1489839764.43 671 192.168.1.116 - 54364 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1390 1489839768.55 1489839769.18 628 192.168.1.116 - 54365 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XXNReKiSJwoBVcdKp/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1391 1489839961.19 1489839961.82 629 192.168.1.116 - 54366 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7pn99JVolkhIeX9B4/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1392 1489840153.78 1489840154.4 618 192.168.1.116 - 54367 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/009XQscP7Xazgt97WuIsfTAvsH6Yu/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1393 1489840346.42 1489840347.04 614 192.168.1.116 - 54368 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hn47iP2jiaP5ZZPRWdyMsFOFptFftvi/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1394 1489840539.03 1489840539.64 608 192.168.1.116 - 54369 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YIAjLWs1BysxCa7FLgMPBWt7/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1395 1489840779.54 1489840780.14 609 192.168.1.116 - 54371 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k4ZdZsjxZT6i74y1W/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1396 1489840972.15 1489840972.78 633 192.168.1.116 - 54372 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Vm55UFHfvrIKTVGJoEaFJTyrGjvR9gLZ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1397 1489841164.78 1489841165.4 613 192.168.1.116 - 54373 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P2knggX0OB4KpEEI8urgvCGQSRj/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1398 1489841357.43 1489841358.05 613 192.168.1.116 - 54374 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fr0XUa7gRrQeDAp1rrt0/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1399 1489841550.1 1489841550.71 614 192.168.1.116 - 54375 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9UFeweu6dfBvRhnrfvxhwwF/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1400 1489841742.77 1489841743.38 611 192.168.1.116 - 54376 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jak5iAR34uF7MGVMeTw/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1401 1489841935.46 1489841936.09 629 192.168.1.116 - 54377 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pw2sO1GHX12nLtWlHjelc/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1402 1489842128.1 1489842128.71 611 192.168.1.116 - 54378 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e2SiZmiXjMPpZNULuFYvwqWrXHQe8gJ/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1403 1489842320.7 1489842321.34 634 192.168.1.116 - 54379 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BpcQxWEiRNzpd2qNYstDFcrkIIum/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1404 1489842519.36 1489842519.96 602 192.168.1.116 - 54380 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1405 1489842536.75 1489842537.35 605 192.168.1.116 - 54381 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1406 1489842554.24 1489842554.88 637 192.168.1.116 - 54382 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1407 1489842571.75 1489842572.36 606 192.168.1.116 - 54383 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lvs7hCSdVDpijoDEy7oC8UcUVakQ/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1408 1489842811.88 1489842812.5 613 192.168.1.116 - 54385 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oh8yIOyB9y97YIOrr6xCR8eqRhfH/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1409 1489843004.53 1489843005.14 611 192.168.1.116 - 54386 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hd0JeXWPkYU0BaHi0cuKjU/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1410 1489843197.2 1489843199.44 2241 192.168.1.116 - 54387 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uzqV7hLsg2x03R5QwYJq/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1411 1489843391.41 1489843392.02 618 192.168.1.116 - 54388 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kuIpSNZHLtc8bGP1r1qyMQ9LoJlfxlmJ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1412 1489843584.15 1489843584.76 614 192.168.1.116 - 54389 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4v9wQfSHgny0XBHNN/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1413 1489843776.81 1489843778.62 1817 192.168.1.116 - 54390 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1413 1489843786.87 1489843788.1 1228 192.168.1.116 - 54390 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1413 1489843795.22 1489843795.83 607 192.168.1.116 - 54390 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HSJVtnSLUECRAWV7ZGBIXj0f/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1414 1489843988.02 1489843988.63 617 192.168.1.116 - 54391 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LOF1F5gHhQ2CQEo7RZLfPkjunAr/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1415 1489844180.73 1489844181.34 615 192.168.1.116 - 54392 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ItN95Pmoe045hGV3feuqB/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1416 1489844373.43 1489844374.04 610 192.168.1.116 - 54393 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kooP2uGUs9ljZPdIdPyIaB2r67Ku7kJx/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1417 1489844566.11 1489844566.72 610 192.168.1.116 - 54394 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5w6HLwTZ5jASCGixuyG/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1418 1489844806.26 1489844806.87 615 192.168.1.116 - 54396 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C6lBPIzEG1zDoXtjRbylOv/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1419 1489844998.88 1489844999.49 614 192.168.1.116 - 54397 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WRDCXJsb2BHEndtXCEMyxFFzy5elY6w/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1420 1489845191.57 1489845192.18 610 192.168.1.116 - 54398 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nrCIOivRFhRHTamClUbz/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1421 1489845384.16 1489845384.77 609 192.168.1.116 - 54399 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k35G4pYGoxJ0ql8vkyMrK/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1422 1489845576.72 1489845577.35 633 192.168.1.116 - 54400 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vPwbCOFgGi979hGSulepAvgHJ2/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1423 1489845769.37 1489845769.99 613 192.168.1.116 - 54401 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/goVoqJbBVEhLNEVYdhSCg/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1424 1489845961.97 1489845962.58 613 192.168.1.116 - 54402 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lUVFWhMaVOomRRJr/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1425 1489846154.59 1489846155.21 614 192.168.1.116 - 54403 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/99Pw6dW3QsetwrHR3Ptpmr/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1426 1489846347.33 1489846347.94 610 192.168.1.116 - 54404 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WR5fbahg2REoUzlzV5aN/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1427 1489846541.76 1489846542.37 605 192.168.1.116 - 54405 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CeyHRwOaxw56SGnWCo/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1428 1489846781.88 1489846782.49 611 192.168.1.116 - 54407 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BV5fdB1VXHmlOG32mvrcOCSV55nO2vg/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1429 1489846974.51 1489846975.12 609 192.168.1.116 - 54408 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/733uvx2WQQsDZdLhxEX/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1430 1489847167.07 1489847167.64 570 192.168.1.116 - 54409 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4UtlbJltXAn5DzbGQstkQ3zcS/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1431 1489847359.74 1489847360.4 661 192.168.1.116 - 54410 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RwCdG3FqykGDkbf199PEZlANtwthiiT/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1432 1489847552.41 1489847553.03 615 192.168.1.116 - 54411 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dnSJzSe8CumLm5gEffEI58AhLHNvSVn/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1433 1489847745.09 1489847745.7 606 192.168.1.116 - 54412 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/smL5VNz2fCUIcBoNgZ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1434 1489847937.69 1489847938.31 619 192.168.1.116 - 54413 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DaJCV5R1OqeZr0L7JLI/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1435 1489848130.24 1489848130.81 567 192.168.1.116 - 54414 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XxTLnnPbs7LbgCPV/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1436 1489848322.82 1489848323.43 612 192.168.1.116 - 54415 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u16pL0pUSOAvo0O1/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1437 1489848515.52 1489848516.12 605 192.168.1.116 - 54416 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5z760WxNNRvMHFzi544b8yl7J/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1438 1489848708.15 1489848708.79 644 192.168.1.116 - 54417 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1438 1489848762.84 1489848763.48 634 192.168.1.116 - 54417 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/swa1t5foTWV3BaqOP2xSuUCygC/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1439 1489848955.46 1489848956.08 617 192.168.1.116 - 54419 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0ul6enXcJqPkqPliFP/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1440 1489849148.17 1489849148.77 606 192.168.1.116 - 54420 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/64yhL9gBWH0geO2tszHC/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1441 1489849340.75 1489849342.47 1719 192.168.1.116 - 54421 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1441 1489849350.04 1489849351.19 1149 192.168.1.116 - 54421 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1441 1489849358.95 1489849359.54 585 192.168.1.116 - 54421 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4OMuPVP10qPOcVa5MMHJH/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1442 1489849551.6 1489849552.21 618 192.168.1.116 - 54422 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p9tJ6k0y0Wlr3X8gUzPBvXiBnUk6VoUz/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1443 1489849745.98 1489849746.59 605 192.168.1.116 - 54423 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ttvL22Ys0whkPWTRrh79Xk29kFyGYhT/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1444 1489849938.58 1489849939.2 619 192.168.1.116 - 54424 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LgfXbCp5FMGSbuFmAnA/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1445 1489850131.25 1489850131.86 611 192.168.1.116 - 54425 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QpMEjumiZpLnjgjc9mRmzSKWhCU5/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1446 1489850323.84 1489850324.41 570 192.168.1.116 - 54426 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/imjByfh3ZEtTjDZ0ZnsyaCBht/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1447 1489850516.43 1489850517.04 614 192.168.1.116 - 54427 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bIjr1uGj8tCZnZjQcNfI4S/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1448 1489850756.6 1489850757.21 617 192.168.1.116 - 54429 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MYuvDJCx2wNhcECHjUpnwqf1QEb4Eu/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1449 1489850949.16 1489850949.8 637 192.168.1.116 - 54430 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jENsWkiwDIlAyntKAUI8j/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1450 1489851141.81 1489851142.43 620 192.168.1.116 - 54431 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cvwadcp4T6h250tbrKzhbTXgQp/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1451 1489851334.49 1489851335.11 618 192.168.1.116 - 54432 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q9Xkse3HzQKRdMo6SJC0vwtkPfJ/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1452 1489851527.08 1489851527.68 608 192.168.1.116 - 54433 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QTwO0XHmu9Xb1xnkWx/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1453 1489851719.65 1489851720.26 605 192.168.1.116 - 54434 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jFr3lge9ecQrxWBopjdH9aqtc/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1454 1489851912.3 1489851912.91 608 192.168.1.116 - 54435 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LL0eB3UlLovBD3y97zmoj5Qx/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1455 1489852104.96 1489852105.57 610 192.168.1.116 - 54436 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9boTWB7SSLjQLUsgT9YPxcqlqLQm/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1456 1489852297.58 1489852298.2 622 192.168.1.116 - 54437 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3anFFOEJmRvplLfWt7/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1457 1489852490.23 1489852490.83 605 192.168.1.116 - 54438 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F1lRIeeehLM3Zne98XUS5XNBs/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1458 1489852730.55 1489852731.16 610 192.168.1.116 - 54440 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g5LnXSIZLLVcKSPe6KQ/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1459 1489852923.16 1489852923.76 606 192.168.1.116 - 54441 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ay828d3GpquLAibQuxIxfKF4Db4w9kn9/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1460 1489853115.74 1489853117.95 2211 192.168.1.116 - 54442 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/57TMxxu8nWnpv859/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1461 1489853309.96 1489853310.57 605 192.168.1.116 - 54443 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4PZqMeXi6WJCCyNAXOt2HL/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1462 1489853502.59 1489853503.19 606 192.168.1.116 - 54444 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SlTu9qhdSZKRTQG61LOHRVPcjoWCzHQf/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1463 1489853695.21 1489853695.83 622 192.168.1.116 - 54445 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rOPy1WgYHiruNhgkL7MuRq5I5ea6cKV/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1464 1489853887.83 1489853888.43 604 192.168.1.116 - 54446 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cibip8kgu9mZZ27YjP/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1465 1489854080.41 1489854081.03 612 192.168.1.116 - 54447 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n8Y9pd82RJayH25YRNR/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1466 1489854407.47 1489854407.94 473 192.168.1.116 - 54451 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1467 1489854408.75 1489854408.99 240 192.168.1.116 - 54452 23.21.70.163 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 1466 1489854409.19 1489854409.67 475 192.168.1.116 - 54451 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/WWqBBQPC6stdxN3F/ 318 506 0 363 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1466 1489854409.99 1489854410.47 478 192.168.1.116 - 54451 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/ZRQRTSWXSWKGFXCQ/1/ 223 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1468 1489854412.79 1489854413.26 470 192.168.1.116 - 54453 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1469 1489854415.51 1489854416.02 511 192.168.1.116 - 54454 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1470 1489854418.39 1489854418.9 504 192.168.1.116 - 54455 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1471 1489854421.24 1489854421.71 473 192.168.1.116 - 54456 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dWCU669VSCtAlPtv2QxIgzdC/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1472 1489854662.98 1489854663.45 471 192.168.1.116 - 54458 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e1ty9rXcobM8elp1myApH5Cx3Neyn/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1473 1489854856.05 1489854857.41 1366 192.168.1.116 - 54459 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1473 1489854865.19 1489854866.99 1802 192.168.1.116 - 54459 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1473 1489854873.99 1489854874.49 500 192.168.1.116 - 54459 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cTTj1lWsgAl86rwBGDtzaMKYKesU9/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1474 1489855066.08 1489855066.53 442 192.168.1.116 - 54460 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/slhXuDworg6uT27hC6e/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1475 1489855258.11 1489855258.59 480 192.168.1.116 - 54461 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sDLbNPcEYWOF83bgco6LTXKxNNLUy/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1476 1489855450.16 1489855450.64 473 192.168.1.116 - 54462 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0TV8zy0QcXaVUr6gASXQREHHNyh9Oz55/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1477 1489855642.18 1489855642.65 468 192.168.1.116 - 54463 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XsvUI0w0ABZMOfcay05/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1478 1489855834.24 1489855834.71 469 192.168.1.116 - 54464 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/guh3d30vHybtVcTqaJ9kKxsUz/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1479 1489856026.28 1489856026.76 477 192.168.1.116 - 54465 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EoKq09dfx23bCFALRw/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1480 1489856219.23 1489856219.7 467 192.168.1.116 - 54466 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iIAB7ggBVIvd8mjdnzDkaamTshChbZz/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1481 1489856411.23 1489856411.7 470 192.168.1.116 - 54467 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CX7eozuPsqpVHQVX7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1482 1489856650.51 1489856650.95 439 192.168.1.116 - 54469 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8FSZ1cph6KtCvYM6ajo/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1483 1489856843.75 1489856844.18 435 192.168.1.116 - 54470 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wpuPB9eq03UbbSSsCGnG3WoLwqs9/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1484 1489857041.79 1489857042.27 476 192.168.1.116 - 54471 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1485 1489857058.67 1489857059.14 469 192.168.1.116 - 54472 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1486 1489857075.56 1489857076.03 466 192.168.1.116 - 54473 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1487 1489857092.45 1489857092.92 469 192.168.1.116 - 54474 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RgQx51LxU23Amk0Rr2A/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1488 1489857284.54 1489857285.02 480 192.168.1.116 - 54475 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mORZACs5aXeM4YFeQ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1489 1489857476.65 1489857477.18 536 192.168.1.116 - 54476 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DFIqoZfM51tjXTTKcTGRUsqMyo7l/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1490 1489857668.78 1489857669.26 473 192.168.1.116 - 54477 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ALIJ98D9Ul1iu1GWIz1hwnYdSpq2byB/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1491 1489857860.83 1489857861.32 481 192.168.1.116 - 54478 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MRA01zDViLBSh0zhBtStxOlc/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1492 1489858052.95 1489858053.42 467 192.168.1.116 - 54479 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V8ujGcV8luMz6HeY4nKnG90VgGzprEBC/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1493 1489858245.02 1489858245.49 474 192.168.1.116 - 54480 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZBRoEDJDBPSQFCp821LYs/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1494 1489858437.05 1489858437.48 436 192.168.1.116 - 54481 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dJfrXFUIzcfYl6eRqJnoa1M/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1495 1489858677.61 1489858678.08 468 192.168.1.116 - 54483 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CityCZ3kOdBicIidzto0S6NfM6/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1496 1489858870.49 1489858870.93 434 192.168.1.116 - 54484 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fpo4sHvozpBBSYwYo/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1497 1489859062.53 1489859063.01 480 192.168.1.116 - 54485 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7SpKQt02DoGmqLYq/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1498 1489859254.65 1489859255.13 481 192.168.1.116 - 54486 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x27K33xHiATjXFNYufQjNycOLxUY/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1499 1489859446.76 1489859447.24 474 192.168.1.116 - 54487 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XFEbELgYfoNKxUfNN5Jhx/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1500 1489859638.97 1489859639.44 472 192.168.1.116 - 54488 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1500 1489859645.41 1489859645.89 480 192.168.1.116 - 54488 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d8WgxgsANrDkf8hzqP3/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1501 1489859837.49 1489859837.97 473 192.168.1.116 - 54489 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iD0rP1E6HkRspK35wt/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1502 1489860030.55 1489860031.03 483 192.168.1.116 - 54490 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8O1xS9PWlzNsraIaNxb/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1503 1489860222.63 1489860223.07 441 192.168.1.116 - 54491 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1kmGlItVYvbe0zunJwd/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1504 1489860414.75 1489860416.15 1400 192.168.1.116 - 54492 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1504 1489860423.68 1489860425.06 1385 192.168.1.116 - 54492 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1504 1489860432.59 1489860433.07 474 192.168.1.116 - 54492 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CcZA55o3mqlt5cPQ1WBez/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1505 1489860671.92 1489860673.56 1642 192.168.1.116 - 54494 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KbmJlKnMEhFa3kOM6DzlxcHrcbPu1/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1506 1489860865.13 1489860865.6 473 192.168.1.116 - 54495 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G7GKY764NvdehZcQXKJTlJTFTFgi08/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1507 1489861057.19 1489861057.66 469 192.168.1.116 - 54496 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fyF0N9ueDvDr3cykbrpE/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1508 1489861249.21 1489861249.65 437 192.168.1.116 - 54497 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IlrXvpi80GRy1Bg3EAp17Oa/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1509 1489861441.26 1489861441.74 472 192.168.1.116 - 54498 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EYjSwlGb5DSdDwsUDrViCmt6bZKb0/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1510 1489861633.29 1489861633.73 441 192.168.1.116 - 54499 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TaVB8OitmymrqvMiPlf5/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1511 1489861825.33 1489861825.8 469 192.168.1.116 - 54500 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JdgmlmLc6UeHn0lJy3mfgfwq0l7z/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1512 1489862017.35 1489862017.79 440 192.168.1.116 - 54501 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z8sVOtUCpmw0Rf97vptUBrL6Ao47fTL/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1513 1489862209.43 1489862209.9 475 192.168.1.116 - 54502 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RJPiOECYWGHw4TOycvkSEqj6rrPmjti/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1514 1489862401.48 1489862401.92 441 192.168.1.116 - 54503 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QUvyyL5MjjOixKClYFz5FnGTS6XgXo/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1515 1489862640.8 1489862641.27 471 192.168.1.116 - 54505 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/njKnZpagn9peQH4tW2/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1516 1489862832.86 1489862833.33 471 192.168.1.116 - 54506 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iM2PAnFGWLpP2kTYPcrlLEllS5c/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1517 1489863024.86 1489863025.3 440 192.168.1.116 - 54507 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hK3gjUWLxPttnpJnqG9b/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1518 1489863216.87 1489863217.34 468 192.168.1.116 - 54508 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GLX7NolLYfsB4lbufKlSOlK/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1519 1489863408.96 1489863409.44 487 192.168.1.116 - 54509 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pfp61skODBk4faBRfWPoYhdpT/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1520 1489863601.87 1489863602.37 498 192.168.1.116 - 54510 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s6eHOcFILpZ6GqNtVOv9qJtuGf6F/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1521 1489863793.97 1489863794.41 435 192.168.1.116 - 54511 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yaLEUTiyFeExGqbUDkWj7Ru8QK6D6p/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1522 1489863985.95 1489863986.42 468 192.168.1.116 - 54512 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FhqD4QXcvggV6ojxj/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1523 1489864178.04 1489864178.51 468 192.168.1.116 - 54513 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Um2soeSGGUoelAUykEvwRugMBow7/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1524 1489864370.09 1489864370.53 438 192.168.1.116 - 54514 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bKnOLr44PiEXUpWpOd4s/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1525 1489864609.32 1489864609.8 483 192.168.1.116 - 54516 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CZbo3ZKnCpP14HjfTLbHHC3XlUg7C/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1526 1489864801.34 1489864801.78 438 192.168.1.116 - 54517 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8i2OUtIlewEoQcn2m43GPZzbkIOugH8o/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1527 1489864993.32 1489864993.75 436 192.168.1.116 - 54518 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/meOymLmfYinpGC4wpacXnfjQ/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1528 1489865185.29 1489865185.77 471 192.168.1.116 - 54519 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tuREU8NieGYaZAsm/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1529 1489865377.32 1489865377.79 469 192.168.1.116 - 54520 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CYtThQxUCsQ6nczYBzYjw/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1530 1489865569.4 1489865569.88 480 192.168.1.116 - 54521 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HKK1YimHgc0DgpWwzOH55zq/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1531 1489865761.5 1489865761.98 479 192.168.1.116 - 54522 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZL15yhHmD6tvCxKvpwmE/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1532 1489865953.56 1489865954.9 1339 192.168.1.116 - 54523 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1532 1489865962.66 1489865964.0 1343 192.168.1.116 - 54523 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1532 1489865971.05 1489865971.55 499 192.168.1.116 - 54523 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ePryVXA9af8xuWoC/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1533 1489866163.13 1489866163.6 467 192.168.1.116 - 54524 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fhc2jDe6PXI85xzUP/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1534 1489866355.23 1489866355.71 478 192.168.1.116 - 54525 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/57EOTFDkKj1PtKxQ59VhWyEchD6l5Uka/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1535 1489866594.39 1489866594.84 442 192.168.1.116 - 54527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5IzzGcnAYlk2wkW0Cfvdhk6Kw7TBL7c/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1536 1489866786.42 1489866786.87 442 192.168.1.116 - 54528 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e3t8mY5YJ7BWwqnns/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1537 1489866978.41 1489866978.85 438 192.168.1.116 - 54529 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rkeMqx6ND0NYBsX7Us3Zi/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1538 1489867170.36 1489867170.8 441 192.168.1.116 - 54530 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VjZKUNVb87NruyyKYPklOgfZVKxnz1/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1539 1489867362.38 1489867362.85 471 192.168.1.116 - 54531 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4DS5WP0kjVjEHnhkjQvZ0LiejwjBLpI9/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1540 1489867555.67 1489867556.11 436 192.168.1.116 - 54532 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/epb8rxZCBbQdTCMeRMvA6pf0kgjsBGO/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1541 1489867747.61 1489867748.05 440 192.168.1.116 - 54533 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4jEWmtUeqke0Q6Whvyja/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1542 1489867939.58 1489867940.02 440 192.168.1.116 - 54534 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GfZQIRcPqrLHmDUT4tMHtIlU/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1543 1489868131.65 1489868132.13 478 192.168.1.116 - 54535 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pcEFbylj4k4RHjmUsaEp/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1544 1489868323.76 1489868324.25 486 192.168.1.116 - 54536 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A6EEkOXSomJNJnTvRwzH3KGSh/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1545 1489868563.35 1489868563.79 435 192.168.1.116 - 54538 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dC18C027XVvGMnJikge/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1546 1489868755.73 1489868756.2 471 192.168.1.116 - 54539 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1547 1489868758.57 1489868759.05 477 192.168.1.116 - 54540 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Uf5RERFfFFRAt8MB6AFLyTaJ7IkCyDUQ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1548 1489868950.64 1489868951.11 473 192.168.1.116 - 54541 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oc3FmBKVurfyX2eJ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1549 1489869142.78 1489869143.29 514 192.168.1.116 - 54542 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z7HiMIc9troNeVVyNlZJZu0A7kzlCC/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1550 1489869334.85 1489869335.29 438 192.168.1.116 - 54543 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JAtzx4k3xhi9pi4x55bqJHXgjjSb6/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1551 1489869526.84 1489869527.31 472 192.168.1.116 - 54544 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i2TIHM6WygCjgwJaz2IVmrPzg0vo2ZEq/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1552 1489869718.86 1489869719.3 445 192.168.1.116 - 54545 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZuxEm0oK948MpyW7iM1Nh9C/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1553 1489869910.92 1489869911.39 470 192.168.1.116 - 54546 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qFZWwkpgTOIOuPtb2qfDhI5Oud/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1554 1489870102.97 1489870103.41 441 192.168.1.116 - 54547 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AXSm2XmnGQ4mQ8xX/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1555 1489870294.98 1489870295.46 481 192.168.1.116 - 54548 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4Qy9Rw8vchBExhBhL/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1556 1489870487.06 1489870487.56 509 192.168.1.116 - 54549 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1556 1489870540.72 1489870541.21 487 192.168.1.116 - 54549 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wBXRcybPWte28eLvKQ2lIjzgwm9NTOYW/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1557 1489870732.83 1489870733.27 439 192.168.1.116 - 54551 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GY1qypFsjI1EXeXUQjgunNtEKdk5/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1558 1489870924.84 1489870925.28 442 192.168.1.116 - 54552 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1jaffHvlhU9nXD9ENERpju4/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1559 1489871116.91 1489871117.39 481 192.168.1.116 - 54553 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/10wqeOQku0MtxN0UR7Nv/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1560 1489871308.95 1489871309.42 466 192.168.1.116 - 54554 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kZl748TJheqNEyADG9siOazvB7d/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1561 1489871507.0 1489871507.48 473 192.168.1.116 - 54555 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1562 1489871523.89 1489871524.36 470 192.168.1.116 - 54556 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1563 1489871540.7 1489871541.13 435 192.168.1.116 - 54557 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1564 1489871557.55 1489871558.91 1365 192.168.1.116 - 54558 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1564 1489871566.65 1489871568.01 1357 192.168.1.116 - 54558 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1564 1489871575.88 1489871576.39 507 192.168.1.116 - 54558 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nscphf8jhpNwQNsCdf8b/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1565 1489871767.99 1489871768.46 469 192.168.1.116 - 54559 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5kt3LLCrUJzfesAt/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1566 1489871960.02 1489871960.46 436 192.168.1.116 - 54560 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9sKBsOULFcIh12foYBCexXivvCshk4iz/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1567 1489872152.01 1489872152.49 477 192.168.1.116 - 54561 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ewsPfpOMpoHvpMvJiMlxBfwYQdG0ou/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1568 1489872391.85 1489872392.28 436 192.168.1.116 - 54563 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2fF87Qb6WpqNIgXJZhKm12b/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1569 1489872583.82 1489872584.29 470 192.168.1.116 - 54564 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/faOz0yRKBji09JnKUKydNaxNIP/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1570 1489872776.81 1489872777.25 438 192.168.1.116 - 54565 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gFp3vE137L8IjLcrrb5JtxXB0ES1/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1571 1489872968.81 1489872969.24 436 192.168.1.116 - 54566 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0voJH9YppJr3beIFTja534x44/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1572 1489873160.84 1489873161.33 487 192.168.1.116 - 54567 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lLbgh5sKcZ87Kh9OALgya8zRz4wDsX/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1573 1489873353.12 1489873353.56 437 192.168.1.116 - 54568 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ld0VtoB5FPsX6zJzexBDLeQ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1574 1489873545.11 1489873545.6 498 192.168.1.116 - 54569 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WmJsF7COZruDr3VKfEn3aX/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1575 1489873737.15 1489873737.62 469 192.168.1.116 - 54570 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5QMn5eRXNkHsG1escb7dHdYnL6ltx/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1576 1489873929.15 1489873929.59 438 192.168.1.116 - 54571 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rAiT9UT0jAhK1QJdo9a5FF/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1577 1489874121.2 1489874121.68 483 192.168.1.116 - 54572 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MIDpSpuLtFbh4EfqhFqFv/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1578 1489874313.09 1489874313.51 412 192.168.1.116 - 54573 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1578 1489874313.74 1489874314.25 506 192.168.1.116 - 54573 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/rFJs9oslXz0fJRKrl/ 320 507 0 364 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1578 1489874314.74 1489874315.15 409 192.168.1.116 - 54573 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/FNTUIRNXJDRWUAA/1/ 223 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1579 1489874318.49 1489874318.91 419 192.168.1.116 - 54574 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1580 1489874321.05 1489874321.47 421 192.168.1.116 - 54575 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1581 1489874322.7 1489874323.17 469 192.168.1.116 - 54576 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1582 1489874372.79 1489874373.2 411 192.168.1.116 - 54578 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pw3dlETsBJ0lkHgQpz5QL5prlsiT/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1583 1489874564.56 1489874565.0 437 192.168.1.116 - 54579 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/McuIjoBphXV3JkcJhmSfBHlp/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1584 1489874756.47 1489874756.84 370 192.168.1.116 - 54580 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l3LLbJnbCJnlOblS76t6T0ru/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1585 1489874948.21 1489874948.57 367 192.168.1.116 - 54581 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lDMboBWM8oE7Vl5DpQNtcbSo2Lu8dKK/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1586 1489875139.94 1489875140.38 433 192.168.1.116 - 54582 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/klmSXHB5lEQHkp4YXfi2rXrUovH/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1587 1489875331.75 1489875332.18 430 192.168.1.116 - 54583 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kD2cZ01lHbZhK3dXi2NJANmxwtHG/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1588 1489875523.6 1489875524.01 412 192.168.1.116 - 54584 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZYFRC8N5zwRvKPhPBPOXgQwAMrrO/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1589 1489875715.44 1489875715.88 436 192.168.1.116 - 54585 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TWXaUfPZpwLEoRBA/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1590 1489875907.26 1489875907.69 432 192.168.1.116 - 54586 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/spK6qK8gWim7QFoky48b27IPdbYf/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1591 1489876099.01 1489876099.38 370 192.168.1.116 - 54587 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L6Am3fvSasEW8AVQyi2z7LFNdxiTJhNK/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1592 1489876338.09 1489876338.45 368 192.168.1.116 - 54589 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2BNYZlgl2KqYSNMaHTpWTCLyLB/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1593 1489876529.83 1489876530.21 380 192.168.1.116 - 54590 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lx00LWN1CFOUGqmx/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1594 1489876721.61 1489876722.03 422 192.168.1.116 - 54591 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RKjidnXJ2yHWAcsGtqZro3ruJllILx/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1595 1489876913.47 1489876913.89 422 192.168.1.116 - 54592 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vhBGpCZ1Xo819P6E1/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1596 1489877105.27 1489877106.4 1130 192.168.1.116 - 54593 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1596 1489877113.72 1489877114.5 775 192.168.1.116 - 54593 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1596 1489877122.05 1489877122.48 435 192.168.1.116 - 54593 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f76QkCK3BT1LFcRcEqFPFd35Ocv/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1597 1489877313.86 1489877314.27 404 192.168.1.116 - 54594 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OASY11HC89bgxqR7RkjOHghXN9a/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1598 1489877505.6 1489877506.03 432 192.168.1.116 - 54595 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BHs60VgwTwiXxi6TIz0wdd/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1599 1489877697.41 1489877697.82 410 192.168.1.116 - 54596 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FzJsQIQl2qQCPtI2q74VRPdKYs4RlWlK/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1600 1489877890.17 1489877890.55 377 192.168.1.116 - 54597 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9Tr7umfpRRNMrOdcv873eKSThiPgSpI/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1601 1489878081.88 1489878082.25 370 192.168.1.116 - 54598 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uMZoCqbhNFlPguE4jM1/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1602 1489878320.82 1489878321.23 404 192.168.1.116 - 54600 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wX9vzRMAgnP7eydzV2emXDxDHF25/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1603 1489878512.58 1489878512.95 376 192.168.1.116 - 54601 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AQ2vMov9EkEnZ2Kcl/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1604 1489878704.32 1489878704.75 433 192.168.1.116 - 54602 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b0kHmd1F8ZqXAtOIRlO/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1605 1489878896.07 1489878896.44 369 192.168.1.116 - 54603 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tiP86rbOOP65niuLhHdueYpTo8HjUC/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1606 1489879087.82 1489879088.19 366 192.168.1.116 - 54604 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nqImLU1dLOnJIQDNPvVU/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1607 1489879279.53 1489879280.97 1437 192.168.1.116 - 54605 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tREJFXXEFC0ITtPDz31/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1608 1489879472.32 1489879472.68 369 192.168.1.116 - 54606 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQyKmH3MVJp5T2Blr/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1609 1489879664.06 1489879664.53 470 192.168.1.116 - 54607 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CrEFQfBPDbfpA8msY18EQHiTmKTMNto/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1610 1489879855.93 1489879856.34 410 192.168.1.116 - 54608 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b9R5mS5eUNYQ6zNbJ/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1611 1489880047.77 1489880048.19 412 192.168.1.116 - 54609 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/98c5znDoMTduuWyfmXfvzJmOdUNQ/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1612 1489880286.67 1489880287.07 407 192.168.1.116 - 54611 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5LnzRF2W0Tm2bfY98awfkyhceEnv/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1613 1489880478.42 1489880478.79 374 192.168.1.116 - 54612 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nHYhM8ZJW6Nfc8JJtDcgHTQDoNh/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1614 1489880670.22 1489880670.62 408 192.168.1.116 - 54613 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QUem5b44BWvysaYquARQ/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1615 1489880862.02 1489880862.39 367 192.168.1.116 - 54614 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rSm6BtoYXB2lwm2nLzzsv/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1616 1489881053.77 1489881054.21 435 192.168.1.116 - 54615 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5x8crMMxPi4EQhjex69/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1617 1489881245.58 1489881246.01 435 192.168.1.116 - 54616 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d6b15e98cBl1KOakPCg/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1618 1489881437.43 1489881437.84 410 192.168.1.116 - 54617 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1618 1489881443.79 1489881444.22 432 192.168.1.116 - 54617 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PZzzufeLgQ4L2llrwM9/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1619 1489881635.65 1489881636.07 414 192.168.1.116 - 54618 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RrrffPQwBGp3jO6inJZhLDRXURa3V/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1620 1489881827.42 1489881827.85 434 192.168.1.116 - 54619 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BOLV3LwfD1frn3G6fsiK9R/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1621 1489882019.26 1489882019.7 434 192.168.1.116 - 54620 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qg4IQaq4Pd0505gZ5UNDzRQStD/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1622 1489882258.75 1489882259.18 434 192.168.1.116 - 54622 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NKKLE24Ghjfj5um12fm/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1623 1489882450.59 1489882450.96 366 192.168.1.116 - 54623 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IZJZ27UE1e5gPJOliav3eolT/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1624 1489882642.3 1489882643.41 1103 192.168.1.116 - 54624 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1624 1489882650.96 1489882651.73 777 192.168.1.116 - 54624 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1624 1489882659.31 1489882659.68 367 192.168.1.116 - 54624 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lY3vBOlCjLlOdaamF/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1625 1489882851.05 1489882851.48 433 192.168.1.116 - 54625 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OicdgQQD9OkCH0J0/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1626 1489883042.82 1489883043.26 431 192.168.1.116 - 54626 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xjqtu0gDm1RgkRyLSz0OBYZ/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1627 1489883234.66 1489883235.09 433 192.168.1.116 - 54627 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IsDUgGK8n4M3XFPLl0w4lUe4TGr/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1628 1489883426.46 1489883426.83 368 192.168.1.116 - 54628 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hC2st1Y6QX4tNFKHDgc81rcSz/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1629 1489883618.24 1489883618.67 433 192.168.1.116 - 54629 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u1VuRPFXBD51KTqWdmW/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1630 1489883810.07 1489883810.48 408 192.168.1.116 - 54630 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LRQUGmkzequlyoKAAyWKwQtzoL/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1631 1489884001.84 1489884002.22 375 192.168.1.116 - 54631 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6SlcqfpyuqUFDwCMmxhMVDQSHGr/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1632 1489884192.93 1489884193.15 222 192.168.1.116 - 54632 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 1633 1489884242.01 1489884242.42 406 192.168.1.116 - 54634 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dy1uaP3n954W1QnyHt/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1634 1489884433.77 1489884434.2 432 192.168.1.116 - 54635 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5QUesAXmzKcze1x4T7UV4Ow/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1635 1489884625.59 1489884625.99 406 192.168.1.116 - 54636 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BG2QrbEcYDnt2XFYxGEISDHalD6nGClM/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1636 1489884817.38 1489884817.82 436 192.168.1.116 - 54637 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EsC8pCP65OhjC5W5pis42md/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1637 1489885009.23 1489885009.6 373 192.168.1.116 - 54638 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x4TJOjHtMC6UwuF61xaWTeyF/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1638 1489885201.73 1489885202.27 538 192.168.1.116 - 54639 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RtdJGTzEwVRntpcOPTS0p8YEwSMD2noM/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1639 1489885393.64 1489885394.05 414 192.168.1.116 - 54640 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PZHywrd1jGoLuWMc4u4TIRGQ5TJ/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1640 1489885585.42 1489885585.83 405 192.168.1.116 - 54641 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1KNnNgncaI3EPBnYf/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1641 1489885777.21 1489885777.64 437 192.168.1.116 - 54642 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TBZ2CH3RqkAzcosLU67Y8N/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1642 1489885975.07 1489885975.48 407 192.168.1.116 - 54643 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1643 1489885991.67 1489885992.08 406 192.168.1.116 - 54644 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1644 1489886008.24 1489886008.65 412 192.168.1.116 - 54645 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1645 1489886024.85 1489886025.27 413 192.168.1.116 - 54646 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/osFgyDmC4AACIbvIgKHTN0tJqesckV/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1646 1489886263.82 1489886264.25 435 192.168.1.116 - 54648 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zXwqTS5GinCLBwEKNuWSdXd5c5EyF/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1647 1489886455.63 1489886456.0 372 192.168.1.116 - 54649 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XEK13T4WfR7TAlAX/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1648 1489886647.39 1489886647.8 412 192.168.1.116 - 54650 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fDMEDDghERz2OebhFldkUS/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1649 1489886839.21 1489886839.62 407 192.168.1.116 - 54651 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iFvVyxmcUoWxLKPPdM/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1650 1489887031.0 1489887031.37 367 192.168.1.116 - 54652 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VAH0lUmQHS0k9NPcTxdhq9qNcfaT5URo/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1651 1489887222.69 1489887223.06 369 192.168.1.116 - 54653 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RfIB5soxJUpx8cBAVA/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1652 1489887414.44 1489887414.81 367 192.168.1.116 - 54654 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p3FHx23uwASmoLNEuX3wLP6D/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1653 1489887606.2 1489887606.61 413 192.168.1.116 - 54655 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F9Xu6H21r5gBtWo8MPwKM/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1654 1489887798.02 1489887798.43 410 192.168.1.116 - 54656 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DtCviDVIifNFWkIQEodR2gG/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1655 1489887989.85 1489887990.26 409 192.168.1.116 - 54657 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6fcnQVbIqOk1YXNJm9SfTrjnKSBPg/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1656 1489888181.6 1489888182.71 1109 192.168.1.116 - 54658 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1656 1489888189.95 1489888190.74 785 192.168.1.116 - 54658 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1656 1489888245.72 1489888246.15 434 192.168.1.116 - 54658 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y8TH4ZnbEucCs1tzMNGEg0b5hPRkRob/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1657 1489888438.28 1489888438.69 408 192.168.1.116 - 54660 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qj1fANdEH40ZNXqvQoTOEH8EM/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1658 1489888630.09 1489888630.5 408 192.168.1.116 - 54661 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WbgoOEneH4Fmmrf2XKC/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1659 1489888821.88 1489888822.26 373 192.168.1.116 - 54662 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XecAo94z3U9CBqt6gdtFSUMgY/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1660 1489889013.62 1489889014.02 403 192.168.1.116 - 54663 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Eu5wfOpCmNUTpKH2e/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1661 1489889205.38 1489889205.74 368 192.168.1.116 - 54664 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/57CTEHQeHwg6YHE25mC/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1662 1489889397.18 1489889397.59 410 192.168.1.116 - 54665 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pPiHDLJ57mm1t5Jo1l8Ixo78fMH/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1663 1489889588.98 1489889589.39 410 192.168.1.116 - 54666 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xiL8QE5zGAP81pqJmneZo/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1664 1489889781.72 1489889782.13 409 192.168.1.116 - 54667 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dVlUcQWXtx8XrJmsRwNGhwnSaC/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1665 1489889973.51 1489889973.92 405 192.168.1.116 - 54668 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nFm8qwsTopEYE1f41YwGiD/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1666 1489890212.56 1489890212.92 366 192.168.1.116 - 54670 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N4Rc6SNgDFYBfRl0GpQFCx0za6Ftl/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1667 1489890404.32 1489890404.73 409 192.168.1.116 - 54671 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mRyZf0Amd1tWgSDllad4DNh7J/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1668 1489890596.14 1489890596.55 406 192.168.1.116 - 54672 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tMkvkNJ15nOCMb3ZUPF5Rg9Vl/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1669 1489890787.93 1489890788.37 439 192.168.1.116 - 54673 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5TOUd374E2KozTz1W9s9SN/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1670 1489890979.77 1489890980.18 409 192.168.1.116 - 54674 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RknqJj8jHhZFCng8GEG7fo2V/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1671 1489891171.55 1489891171.99 433 192.168.1.116 - 54675 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Yz2QbPU8INCS68b9OG/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1672 1489891363.36 1489891363.76 405 192.168.1.116 - 54676 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2vVqPx9WKaLwgdqWa6t8u7B39n3Q2Aou/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1673 1489891555.15 1489891555.52 370 192.168.1.116 - 54677 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ey7vDqhy4o9u5xjxUsjEdf99IDpI/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1674 1489891881.77 1489891882.37 599 192.168.1.116 - 54681 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1674 1489891882.65 1489891883.29 638 192.168.1.116 - 54681 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/dOVMSebiMGbl1Y7xqljdK/ 322 511 0 368 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1674 1489891883.77 1489891884.36 590 192.168.1.116 - 54681 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/XNHEWPYSVGEGFN/1/ 220 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1675 1489891887.01 1489891887.62 617 192.168.1.116 - 54682 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1676 1489891890.28 1489891890.92 643 192.168.1.116 - 54683 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1677 1489891892.57 1489891893.15 574 192.168.1.116 - 54684 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1678 1489891894.98 1489891895.52 542 192.168.1.116 - 54685 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xwKzdAQFHzEC9xvTGVsLELs1TM/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1679 1489892134.65 1489892135.23 581 192.168.1.116 - 54687 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kXsOiJ1x1s5vzRZJob/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1680 1489892327.05 1489892327.59 536 192.168.1.116 - 54688 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1680 1489892333.55 1489892334.1 550 192.168.1.116 - 54688 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YBssq9KaCJBiOBsNObrn5r9JzS7/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1681 1489892525.94 1489892526.51 570 192.168.1.116 - 54689 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/teu9sEACGzGB6waRMM4hZ5kAC8C/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1682 1489892718.33 1489892718.91 580 192.168.1.116 - 54690 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lYFoyGChU6I4PnD2tn6T44ZCFh68RyXS/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1683 1489892910.73 1489892911.27 541 192.168.1.116 - 54691 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uTZqizoxKEx8jkWaSdeDYLgXb/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1684 1489893103.13 1489893103.7 570 192.168.1.116 - 54692 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5PHXoBujodkFbWjDc/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1685 1489893295.61 1489893296.18 569 192.168.1.116 - 54693 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x46yB27OTSYrCwABPGLPgGsUScmkGv/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1686 1489893488.05 1489893488.59 537 192.168.1.116 - 54694 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YY5m6RTuIz8Kv3nvthv/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1687 1489893680.6 1489893682.34 1740 192.168.1.116 - 54695 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1687 1489893689.69 1489893691.37 1688 192.168.1.116 - 54695 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1687 1489893698.48 1489893699.08 602 192.168.1.116 - 54695 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8zLvx6hnFQ92VjPo7S/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1688 1489893891.08 1489893891.69 611 192.168.1.116 - 54696 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cDIWfrY78ekUwSEeIdEFM/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1689 1489894131.15 1489894131.76 610 192.168.1.116 - 54698 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wIDJLfxOKULFB4cRc2KV4fr7/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1690 1489894323.72 1489894324.29 568 192.168.1.116 - 54699 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Iq6aDBdVvuI01AU66N/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1691 1489894516.3 1489894516.91 611 192.168.1.116 - 54700 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CS5OlyuJhGvlK3zR/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1692 1489894708.82 1489894709.39 573 192.168.1.116 - 54701 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6gDsmzq22UJ0YuLDg5afsUwmK2w/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1693 1489894901.35 1489894901.92 569 192.168.1.116 - 54702 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZcRlGJMsXXwbLfIKXOZvjJ4j747hJ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1694 1489895093.87 1489895094.45 574 192.168.1.116 - 54703 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UJXMwbB2k0oQ5plz8ZhaUXh1h/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1695 1489895286.38 1489895286.99 610 192.168.1.116 - 54704 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tvaop0y7zdEK6vMy1qole/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1696 1489895478.95 1489895479.52 568 192.168.1.116 - 54705 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oQ25w7rZ2VcefRacHTPh93LaOj/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1697 1489895671.52 1489895672.14 624 192.168.1.116 - 54706 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LeS6D5KSqmn7s04dC7mUKUA89amNENsD/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1698 1489895864.22 1489895864.84 625 192.168.1.116 - 54707 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9MH6xrkYsZ2QDTQNHZVfW7rOOXIAbj6n/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1699 1489896104.83 1489896105.44 612 192.168.1.116 - 54709 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gxxKkcG7bK3u7ZMlodHyQcJOn47EQ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1700 1489896297.51 1489896298.11 604 192.168.1.116 - 54710 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EbE1Yko90YFrErUb3G/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1701 1489896490.04 1489896490.61 567 192.168.1.116 - 54711 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jWjA2huUwkDmGIxo0ScgHc/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1702 1489896682.57 1489896683.19 616 192.168.1.116 - 54712 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/azhDdRZ6nIR7H9nhtf2u4hOQHPBb/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1703 1489896875.19 1489896875.8 611 192.168.1.116 - 54713 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fGlyjWW2FysCymCenZNl4xVHNcrHX5D/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1704 1489897067.76 1489897068.33 569 192.168.1.116 - 54714 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NJHYJ5dgBvgTb4NEKf9bmL2wx/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1705 1489897260.39 1489897261.0 613 192.168.1.116 - 54715 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gfGyEbW9jgfEH4MEDcjIrU1rJCZVPXyY/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1706 1489897452.95 1489897453.53 579 192.168.1.116 - 54716 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8ozKp3POZyc0jppny7oEM7b/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1707 1489897646.12 1489897646.83 711 192.168.1.116 - 54717 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1708 1489897648.57 1489897649.2 636 192.168.1.116 - 54718 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/awDDzCBERyLjgqdYxRv0ARTgl7TNh4X/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1709 1489897841.24 1489897842.88 1644 192.168.1.116 - 54719 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ODYsQShyqGDOXuFmRCoHuY2S044X/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1710 1489898082.3 1489898082.91 607 192.168.1.116 - 54721 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hyjS3bzAwzOnQQhyWHeSVTHDzHU904H/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1711 1489898274.87 1489898275.5 634 192.168.1.116 - 54722 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7ahzg8i8piIConEfyXG0X/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1712 1489898467.43 1489898468.0 573 192.168.1.116 - 54723 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fmUm3r0tF3e826BURaRiziHZB/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1713 1489898659.99 1489898660.58 585 192.168.1.116 - 54724 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SsJ672FUsta1C3ob/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1714 1489898852.51 1489898853.08 576 192.168.1.116 - 54725 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gq17BpbbZMsOAi0bQXExLuIlNlB0/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1715 1489899045.1 1489899045.71 611 192.168.1.116 - 54726 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6iC6vTnOw8CLPIwozyamnxy9vZG/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1716 1489899237.69 1489899238.86 1176 192.168.1.116 - 54727 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1716 1489899246.19 1489899247.37 1183 192.168.1.116 - 54727 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1716 1489899255.02 1489899255.68 664 192.168.1.116 - 54727 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fYP18vXUMBOVU9gCy/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1717 1489899447.74 1489899449.92 2173 192.168.1.116 - 54728 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eKPYGhcu0hMPrki2iQ8htM1/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1718 1489899641.86 1489899642.47 610 192.168.1.116 - 54729 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x3vNxfpiRSN770a1gif9FNhvItdgv/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1719 1489899834.39 1489899834.96 569 192.168.1.116 - 54730 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/od9tyq0KgX3x6h27/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1720 1489900075.28 1489900075.91 634 192.168.1.116 - 54732 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6MHi6DreFThGc7SWcgyCJ0/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1721 1489900267.87 1489900268.44 569 192.168.1.116 - 54733 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XLtfBHO8HIMpDfVZKPmDuGtDmVPt/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1722 1489900466.43 1489900467.03 607 192.168.1.116 - 54734 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1723 1489900483.81 1489900484.42 614 192.168.1.116 - 54735 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1724 1489900501.22 1489900501.85 636 192.168.1.116 - 54736 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1725 1489900518.61 1489900519.18 575 192.168.1.116 - 54737 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oCYaKxT90gRI9Dhg53TM0mDeVLijAWbz/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1726 1489900711.17 1489900711.8 633 192.168.1.116 - 54738 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a0b2j73NsoH21QkbDBv93/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1727 1489900903.78 1489900904.48 698 192.168.1.116 - 54739 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s9CCBMAJ0r10XXKwFECwuje/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1728 1489901096.46 1489901097.07 609 192.168.1.116 - 54740 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OWKDKIg4LfpZdtU7ivJ96cOP/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1729 1489901289.08 1489901289.65 573 192.168.1.116 - 54741 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UaJPBU7QET1NfINv/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1730 1489901481.78 1489901482.38 607 192.168.1.116 - 54742 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6PbnQtnqHDhMvqR4ozZaXFO6/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1731 1489901674.37 1489901674.98 609 192.168.1.116 - 54743 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ByCcNM3rrAP6oiE9bj51XsQiGKt/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1732 1489901866.96 1489901867.58 619 192.168.1.116 - 54744 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xjWrOZ69kBHokYJrUqj8/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1733 1489902106.97 1489902107.57 603 192.168.1.116 - 54746 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IL6r5MJmBLY5uggIB7A/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1734 1489902299.53 1489902300.14 606 192.168.1.116 - 54747 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fRvkzwPoUjZ70vhgEUf9oJImJ2ejcH/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1735 1489902492.15 1489902492.76 613 192.168.1.116 - 54748 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/teC3ozKiG8zxwqBugkksHGtk4/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1736 1489902684.79 1489902685.4 615 192.168.1.116 - 54749 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YIjdMJaXTCdevFt84JWW8HudI/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1737 1489902877.41 1489902878.02 606 192.168.1.116 - 54750 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rd1m8ebZzJI04qzp2dN/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1738 1489903070.01 1489903070.64 634 192.168.1.116 - 54751 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bag8PxFcvKwSpAXSlNDYSrz9SzaQ/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1739 1489903262.63 1489903263.23 604 192.168.1.116 - 54752 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1739 1489903269.19 1489903269.77 580 192.168.1.116 - 54752 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FqWNIXCo9VMceth6pTyG2Q/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1740 1489903461.79 1489903462.4 612 192.168.1.116 - 54753 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fBW9jAI1tDbrLYsLGFTc0Q1Ne/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1741 1489903654.4 1489903655.03 634 192.168.1.116 - 54754 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1BDTlVAyYfqIMwdB9H/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1742 1489903847.04 1489903847.62 572 192.168.1.116 - 54755 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uSJ1DfY5opwZvDqu4fvrBDVmS/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1743 1489904086.77 1489904087.38 614 192.168.1.116 - 54757 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Vgn3uAvQD0gXpnfuipo8/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1744 1489904279.33 1489904279.96 634 192.168.1.116 - 54758 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K0By7AHjSSVXpqiDenKGZ/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1745 1489904471.98 1489904472.61 632 192.168.1.116 - 54759 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/plfgU1LnIxQLIevW1/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1746 1489904664.58 1489904666.32 1734 192.168.1.116 - 54760 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1746 1489904673.78 1489904674.97 1187 192.168.1.116 - 54760 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1746 1489904682.19 1489904682.81 619 192.168.1.116 - 54760 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DFmTl7NsGoFfqPZdBFGBlDPusX/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1747 1489904874.81 1489904875.37 568 192.168.1.116 - 54761 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d4Ncn0fjYcvudDvCj0GXiDjR/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1748 1489905067.36 1489905067.93 570 192.168.1.116 - 54762 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TLQFg40Yy6xfpG1sH8ls/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1749 1489905259.94 1489905260.55 611 192.168.1.116 - 54763 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pm74mVWfeJOfXPsw0ewNc/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1750 1489905452.53 1489905453.13 606 192.168.1.116 - 54764 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hdx5qC1GfHrR5roDba0UqekWQS/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1751 1489905645.14 1489905645.75 606 192.168.1.116 - 54765 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NE4BHw5qDAMGQ7z9Wjd/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1752 1489905837.78 1489905838.39 615 192.168.1.116 - 54766 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TXGTxlaQ55JtUhLXSXcE6u/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1753 1489906077.75 1489906078.36 610 192.168.1.116 - 54768 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YYTWJ8HwqY4lREFMvd0KeUA2ZdPHe/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1754 1489906270.4 1489906271.02 623 192.168.1.116 - 54769 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cErX7wHqIY02kCv1HNhK5Bgx458pHhp/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1755 1489906463.03 1489906463.64 611 192.168.1.116 - 54770 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VQxyS2bQORPfTUMRW1OeAqV34NJ/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1756 1489906655.68 1489906656.29 616 192.168.1.116 - 54771 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D1eHdG9YYBFZ70xHLRudAPfEy/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1757 1489906848.23 1489906848.82 583 192.168.1.116 - 54772 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aW2x7xio14AHRroGBZetJ/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1758 1489907040.81 1489907041.43 619 192.168.1.116 - 54773 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IuAPPSt6bZnmu8nOe9H0PG4s/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1759 1489907233.43 1489907234.05 614 192.168.1.116 - 54774 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CHQDZlp5kDA4OdfxVYLiSlC9BDMC/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1760 1489907426.04 1489907426.65 607 192.168.1.116 - 54775 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RPAQrDbCNsHL32369Djr8/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1761 1489907618.65 1489907619.27 617 192.168.1.116 - 54776 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1kf5kVYWTECEhNjhE/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1762 1489907811.23 1489907811.84 611 192.168.1.116 - 54777 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oho28CprSwX8ql36MdlGU0D9gTpX/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1763 1489908051.05 1489908051.67 611 192.168.1.116 - 54779 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MJQw05uEX7CRwC2ihjOtPOtxKps/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1764 1489908243.71 1489908244.32 611 192.168.1.116 - 54780 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LwjSfX3teUSswPGQkab5ouSAjU/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1765 1489908436.24 1489908436.85 608 192.168.1.116 - 54781 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HkYjPUG7S2zfYD8UHsFLtRq/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1766 1489908628.83 1489908629.45 615 192.168.1.116 - 54782 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fOVTYje5mxs0VtfZhKpnwg1g5VCucm/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1767 1489908821.47 1489908823.21 1740 192.168.1.116 - 54783 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XQ62vH2L6PkxIz4ooiZU/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1768 1489909016.22 1489909016.79 569 192.168.1.116 - 54784 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R9apVKzHk08Kwvoeog0pAE/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1769 1489909208.73 1489909209.37 636 192.168.1.116 - 54785 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9x0me5cZBDCkrr1cCDsLop5E/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1770 1489909401.4 1489909402.01 612 192.168.1.116 - 54786 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2kymBEcTDE7bU6qxmvJNWbGjIBn/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1771 1489909594.0 1489909596.21 2209 192.168.1.116 - 54787 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I3zRbLZ8ZtVaUnqlBqsHyPc5SnGw/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1772 1489909788.22 1489909788.83 608 192.168.1.116 - 54788 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FEJc5QB3Zb98bLhoGOQ01/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1773 1489910027.92 1489910028.55 634 192.168.1.116 - 54790 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W6zB0eS3oIKiOKaopa2x/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1774 1489910220.59 1489910221.8 1209 192.168.1.116 - 54791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1774 1489910229.36 1489910230.58 1224 192.168.1.116 - 54791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1774 1489910239.49 1489910240.1 612 192.168.1.116 - 54791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XRF89we39AieSrcTAh4Y6MpInYAZ/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1775 1489910432.08 1489910432.69 610 192.168.1.116 - 54792 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JgSJXkTXY0SZhT8Q2FC/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1776 1489910644.84 1489910645.47 632 192.168.1.116 - 54793 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qEwE6Ni24pXgimGcHpzNWG5A/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1777 1489910840.62 1489910841.19 577 192.168.1.116 - 54794 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qv04X6N0e1W6KJr91gzlYhtaq9/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1778 1489911033.18 1489911033.81 632 192.168.1.116 - 54795 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/92dXVHo2cGS2DyQBsmY7WBeNVzWTYE/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1779 1489911225.79 1489911226.39 606 192.168.1.116 - 54796 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W8JICDoI5832L4wa8pY/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1780 1489911418.35 1489911418.99 639 192.168.1.116 - 54797 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XXwqEsLUhqZKe7PG9m3DsXs57rr/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1781 1489911610.98 1489911611.61 634 192.168.1.116 - 54798 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yHSnLCPRfEGQmoPCLZwIK1f4Lcxw/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1782 1489911938.75 1489911939.32 569 192.168.1.116 - 54802 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1782 1489911939.85 1489911940.42 578 192.168.1.116 - 54802 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/TgN8YlFsm80T0HAZm8w29suCn4cob3Ak/ 336 522 0 379 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1782 1489911941.5 1489911942.06 558 192.168.1.116 - 54802 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/HMDFVDJSAMPXRA/1/ 223 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1783 1489911943.78 1489911944.41 635 192.168.1.116 - 54803 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1784 1489911946.24 1489911947.75 1515 192.168.1.116 - 54804 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1785 1489911950.8 1489911951.43 634 192.168.1.116 - 54805 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1786 1489912000.69 1489912002.73 2040 192.168.1.116 - 54807 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eEjqqHIMHSBzOpJM7vqWs/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1787 1489912194.56 1489912195.07 511 192.168.1.116 - 54808 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CprSFFWvyTIwa369G/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1788 1489912387.02 1489912387.57 549 192.168.1.116 - 54809 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LbKlXcuAzBiARE9M6q26FSiLqOqAtim/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1789 1489912579.36 1489912579.88 521 192.168.1.116 - 54810 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dSImfCdphjwcPHhODEFGw/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1790 1489912771.71 1489912772.26 550 192.168.1.116 - 54811 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vsQJ0ma2rxNvy22r9thnRmZQN32LOkbl/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1791 1489912964.06 1489912964.6 540 192.168.1.116 - 54812 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pLSLftSTDxzXeIFBs5hML9fgtzTII/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1792 1489913156.37 1489913156.89 512 192.168.1.116 - 54813 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q0RVCvpzChcPisU2pw/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1793 1489913348.85 1489913349.36 505 192.168.1.116 - 54814 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8r88kNBRAwVue6pOxy1yPGZdrkidAOf/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1794 1489913541.17 1489913541.69 519 192.168.1.116 - 54815 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AEwCoFueJhojuFULwnkU3X8i7KzKW/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1795 1489913733.49 1489913734.03 534 192.168.1.116 - 54816 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bGFNFIjnQvmkKctIUNkGvTlBTG9kQXq/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1796 1489913924.59 1489913924.84 245 192.168.1.116 - 54817 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 1797 1489913973.74 1489913974.26 520 192.168.1.116 - 54819 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ehiWYvyuJyhOAYQCcfMIgLV8OezLYQ4/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1798 1489914166.13 1489914166.67 541 192.168.1.116 - 54820 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1798 1489914172.64 1489914173.16 527 192.168.1.116 - 54820 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/51uYLVXXOeOgEs1rTU/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1799 1489914365.01 1489914365.54 521 192.168.1.116 - 54821 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jiFGlX55zOtcqROiSzLSSZUg5pnBlbWw/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1800 1489914557.36 1489914557.89 528 192.168.1.116 - 54822 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/52yd4n0uO0dIeX4UerKJr/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1801 1489914749.73 1489914750.23 507 192.168.1.116 - 54823 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7zoC2Mbb6pqhXQnyBDZRM98p3TG/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1802 1489914948.09 1489914948.61 519 192.168.1.116 - 54824 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1803 1489914965.24 1489914965.82 582 192.168.1.116 - 54825 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1804 1489914982.46 1489914983.01 543 192.168.1.116 - 54826 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1805 1489914999.61 1489915000.12 511 192.168.1.116 - 54827 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j7hfamK2Ha3osT65nqGgREW/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1806 1489915192.11 1489915192.65 535 192.168.1.116 - 54828 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rYbqxVokfqO3hcgCEVb33ycg/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1807 1489915384.53 1489915385.04 512 192.168.1.116 - 54829 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6KInxmN4KdNJmKZ0ZbVJRgTa5GuM/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1808 1489915576.82 1489915577.34 514 192.168.1.116 - 54830 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/paI8qzAUBDCdmPhL1W4f6obLaWNZ3/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1809 1489915769.16 1489915770.7 1539 192.168.1.116 - 54831 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1809 1489915778.39 1489915779.48 1098 192.168.1.116 - 54831 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1809 1489915834.01 1489915834.56 553 192.168.1.116 - 54831 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/40j7jUuZEo9K49YAWRQqTjrV8BgG/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1810 1489916026.35 1489916026.86 514 192.168.1.116 - 54833 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nKhi5caWuzNNYakydv/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1811 1489916218.68 1489916219.19 514 192.168.1.116 - 54834 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6pQVK9TGK9Y6XMHkns/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1812 1489916411.01 1489916411.53 513 192.168.1.116 - 54835 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OOfBQTKj0oDnnyXP/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1813 1489916603.29 1489916603.8 508 192.168.1.116 - 54836 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bg82zZAloHHM0X9Imcb2G5Sefn5eYM/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1814 1489916795.57 1489916796.08 511 192.168.1.116 - 54837 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dPxAwwHFEfxgZZ1FMR5o8XTqbu/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1815 1489916987.94 1489916988.46 513 192.168.1.116 - 54838 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A4OO5NdZOiVJipDLLRH0N90ToI/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1816 1489917180.29 1489917180.81 514 192.168.1.116 - 54839 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x8dJ9KC4QqYv9Xmc1CoKtZEYxI4od5/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1817 1489917372.63 1489917373.15 521 192.168.1.116 - 54840 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EGLwOJsplYlk3LHemU1JiW4p/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1818 1489917564.96 1489917565.5 540 192.168.1.116 - 54841 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bRueU4oBLec5FVTEfOxCom/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1819 1489917804.98 1489917805.5 523 192.168.1.116 - 54843 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wCdcPg45AOvu8RzUu1xjch21LTsboMOd/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1820 1489917997.35 1489917997.9 545 192.168.1.116 - 54844 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/krVKidhXudMeDxBnzSX3n1Mv49l/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1821 1489918189.73 1489918190.25 514 192.168.1.116 - 54845 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uDglGJ3BMDcbSTE2zn5xSH4IDzxRmT/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1822 1489918383.05 1489918383.58 529 192.168.1.116 - 54846 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9FdhiRfSyF3rQxptJiJvK9kwaJTNsJg/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1823 1489918575.48 1489918576.0 524 192.168.1.116 - 54847 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BIygO8QFAxUYL03X4Gx1747bgNgEuAYA/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1824 1489918767.85 1489918768.37 520 192.168.1.116 - 54848 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PHD8u0oqYyLTtJeuVoEpsSpuDMFY/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1825 1489918960.19 1489918960.71 514 192.168.1.116 - 54849 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DHsQgRZYkpVXB099F5wEaYhQpj13zh/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1826 1489919152.52 1489919153.04 521 192.168.1.116 - 54850 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZjRFdWgbWooEqML4zo1lg8/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1827 1489919344.87 1489919345.38 512 192.168.1.116 - 54851 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Do5lqXeyv43Unk9g/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1828 1489919537.19 1489919537.71 515 192.168.1.116 - 54852 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yn9auOl5JtxZ5VejJ29iLZ0/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1829 1489919776.85 1489919777.36 513 192.168.1.116 - 54854 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H92PtPJrwrzjrxso/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1830 1489919969.22 1489919969.73 511 192.168.1.116 - 54855 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iggh9KyHKdamCvId7/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1831 1489920161.56 1489920162.08 517 192.168.1.116 - 54856 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KYoFhR5r0gKgIc5nMcevMGfYcHRWBvnz/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1832 1489920353.92 1489920354.44 529 192.168.1.116 - 54857 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mDSdZYcfI6y8yS4ym7g/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1833 1489920546.3 1489920546.83 531 192.168.1.116 - 54858 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nZjv4ZzH3BWWhsLg/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1834 1489920738.61 1489920739.12 508 192.168.1.116 - 54859 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xjwb9KgtvfS4AYFKhIJ5VkZ/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1835 1489920930.97 1489920931.49 521 192.168.1.116 - 54860 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a3dthsbw4T4zSQcXVgFHTTH6dDT9ng/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1836 1489921123.31 1489921123.82 513 192.168.1.116 - 54861 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xhW2PgZv2iTpndyqNe1mAvXJSIl/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1837 1489921315.65 1489921317.22 1572 192.168.1.116 - 54862 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1837 1489921325.59 1489921326.67 1079 192.168.1.116 - 54862 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1837 1489921334.12 1489921334.68 556 192.168.1.116 - 54862 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3QrXj3wjLEtLlNIX8epWHlIPab1d/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1838 1489921526.51 1489921527.02 507 192.168.1.116 - 54863 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZTkxvI6MAbac3fDLsxgO/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1839 1489921766.07 1489921766.59 525 192.168.1.116 - 54865 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZUkGhPkqNGWFaCjgueirI2MqQ32Xdyw/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1840 1489921958.39 1489921958.91 517 192.168.1.116 - 54866 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/84FSmL2a8ul6fyHYjvCkDzVo4DWE/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1841 1489922150.76 1489922151.28 521 192.168.1.116 - 54867 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/99mBeJ4EGZV9D3kdDX/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1842 1489922343.1 1489922343.62 523 192.168.1.116 - 54868 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k7P7CRhdmFjlu1e1LzrRgU/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1843 1489922535.5 1489922536.03 538 192.168.1.116 - 54869 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2pgw5PLPricD25VAcH7sVP695xiBPf/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1844 1489922727.88 1489922728.39 507 192.168.1.116 - 54870 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pLDFqZKqxfYGm88vJqy/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1845 1489922920.27 1489922920.78 508 192.168.1.116 - 54871 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2PIxxgXJprBAmtbDzbEw/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1846 1489923113.6 1489923114.12 522 192.168.1.116 - 54872 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lvHZWbd18zhdvspUlMiEhlQNuRG/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1847 1489923305.94 1489923306.46 517 192.168.1.116 - 54873 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AswyDejyshdq5BkrUr8g3/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1848 1489923498.27 1489923498.78 513 192.168.1.116 - 54874 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hbIF4fLwS2izlNQl8bJZ7qZ/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1849 1489923737.69 1489923738.21 521 192.168.1.116 - 54876 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fG793PZ0kN31P0HFbWaNeFCsYvT41vQ/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1850 1489923930.02 1489923930.57 551 192.168.1.116 - 54877 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b1Zvfgek73I0RAJIiEN3F2lR3MUVrd/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1851 1489924122.36 1489924122.87 510 192.168.1.116 - 54878 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JTK4b14k9FBfmU7fFOnpe2vU5790Sf/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1852 1489924314.72 1489924315.26 543 192.168.1.116 - 54879 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cuf1C4wopUxrwj2QKNXEz/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1853 1489924507.09 1489924507.6 507 192.168.1.116 - 54880 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NwwDGJ2yqzudXH0GKi6kTYq/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1854 1489924699.44 1489924699.95 511 192.168.1.116 - 54881 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HhzbNPRCmfUquDcdIuXGjbb1G94ZRXBu/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1855 1489924891.82 1489924892.34 523 192.168.1.116 - 54882 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g9c4yINwllINWlQDTOKPrb8/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1856 1489925084.19 1489925084.73 537 192.168.1.116 - 54883 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1856 1489925090.7 1489925091.24 543 192.168.1.116 - 54883 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0roYKKV71WD6sPYm7Vd/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1857 1489925283.05 1489925283.56 514 192.168.1.116 - 54884 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0HRH668Brhijexs5h2/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1858 1489925475.39 1489925475.91 522 192.168.1.116 - 54885 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4Iw8FvRfqiKxtCfXXtgiV6/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1859 1489925715.02 1489925715.56 539 192.168.1.116 - 54887 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2LfG7Ryf9rphXe4cjJIRf/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1860 1489925907.41 1489925907.93 517 192.168.1.116 - 54888 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j9B6jjAlVLtpNn9lqTO/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1861 1489926099.75 1489926100.26 508 192.168.1.116 - 54889 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EB4BPqzZHwg5rJ8YN2b5fGce/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1862 1489926292.08 1489926292.58 507 192.168.1.116 - 54890 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pvqhfZYwVLpVkoKqaTt/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1863 1489926484.59 1489926485.13 539 192.168.1.116 - 54891 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 218 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1864 1489926487.72 1489926488.25 527 192.168.1.116 - 54892 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pOrDtpxDp84iC8qWYUJmT5nvm/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1865 1489926680.09 1489926681.62 1538 192.168.1.116 - 54893 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QTg1Q3DzoD8SgSoF24V8/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1866 1489926873.49 1489926875.07 1578 192.168.1.116 - 54894 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1866 1489926882.77 1489926883.85 1082 192.168.1.116 - 54894 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1866 1489926891.36 1489926891.88 520 192.168.1.116 - 54894 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ywTrtaWonLP3Lyx7hOfI/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1867 1489927083.68 1489927084.19 512 192.168.1.116 - 54895 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wA3MOC63E79dLi2CzGr613dljcwjGukF/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1868 1489927277.12 1489927277.64 525 192.168.1.116 - 54896 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/13wpD0A0YPXJBvitxylzFOk9o6yT6/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1869 1489927469.45 1489927469.96 511 192.168.1.116 - 54897 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S8TVHiv06TwXjfytIwohlRT2HLPWRCn8/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1870 1489927709.02 1489927709.54 520 192.168.1.116 - 54899 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EUkVD3cdeGqO86hyYwoCd/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1871 1489927901.39 1489927901.91 513 192.168.1.116 - 54900 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eLHnQkR2M6jsWlo7C/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1872 1489928093.77 1489928094.35 577 192.168.1.116 - 54901 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eXmL9thq8mEmngbB7TB0lDhJ3JGYe/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1873 1489928286.23 1489928286.75 519 192.168.1.116 - 54902 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k5s53kbFdhXLgbEQWkq/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1874 1489928478.57 1489928479.15 576 192.168.1.116 - 54903 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fokXopjdch44e9pobJNzbG9ia06R/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1875 1489928670.98 1489928671.53 547 192.168.1.116 - 54904 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QvEvgUw0oS8J258JZ/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1876 1489928863.36 1489928863.89 522 192.168.1.116 - 54905 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3YLi998JP2rq2NRmU/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1877 1489929055.7 1489929056.23 536 192.168.1.116 - 54906 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iGWTHmZHVapSGyb9G/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1878 1489929248.11 1489929248.63 521 192.168.1.116 - 54907 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y9FRskdg8mKqMY5AfJYteX/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1879 1489929446.5 1489929447.04 536 192.168.1.116 - 54908 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1880 1489929463.87 1489929464.43 558 192.168.1.116 - 54909 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1881 1489929481.11 1489929481.62 519 192.168.1.116 - 54910 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1882 1489929498.29 1489929498.84 547 192.168.1.116 - 54911 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gFpSsXo6uZjxUO6oXy/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1883 1489929738.02 1489929738.56 539 192.168.1.116 - 54913 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ahmcBja95stL1r6CFKazn0JKbsI/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1884 1489929930.65 1489929931.26 609 192.168.1.116 - 54914 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wTUL9p93P25TGhnHU2yruU5/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1885 1489930123.26 1489930123.82 568 192.168.1.116 - 54915 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K26LDOHkCnN3ygz0IN1Di5y3eb/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1886 1489930315.97 1489930316.59 613 192.168.1.116 - 54916 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ykKgJsCsLzZF9s4C0eXaEewp33EzUdB/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1887 1489930510.05 1489930510.66 614 192.168.1.116 - 54917 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qZ5SX7J0K1HpIDmFceWFRR0nq/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1888 1489930702.75 1489930703.35 606 192.168.1.116 - 54918 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cUNkaUQblw7nA92I9dQ3tzwwZoq/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1889 1489930896.5 1489930897.12 614 192.168.1.116 - 54919 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TQ93bauQ4aOuijTKg/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1890 1489931088.93 1489931089.46 527 192.168.1.116 - 54920 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MCiIlwallFR4YilWlvJwJjar9z7PPFq/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1891 1489931281.34 1489931281.93 583 192.168.1.116 - 54921 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RTmTyS13YHEO9pP6ajFiCPcUk/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1892 1489931473.83 1489931474.35 520 192.168.1.116 - 54922 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0YlGEv4G1LeRyDVaM7C211MX/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1893 1489931713.47 1489931714.01 541 192.168.1.116 - 54924 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E8J5FripjvA8PYVzzLy/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1894 1489931905.23 1489931905.57 337 192.168.1.116 - 54925 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1894 1489931905.79 1489931906.22 427 192.168.1.116 - 54925 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/Tony7HQ80lgf4rwpaqhp/ 321 510 0 367 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1894 1489931906.73 1489931907.05 321 192.168.1.116 - 54925 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/KIWUBFWLOKDJALBOR/1/ 223 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1895 1489931909.19 1489931909.61 414 192.168.1.116 - 54926 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1896 1489931910.7 1489931911.07 370 192.168.1.116 - 54927 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1897 1489931913.13 1489931913.5 376 192.168.1.116 - 54928 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1898 1489931915.64 1489931916.01 373 192.168.1.116 - 54929 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ru4hIJNkRfzEsTBl34LUAAfnxQkT/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1899 1489932107.36 1489932107.73 374 192.168.1.116 - 54930 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PQvmvl0aC8dwKjAL3r23SX/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1900 1489932298.97 1489932299.91 941 192.168.1.116 - 54931 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1900 1489932307.68 1489932308.35 668 192.168.1.116 - 54931 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1900 1489932315.51 1489932315.87 359 192.168.1.116 - 54931 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eT9CSXZhgP8obheBsN/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1901 1489932507.21 1489932507.58 369 192.168.1.116 - 54932 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QDv5v0pFO7bmyqQLT9bn7RQ/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1902 1489932698.9 1489932699.29 384 192.168.1.116 - 54933 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BJ4C0XgjPmNf9yffHITULkYburY7h/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1903 1489932890.55 1489932890.89 336 192.168.1.116 - 54934 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y328tVg3zslKckJh/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1904 1489933082.21 1489933082.58 367 192.168.1.116 - 54935 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JngOopQNyvX8cTFOAoOoHLgkxb8th/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1905 1489933274.05 1489933274.42 368 192.168.1.116 - 54936 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D4ZN9jZ6lDZpIZ3gpzvNZ3PL3hJ082/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1906 1489933465.76 1489933466.13 369 192.168.1.116 - 54937 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WP8ssl3KB7mzvuE1hDI/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1907 1489933896.1 1489933896.53 434 192.168.1.116 - 54940 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zIoFgH9FfXUFC6T58J2izPr7fAKdAB0/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1908 1489934087.78 1489934088.11 335 192.168.1.116 - 54941 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yf6ksnTrsqsPEGNSoZ6/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1909 1489934279.45 1489934279.86 407 192.168.1.116 - 54942 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CerOIcoTeuy1pYIzqGESi41jaxCpS/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1910 1489934471.17 1489934471.55 382 192.168.1.116 - 54943 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LIS0VI8z4gPAlb63mxHObguGz1y/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1911 1489934662.86 1489934663.23 373 192.168.1.116 - 54944 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cg3ZAt0ihtf3W8TU4PmD4k418y/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1912 1489934854.51 1489934854.91 402 192.168.1.116 - 54945 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oXDl5EOANBUxjeZsSF/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1913 1489935046.22 1489935046.56 342 192.168.1.116 - 54946 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fWrvw1KUwBGdAC3kCx2eKqd14EW0/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1914 1489935237.84 1489935238.18 336 192.168.1.116 - 54947 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nv51jb2bNMupgqpEmaDhaP/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1915 1489935429.48 1489935429.85 373 192.168.1.116 - 54948 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8QqUUZpFJtPgRA7u/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1916 1489935859.87 1489935860.24 372 192.168.1.116 - 54951 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rsq7WsGL454SYulOO2ttmwjefZgE5R/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1917 1489936051.58 1489936051.99 416 192.168.1.116 - 54952 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1917 1489936057.95 1489936058.33 380 192.168.1.116 - 54952 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k2DxpHPMJcf4GSKFpnlg2fOKysRM6ec/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1918 1489936249.68 1489936250.04 368 192.168.1.116 - 54953 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ArxODxVoInZuvvqQ622MxeZeonsM0/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1919 1489936441.4 1489936441.78 382 192.168.1.116 - 54954 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Em8wMImHSwhC3BoB3MYbxycKWaEF3/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1920 1489936633.08 1489936633.42 338 192.168.1.116 - 54955 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EzMrMyaqxwkvvfKNydLc12uTJwej/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1921 1489936824.7 1489936825.06 367 192.168.1.116 - 54956 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CB7tO1DqPJEMm4FpI5VfolWjmm/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1922 1489937016.32 1489937016.69 370 192.168.1.116 - 54957 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SnWqexVpHBQEYaeZj9R1bY6zEFjWqXz9/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1923 1489937207.99 1489937208.37 381 192.168.1.116 - 54958 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MYR6AicpCa0mBKSzUdZMl/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1924 1489937399.64 1489937400.01 370 192.168.1.116 - 54959 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f7ftNNt0yWbLh0j7/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1925 1489937829.92 1489937831.04 1126 192.168.1.116 - 54962 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1925 1489937838.54 1489937839.33 787 192.168.1.116 - 54962 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1925 1489937846.69 1489937847.12 434 192.168.1.116 - 54962 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/42LDOFVQIci3ayxSNy92m5gFzki/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1926 1489938038.44 1489938038.81 378 192.168.1.116 - 54963 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yEw9yFylrpdI0xGFeTNSjLA4mhIhb/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1927 1489938230.13 1489938230.5 373 192.168.1.116 - 54964 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zG9ZEuChkc252vcuMw6qWrRik1E8slG/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1928 1489938421.84 1489938422.21 373 192.168.1.116 - 54965 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZUhA9ZorWQlpsu1zDlLWD/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1929 1489938613.44 1489938613.78 343 192.168.1.116 - 54966 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oD25IXVdqbCf9YFcN4jr/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1930 1489938805.14 1489938805.5 366 192.168.1.116 - 54967 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zmf6b5K3dA1BwKwP/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1931 1489938996.67 1489938996.98 314 192.168.1.116 - 54968 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/juGXoAoSRQ0gXic4eum80P9/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1932 1489939188.29 1489939188.67 380 192.168.1.116 - 54969 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WUQTXxlxwTvGtaDI/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1933 1489939379.95 1489939380.3 345 192.168.1.116 - 54970 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eITBpehsiUw3lKCoDOpHU/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1934 1489939810.07 1489939810.45 373 192.168.1.116 - 54973 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7UKhvH9fXqutEcS84/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1935 1489940001.74 1489940002.12 376 192.168.1.116 - 54974 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0JW7uVLFWRkkI4bDV6HFF7/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1936 1489940193.44 1489940193.81 379 192.168.1.116 - 54975 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DpTXlbOukFZEAoJGm77bF/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1937 1489940385.14 1489940385.52 380 192.168.1.116 - 54976 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aoIhKJegZj1tRHEyP4QfUDeA7dx2/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1938 1489940576.87 1489940577.25 374 192.168.1.116 - 54977 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5HGpf2VMixgwrfD4UYd6dr2wSj0O/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1939 1489940768.56 1489940768.93 373 192.168.1.116 - 54978 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vFREouvLXpVl58Ezel7C/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1940 1489940961.14 1489940961.49 351 192.168.1.116 - 54979 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/otOiU9xa3dk6iw8ph7KY1sB/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1941 1489941152.67 1489941152.99 319 192.168.1.116 - 54980 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5R6GQb0zPGyL38DI9Tt5DoKBZhnXHuFD/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1942 1489941344.18 1489941344.5 319 192.168.1.116 - 54981 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GuQwpUvOrgo9HFtmXJg0/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1943 1489941774.37 1489941774.74 370 192.168.1.116 - 54984 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qtp8kpwTqoN8evDwCLa8vF0TSqllP0C/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1944 1489941966.06 1489941966.43 376 192.168.1.116 - 54985 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dkqpEFMrbRhmIUbfa/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1945 1489942157.74 1489942158.12 382 192.168.1.116 - 54986 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E5XyPJCuPB2VjVdiIaEIqr4aNL/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1946 1489942349.41 1489942349.79 378 192.168.1.116 - 54987 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OUeDS5u5B2KIGLEKyDT9dgYS1GTwR/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1947 1489942541.12 1489942541.5 381 192.168.1.116 - 54988 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LrquXF3LblNcyWb5RkFDOmPx3dnhZ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1948 1489942732.78 1489942733.17 381 192.168.1.116 - 54989 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BqPcL1sgBhksFaZ2AdWJyX/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1949 1489942924.47 1489942924.84 371 192.168.1.116 - 54990 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xR21cEwxWY6JvaG5pZGb/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1950 1489943116.1 1489943116.44 340 192.168.1.116 - 54991 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o4rmeuo20fNMfiUqhTmBKZSc8g2qqd4/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1951 1489943307.75 1489943308.78 1032 192.168.1.116 - 54992 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1951 1489943316.2 1489943316.91 712 192.168.1.116 - 54992 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1951 1489943323.82 1489943324.21 388 192.168.1.116 - 54992 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wTbqqyVaQbS7JBPIZ/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1952 1489943515.71 1489943515.95 235 192.168.1.116 - 54993 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 1953 1489943755.83 1489943756.17 335 192.168.1.116 - 54996 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8AQOBuiL11OyiLvtoL59DLbD1TWyHu/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1954 1489943954.05 1489943954.41 353 192.168.1.116 - 54997 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1955 1489943970.52 1489943970.9 379 192.168.1.116 - 54998 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1956 1489943986.99 1489943987.36 375 192.168.1.116 - 54999 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 1957 1489944003.53 1489944003.9 375 192.168.1.116 - 55000 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fweau6s9VM1QjPGqmPB/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1958 1489944195.18 1489944195.56 373 192.168.1.116 - 55001 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mEsJNLJOgP9KRc42D/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1959 1489944386.88 1489944387.25 374 192.168.1.116 - 55002 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lFtYZFuIc9xXMQ3AMCmDbPQZPLd0/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1960 1489944579.53 1489944579.9 367 192.168.1.116 - 55003 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eSALk9DuTXrolenOxpoeNUanLeb/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1961 1489944771.18 1489944771.56 385 192.168.1.116 - 55004 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nQ89yW3fYjeqK4wXHEpz8jteHKY7a/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1962 1489944962.83 1489944963.17 340 192.168.1.116 - 55005 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lv6llERmyT9Mo3rRl7qlUjnPb/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1963 1489945154.45 1489945154.79 336 192.168.1.116 - 55006 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QvvDMrXHEPKbH7rb5TP/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1964 1489945346.02 1489945346.36 335 192.168.1.116 - 55007 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xc4VF6Jca068O7HbDlr2CpxS5UZ3U/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1965 1489945776.23 1489945776.65 413 192.168.1.116 - 55010 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7wAJbZvjN0WWLL3sWoX/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1966 1489945967.9 1489945968.27 370 192.168.1.116 - 55011 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xCyjePmAZ5dsHWIGkI6/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1967 1489946159.45 1489946159.76 311 192.168.1.116 - 55012 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t7VmGoSGbT487mDehiSws/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1968 1489946351.01 1489946351.41 400 192.168.1.116 - 55013 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MdR6zPfyUvOEqyL1OUgOQB48neVN/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1969 1489946542.68 1489946543.0 322 192.168.1.116 - 55014 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5167dXUwE63Mb0THWqsxwIBS/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1970 1489946734.29 1489946734.66 370 192.168.1.116 - 55015 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k6FJ64vRk2UD9X9OfI05Z2HcPVFvZ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1971 1489946926.05 1489946926.42 371 192.168.1.116 - 55016 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1971 1489946932.42 1489946932.8 384 192.168.1.116 - 55016 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vNFoYksqXvXDdKuc4VFUc8ua8GFuPp/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1972 1489947124.13 1489947124.51 380 192.168.1.116 - 55017 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ExU7yi433sHzukqgeHuB/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1973 1489947315.84 1489947316.22 377 192.168.1.116 - 55018 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/li8du2FV1emmHhEbs7o3ZHHiqMtT/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1974 1489947943.88 1489947944.25 367 192.168.1.116 - 55023 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FYODtpJCG2pSzO8A3VD6aJlQPEHMG/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1975 1489948135.58 1489948135.92 340 192.168.1.116 - 55024 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b8UgmYDKKWHfTJs5gLKbPEIzlNLm/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1976 1489948327.22 1489948327.59 370 192.168.1.116 - 55025 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7s6qHXIqPPCpUpubOsgH5IcKq/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1977 1489948518.95 1489948519.33 380 192.168.1.116 - 55026 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aKmcdQseCz0ZZCZ4i8uVaOg7usAfbui/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1978 1489948710.74 1489948711.17 430 192.168.1.116 - 55027 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qk37ENlagiQIwdI9gQmXEG/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1979 1489948902.5 1489948903.58 1081 192.168.1.116 - 55028 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1979 1489948911.3 1489948912.07 770 192.168.1.116 - 55028 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1979 1489948919.69 1489948920.05 368 192.168.1.116 - 55028 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Uh8t8aLJm7VaAkYgt8GemPylCc8/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1980 1489949111.37 1489949111.75 384 192.168.1.116 - 55029 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/THXkV7qzYjBKEzJoGLbNaYzv5d90WU/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1981 1489949303.12 1489949303.49 373 192.168.1.116 - 55030 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kWWfGHMyN1fXpCLNzuibOpM7KOBqPlL/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1982 1489949734.21 1489949734.62 407 192.168.1.116 - 55033 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PXMWfhCa37EyoK5eqqtx80wxZz4/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1983 1489949925.89 1489949926.23 336 192.168.1.116 - 55034 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w1TmcExfLskQntAPtJThrZs/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1984 1489950117.47 1489950117.84 375 192.168.1.116 - 55035 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G3OdbPFtkF4ZJuNg1uxS7oI/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1985 1489950309.08 1489950309.42 342 192.168.1.116 - 55036 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7zNcZ2RzxQbb3CQ3sNz8W/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1986 1489950500.8 1489950501.17 370 192.168.1.116 - 55037 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5hKqIbVSn7U2n4XZj/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1987 1489950692.49 1489950692.87 374 192.168.1.116 - 55038 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bejRFUkhmLjcOusbL88e54kqqWCiV4/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1988 1489950884.2 1489950884.57 370 192.168.1.116 - 55039 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8yVzF9YbKlHHdlaku/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1989 1489951075.97 1489951076.38 412 192.168.1.116 - 55040 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wSvBONqRJ65rYGSE8bVNicX/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1990 1489951267.65 1489951268.04 385 192.168.1.116 - 55041 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/meE4rUvMNk7gKE4w44FbZ5q/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1991 1489951697.12 1489951697.19 66 192.168.1.116 - 55044 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 1991 1489951697.51 1489951697.69 181 192.168.1.116 - 55044 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/ozN0z2EiS42GeG5HJs0ZyNotXm/ 328 516 0 373 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1991 1489951698.43 1489951698.52 84 192.168.1.116 - 55044 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/ESIVXEXRDQBXIS/1/ 221 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 1992 1489951698.71 1489951698.83 119 192.168.1.116 - 55045 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1993 1489951699.34 1489951699.41 66 192.168.1.116 - 55046 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1994 1489951699.68 1489951699.75 72 192.168.1.116 - 55047 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1995 1489951700.04 1489951700.12 72 192.168.1.116 - 55048 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DKbhXvM3e9SK7aCx0sZmzN/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1996 1489951890.66 1489951890.74 75 192.168.1.116 - 55049 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LxjjhnonmkBCIggCeCGHnHpUmRGuZJON/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1997 1489952081.22 1489952081.3 72 192.168.1.116 - 55050 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D9nkIk7ECm8TklGWn8wBzRCTHRnN/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1998 1489952271.7 1489952271.78 79 192.168.1.116 - 55051 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Paw8ducwRyHEhuNQmpqv33BlANe/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 1999 1489952462.17 1489952462.24 75 192.168.1.116 - 55052 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/997XqCNzVsW9jBcG/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2000 1489952652.69 1489952652.76 73 192.168.1.116 - 55053 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sfJzmfDF720LZeaW/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2001 1489952843.16 1489952843.23 71 192.168.1.116 - 55054 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dfl5ckQojMVcINXc00GZ/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2002 1489953033.63 1489953033.71 79 192.168.1.116 - 55055 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TqOU7wQ9Ea06GOGq8vByvpDZOXAd/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2003 1489953224.12 1489953224.19 73 192.168.1.116 - 55056 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fk2mq2JPbEXhGwF2aIQWyH28NVynQ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2004 1489953461.74 1489953461.82 72 192.168.1.116 - 55058 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0IzuzYQcdD7aWZXt0JBpMP2/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2005 1489953652.22 1489953652.29 72 192.168.1.116 - 55059 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Eys7zOg0pIzPjHeeWiyxTu/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2006 1489953842.67 1489953842.75 72 192.168.1.116 - 55060 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YdcGnqEmGQeWn3hRHzm0AGv/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2007 1489954033.12 1489954033.19 73 192.168.1.116 - 55061 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Qqsjv4RWkis4sKj99RdkLoBSA/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2008 1489954223.61 1489954223.69 72 192.168.1.116 - 55062 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NE2An1SP7ntcOwXXnPdgzxOY6qKKEK/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2009 1489954414.1 1489954414.24 142 192.168.1.116 - 55063 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2009 1489954421.77 1489954421.89 128 192.168.1.116 - 55063 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2009 1489954428.85 1489954428.94 86 192.168.1.116 - 55063 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1e9lCwvY8FjTaghBz/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2010 1489954619.35 1489954619.43 74 192.168.1.116 - 55064 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tmV5A3HvRd1x8TlwH0Kf3vcJCr3pU5/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2011 1489954809.84 1489954809.91 75 192.168.1.116 - 55065 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v7J8G8GjcRDfpzVeq/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2012 1489955000.3 1489955000.38 80 192.168.1.116 - 55066 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQTvfils3KD2hi4kR2to/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2013 1489955190.79 1489955190.87 75 192.168.1.116 - 55067 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bXfm991id7HPOpFmd5vfqdACHhOTNfi5/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2014 1489955381.62 1489955381.74 121 192.168.1.116 - 55068 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2015 1489955429.19 1489955429.27 73 192.168.1.116 - 55070 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NCX6yJt7kQS7F7tfjf/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2016 1489955619.68 1489955619.76 78 192.168.1.116 - 55071 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UxsnDGKtK2OHMDaeiSa2BCOKF/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2017 1489955810.18 1489955810.27 83 192.168.1.116 - 55072 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lku70JCES13cVb3cFUWdwEJqY/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2018 1489956000.65 1489956000.72 75 192.168.1.116 - 55073 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vB5IhCpAoq96WKzE6l3FfNSnUIuTtEw/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2019 1489956191.1 1489956191.18 75 192.168.1.116 - 55074 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RXwjyr7QndQmF7RzGTMNFkPAHZ1u0/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2020 1489956381.58 1489956381.67 88 192.168.1.116 - 55075 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bY4ujphV6I6UZn5w0Sqhgnr66jI/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2021 1489956572.06 1489956572.14 74 192.168.1.116 - 55076 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iQduztuci6xUIfB4gxMYypmaficli/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2022 1489956762.55 1489956762.62 74 192.168.1.116 - 55077 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dvFDriGaqdwrp7SVpknLrfJsK0L6dV/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2023 1489956953.0 1489956953.08 76 192.168.1.116 - 55078 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cgjrHBeewzhOKy7ToYaHP/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2024 1489957143.51 1489957143.59 77 192.168.1.116 - 55079 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/06U21epX3x06d80E75tHEU/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2025 1489957381.37 1489957381.45 77 192.168.1.116 - 55081 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/To1Oicf8WTThoc6qDH/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2026 1489957571.85 1489957571.93 76 192.168.1.116 - 55082 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wV4SCNVVewMjTeHwWIGyTf0XGG7/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2027 1489957762.32 1489957762.4 80 192.168.1.116 - 55083 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2027 1489957768.36 1489957768.45 88 192.168.1.116 - 55083 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jzSac6h9FbRIQkAPSfhyEWfr9zZfo/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2028 1489957958.83 1489957958.9 71 192.168.1.116 - 55084 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FrAloXN9k63gMr0tRXDQguNJkhfs6QE/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2029 1489958149.3 1489958149.38 74 192.168.1.116 - 55085 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ytpMFEhJIhITbnVBUd/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2030 1489958339.8 1489958339.87 76 192.168.1.116 - 55086 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qzxM3Zrnbn6lfdUYN1a3Uhsk/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2031 1489958536.26 1489958536.34 79 192.168.1.116 - 55087 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2032 1489958552.55 1489958552.62 74 192.168.1.116 - 55088 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2033 1489958567.81 1489958567.89 73 192.168.1.116 - 55089 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2034 1489958583.09 1489958583.16 71 192.168.1.116 - 55090 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZUM2FEmpmNrCv8mNQjeBR9k/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2035 1489958773.61 1489958773.68 70 192.168.1.116 - 55091 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rtB6bI5fl2G4wbb5UoFI/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2036 1489958964.09 1489958964.17 80 192.168.1.116 - 55092 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UfgV7asH0fSpemdtJM9D/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2037 1489959154.61 1489959154.68 75 192.168.1.116 - 55093 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Vf3TwgGzyoTZBmibX/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2038 1489959392.35 1489959392.43 81 192.168.1.116 - 55095 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQleNEdJPG9lSpxh742EJ/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2039 1489959582.89 1489959582.97 88 192.168.1.116 - 55096 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LcDioyec7atB3r6ITkO/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2040 1489959773.36 1489959773.47 105 192.168.1.116 - 55097 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WfvVfwcwLLzPxBvsxEf/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2041 1489959963.84 1489959963.97 131 192.168.1.116 - 55098 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2041 1489959971.72 1489959971.83 115 192.168.1.116 - 55098 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2041 1489959978.87 1489959978.95 81 192.168.1.116 - 55098 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zbIqNwBWH9V5igpGDsftZZyjy09/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2042 1489960169.33 1489960169.4 69 192.168.1.116 - 55099 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qkkQjoqqSptedS6KavtVeL53maCCr/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2043 1489960359.95 1489960360.25 304 192.168.1.116 - 55100 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q1d1YhHwrTmkMcJ9DxgFVXoIEoQOQX/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2044 1489960550.66 1489960550.73 74 192.168.1.116 - 55101 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aKlWibXFji4oKj2a7tqz1n/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2045 1489960741.14 1489960741.22 76 192.168.1.116 - 55102 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fLUgz8MCH4tZCqpj25lt6ho80NbER/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2046 1489960931.62 1489960931.7 75 192.168.1.116 - 55103 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3TzH6WxMucM8idswp5H/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2047 1489961122.11 1489961122.19 75 192.168.1.116 - 55104 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bwev39KhjfyuDVNZgaufav9eJtlwrURp/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2048 1489961359.86 1489961359.94 77 192.168.1.116 - 55106 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LLZj9HzRAJ7ZDvgsfEXH7CnG2/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2049 1489961550.35 1489961550.42 68 192.168.1.116 - 55107 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sJ3SYZZgJ2wesIqGK3JDykXRN/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2050 1489961740.86 1489961740.93 74 192.168.1.116 - 55108 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0vySjavNiv7aQelkm/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2051 1489961931.35 1489961931.43 81 192.168.1.116 - 55109 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6hN6sJoyp8GrE48VqKk/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2052 1489962121.84 1489962121.93 86 192.168.1.116 - 55110 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gJc9uy856YeqHrZplv/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2053 1489962312.36 1489962312.44 75 192.168.1.116 - 55111 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bXiuObJRkbA0QqHsTyd7thsSL/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2054 1489962502.81 1489962502.88 73 192.168.1.116 - 55112 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UUakC0PR8jwpEmnp7ZM/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2055 1489962693.3 1489962693.39 93 192.168.1.116 - 55113 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gwbQPwZFrxR7HEXQ5ASvx/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2056 1489962883.8 1489962883.87 77 192.168.1.116 - 55114 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/atopgCLfGi5BXM9H9Aonl/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2057 1489963074.29 1489963074.37 84 192.168.1.116 - 55115 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J7UZIBgIGRsAiBBvv9f4mua/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2058 1489963312.02 1489963312.11 87 192.168.1.116 - 55117 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A715RYJ4WmLTArj3kx1lY0hSWbF/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2059 1489963502.49 1489963502.57 76 192.168.1.116 - 55118 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BJaJfcGiswSMpkLvgyc9x4nzP/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2060 1489963692.98 1489963693.05 73 192.168.1.116 - 55119 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KTB0cBEsVavK7pQa7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2061 1489963883.45 1489963883.52 73 192.168.1.116 - 55120 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uM4I2fRJJhd1gCiRWL7VzxL/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2062 1489964073.93 1489964074.01 76 192.168.1.116 - 55121 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JAtfsCHQFDKIDcKJaCyaiF/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2063 1489964264.42 1489964264.49 75 192.168.1.116 - 55122 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/09vuDf5mpvUg1V83VbJlgeASEEM31ikY/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2064 1489964454.89 1489964454.97 79 192.168.1.116 - 55123 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PTZnQM0va1wh1q9eqWpgjh5Or/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2065 1489964645.4 1489964645.47 73 192.168.1.116 - 55124 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/17MHtSH1SlOXr1GtQW4SpA7en/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2066 1489964835.85 1489964835.94 89 192.168.1.116 - 55125 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oM5MromDpWi2T5Gc85hZCaFoJ/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2067 1489965027.32 1489965028.39 1070 192.168.1.116 - 55126 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vCDLIcBOLXmcc8hJ9ZSVWsfXyK/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2068 1489965266.22 1489965266.29 74 192.168.1.116 - 55128 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sFhGuZfoVh8d5050K6C9WL/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2069 1489965456.9 1489965457.07 167 192.168.1.116 - 55129 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2069 1489965465.47 1489965465.62 153 192.168.1.116 - 55129 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2069 1489965473.38 1489965473.48 101 192.168.1.116 - 55129 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P0H67IoIuFn1I6IquJN/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2070 1489965663.88 1489965663.96 73 192.168.1.116 - 55130 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GHfMnFPZIoGJZEgG/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2071 1489965854.36 1489965854.44 74 192.168.1.116 - 55131 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mirvTfFMoxto0hzAgo/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2072 1489966044.83 1489966044.91 87 192.168.1.116 - 55132 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/afWgPFWqEWWNwlb0bToAxvzKJKjStG/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2073 1489966235.31 1489966235.39 81 192.168.1.116 - 55133 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/572xiPsmeqHexFv36vUkZwS/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2074 1489966426.77 1489966426.85 75 192.168.1.116 - 55134 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/layfOo4YsK3kGFriIGPZetf2ONeWG/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2075 1489966617.26 1489966617.33 71 192.168.1.116 - 55135 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BzhHVJy3q5zEt2wE1uCzCP8tYQ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2076 1489966807.7 1489966807.78 74 192.168.1.116 - 55136 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SdOfMX6wbz8uT1qfo89QqRpYRxRiW/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2077 1489966998.2 1489966998.27 74 192.168.1.116 - 55137 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yy80ElLfMdFQi2mk2/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2078 1489967235.88 1489967235.96 75 192.168.1.116 - 55139 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P1zhBTIFu5o9iQSXK/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2079 1489967426.33 1489967426.4 73 192.168.1.116 - 55140 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v3SMGt7HRQFUzcwWhE0oX/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2080 1489967616.8 1489967616.9 96 192.168.1.116 - 55141 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f9w9gjheldcLGEQnykHrFBh04XMTJ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2081 1489967807.28 1489967807.37 88 192.168.1.116 - 55142 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YHLhGoPCRBUhkEZttmAHh/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2082 1489967997.77 1489967997.84 76 192.168.1.116 - 55143 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eq3hzE5IE8vfkyJ9R5Zh4Tw/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2083 1489968188.23 1489968188.3 78 192.168.1.116 - 55144 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XrxkA0WMtHJYh6UTa22L4ygb6j/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2084 1489968378.7 1489968378.78 72 192.168.1.116 - 55145 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tU7Ix588mQLWpXp1d8VAgHAYVPZOa/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2085 1489968569.18 1489968569.3 117 192.168.1.116 - 55146 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2085 1489968575.27 1489968575.39 124 192.168.1.116 - 55146 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WkuaxWyO7HK5ZUeBo9G/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2086 1489968765.79 1489968765.86 72 192.168.1.116 - 55147 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MfC6mQGa4gqiVRWKX0c283rMVnrwzs/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2087 1489968956.22 1489968956.29 73 192.168.1.116 - 55148 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CY08NSZydvSPUDlGF/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2088 1489969193.94 1489969194.01 75 192.168.1.116 - 55150 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lg8y1aPVs83MYP6mKXzuGgU/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2089 1489969384.38 1489969384.47 83 192.168.1.116 - 55151 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vZSddccDwFdmKLXSgDMuh24dN9YPoKR/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2090 1489969574.87 1489969574.95 78 192.168.1.116 - 55152 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OegV055SCtr43JXZd0UfskrE9UvXs/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2091 1489969765.38 1489969765.45 71 192.168.1.116 - 55153 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WJ47nhcF4f0wIcxLdrI11RmX8A/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2092 1489969955.82 1489969955.89 73 192.168.1.116 - 55154 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nyFBtXO64avxL3xZ5FXLdd/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2093 1489970146.33 1489970146.42 85 192.168.1.116 - 55155 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vTwM8pjdDWUp3qsLTKFjU2Dco3SGUy/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2094 1489970336.83 1489970336.9 74 192.168.1.116 - 55156 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TAlBMCX5NOqANoKb8ruMUEQGuws45/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2095 1489970527.31 1489970527.39 80 192.168.1.116 - 55157 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zTFmVVGDUIHY42KFzPpj0tOh/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2096 1489970718.03 1489970718.1 72 192.168.1.116 - 55158 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AERF34SICbQX4AUy6j3maPFv62K3E/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2097 1489970908.51 1489970908.64 126 192.168.1.116 - 55159 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2097 1489970916.22 1489970916.34 116 192.168.1.116 - 55159 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2097 1489970924.05 1489970924.12 71 192.168.1.116 - 55159 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bvkuwnoKFxxhCyLH3NpJJ/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2098 1489971161.81 1489971161.89 73 192.168.1.116 - 55161 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vk90m63FuzwQHBeTxSxc4pjV0PI/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2099 1489971354.14 1489971354.89 743 192.168.1.116 - 55162 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2099 1489971355.15 1489971355.86 712 192.168.1.116 - 55162 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/A1PqhvnM8IFF0UND1E/ 321 508 0 365 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2099 1489971356.36 1489971357.03 674 192.168.1.116 - 55162 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/BOIOKEVZVVEI/1/ 220 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2100 1489971359.08 1489971359.81 736 192.168.1.116 - 55163 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2101 1489971363.98 1489971364.65 669 192.168.1.116 - 55164 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2102 1489971368.0 1489971368.71 710 192.168.1.116 - 55165 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2103 1489971371.66 1489971372.33 670 192.168.1.116 - 55166 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A5Kx7ORYA6YofcaocKd/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2104 1489971564.55 1489971565.23 676 192.168.1.116 - 55167 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cwXCExPtDpQpajIuwWFg2yEd5/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2105 1489971757.52 1489971758.19 668 192.168.1.116 - 55168 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gPtV8QFnLru9Yn6H5CUmHE1/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2106 1489971950.36 1489971951.04 679 192.168.1.116 - 55169 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TT2Z2NvkIn73DTUV19/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2107 1489972145.29 1489972146.02 731 192.168.1.116 - 55170 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ECEowdkttcqMqzjFOtEBEFFmi56vc6L/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2108 1489972339.23 1489972339.9 677 192.168.1.116 - 55171 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J5iqt8tQgAQIgkyec/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2109 1489972532.12 1489972532.8 679 192.168.1.116 - 55172 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bFvXU8riMLIpIu3p6kunKxY/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2110 1489972725.07 1489972725.81 736 192.168.1.116 - 55173 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mezTL4slbmvYMlk8Y5L/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2111 1489972919.46 1489972920.16 704 192.168.1.116 - 55174 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IQ6bzpCm9lJNRQrtG/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2112 1489973118.51 1489973119.23 721 192.168.1.116 - 55175 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2113 1489973139.95 1489973140.65 704 192.168.1.116 - 55176 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2114 1489973157.78 1489973158.49 718 192.168.1.116 - 55177 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2115 1489973174.63 1489973174.87 240 192.168.1.116 - 55178 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 2116 1489973225.82 1489973226.53 707 192.168.1.116 - 55180 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JvBrhuCAcPQUs8uSeRsJJRE4B/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2117 1489973420.16 1489973420.88 715 192.168.1.116 - 55181 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bf9jk4rB2Y4EtquPr9LTt0rqGsqE6QSp/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2118 1489973613.09 1489973613.76 676 192.168.1.116 - 55182 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jhGtwPgQqpBAnxGGrMNR0J6uGF4V/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2119 1489973805.95 1489973806.62 677 192.168.1.116 - 55183 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nzFvEnuZtD2NEAyfzSL4GxQy9R/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2120 1489973998.84 1489973999.51 674 192.168.1.116 - 55184 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/obJIFOVK6EgqXdxXDf98odlr8Z/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2121 1489974192.98 1489974193.71 734 192.168.1.116 - 55185 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TdrvDJ6U7MIqm8iNxg/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2122 1489974386.16 1489974388.13 1972 192.168.1.116 - 55186 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tePB8cFrJYQOozqMSk27ewG/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2123 1489974580.43 1489974581.16 733 192.168.1.116 - 55187 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JtquPGTinZQuFkE4XDhz99FyjofcTM/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2124 1489974774.42 1489974775.09 672 192.168.1.116 - 55188 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8xRScN598nXCBfZBZiA/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2125 1489974968.59 1489974969.27 681 192.168.1.116 - 55189 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mmOdOJwuG9ORfnCFrz271tGeTgvn0yCe/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2126 1489975208.68 1489975211.22 2536 192.168.1.116 - 55191 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xWry7cc92DmRW21SCxtqA0IuwAq/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2127 1489975403.44 1489975404.11 670 192.168.1.116 - 55192 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n8UgZZNhPjPEruJYzn/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2128 1489975596.32 1489975596.99 676 192.168.1.116 - 55193 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ztBjgqiLzMR5LaRs8ZC1MLr3UIOeob/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2129 1489976058.45 1489976058.92 469 192.168.1.116 - 55200 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2129 1489976059.15 1489976059.71 553 192.168.1.116 - 55200 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/3lnoTiwWT2u5ARWsJ1NndDp/ 325 513 0 370 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2129 1489976060.08 1489976060.55 469 192.168.1.116 - 55200 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/JBYJZQSNVJAGSPL/1/ 222 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2130 1489976062.89 1489976063.49 607 192.168.1.116 - 55201 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2131 1489976064.84 1489976065.36 519 192.168.1.116 - 55202 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2132 1489976066.73 1489976067.3 574 192.168.1.116 - 55203 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2133 1489976069.63 1489976070.08 443 192.168.1.116 - 55204 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iKt6rpkrooZHlnmue7Ap4Ojn12x/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2134 1489976261.68 1489976262.15 467 192.168.1.116 - 55205 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ewuU1VwW8FBPuOgHvenJj0w/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2135 1489976453.72 1489976456.4 2676 192.168.1.116 - 55206 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2135 1489976463.96 1489976466.41 2448 192.168.1.116 - 55206 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2135 1489976474.82 1489976475.3 472 192.168.1.116 - 55206 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LQwxFFVZmVEabcSNXf/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2136 1489976666.85 1489976667.32 468 192.168.1.116 - 55207 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d07BR9VudaKe2cutGLjmz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2137 1489976858.95 1489976859.43 480 192.168.1.116 - 55208 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8diuaFbtwdWKIDT4sO40RS/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2138 1489977098.32 1489977098.75 439 192.168.1.116 - 55210 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LFX2A9YdouHa74u69xsRV970ZI3LUgxB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2139 1489977290.34 1489977290.81 467 192.168.1.116 - 55211 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OB77ErNZOtXY9zLhS5mK7iejTLT/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2140 1489977482.35 1489977482.79 441 192.168.1.116 - 55212 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bHSyUzANiSoz4aciklaOSiM/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2141 1489977674.32 1489977674.75 435 192.168.1.116 - 55213 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0H1uMV0GDWBEO2ZwJKckv6tZwPT/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2142 1489977870.07 1489977870.52 444 192.168.1.116 - 55214 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8CV6ZmI44JCoPZGXC56a/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2143 1489978062.13 1489978062.62 486 192.168.1.116 - 55215 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QYfgpGwS2kx1AveVgLoTHhf7HHoJ8vQ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2144 1489978254.19 1489978254.67 479 192.168.1.116 - 55216 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f26MJb1RjHAsTlt5o8licVt/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2145 1489978446.21 1489978446.65 437 192.168.1.116 - 55217 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wR3tObRYN81jQbi6W/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2146 1489978639.59 1489978640.07 475 192.168.1.116 - 55218 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fibzyZ2JDCD3sLK6KnEavzO2vqdM/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2147 1489978831.68 1489978832.16 474 192.168.1.116 - 55219 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ftQ6rM0Lk7cwaAbpne/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2148 1489979071.07 1489979071.54 473 192.168.1.116 - 55221 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wV914hWYrHbXrlFlVQMAr7bt1sYYhw/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2149 1489979263.12 1489979264.86 1733 192.168.1.116 - 55222 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LCGq4cJFmsUW5MFeu6XNHMMv7A8sYIQT/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2150 1489979456.47 1489979456.95 481 192.168.1.116 - 55223 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2150 1489979462.95 1489979463.46 507 192.168.1.116 - 55223 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oMnxictbP3lm4XB9e/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2151 1489979655.06 1489979655.54 474 192.168.1.116 - 55224 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3CVxRviUt9qvF9n6Y0Q6l/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2152 1489979847.34 1489979847.82 482 192.168.1.116 - 55225 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VqhXjDb3kGmdAMHNIibtnZJ6vvgTL/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2153 1489980039.39 1489980039.87 481 192.168.1.116 - 55226 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4VPC6q1NjdV7wAVAdWrueHc/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2154 1489980231.42 1489980231.9 471 192.168.1.116 - 55227 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M6jBo8GPHUa1vPLJ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2155 1489980424.44 1489980424.91 471 192.168.1.116 - 55228 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/floQdEOskKvcKpRknOeALGsEL/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2156 1489980617.38 1489980617.82 438 192.168.1.116 - 55229 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AH3t5OFvMquIMKm95eeJDfg0/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2157 1489980809.39 1489980809.87 478 192.168.1.116 - 55230 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AWA9BwvOugfSrGLEOTP1fglf3/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2158 1489981049.71 1489981050.15 442 192.168.1.116 - 55232 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OXL0l6W1y4NbBnxJ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2159 1489981241.68 1489981242.11 434 192.168.1.116 - 55233 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wukv15LECfcWF76LRm5zaG1mu/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2160 1489981433.65 1489981434.08 434 192.168.1.116 - 55234 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYT0Zy1qkZkc1dobNqKdiKtcXZUeKX/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2161 1489981625.63 1489981626.07 443 192.168.1.116 - 55235 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3TPDfOReLE2ZZdzHLFm/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2162 1489981817.85 1489981818.33 474 192.168.1.116 - 55236 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l6svznrNcikZU8a8ppHTIGmkKAV/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2163 1489982009.91 1489982011.71 1807 192.168.1.116 - 55237 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2163 1489982019.22 1489982020.52 1308 192.168.1.116 - 55237 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2163 1489982028.12 1489982028.61 494 192.168.1.116 - 55237 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UNjBosoK1Ub0Rx29tysy20HNYC/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2164 1489982220.26 1489982220.77 512 192.168.1.116 - 55238 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e1OgAph3lzwBVCsjpEZsGQT8xgC/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2165 1489982413.38 1489982413.84 467 192.168.1.116 - 55239 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SY07ia0OxzGm46RWKnP7G0b/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2166 1489982605.43 1489982605.91 475 192.168.1.116 - 55240 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eHfgu0RmYwsw93fP7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2167 1489982798.51 1489982798.99 477 192.168.1.116 - 55241 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xyaFfe2CZRMp1Y9ZDz3cRYBFMmqi2/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2168 1489983037.83 1489983038.27 441 192.168.1.116 - 55243 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aAUgKPyDzG30gX2OHP7RH4oUC/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2169 1489983229.87 1489983230.35 474 192.168.1.116 - 55244 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IUemSTr9QfiwTzlzW2VIrcCk/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2170 1489983421.96 1489983422.45 482 192.168.1.116 - 55245 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Difva3xXgmfC5sBgL8RkB8hW/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2171 1489983614.04 1489983614.51 473 192.168.1.116 - 55246 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zOjlb8ENfBSPbIizUxNi3TICm2N6MpN/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2172 1489983806.29 1489983806.77 483 192.168.1.116 - 55247 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KKOnbsoLXVLLUTXE/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2173 1489983998.3 1489983998.74 438 192.168.1.116 - 55248 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7JdANiYIucbRVpyG2BJYScKEVem3/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2174 1489984190.55 1489984191.05 503 192.168.1.116 - 55249 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2175 1489984193.36 1489984193.81 451 192.168.1.116 - 55250 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aS7betDS5hSSosqYFVUEadE6/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2176 1489984385.36 1489984385.8 438 192.168.1.116 - 55251 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JT4p2w8jWhCpyw81B6LF0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2177 1489984577.4 1489984577.88 480 192.168.1.116 - 55252 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VztWUtBZTCADFGfD9OlxsUEOGuO/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2178 1489984769.5 1489984769.97 477 192.168.1.116 - 55253 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GN3w8VZbT9m5bjtw25SBgxcqtl/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2179 1489985008.99 1489985009.46 473 192.168.1.116 - 55255 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ArduqhvBeyRNpvt6uo7FC/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2180 1489985201.04 1489985201.51 471 192.168.1.116 - 55256 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c6qb779qHtK9prWHdmT/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2181 1489985393.1 1489985393.58 475 192.168.1.116 - 55257 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fqja9gbvdr2ZOFlstR/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2182 1489985585.22 1489985585.69 475 192.168.1.116 - 55258 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A6esFANTXKeC3MCcqgXmWX/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2183 1489985778.26 1489985778.76 498 192.168.1.116 - 55259 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aXQyX49A7FzNfRkoJ8BQzvHMQP/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2184 1489985970.37 1489985970.85 473 192.168.1.116 - 55260 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ky8MmFLtGAkoBxtYjt0VThOR3DbyC/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2185 1489986162.45 1489986162.93 472 192.168.1.116 - 55261 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DU5OfwFp7aUNsbwsaZdLZ/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2186 1489986354.44 1489986354.88 437 192.168.1.116 - 55262 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GgEuDTyp9xmjayxRN9dr9/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2187 1489986547.78 1489986548.25 474 192.168.1.116 - 55263 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nZojvKn3cq0kEwLzM6ALIBcNiMnw/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2188 1489986739.81 1489986740.25 435 192.168.1.116 - 55264 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eetG8lIdCho5x5NcZ9nvL/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2189 1489986979.07 1489986979.51 441 192.168.1.116 - 55266 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tdVsuJbrKyiJOUTiz7caNbl0zP/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2190 1489987171.08 1489987171.56 478 192.168.1.116 - 55267 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LGQCKwq0dFQLNgc4Kg8dkk6exSaYZi/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2191 1489987363.11 1489987363.54 438 192.168.1.116 - 55268 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LERLAXjGW5ZS1ocAsfrglWsjNB7Y9/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2192 1489987555.13 1489987556.46 1324 192.168.1.116 - 55269 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2192 1489987564.69 1489987565.61 921 192.168.1.116 - 55269 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2192 1489987573.03 1489987573.51 478 192.168.1.116 - 55269 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aDYQsGz4CSMmIGcinNmDtnLAJM1MT/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2193 1489987771.1 1489987771.58 482 192.168.1.116 - 55270 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2194 1489987787.96 1489987788.44 474 192.168.1.116 - 55271 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2195 1489987804.88 1489987805.34 468 192.168.1.116 - 55272 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2196 1489987821.72 1489987822.16 438 192.168.1.116 - 55273 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/plrjUIH94bzT0rySO47pV/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2197 1489988014.71 1489988015.18 469 192.168.1.116 - 55274 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/livdszVh6mDWkBEDhqHJEl66ag22StW/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2198 1489988208.15 1489988208.63 481 192.168.1.116 - 55275 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GnhtBuApLpEVQVqhMqFH/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2199 1489988400.26 1489988400.74 475 192.168.1.116 - 55276 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pxkyJLCxlSL23Sp36/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2200 1489988592.42 1489988597.8 5381 192.168.1.116 - 55277 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cqtmPTXtgkgwirojycUq/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2201 1489988836.89 1489988837.36 474 192.168.1.116 - 55279 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8nV8Xvm1vrB5JYUf22Bf/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2202 1489989028.95 1489989029.43 481 192.168.1.116 - 55280 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G5USp8dT2yYhOlCz/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2203 1489989221.12 1489989221.58 468 192.168.1.116 - 55281 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ts8GBgPbbJyBWsOZ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2204 1489989413.27 1489989413.75 475 192.168.1.116 - 55282 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h9ygnsDhOcSC2XuFzBPAHQDkSRC/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2205 1489989605.36 1489989605.85 488 192.168.1.116 - 55283 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GSXsYOM3vdA9apE7OAZds6pdNy8ihjUJ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2206 1489989797.53 1489989798.01 483 192.168.1.116 - 55284 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iXzsjs9wX6AILoWNil6hVpqMU9/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2207 1489989989.58 1489989990.05 470 192.168.1.116 - 55285 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ocEJ4QbX9KDXCiMz/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2208 1489990181.59 1489990182.06 469 192.168.1.116 - 55286 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nR7Tnl7J3TjXm4FDVNqUaBgWO/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2209 1489990374.65 1489990375.12 468 192.168.1.116 - 55287 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2209 1489990381.08 1489990381.56 483 192.168.1.116 - 55287 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/45pYmkshDQ0Pln0lS/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2210 1489990573.24 1489990573.77 530 192.168.1.116 - 55288 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cDGpgtTpoUiJvPmd0EnmOe6/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2211 1489990813.12 1489990813.66 538 192.168.1.116 - 55290 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0TmOFav5gTuAHTkyKNJ1lsMJ/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2212 1489991005.48 1489991006.0 520 192.168.1.116 - 55291 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lzB432LcsLCmYl8F7zzYm75wyerR/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2213 1489991197.82 1489991198.36 537 192.168.1.116 - 55292 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7j3kX5E6lM6xsztv1NRDSlh/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2214 1489991390.26 1489991390.83 571 192.168.1.116 - 55293 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M80pl6bmXtDpfB21/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2215 1489991583.74 1489991584.35 614 192.168.1.116 - 55294 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/juWZN234iFItt1V6PHol9c0/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2216 1489991776.23 1489991776.8 568 192.168.1.116 - 55295 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Ao3TWRcRcztbSCtTKyb2EbSAB/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2217 1489991968.41 1489991968.89 475 192.168.1.116 - 55296 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Rfjf79bYDkakzVwIYANPtsYPi1w9Z/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2218 1489992160.85 1489992161.42 568 192.168.1.116 - 55297 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FQuQ4zgpv4pvWgjokU1lN35B/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2219 1489992353.34 1489992353.92 576 192.168.1.116 - 55298 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M3s7qaKdc20fzCHA/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2220 1489992545.89 1489992546.46 575 192.168.1.116 - 55299 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t80LiEWi3EPsw3ofk/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2221 1489992785.98 1489992786.52 537 192.168.1.116 - 55301 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0UTmuUAIBrjaV8H2LfBmcByGkw/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2222 1489992978.38 1489992980.58 2206 192.168.1.116 - 55302 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2222 1489992987.91 1489992990.13 2222 192.168.1.116 - 55302 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2222 1489992997.13 1489992997.72 587 192.168.1.116 - 55302 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sGvKFYvOD4Vc6MZoinBSO2MfweqEILmm/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2223 1489993189.66 1489993190.23 566 192.168.1.116 - 55303 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hd1KF8d7VzqKZUY7tPJIXXmiAcayyuGw/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2224 1489993382.18 1489993382.76 577 192.168.1.116 - 55304 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/71CaUFWqoFFkqq64mclNqCMuUEBSS/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2225 1489993574.73 1489993575.32 580 192.168.1.116 - 55305 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vz8YNqj6V6b9ec48sqrIVuMcrU/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2226 1489993771.37 1489993772.04 670 192.168.1.116 - 55306 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uFHTali0ptRMHSaTHU2m6/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2227 1489993965.09 1489993965.69 604 192.168.1.116 - 55307 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZDHS0WS5PyMC6iJkRbxW/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2228 1489994157.73 1489994159.54 1807 192.168.1.116 - 55308 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BWE0ZIJOv9cuxQBA0Ln1tCA5koYFi25t/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2229 1489994352.55 1489994353.12 571 192.168.1.116 - 55309 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KWK4qLA8qPP92KyCZfyz4RWMFkZk/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2230 1489994545.08 1489994545.66 578 192.168.1.116 - 55310 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8tNMwL9WRwNTDqwNFYrDEERYRE92IA/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2231 1489994785.44 1489994786.01 572 192.168.1.116 - 55312 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DmJGWWwEUV1REHqx1sBmSz6J8Op9UCW/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2232 1489994977.89 1489994978.46 570 192.168.1.116 - 55313 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W1ylbCgi9q50jCR5NYihpeZhuizgez/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2233 1489995170.37 1489995170.94 574 192.168.1.116 - 55314 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z0K3dCUpn7ofmCqZ5EfcLASZbdWeNS/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2234 1489995362.94 1489995363.5 567 192.168.1.116 - 55315 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bkm0HqTZiemKYZPzv0PuR/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2235 1489995555.39 1489995555.97 582 192.168.1.116 - 55316 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SZId9QYWG7VZqBNKH6rIvDX5/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2236 1489995748.03 1489995748.64 613 192.168.1.116 - 55317 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Sg4Kaepff5gu1KWkVxbI/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2237 1489995940.02 1489995940.43 417 192.168.1.116 - 55318 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2237 1489995940.67 1489995941.17 497 192.168.1.116 - 55318 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/PUqhsSsP0VJhABne35Dm3a/ 325 512 0 369 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2237 1489995941.67 1489995942.1 435 192.168.1.116 - 55318 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/YMNRLCRAMK/1/ 218 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2238 1489995943.28 1489995943.7 422 192.168.1.116 - 55319 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2239 1489995944.9 1489995945.31 411 192.168.1.116 - 55320 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2240 1489995946.48 1489995946.89 417 192.168.1.116 - 55321 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2241 1489995949.04 1489995949.47 434 192.168.1.116 - 55322 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XMPawVtZHUzSKiBNUKkWKeKW/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2242 1489996140.86 1489996141.29 431 192.168.1.116 - 55323 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5twSTGxjenha2uQzLvLc4iwU1tlnJy/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2243 1489996332.67 1489996333.09 418 192.168.1.116 - 55324 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oy1bawPc8y1vapfPLYE0UyXK82vZ/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2244 1489996524.46 1489996524.83 367 192.168.1.116 - 55325 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TVigSzZS8i2fhdDGzUfL50/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2245 1489996763.58 1489996763.95 367 192.168.1.116 - 55327 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lKPcpaqG8cBzMiqueraDEoosbp3RgRI/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2246 1489996955.29 1489996955.72 436 192.168.1.116 - 55328 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l6oRkyawtWgvEuE04MowKCJCHWBSG/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2247 1489997147.12 1489997147.55 433 192.168.1.116 - 55329 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/igpeNoyvzE7WjQt7k2fNKvo/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2248 1489997338.93 1489997339.3 368 192.168.1.116 - 55330 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7kvq7xA0Jo4qbqc6BMqjD90Yv1/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2249 1489997530.64 1489997531.01 370 192.168.1.116 - 55331 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qtTw8mxnigUuMGNUC40YXd1VNz/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2250 1489997722.39 1489997722.8 411 192.168.1.116 - 55332 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PJ9UbrM8BJAq5CsOgMcM5OuSrBcS/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2251 1489997914.17 1489997914.61 433 192.168.1.116 - 55333 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r2J8La1vfiDBz1NP1f/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2252 1489998106.02 1489998106.44 423 192.168.1.116 - 55334 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PsjNKCqeGtIQJCvsSYl9tauJ/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2253 1489998297.81 1489998298.18 368 192.168.1.116 - 55335 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EqZtVAIgInU4aAJlLbCb2IyKAXSrf3lC/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2254 1489998489.57 1489998490.71 1143 192.168.1.116 - 55336 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2254 1489998498.28 1489998499.12 837 192.168.1.116 - 55336 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2254 1489998506.44 1489998506.86 414 192.168.1.116 - 55336 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6rU3dHtSXHu8sUXAsca4U2oLZTvzW1mB/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2255 1489998745.55 1489998745.92 368 192.168.1.116 - 55338 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w2D9JBtW9umCpJxE7l5Vpl/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2256 1489998937.3 1489998937.73 435 192.168.1.116 - 55339 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/avKFLKUv3dPeKsLg1ihyEM/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2257 1489999129.13 1489999129.5 369 192.168.1.116 - 55340 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sR3CmBAEf4307M8v8peN/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2258 1489999321.92 1489999322.29 368 192.168.1.116 - 55341 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DvIWjiiRiYEan8BSIP4x3DrRAFM4B3Sb/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2259 1489999513.65 1489999514.02 371 192.168.1.116 - 55342 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YK83UZOAd8gZ4e4iSbkKjBvDR5WTnvRG/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2260 1489999705.52 1489999705.94 415 192.168.1.116 - 55343 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nX7kFYVQk3mVmWotEvrj7oQ9/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2261 1489999897.28 1489999897.65 375 192.168.1.116 - 55344 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Sq9Ua6hgyl7Wg8PjqbUCFPQT7qn/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2262 1490000089.04 1490000089.47 432 192.168.1.116 - 55345 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rdvVeZtZjaeVyYZ1YqErwSrliEtsjCMw/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2263 1490000280.81 1490000281.24 430 192.168.1.116 - 55346 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8xdfA6V69VOqhXCvR9O2RTgOz/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2264 1490000472.65 1490000473.06 410 192.168.1.116 - 55347 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7SVGjVj51JMmuQF60dg/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2265 1490000711.69 1490000712.1 413 192.168.1.116 - 55349 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RWwh5S5K8YL49Fe074zOddAz/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2266 1490000903.49 1490000903.93 436 192.168.1.116 - 55350 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fejkNKvPBGNJA4qVLJIKO/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2267 1490001096.85 1490001097.26 406 192.168.1.116 - 55351 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i5TTQxCaJWExUu7ysW0Pcr/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2268 1490001288.6 1490001289.01 408 192.168.1.116 - 55352 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2268 1490001294.98 1490001295.35 372 192.168.1.116 - 55352 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FJVDrdvE0ZlwbXPaoaWYRLRk9Hq/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2269 1490001486.73 1490001487.17 433 192.168.1.116 - 55353 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DjlNyuzrWw5PUkxmiGj0N/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2270 1490001678.55 1490001678.99 432 192.168.1.116 - 55354 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pMlxHyjSAxmYRzL5Tub/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2271 1490001870.36 1490001870.8 437 192.168.1.116 - 55355 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JbomytPwE0vdUzsbsEQmkf12aZylFv/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2272 1490002062.16 1490002062.57 407 192.168.1.116 - 55356 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ddL4WstYWFufwofQ3qFBsnTOUoLh/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2273 1490002259.93 1490002260.33 406 192.168.1.116 - 55357 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2274 1490002276.5 1490002276.94 441 192.168.1.116 - 55358 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2275 1490002293.17 1490002293.57 410 192.168.1.116 - 55359 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2276 1490002309.76 1490002310.19 436 192.168.1.116 - 55360 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HODXsFA99UCXFiVvMyhgbAV9TtZ395/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2277 1490002501.54 1490002501.97 433 192.168.1.116 - 55361 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dYijqiYqvW6m7BEGFmdtWo2TW9/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2278 1490002693.05 1490002693.29 244 192.168.1.116 - 55362 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 2279 1490002699.87 1490002700.3 433 192.168.1.116 - 55364 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rBzgTnh2aXmmVlSgeCPMdlYn8hQGzZe/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2280 1490002891.71 1490002892.11 407 192.168.1.116 - 55365 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3WOmwUuyk6OR427lpbMyS/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2281 1490003083.48 1490003083.85 369 192.168.1.116 - 55366 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lgmDHqBLG41TAgETImSfLyglUXwFdfC1/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2282 1490003275.19 1490003275.62 430 192.168.1.116 - 55367 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/unweut7BNNIfxte4HmJ4Hm1v2Wdn/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2283 1490003467.02 1490003467.42 404 192.168.1.116 - 55368 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vqGqrTuRPetOakEhY/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2284 1490003658.78 1490003659.21 431 192.168.1.116 - 55369 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CF2awqV90guJOEoC07Stv/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2285 1490003850.6 1490003851.03 436 192.168.1.116 - 55370 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6u2ivb6mRlMLt7Hq2oWlpmxC6Q9MvJUh/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2286 1490004042.45 1490004043.56 1115 192.168.1.116 - 55371 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2286 1490004050.9 1490004051.64 736 192.168.1.116 - 55371 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2286 1490004059.35 1490004059.72 366 192.168.1.116 - 55371 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wtOyQOU7QAQLNlb3/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2287 1490004251.1 1490004251.54 435 192.168.1.116 - 55372 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EWKqtXTFDSCCaAL06U8QpjXk5aB/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2288 1490004442.88 1490004443.25 367 192.168.1.116 - 55373 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IEVqGFfAaZCvD7e7xYyOa026I2Xh/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2289 1490004634.6 1490004635.01 406 192.168.1.116 - 55374 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bjxn6U9aTk6bquAB/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2290 1490004827.06 1490004827.47 412 192.168.1.116 - 55375 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2LheVkynkJ6Dwu8W7UKGxi/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2291 1490005018.85 1490005019.26 413 192.168.1.116 - 55376 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gwlNomr9M41gUbnHNNqBuw1/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2292 1490005210.66 1490005211.07 411 192.168.1.116 - 55377 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZZEbhkGIPBzwpyNWvzTSQij1tgcnfV9S/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2293 1490005402.47 1490005402.88 411 192.168.1.116 - 55378 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sOZgTUgsTNfdK9FGdJLk9n6/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2294 1490005594.21 1490005594.65 438 192.168.1.116 - 55379 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vQJux1xtwzLy79pONITs7b8WQQp62izQ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2295 1490005786.0 1490005786.43 429 192.168.1.116 - 55380 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EKzvkIIBkm9yzczYPcYteWpLS44L/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2296 1490005977.84 1490005978.25 415 192.168.1.116 - 55381 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VQLK9bQ5zidkOj7k/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2297 1490006169.69 1490006170.1 411 192.168.1.116 - 55382 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Im7T61n84UoybpfxITlmMEE2HSFy74kv/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2298 1490006361.46 1490006361.87 407 192.168.1.116 - 55383 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pZeIlxCFyBeVclcO1pSFzOtoHov/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2299 1490006553.25 1490006553.68 432 192.168.1.116 - 55384 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ExgdEyp79tV2UtWAKgBAb2A/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2300 1490006745.03 1490006745.44 409 192.168.1.116 - 55385 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pvItFvmBYhkeoSoUMn4VS/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2301 1490006936.84 1490006937.25 410 192.168.1.116 - 55386 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IihpH9QguVJyn9CnJu2GvQkohadXOF3/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2302 1490007128.64 1490007129.02 373 192.168.1.116 - 55387 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nNCgRLtgeA5q3xSd7y0G2bIxMuUa/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2303 1490007320.42 1490007320.83 413 192.168.1.116 - 55388 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j00R6gob9N5ua0HQpC91SpGZ/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2304 1490007512.24 1490007512.66 415 192.168.1.116 - 55389 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x0YqywdypYW5Wlm4/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2305 1490007704.03 1490007704.44 407 192.168.1.116 - 55390 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/693n0SKmMnKrF92znuYd248Hgj/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2306 1490007895.8 1490007896.24 433 192.168.1.116 - 55391 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5UefBAjdLfIeMQ2G1f0SSNU5bF/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2307 1490008087.61 1490008088.05 436 192.168.1.116 - 55392 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rQwc5mw364NsmwMD/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2308 1490008279.43 1490008279.8 368 192.168.1.116 - 55393 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LfmNhT2aaQDFvPWy33ek0VR7bbDj/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2309 1490008471.15 1490008471.56 405 192.168.1.116 - 55394 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fhAwhvYoUItWRtkkoOnDuCUiWwWx/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2310 1490008662.95 1490008663.36 410 192.168.1.116 - 55395 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k5oZH4bHH3nWv321EXADqGGfUh/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2311 1490008854.85 1490008855.29 436 192.168.1.116 - 55396 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mHgdStGK5hh1OWO7OHgE/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2312 1490009046.64 1490009047.07 431 192.168.1.116 - 55397 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KUpHuOHfA7JVL4IFQUv/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2313 1490009238.51 1490009238.93 418 192.168.1.116 - 55398 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JagjizjHnZ0ThjQBmG8PE/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2314 1490009430.28 1490009430.71 432 192.168.1.116 - 55399 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ewAk1v3KWWbqMAN26NZ/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2315 1490009622.09 1490009623.22 1125 192.168.1.116 - 55400 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2315 1490009630.77 1490009631.57 802 192.168.1.116 - 55400 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2315 1490009638.67 1490009639.11 446 192.168.1.116 - 55400 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9oBhKvOWHykKSkUO0No0/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2316 1490009830.52 1490009830.93 414 192.168.1.116 - 55401 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9SRA8ZD094uM3XghdXZ9AdFia/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2317 1490010022.28 1490010022.72 435 192.168.1.116 - 55402 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pHRX0WyUwYTemAuFCWinOyryMgrk/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2318 1490010214.12 1490010214.53 410 192.168.1.116 - 55403 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nM8RDfSaAhbcGXJpkYDLKMxXi/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2319 1490010405.92 1490010406.33 407 192.168.1.116 - 55404 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tqfikLfAJiMU37jq3iG6MzXv/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2320 1490010597.8 1490010599.04 1246 192.168.1.116 - 55405 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OjhO7yBCUD5dHu87H3TanoknYH8/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2321 1490010790.44 1490010790.84 406 192.168.1.116 - 55406 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kHqoTSkKTMYOv9WpVxK4IvQ/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2322 1490010982.21 1490010982.57 366 192.168.1.116 - 55407 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cylPxnnwpm6PK06SIRYbo8qAiRgk1JOI/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2323 1490011173.98 1490011174.4 415 192.168.1.116 - 55408 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qEexXTbuJvDj7fma/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2324 1490011365.81 1490011366.22 410 192.168.1.116 - 55409 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O8MWULSMCxlMYXL3/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2325 1490011557.6 1490011557.98 373 192.168.1.116 - 55410 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KWYktrEys1oUFfEqwwSfQZ/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2326 1490011749.36 1490011749.77 407 192.168.1.116 - 55411 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HZSzKPxiNVnbsbzoO5COLfg/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2327 1490011941.15 1490011941.52 367 192.168.1.116 - 55412 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z5wqDuCqIA4rrAV1SlUFLPsSHhkODH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2328 1490012132.86 1490012133.27 411 192.168.1.116 - 55413 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2328 1490012139.24 1490012139.65 407 192.168.1.116 - 55413 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/djfOePNE3YSUjFAuLbPTf9uDKIWvIz/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2329 1490012331.06 1490012331.46 407 192.168.1.116 - 55414 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xgJpWz7qB2bScJCrTaaN9QMHYgk7unn/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2330 1490012522.85 1490012523.28 431 192.168.1.116 - 55415 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bQ2d1fusSGbgm116hRoisZIkKyUvo/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2331 1490012714.66 1490012715.03 367 192.168.1.116 - 55416 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PfyxftgQBiLYyao1N9SqQ8dqNfe/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2332 1490012906.44 1490012906.85 410 192.168.1.116 - 55417 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YbrQDoXegkf0MIEMkzMznuf/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2333 1490013098.89 1490013099.37 472 192.168.1.116 - 55418 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2334 1490013100.57 1490013100.99 413 192.168.1.116 - 55419 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aO7rtu9r57nvtb46QxM2BlsQqA9K0Hx/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2335 1490013292.36 1490013292.76 406 192.168.1.116 - 55420 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1CeWJHtS1RWXcI0bK782k8U6O5Hf/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2336 1490013484.16 1490013484.57 408 192.168.1.116 - 55421 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/75MlQIEuvqWpvTV5evR0dm9/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2337 1490013675.91 1490013676.34 433 192.168.1.116 - 55422 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8SebaK3eiRUE2IsBfqfhdRZK7Xd/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2338 1490013867.72 1490013868.12 404 192.168.1.116 - 55423 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sHWn2y5bT9eYnMcAoPnjp/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2339 1490014059.53 1490014059.96 431 192.168.1.116 - 55424 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nf2Hq3llrO4AfSGUcOIY5eFR2/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2340 1490014251.32 1490014251.76 439 192.168.1.116 - 55425 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OPnkp3wDNouaiN6TjTAQGHe/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2341 1490014443.2 1490014443.62 423 192.168.1.116 - 55426 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WOvLTZJ5g6deBGKBGtsugs/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2342 1490014634.98 1490014635.36 374 192.168.1.116 - 55427 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yCjSsaLmLNYC9yM8YzIUSxSTnZQh7xWg/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2343 1490014826.74 1490014827.14 404 192.168.1.116 - 55428 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A107pvoUxtPnJDw3snWlom/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2344 1490015018.5 1490015018.87 367 192.168.1.116 - 55429 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C5mLztKQNBQfBg6INAox/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2345 1490015210.22 1490015211.33 1117 192.168.1.116 - 55430 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2345 1490015218.88 1490015219.66 783 192.168.1.116 - 55430 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2345 1490015226.99 1490015227.41 416 192.168.1.116 - 55430 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/is4TsuURfJybA5D4b3M7aq6fdfb/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2346 1490015419.41 1490015420.09 673 192.168.1.116 - 55431 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2346 1490015420.44 1490015421.19 750 192.168.1.116 - 55431 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/eaTS2XQSAI0CiPlp/ 317 506 0 363 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2346 1490015421.8 1490015422.4 608 192.168.1.116 - 55431 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/OXLDNCEXJPTX/1/ 218 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2347 1490015425.13 1490015425.74 608 192.168.1.116 - 55432 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2348 1490015428.46 1490015429.16 705 192.168.1.116 - 55433 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2349 1490015430.97 1490015431.64 669 192.168.1.116 - 55434 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2350 1490015434.44 1490015435.05 611 192.168.1.116 - 55435 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5jlLhkKqP2rYYjVWe7941a2MuGaYbNH7/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2351 1490015627.06 1490015627.68 615 192.168.1.116 - 55436 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Px4JmPamlbIl980TkYvIEP3eliwg2gN/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2352 1490015819.6 1490015820.17 568 192.168.1.116 - 55437 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DjhP3GCQtsJQKAbvkvO/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2353 1490016012.16 1490016012.77 611 192.168.1.116 - 55438 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FAYwFCzFDEOZpZ2p98aOS8NtHgE/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2354 1490016204.75 1490016205.39 635 192.168.1.116 - 55439 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YNnXeKS7mtm2dSYB5/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2355 1490016397.37 1490016398.03 661 192.168.1.116 - 55440 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1HYoULb8vSsmFFJlEvKwJd3t/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2356 1490016590.04 1490016590.66 616 192.168.1.116 - 55441 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pH1DYraLvY4G52K8DHXUoAgU/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2357 1490016788.66 1490016789.3 639 192.168.1.116 - 55442 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2358 1490016806.16 1490016806.76 605 192.168.1.116 - 55443 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2359 1490016823.53 1490016824.14 609 192.168.1.116 - 55444 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2360 1490016840.9 1490016841.47 568 192.168.1.116 - 55445 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d6qNrgGzvi9XzgeTmgNa9r1H/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2361 1490017033.41 1490017034.05 634 192.168.1.116 - 55446 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z45XEMnW5kZ0gqdSWemvLksWLbTsdkF/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2362 1490017226.0 1490017226.62 617 192.168.1.116 - 55447 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vJYWGxWLcyl3ykuqXeYe6WTLOZs1v6/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2363 1490017418.57 1490017419.14 569 192.168.1.116 - 55448 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wTS7WQ9yOzbCoAfL/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2364 1490017611.12 1490017611.75 634 192.168.1.116 - 55449 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fqv3m3Djb7GEvCVYkCOYpB5ntH7l0/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2365 1490017803.72 1490017804.33 605 192.168.1.116 - 55450 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/flxvQBpf9WWCZHsqGslkrDi/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2366 1490017996.27 1490017996.88 609 192.168.1.116 - 55451 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/78ICf0lDm4I62mjV5Sagjc8AlgJKQ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2367 1490018189.02 1490018189.64 618 192.168.1.116 - 55452 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ruwnXRUnLYrGGc9hZuVf1zZJb3y9Th/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2368 1490018381.56 1490018382.13 576 192.168.1.116 - 55453 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FAqcemH8WANDx7iBOWX8ftbu4m95IH/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2369 1490018574.13 1490018574.74 614 192.168.1.116 - 55454 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X536VsxMgjmBQ9Vg/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2370 1490018768.49 1490018769.09 607 192.168.1.116 - 55455 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1KJNt4PzkjrV7RGF1ZFa7t/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2371 1490018960.95 1490018962.96 2009 192.168.1.116 - 55456 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/55poBlpHEKHrobHRWJbMJvcYu/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2372 1490019154.9 1490019155.53 633 192.168.1.116 - 55457 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oZaLEcIsSHSXvInFJ/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2373 1490019347.59 1490019348.16 571 192.168.1.116 - 55458 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IWZfiuebKwDEEhS7/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2374 1490019540.04 1490019540.61 571 192.168.1.116 - 55459 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SvIfZwQuBr2nosPIjo/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2375 1490019733.89 1490019734.51 619 192.168.1.116 - 55460 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cKeHXIY7PXmmcEkBaH8rOj3MOh0aYC/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2376 1490019929.3 1490019929.82 521 192.168.1.116 - 55461 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iqTUO8VBXYCbb6pL2Li/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2377 1490020121.64 1490020122.17 524 192.168.1.116 - 55462 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pw9n5gnNsVnp4Pt8d3xXsi2tTrJ7eA/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2378 1490020313.98 1490020315.95 1971 192.168.1.116 - 55463 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uDrHgaiW9pEHSElm72twsx/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2379 1490020507.99 1490020508.6 607 192.168.1.116 - 55464 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8aYceOqHwZ8YtbCV0eD5mLGsU5s/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2380 1490020703.76 1490020705.61 1856 192.168.1.116 - 55465 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2380 1490020713.33 1490020714.65 1317 192.168.1.116 - 55465 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2380 1490020722.36 1490020722.97 605 192.168.1.116 - 55465 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G6smidwRgAa9BeRH7/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2381 1490020915.01 1490020916.82 1807 192.168.1.116 - 55466 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7GtgEPyhGeslQ6AJkeoUHu9ibcZUZ8/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2382 1490021108.6 1490021109.11 503 192.168.1.116 - 55467 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hhb84Cfyr9OIiVBFXwhFK9Sw/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2383 1490021301.08 1490021303.2 2122 192.168.1.116 - 55468 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aJnwVk0Xm06W6ECK9idqD/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2384 1490021495.01 1490021498.12 3112 192.168.1.116 - 55469 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zc8dyP04oGK0GObhlAQKmlrrX9/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2385 1490021691.24 1490021691.87 628 192.168.1.116 - 55470 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H4KCZXaoVxwLmjLUnPFNbJ17pAx/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2386 1490021884.52 1490021885.06 534 192.168.1.116 - 55471 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O5ZqZFiGglhwjh3Kiy2AWdo/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2387 1490022076.7 1490022077.23 533 192.168.1.116 - 55472 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fAgh1jk7FjXCurdOUernxBtl/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2388 1490022270.09 1490022270.63 541 192.168.1.116 - 55473 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XOpSPt7f4ywmVDDuehSQd2ALpEZk/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2389 1490022465.05 1490022467.02 1970 192.168.1.116 - 55474 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tc7FBodgDnwcMVnVtRQGPhaG/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2390 1490022659.6 1490022660.13 533 192.168.1.116 - 55475 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M9lfsy3pxFeJNxRwYUaZs5nH/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2391 1490022851.8 1490022852.27 471 192.168.1.116 - 55476 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SjksBV9psdheJWwWqX0B6CFal3x1YQ/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2392 1490023043.96 1490023044.48 520 192.168.1.116 - 55477 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2392 1490023050.45 1490023050.96 512 192.168.1.116 - 55477 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2tWeYLBKPjHZiLyy9x9wuCOT38TB/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2393 1490023242.63 1490023243.17 544 192.168.1.116 - 55478 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1nKmnc72zZKXhRcJ/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2394 1490023436.05 1490023436.59 543 192.168.1.116 - 55479 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7W8Sw8b1HSyCv0lhQMNxagwKWZ/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2395 1490023629.23 1490023629.76 530 192.168.1.116 - 55480 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2QSZhOb6uS0HSJuU/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2396 1490023821.43 1490023821.97 533 192.168.1.116 - 55481 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hDP7Ubuw2EgCD62jJ3KrVgQS/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2397 1490024013.75 1490024014.23 474 192.168.1.116 - 55482 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9F4uHX8jdOuBVxziZ2/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2398 1490024206.86 1490024207.38 515 192.168.1.116 - 55483 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nejbMEE3gKyU43DSx6Z4eYYk/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2399 1490024401.43 1490024401.95 513 192.168.1.116 - 55484 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mEf9K5sKbLfYfGvXkG/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2400 1490024593.65 1490024594.16 505 192.168.1.116 - 55485 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/75Bkj39TF81n8eVnUdHsMy1m2TFAeHK/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2401 1490024786.01 1490024788.02 2005 192.168.1.116 - 55486 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ozyX0SR2YvGi35bwevJpu/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2402 1490024980.62 1490024981.13 511 192.168.1.116 - 55487 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wVDBpw5xJpexGSUH8DpL9GU8USg2o/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2403 1490025172.77 1490025173.24 468 192.168.1.116 - 55488 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N8MB9dyUptQsKzXAOe4GTkkb/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2404 1490025364.94 1490025365.41 468 192.168.1.116 - 55489 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zewQjf7C9bw870WL/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2405 1490025557.05 1490025557.52 470 192.168.1.116 - 55490 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TUiZcKJJ5AdKYzB1eHqccJC0af9o/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2406 1490025751.42 1490025751.96 535 192.168.1.116 - 55491 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nWIKgwUf7K8eCADrflCf6fih6hPp/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2407 1490025945.93 1490025946.47 536 192.168.1.116 - 55492 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PFTYCEvinxckyBnsYwHPTBxqmRq/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2408 1490026138.31 1490026139.7 1396 192.168.1.116 - 55493 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2408 1490026147.7 1490026148.69 988 192.168.1.116 - 55493 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2408 1490026156.45 1490026157.88 1432 192.168.1.116 - 55493 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FhYgpB8R1PQnW9bxQ3Y2/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2409 1490026349.55 1490026350.01 468 192.168.1.116 - 55494 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MQfiLHMnTCXdFKrtDPSTwnE6BnR0tw7/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2410 1490026543.57 1490026545.59 2025 192.168.1.116 - 55495 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H6Ag3H7qTZtazxmwu9BO72jW/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2411 1490026738.98 1490026740.58 1606 192.168.1.116 - 55496 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NDK80B35RLrI0SSQKWhvFKY9Ynes/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2412 1490026932.21 1490026932.68 471 192.168.1.116 - 55497 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HHwnYlAc7BDt7DaucQk0XDMFLouGKPv/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2413 1490027125.23 1490027126.95 1721 192.168.1.116 - 55498 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TptbSRn5H0iQ63ulwvPgL63P/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2414 1490027319.49 1490027319.96 469 192.168.1.116 - 55499 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BI74ywXN9fOAfCx21kdBiafF7bV/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2415 1490027512.47 1490027512.97 497 192.168.1.116 - 55500 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/28RndXR0OwuWahtETvdn7feW/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2416 1490027705.86 1490027706.39 535 192.168.1.116 - 55501 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LXs67ieLcwX53hxOL43Uc/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2417 1490027899.97 1490027900.44 470 192.168.1.116 - 55502 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y4xOxitj4uqfBxNdmftoKOtsVO/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2418 1490028093.32 1490028093.86 542 192.168.1.116 - 55503 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F3ACfwNfHxfag1mX51ix8OD/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2419 1490028286.76 1490028287.3 539 192.168.1.116 - 55504 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G7sg8R3asfooiyWlgFjRMKHOkn/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2420 1490028479.83 1490028480.3 470 192.168.1.116 - 55505 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bDDWyOroIbNBiL3f/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2421 1490028672.16 1490028672.69 536 192.168.1.116 - 55506 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X9qtJmArGio9sOAdNC/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2422 1490028865.31 1490028865.79 481 192.168.1.116 - 55507 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W21Pe2gttGKMUhMsakXgsQBX2Yjg5ncE/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2423 1490029057.47 1490029057.94 474 192.168.1.116 - 55508 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v4LMJyqx8gz2NjqF/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2424 1490029250.61 1490029251.08 469 192.168.1.116 - 55509 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zQfyUp59F9ZdUbVd1GdI8Yiko79J7/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2425 1490029442.7 1490029443.17 468 192.168.1.116 - 55510 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CKf02cdCowtutDZB5TOjtzp/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2426 1490029634.82 1490029635.29 471 192.168.1.116 - 55511 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LmQktLEacD4yPbRx2Rc8xN/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2427 1490029826.96 1490029827.42 469 192.168.1.116 - 55512 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vjhCHdxy0qgFrVKUp7rlqOJy1X3w4q/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2428 1490030019.97 1490030020.44 471 192.168.1.116 - 55513 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K1WJ0v2LmfgG0LQo4y9/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2429 1490030212.09 1490030212.56 473 192.168.1.116 - 55514 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lZjAVYPRIIEIPurA/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2430 1490030404.4 1490030404.94 538 192.168.1.116 - 55515 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aMtBOicw46Hvo65f5G/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2431 1490030597.56 1490030598.93 1370 192.168.1.116 - 55516 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9REDEwydSf4woeatOfcDqNkOJmiVZl/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2432 1490030791.54 1490030792.01 476 192.168.1.116 - 55517 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TlFsBmYZI6arfUTGDu9YK0V9NfX9w2Q/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2433 1490030985.03 1490030986.74 1714 192.168.1.116 - 55518 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gyiB4xc80iiJe0s9KUD15himzHwxsD/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2434 1490031180.31 1490031180.78 470 192.168.1.116 - 55519 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yY8rLOK6u7RkP5ya5l7RsuGBAeBXY9D/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2435 1490031378.42 1490031379.83 1413 192.168.1.116 - 55520 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2436 1490031396.28 1490031397.7 1415 192.168.1.116 - 55521 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2437 1490031415.06 1490031415.53 467 192.168.1.116 - 55522 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2438 1490031434.8 1490031435.34 538 192.168.1.116 - 55523 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZPO9VyR46OoZRdbY9omEFz8SP6lR175/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2439 1490031626.97 1490031628.4 1424 192.168.1.116 - 55524 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2439 1490031635.97 1490031636.92 946 192.168.1.116 - 55524 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2439 1490031644.77 1490031645.23 468 192.168.1.116 - 55524 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PVzDOdsOQ6KinWwiXc4OkC3pL5n1/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2440 1490031838.33 1490031838.79 468 192.168.1.116 - 55525 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XAIENnoCGUwOfoot4cLhEfGMywx/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2441 1490032030.43 1490032031.86 1432 192.168.1.116 - 55526 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tg4OcM6NWSlFjnnSC/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2442 1490032224.5 1490032224.98 475 192.168.1.116 - 55527 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hz2Vpk9WYZLKDvapgF/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2443 1490032417.52 1490032418.0 473 192.168.1.116 - 55528 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zt4xclb02n8doerPKDlv/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2444 1490032609.85 1490032610.39 542 192.168.1.116 - 55529 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JuuxTsUfJcmWw9EgBhqUE8V9B4zHSsg/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2445 1490032802.01 1490032802.49 482 192.168.1.116 - 55530 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mDfeWFLJ1MUux7UpdPtStIwDUcu/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2446 1490032995.37 1490032995.91 537 192.168.1.116 - 55531 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0w7INJqB5wbG8ACA6azUP/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2447 1490033188.59 1490033189.08 483 192.168.1.116 - 55532 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5jzc630PcUkrT9JN4NqViBA6plVL1/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2448 1490033382.97 1490033384.61 1632 192.168.1.116 - 55533 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WsfchCGWKDulXG73NxlXU8C3LA3Ei/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2449 1490033577.18 1490033578.53 1351 192.168.1.116 - 55534 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xVfHlzcojDnCPgfOR/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2450 1490033771.17 1490033771.65 483 192.168.1.116 - 55535 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fVhWYfFcZgtdHWHYlXH9KNzzQQ/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2451 1490033963.32 1490033963.78 470 192.168.1.116 - 55536 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2451 1490033969.75 1490033971.13 1379 192.168.1.116 - 55536 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PL86OPIX7nxuDyM5O5HqJe/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2452 1490034162.79 1490034164.22 1434 192.168.1.116 - 55537 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lPdvui3n9inEGqTYQQuR4lc4Hpc0J4/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2453 1490034355.89 1490034356.42 538 192.168.1.116 - 55538 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HEJE4lmi6YS1HJM5THCiU4BNck31GU/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2454 1490034549.47 1490034550.04 570 192.168.1.116 - 55539 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RIlohbzzp7Cyd0bzAsKWdzLqJ1/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2455 1490034741.66 1490034742.14 484 192.168.1.116 - 55540 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TZjzoffPrMbVeTAFIf21Fqf0eR/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2456 1490034934.14 1490034934.75 607 192.168.1.116 - 55541 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2457 1490034935.59 1490034935.82 234 192.168.1.116 - 55542 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 2456 1490034936.07 1490034936.79 720 192.168.1.116 - 55541 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/BTHTcIH14MdS6WsqBO7Q/ 322 510 0 367 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2456 1490034937.31 1490034937.93 626 192.168.1.116 - 55541 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QYSOJTKTYRATWOGJ/1/ 223 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2458 1490034939.69 1490034940.3 610 192.168.1.116 - 55543 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2459 1490034943.08 1490034943.69 606 192.168.1.116 - 55544 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2460 1490034945.48 1490034946.09 612 192.168.1.116 - 55545 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2461 1490034947.87 1490034948.68 815 192.168.1.116 - 55546 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b613sHQBTP57jcyIFJoDV2W6/ 225 264 0 121 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2461 1490034949.16 1490034949.79 627 192.168.1.116 - 55546 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2461 1490034950.04 1490034950.72 677 192.168.1.116 - 55546 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/120120/1/ 213 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2462 1490034953.42 1490034954.03 606 192.168.1.116 - 55547 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/mailsearcher/start/c3VjY2Vzcw==// 234 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2463 1490035145.88 1490035146.59 710 192.168.1.116 - 55548 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tq6fmJuOrSrkjKg9iguMP0WiJYpmwAsI/ 233 278 0 135 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2463 1490035146.8 1490035147.57 767 192.168.1.116 - 55548 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/120286/1/ 213 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2464 1490035150.99 1490035151.61 623 192.168.1.116 - 55549 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/mailsearcher/StartSearch/c3VjY2Vzcw==// 240 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2465 1490035359.16 1490035359.8 636 192.168.1.116 - 55550 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rWuC8qzhF8wyv48BQD3sab4oSNkR6RF/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2466 1490035421.03 1490035432.59 11555 192.168.1.116 - 55551 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 11670 124 11351 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2467 1490035553.31 1490035553.88 574 192.168.1.116 - 55552 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1kienPmqvrNvHNgxwFv9c20CvqdSPIo/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2468 1490035586.54 1490035592.77 6229 192.168.1.116 - 55553 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 10926 124 10607 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2469 1490035750.75 1490035751.38 630 192.168.1.116 - 55554 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JnPJCfvdqZAt4DvXih9ohed/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2470 1490035895.01 1490035908.56 13554 192.168.1.116 - 55555 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 14628 124 14309 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2471 1490035917.95 1490035924.69 6740 192.168.1.116 - 55556 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 12850 124 12531 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2472 1490035934.67 1490035941.66 6989 192.168.1.116 - 55557 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 12842 124 12523 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2473 1490035943.73 1490035944.37 631 192.168.1.116 - 55558 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/piN95SiihNVGkOEAkh0W4TOx/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2474 1490035950.33 1490035954.96 4628 192.168.1.116 - 55559 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 12662 124 12343 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2475 1490035961.96 1490035970.64 8682 192.168.1.116 - 55560 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 12762 124 12443 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2476 1490036091.93 1490036096.84 4914 192.168.1.116 - 55561 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 13754 124 13435 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2477 1490036141.98 1490036142.55 570 192.168.1.116 - 55562 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1AfXZnwmRobtnGMr4MZNV6pXBu/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2478 1490036336.44 1490036337.01 568 192.168.1.116 - 55563 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RAD1bSkXlyUa2q3V0Rs2gt9JS2YJp/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2479 1490036532.04 1490036532.62 578 192.168.1.116 - 55564 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eKuuaFUiTlTlgkXbAU2a2xFgO6Fe/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2480 1490036730.69 1490036734.07 3378 192.168.1.116 - 55565 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4w6Oo2VHR9plEfQWDzrPF8aIZqC/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2481 1490036926.77 1490036927.37 607 192.168.1.116 - 55566 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/35jylPF8cPObC0HOnt79aGbxU/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2482 1490037122.96 1490037127.21 4256 192.168.1.116 - 55567 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2482 1490037136.59 1490037139.61 3018 192.168.1.116 - 55567 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2482 1490037146.79 1490037147.43 641 192.168.1.116 - 55567 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bhRdWaAyPr4YsShLZNSDlP/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2483 1490037340.38 1490037340.96 575 192.168.1.116 - 55568 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DjtxqEkrqaSiXFq2Sx0mcfZ2fGS/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2484 1490037537.97 1490037538.57 605 192.168.1.116 - 55569 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SHSAAsBmQtBNxBs7NRV/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2485 1490037735.13 1490037735.73 606 192.168.1.116 - 55570 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A13nEDjykyXcZ8qrXIDBM43naux/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2486 1490037929.05 1490037929.67 612 192.168.1.116 - 55571 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7AaSMT6vmSOs3wWFWkWzaJhBFFvtvl/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2487 1490038123.46 1490038124.06 607 192.168.1.116 - 55572 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VbfRbHavQu0LWZOrOuiMAZAx/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2488 1490038318.76 1490038319.38 615 192.168.1.116 - 55573 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NAplDg1lsstGm5wE78mOlTDokpZJp/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2489 1490038357.96 1490038362.17 4203 192.168.1.116 - 55574 201.232.32.124 443 https://201.232.32.124/147.32.83.56/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/send/ 12218 124 11899 0 233 110 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - POST 200 - - - - - - - CTU.238.1.Malicious 2490 1490038511.43 1490038512.04 609 192.168.1.116 - 55575 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x0ni8RAXljmyb46AhnYMHte/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2491 1490038704.0 1490038704.63 635 192.168.1.116 - 55576 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kmg4lEAErGM2e9aCCIMm7x8/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2492 1490038896.57 1490038897.14 575 192.168.1.116 - 55577 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O9EQIDFx8iEfwTRiuVfvVZCxcn1MveBA/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2493 1490039089.1 1490039090.85 1742 192.168.1.116 - 55578 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UNFjOaSBY7W2Vx9Uf5uI5r2pJMz/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2494 1490039282.96 1490039283.57 612 192.168.1.116 - 55579 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ncCXSSPpHimBMLGK4cWekGDR/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2495 1490039475.56 1490039476.19 629 192.168.1.116 - 55580 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oBtPG87Gp75tGJhZBsxD/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2496 1490039668.18 1490039668.75 576 192.168.1.116 - 55581 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gykIpbJZGJtw2xCOvOLfNibKu/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2497 1490039860.76 1490039861.38 615 192.168.1.116 - 55582 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n7bSqfJ3RsV7Wgi6iXBmR9GeX4PM5x/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2498 1490040053.34 1490040053.97 633 192.168.1.116 - 55583 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wk3Hq27L4snQib2Mz/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2499 1490040382.55 1490040383.12 570 192.168.1.116 - 55587 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2499 1490040383.57 1490040384.15 583 192.168.1.116 - 55587 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/Up0CRqYA0i5q4ArmshHWwUEt0l/ 330 516 0 373 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2499 1490040385.18 1490040385.71 527 192.168.1.116 - 55587 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/KUBMDJWEESCXFYXK/1/ 225 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2500 1490040387.35 1490040387.92 571 192.168.1.116 - 55588 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2501 1490040389.87 1490040390.45 580 192.168.1.116 - 55589 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2502 1490040392.43 1490040394.07 1637 192.168.1.116 - 55590 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2503 1490040395.73 1490040396.27 543 192.168.1.116 - 55591 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2503 1490040396.55 1490040397.14 593 192.168.1.116 - 55591 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gO1LVUA99RY5Udt8j/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2504 1490040588.96 1490040589.47 510 192.168.1.116 - 55592 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9R3ovRTFQyzUO6fNWJeDJAI/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2505 1490040781.28 1490040781.8 525 192.168.1.116 - 55593 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G3RGXkj94K0Qqgl95hLMbhNlqyZ/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2506 1490040973.61 1490040974.15 535 192.168.1.116 - 55594 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uozhbnkpuXNKOvGI2xSzgzBV1xKdV/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2507 1490041165.99 1490041166.52 526 192.168.1.116 - 55595 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NThaohdBuT9JuqzwIafueYu/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2508 1490041358.37 1490041358.89 512 192.168.1.116 - 55596 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ADQa8x5BvLlKr03AebGdfRjhsfFa/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2509 1490041550.68 1490041551.19 512 192.168.1.116 - 55597 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8VaeTZaHDOKsjZinOIJyFeVwIm1Va/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2510 1490041743.06 1490041743.58 526 192.168.1.116 - 55598 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GVyQwmRUpLIJob5VjiZ/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2511 1490041935.81 1490041936.41 609 192.168.1.116 - 55599 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 218 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2512 1490041940.01 1490041940.53 512 192.168.1.116 - 55600 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TRZrfJ0MhJgj3uXEcOFgJND2/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2513 1490042132.38 1490042132.93 548 192.168.1.116 - 55601 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QZiovnY1ALmvQpGIDpr8KohtlU/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2514 1490042324.83 1490042325.34 512 192.168.1.116 - 55602 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Py5DI9ZdMZWKKAsNEdYHy9/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2515 1490042517.18 1490042517.7 523 192.168.1.116 - 55603 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/em5xvEaDhLsZO0nG1n7if20P/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2516 1490042709.64 1490042711.19 1554 192.168.1.116 - 55604 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2516 1490042719.16 1490042720.3 1144 192.168.1.116 - 55604 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2516 1490042728.02 1490042728.56 538 192.168.1.116 - 55604 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b2ZjTQ99x5MiVmWjgMpcye0U1/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2517 1490042920.37 1490042920.91 541 192.168.1.116 - 55605 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bo3mD5ggJbeZsChDB9CvmylWanX2jUM/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2518 1490043112.84 1490043113.35 511 192.168.1.116 - 55606 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6DIV6FhZnnHEQrSKMN4T2ZF25u/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2519 1490043305.25 1490043305.77 514 192.168.1.116 - 55607 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WIW4n3h6SO5xqGfGnBa/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2520 1490043498.59 1490043499.1 511 192.168.1.116 - 55608 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pxHUs4nQ6px1D0tfgX/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2521 1490043690.96 1490043691.53 568 192.168.1.116 - 55609 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lV2OGl1vj3qqSAb4axzx/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2522 1490043883.38 1490043883.9 512 192.168.1.116 - 55610 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4wlf5Vl3zmrDPKQKkVWVFUc5W4f9/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2523 1490044075.68 1490044076.24 554 192.168.1.116 - 55611 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kpTOctsYEPf90OaPq3MKeb3P/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2524 1490044269.1 1490044269.61 517 192.168.1.116 - 55612 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PT78n9WbkhF6gJO1aKG4IGV/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2525 1490044462.5 1490044463.01 514 192.168.1.116 - 55613 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YVhWhd3XkhPAtLdeWNpjjFFQ2KaQPHB8/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2526 1490044654.86 1490044655.38 527 192.168.1.116 - 55614 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sgF2AVA9GuAkaCKWdZRvED/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2527 1490044847.23 1490044847.78 550 192.168.1.116 - 55615 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2527 1490044853.77 1490044854.38 610 192.168.1.116 - 55615 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N8TWErTipbpNVUa1qRs/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2528 1490045046.2 1490045046.73 532 192.168.1.116 - 55616 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C7iKQPo3jQUhNhrqfzO7/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2529 1490045238.61 1490045240.15 1537 192.168.1.116 - 55617 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IBZTVV46bzMYBbMFO7z6ZSOFe/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2530 1490045431.97 1490045432.49 519 192.168.1.116 - 55618 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NOue8tZbkCo3u71iU44d/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2531 1490045624.33 1490045624.84 507 192.168.1.116 - 55619 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3FtnZ2fZjNXZfcYsmk/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2532 1490045816.74 1490045817.31 571 192.168.1.116 - 55620 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2532 1490045817.62 1490045818.16 539 192.168.1.116 - 55620 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2NJ14mleOPEK8glvV/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2533 1490046016.01 1490046016.63 616 192.168.1.116 - 55621 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2534 1490046034.27 1490046034.82 547 192.168.1.116 - 55622 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2535 1490046051.49 1490046052.06 568 192.168.1.116 - 55623 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2536 1490046068.9 1490046069.42 520 192.168.1.116 - 55624 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BTYvlb4hvlpHQjvhsO1KQP1RyniQbpP3/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2537 1490046261.32 1490046261.84 522 192.168.1.116 - 55625 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oShwrxTGwO1clFkQGNn4dpuRwCu/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2538 1490046453.87 1490046454.41 543 192.168.1.116 - 55626 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VDvWfUcZJfiXsSHgW/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2539 1490046646.23 1490046646.75 519 192.168.1.116 - 55627 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jsEQemnZZVSgQfqNfRahce/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2540 1490046838.63 1490046839.17 540 192.168.1.116 - 55628 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/paNIYdv93LHHHNJfTlCn/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2541 1490047031.01 1490047031.55 535 192.168.1.116 - 55629 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vesPtW2dgi9KeFP6Ml6/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2542 1490047223.37 1490047223.88 514 192.168.1.116 - 55630 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gz0PYZI2kQwev2uVBGcmVw9CITS4IA5p/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2543 1490047415.72 1490047416.24 520 192.168.1.116 - 55631 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EumPwVsetvvAJWat4LbLYaDQdg/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2544 1490047608.11 1490047608.62 511 192.168.1.116 - 55632 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0C2lJTbKoxtQV6hNy44F/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2545 1490047801.97 1490047802.49 519 192.168.1.116 - 55633 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZqxfM7rihs4dT9Hj5cQIhnfjxLYK/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2546 1490047994.42 1490047994.95 525 192.168.1.116 - 55634 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dGroADXiGmIToiUhTYclbtT/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2547 1490048186.84 1490048188.41 1566 192.168.1.116 - 55635 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2547 1490048195.91 1490048197.02 1112 192.168.1.116 - 55635 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2547 1490048204.91 1490048205.51 602 192.168.1.116 - 55635 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uuZQzISfbBOngif2E3xpfxbjVn9/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2548 1490048397.41 1490048397.93 521 192.168.1.116 - 55636 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K4zrLWDW2R804QWNGx1aOmnj3BYzKVY/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2549 1490048589.8 1490048590.32 522 192.168.1.116 - 55637 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BAHbB7rdmJAb9T0Bcm5gXsKBN/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2550 1490048782.16 1490048782.68 522 192.168.1.116 - 55638 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9lpwSZ4dFw5KMwoG8v9cjoz1/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2551 1490048974.74 1490048975.32 585 192.168.1.116 - 55639 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WetXrDoj8P4cFS66TR5Md/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2552 1490049167.19 1490049167.76 569 192.168.1.116 - 55640 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I9f2VLO6ew3UjmTZhiS8Ddcn/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2553 1490049359.57 1490049360.13 564 192.168.1.116 - 55641 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/63KoJPLYwo2CKb8lmXy/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2554 1490049552.08 1490049552.61 523 192.168.1.116 - 55642 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7hPMcKrduYzM3mXH1VJInb/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2555 1490049744.49 1490049745.02 536 192.168.1.116 - 55643 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bWah6pSkA3oAd08VSdTPduX2/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2556 1490049936.86 1490049937.39 536 192.168.1.116 - 55644 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bAvS637422r544ccs2FWY0oCurKv9yW/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2557 1490050129.29 1490050129.83 540 192.168.1.116 - 55645 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2dcaJQ6otfBEXufYi9R9VLBI7714q0t/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2558 1490050321.67 1490050322.19 520 192.168.1.116 - 55646 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aB7svlTvr98iqG6N0wYmeMiWyk/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2559 1490050514.12 1490050514.64 520 192.168.1.116 - 55647 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3dnkgt7EAatzOaF9p/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2560 1490050706.44 1490050706.95 512 192.168.1.116 - 55648 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/htuVBopwxkZXDT0lJMdNiAwwLVd2/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2561 1490050898.87 1490050899.4 525 192.168.1.116 - 55649 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c2kXhHrhQqnKGYe34E1i/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2562 1490051091.24 1490051091.75 512 192.168.1.116 - 55650 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BopaKmU9vykPSVNr/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2563 1490051283.69 1490051284.26 574 192.168.1.116 - 55651 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2563 1490051284.52 1490051285.07 555 192.168.1.116 - 55651 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G6avtlvXhIHnYvl8tiA2bLWEqih3SwzD/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2564 1490051476.95 1490051477.47 521 192.168.1.116 - 55652 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/odJTMBfJVvcDAAPFXoHEwe6uJj/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2565 1490051669.31 1490051669.83 521 192.168.1.116 - 55653 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1DusYETQJfA8vIN6jXWCm/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2566 1490051861.66 1490051863.2 1539 192.168.1.116 - 55654 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VH8duIUAym0poq9KnrMai2qmmNFiSms/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2567 1490052055.17 1490052055.69 521 192.168.1.116 - 55655 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XtKROrffyYOGlW44ykkm3ItayAC4/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2568 1490052247.49 1490052248.01 523 192.168.1.116 - 55656 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DSAm5b4z7YeovYliAEKvpu4Kiy/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2569 1490052439.84 1490052440.35 511 192.168.1.116 - 55657 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MJmA3PP7Iq3zVGEt/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2570 1490052632.27 1490052632.81 538 192.168.1.116 - 55658 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lzk1IYuFQ3VVouN2gumPZCmjoTpgHq/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2571 1490052824.63 1490052825.15 519 192.168.1.116 - 55659 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g0apSr0eiOcn2X6pi/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2572 1490053018.04 1490053018.57 522 192.168.1.116 - 55660 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/osGnkNvdTu603ce9Prb3VlDi/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2573 1490053210.42 1490053211.02 599 192.168.1.116 - 55661 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uhdR3k5UfgvYAp4uJlZUSqHKLWP4UFw/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2574 1490053402.91 1490053403.45 545 192.168.1.116 - 55662 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0A9My8HfWfiZo1xul1zLEYZUXcLAS0/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2575 1490053595.3 1490053598.13 2831 192.168.1.116 - 55663 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2575 1490053605.91 1490053607.63 1719 192.168.1.116 - 55663 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2575 1490053614.78 1490053615.34 552 192.168.1.116 - 55663 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oPPZM6fqWS2zyY9H/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2576 1490053807.25 1490053807.82 571 192.168.1.116 - 55664 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AwxiZ5iLRU5z1r2RC2MflC8nzC/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2577 1490053999.69 1490054000.23 537 192.168.1.116 - 55665 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bNV20ZSe5h6Csd2fOjxMdZ/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2578 1490054192.16 1490054192.71 553 192.168.1.116 - 55666 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vr9KolHCG7UcND3ejIJKvQZjc/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2579 1490054384.63 1490054385.2 570 192.168.1.116 - 55667 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JLNAIZzol7rfAawRm3R2gcDQE/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2580 1490054577.2 1490054577.74 537 192.168.1.116 - 55668 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C75jXhFJmWdYrrogVRwgwvjN1Xqgd/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2581 1490054770.74 1490054771.32 575 192.168.1.116 - 55669 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QkAlr4TrclXpARJlYlDHjBru0m/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2582 1490054963.14 1490054963.68 535 192.168.1.116 - 55670 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zrX083NeM1Z55c8yzxsck/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2583 1490055156.75 1490055157.3 546 192.168.1.116 - 55671 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8F25ZIAQU3ryDves1Lc2uS9cT06/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2584 1490055349.32 1490055349.9 580 192.168.1.116 - 55672 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F6z8e8lxCsQNKXqhavVG76yHZlldO0O/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2585 1490055541.78 1490055542.31 523 192.168.1.116 - 55673 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L79kGAFdCmNxieI3/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2586 1490055734.14 1490055734.67 535 192.168.1.116 - 55674 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2586 1490055740.63 1490055741.26 630 192.168.1.116 - 55674 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GDWsQqad9s81pRr7cA8p/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2587 1490055933.26 1490055933.84 581 192.168.1.116 - 55675 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S0GfuKiE2QauW05Uh9eL08/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2588 1490056125.76 1490056126.34 589 192.168.1.116 - 55676 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D5d0xBFuFZtoBtwLMgYnapQPLA3V0Kp/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2589 1490056318.33 1490056318.89 569 192.168.1.116 - 55677 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q9kxHoDMfLuTZnPBqHmzhuzc1/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2590 1490056510.85 1490056511.46 611 192.168.1.116 - 55678 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gt6xygCBjblfosma70pqfLyZw5ChZP/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2591 1490056704.4 1490056704.98 580 192.168.1.116 - 55679 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2591 1490056705.23 1490056705.81 584 192.168.1.116 - 55679 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cm98GuTq9dmLADD3QvmQ/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2592 1490056897.69 1490056898.27 571 192.168.1.116 - 55680 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9MbPrBxibpVu1trCPptQ/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2593 1490057090.16 1490057090.72 559 192.168.1.116 - 55681 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NaxkoAkoqPYPTeKEuj8/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2594 1490057282.82 1490057283.39 568 192.168.1.116 - 55682 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FQgxaZDqTzBd2wDC0sif5yxS/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2595 1490057475.38 1490057475.99 605 192.168.1.116 - 55683 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JhxCPlXUSbBas31Doj/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2596 1490057668.08 1490057668.68 605 192.168.1.116 - 55684 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k19w3vvwqL2WB1QNGzZeBt80biW9ZU/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2597 1490057860.72 1490057861.35 627 192.168.1.116 - 55685 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3tnXQw1BmF94qGihxe/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2598 1490058053.24 1490058053.78 543 192.168.1.116 - 55686 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/229TyRFKRO9IGZl16Rm1ZYsKQ1rwVRs/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2599 1490058245.8 1490058246.41 609 192.168.1.116 - 55687 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jkk7aeYqANi5fT0N9p/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2600 1490058438.44 1490058439.04 605 192.168.1.116 - 55688 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tSIf8vApr6GH69pYHjZugWfeHFoCFRJ/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2601 1490058631.15 1490058631.76 613 192.168.1.116 - 55689 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5xH0ewJ6AR1asrjlUPpb5rn0qdnH/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2602 1490058823.71 1490058824.23 521 192.168.1.116 - 55690 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J6MCxyaoL0q8JYViRPDuNDJc7j/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2603 1490059016.09 1490059017.65 1562 192.168.1.116 - 55691 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32429 0 32288 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2603 1490059025.38 1490059026.5 1119 192.168.1.116 - 55691 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2603 1490059033.66 1490059034.21 553 192.168.1.116 - 55691 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FcYGczxYtabeVeMniZw/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2604 1490059226.08 1490059226.59 510 192.168.1.116 - 55692 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jzc8g2qub9m1M5HaYw77y/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2605 1490059418.56 1490059419.1 540 192.168.1.116 - 55693 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FrmQCbWGhHJh8EwhYa/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2606 1490059611.19 1490059611.8 611 192.168.1.116 - 55694 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3EtmflW3UZE2qPzj/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2607 1490059803.16 1490059803.54 378 192.168.1.116 - 55695 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2607 1490059803.8 1490059804.17 378 192.168.1.116 - 55695 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/v388iswTZIIEmude5FW0CqQB4Ott7I4/ 332 521 0 378 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2607 1490059804.81 1490059805.21 400 192.168.1.116 - 55695 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/JNRQCLTHZQADJXIS/1/ 222 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2608 1490059807.03 1490059807.53 505 192.168.1.116 - 55696 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2609 1490059808.8 1490059809.21 412 192.168.1.116 - 55697 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2610 1490059810.34 1490059810.72 381 192.168.1.116 - 55698 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2611 1490059811.8 1490059812.18 379 192.168.1.116 - 55699 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1UIxJnFr3t43wnEDc7xBrcPgPk76N0Fg/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2612 1490060003.45 1490060003.79 341 192.168.1.116 - 55700 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7z9PbzxKJFJ9aRhOq8f1BEqb/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2613 1490060195.15 1490060195.53 383 192.168.1.116 - 55701 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4PXKSxVREAjPR69ycTHXRsgDn9Yq9v/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2614 1490060386.82 1490060387.16 340 192.168.1.116 - 55702 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IHfjPy01L5O7j7Gi/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2615 1490060584.47 1490060584.84 368 192.168.1.116 - 55703 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2616 1490060600.92 1490060601.29 374 192.168.1.116 - 55704 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2617 1490060617.39 1490060617.77 380 192.168.1.116 - 55705 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2618 1490060633.94 1490060634.32 375 192.168.1.116 - 55706 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MnA2t8VrkJwCnJjZYL/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2619 1490060825.65 1490060826.02 374 192.168.1.116 - 55707 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/55PaD8TNEPIG89moGsidIgvtUPO/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2620 1490061017.31 1490061017.69 379 192.168.1.116 - 55708 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z1faeMgGmyUKaEShNPCPAfJSZTpQ2LX/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2621 1490061208.99 1490061209.32 334 192.168.1.116 - 55709 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jvhc9j1VorXbixKK8kCpK/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2622 1490061400.73 1490061401.16 432 192.168.1.116 - 55710 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dj0Gkp0ooL1xyNxEpn3g7MH8Gd/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2623 1490061592.68 1490061593.05 370 192.168.1.116 - 55711 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sl3rhO4mhP65mv9Pq3Q0Bf/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2624 1490061784.43 1490061784.8 368 192.168.1.116 - 55712 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4q8NZet0BWPDUeY5MPVp7yJEd/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2625 1490061976.03 1490061976.38 350 192.168.1.116 - 55713 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NyGmLkmEW6OcwiiO/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2626 1490062167.63 1490062168.0 371 192.168.1.116 - 55714 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2626 1490062168.26 1490062168.62 356 192.168.1.116 - 55714 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PI85ftvQrjh6Ibb9cKsp1/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2627 1490062359.92 1490062360.3 380 192.168.1.116 - 55715 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CWDFvcQSu7XRlYu93CWobonOOluRIW/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2628 1490062551.61 1490062551.98 375 192.168.1.116 - 55716 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i2KVJrJhbPd2e9rfHBT0OduXhT/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2629 1490062743.2 1490062743.54 334 192.168.1.116 - 55717 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G6p1BxRdSwyk0ySd7/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2630 1490062934.81 1490062935.15 340 192.168.1.116 - 55718 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3zcyPbRG0k8J3AoWR9XYpEJxUpGRso/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2631 1490063126.42 1490063126.76 343 192.168.1.116 - 55719 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8a4w93oFiwIknXp2RXqmqKH/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2632 1490063318.09 1490063318.46 374 192.168.1.116 - 55720 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9c7PkAlaPPOyXcCB5dB/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2633 1490063509.76 1490063510.13 368 192.168.1.116 - 55721 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0XtD8wiCuKM4NVGVMYxYiYpccn/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2634 1490063701.38 1490063701.75 369 192.168.1.116 - 55722 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MhCfhXNWwPwTkcNPewDdiVxFl5/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2635 1490063893.1 1490063893.46 369 192.168.1.116 - 55723 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TI5VTCPgdJlaGgzI1P6jm2jLgDgUP/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2636 1490064084.83 1490064085.21 374 192.168.1.116 - 55724 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5w0aULYT59AynN5hFjqniqEf5MYH/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2637 1490064276.53 1490064276.9 371 192.168.1.116 - 55725 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zahk3mZ5dija4Ol4BJ6Tr828tKmRET/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2638 1490064468.19 1490064469.22 1032 192.168.1.116 - 55726 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2638 1490064477.03 1490064477.76 725 192.168.1.116 - 55726 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2638 1490064484.92 1490064485.31 382 192.168.1.116 - 55726 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/scJVb0ifgUYZQ2H8tBgtJlGauKBVmY/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2639 1490064676.63 1490064677.01 379 192.168.1.116 - 55727 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SqBDtRnztCoijtkehjFZg/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2640 1490064868.38 1490064868.75 366 192.168.1.116 - 55728 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OlAAw8iPZ45lWftsoxrCJVY/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2641 1490065060.12 1490065060.55 435 192.168.1.116 - 55729 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aGz5oy4nMGthEId1/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2642 1490065251.9 1490065252.25 350 192.168.1.116 - 55730 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X04AhE0xZkckG36jncdQ/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2643 1490065443.53 1490065443.92 382 192.168.1.116 - 55731 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2ahjS0kesH6kcgkUFmwLk/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2644 1490065635.17 1490065635.51 342 192.168.1.116 - 55732 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xczEfNjBG3MAId2l6xJ/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2645 1490065826.79 1490065827.13 334 192.168.1.116 - 55733 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z8iG07ZYHk0lMyp6iGr/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2646 1490066018.44 1490066018.81 373 192.168.1.116 - 55734 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/amxIqVhG0F10Xcb6gKx5OI/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2647 1490066210.12 1490066210.49 370 192.168.1.116 - 55735 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dRzBqU5XqgZyEtqXxjnEI4iV8/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2648 1490066402.76 1490066403.14 378 192.168.1.116 - 55736 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fv1R219FYR3SdfGUNlXnD3w/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2649 1490066595.66 1490066596.38 720 192.168.1.116 - 55737 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2649 1490066602.34 1490066603.82 1484 192.168.1.116 - 55737 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CReBhu9XXbpE2dLHPU/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2650 1490066795.19 1490066795.56 378 192.168.1.116 - 55738 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xbzXE3j802YHEvqHRURSnvb8N/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2651 1490066986.84 1490066987.22 377 192.168.1.116 - 55739 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3DuB2xSiIEKxxB1kOE1YedlqrIdmM/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2652 1490067178.49 1490067178.86 372 192.168.1.116 - 55740 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zwp5UyiTridG9FOoQdN/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2653 1490067370.62 1490067371.2 585 192.168.1.116 - 55741 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eSVsI1VucdX2vmbredniw/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2654 1490067562.48 1490067562.86 378 192.168.1.116 - 55742 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4GWdxnu3WNDOCktV3lnvLiqPKd0r/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2655 1490067754.08 1490067755.32 1240 192.168.1.116 - 55743 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2655 1490067755.58 1490067755.92 347 192.168.1.116 - 55743 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6GkYkO7GOwBObCS49GdJSN70PXhD1Gi/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2656 1490067947.23 1490067947.61 375 192.168.1.116 - 55744 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cY2sF5Rw26ptWjBFjbZrVx/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2657 1490068138.85 1490068139.25 401 192.168.1.116 - 55745 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mCjRRvoX8W8lEYpknSlAxb/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2658 1490068330.63 1490068331.02 394 192.168.1.116 - 55746 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mgJcsvMLU4jJkLkG7fWrasSkjK/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2659 1490068522.34 1490068522.71 373 192.168.1.116 - 55747 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tJAlElmNZx1hjhkUvmvUjBv/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2660 1490068714.17 1490068714.55 373 192.168.1.116 - 55748 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t70zarmfJX1az0cEWBaIK7P/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2661 1490068906.46 1490068906.8 340 192.168.1.116 - 55749 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1IGISE7uEVoi9Laiez1HN7yf/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2662 1490069098.07 1490069098.4 334 192.168.1.116 - 55750 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z1Z2Oq9R0FwFxbGfRPQJCM5sS4g/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2663 1490069289.72 1490069290.1 372 192.168.1.116 - 55751 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RqGvne6DNVxHdIKSPV/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2664 1490069483.57 1490069484.68 1108 192.168.1.116 - 55752 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OYORUBwMHA3H1BTY92JbOj6tV/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2665 1490069675.95 1490069676.32 371 192.168.1.116 - 55753 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G03qeRpbHqlLtWzNIieAixU9G/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2666 1490069867.66 1490069868.04 381 192.168.1.116 - 55754 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7LYstiSiXJWZJmYnDvwVRt6jEdEI/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2667 1490070059.86 1490070061.0 1147 192.168.1.116 - 55755 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2667 1490070068.55 1490070069.55 1000 192.168.1.116 - 55755 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2667 1490070076.82 1490070077.46 640 192.168.1.116 - 55755 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EnTQltUk00rtXSGLOxNMs8fQ4RqXMkI/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2668 1490070268.82 1490070269.19 366 192.168.1.116 - 55756 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ME5oUNNlysDYCdTgzz/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2669 1490070461.61 1490070462.72 1107 192.168.1.116 - 55757 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9YBtqoZb2ptZSnVyRjxeRq3BTfP/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2670 1490070654.2 1490070654.57 366 192.168.1.116 - 55758 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/55KOyD8yRe0DgJ5t7xzANTUVc/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2671 1490070846.15 1490070846.59 436 192.168.1.116 - 55759 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2672 1490070847.77 1490070848.18 410 192.168.1.116 - 55760 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NyDwn4aCgfu8hRa9Jc4Vg6/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2673 1490071039.57 1490071039.94 376 192.168.1.116 - 55761 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1TOZpo3LkJGOL5Eok/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2674 1490071231.11 1490071232.29 1175 192.168.1.116 - 55762 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zCeixQWS5BRWDpo4sLuwG486RSE2U/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2675 1490071423.78 1490071424.2 414 192.168.1.116 - 55763 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bICO3c9nEpSIVsREiLgXx/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2676 1490071615.43 1490071615.76 336 192.168.1.116 - 55764 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CxvbfR32F3pXNQBZAu0/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2677 1490071807.24 1490071807.68 433 192.168.1.116 - 55765 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qL6IhtNc1BwQGzjg/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2678 1490071999.13 1490071999.62 489 192.168.1.116 - 55766 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AZJSl2jLxE26ZED2Qx9RZUEMWnlq9FKo/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2679 1490072191.1 1490072191.51 410 192.168.1.116 - 55767 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0u4Zc0CJos7Ry99QghcWTgQ1IMnsp5/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2680 1490072382.77 1490072383.09 321 192.168.1.116 - 55768 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LOE2CUdJZtmMBsiZJLRjxL2CI9L60z/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2681 1490072574.41 1490072574.78 368 192.168.1.116 - 55769 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zOGzLokwnQNA1OIWtOpJj1Gs/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2682 1490072766.03 1490072766.37 336 192.168.1.116 - 55770 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iv48tsTVnQjW48L1s0M/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2683 1490072957.71 1490072958.09 379 192.168.1.116 - 55771 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8AqV2Sz9o3wBnZlsok7kLdK302/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2684 1490073149.47 1490073149.84 370 192.168.1.116 - 55772 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CYzWKt7T7Rt00OAxDs/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2685 1490073341.05 1490073341.39 342 192.168.1.116 - 55773 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2685 1490073341.66 1490073341.99 334 192.168.1.116 - 55773 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LaKq7L9IYOYjAp8aOjj0wHKnuh22LhRo/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2686 1490073533.31 1490073533.69 378 192.168.1.116 - 55774 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7LMs2ulJeIXngjgqkYKc9lwk/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2687 1490073725.02 1490073725.43 409 192.168.1.116 - 55775 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/25s9IyPPo1HMqjiPNLWbticTlW4/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2688 1490073916.77 1490073917.15 381 192.168.1.116 - 55776 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oSTDO9Bnh7hHmlir1iPn7JNhSl6s1Ec/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2689 1490074108.56 1490074108.97 405 192.168.1.116 - 55777 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i9nNEuuiUw4OVON5wKAd/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2690 1490074300.35 1490074300.72 366 192.168.1.116 - 55778 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZD3lXjEDRr5DTWYRNaXxkC5W6HaYL/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2691 1490074492.48 1490074492.95 469 192.168.1.116 - 55779 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6Ga9o1PY3tWiM001F4U0NmvSXQ0FuF/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2692 1490074684.31 1490074684.71 400 192.168.1.116 - 55780 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jaIEi7SOhbMny8CTDGO4OthZkA9Y1g/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2693 1490074876.47 1490074876.91 438 192.168.1.116 - 55781 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LvGFmE8F6qQ4RhmNk9fN/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2694 1490075074.39 1490075075.17 781 192.168.1.116 - 55782 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2695 1490075091.25 1490075091.62 369 192.168.1.116 - 55783 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2696 1490075107.82 1490075108.23 409 192.168.1.116 - 55784 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2697 1490075124.4 1490075124.79 384 192.168.1.116 - 55785 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5EYfR91p8DX1jXENb3zmObB9fX/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2698 1490075316.15 1490075316.53 377 192.168.1.116 - 55786 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cm3aGKEBjuOLApvhsw/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2699 1490075507.77 1490075508.74 972 192.168.1.116 - 55787 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32429 0 32288 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2699 1490075516.45 1490075517.41 952 192.168.1.116 - 55787 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2699 1490075524.51 1490075525.0 492 192.168.1.116 - 55787 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0Go8E4MYRngYzkuvB7qZsQ7rjZ/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2700 1490075716.28 1490075716.66 379 192.168.1.116 - 55788 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZfG7J2LOXWzJzmSPciynbpv9/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2701 1490075907.94 1490075908.31 372 192.168.1.116 - 55789 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zuqSjojZqQNIi8V19u6eOPkq6n/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2702 1490076099.84 1490076100.25 410 192.168.1.116 - 55790 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CLLV1GTaGsL0gBhxHLrTEjgv00gpv/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2703 1490076291.61 1490076292.99 1379 192.168.1.116 - 55791 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zm0yD2dPbTUaSuR8sA48yCbW0q2HOrI/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2704 1490076484.2 1490076484.54 339 192.168.1.116 - 55792 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WOJwXu9LiTuIelAM56wmz9K/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2705 1490076675.85 1490076676.23 380 192.168.1.116 - 55793 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QDkpHBecGrwtPuwBYr/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2706 1490076867.64 1490076868.05 406 192.168.1.116 - 55794 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nxNziwhGR8su9SFej/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2707 1490077059.39 1490077059.76 372 192.168.1.116 - 55795 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fT5nkjUcr5GJGqvfh/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2708 1490077251.17 1490077251.61 434 192.168.1.116 - 55796 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ErDpBEU35Qxn0UH0CX0Xm/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2709 1490077443.01 1490077443.42 413 192.168.1.116 - 55797 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2709 1490077449.38 1490077449.8 418 192.168.1.116 - 55797 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cFDcY3jamNDHEsBMChIUqyF3khlgFtq/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2710 1490077641.22 1490077641.63 412 192.168.1.116 - 55798 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BFVWK6x4gRe0NXgXcbJm/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2711 1490077832.93 1490077833.3 371 192.168.1.116 - 55799 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B3z3JrMYnmX70CZleC/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2712 1490078024.64 1490078025.01 372 192.168.1.116 - 55800 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MbFMHmcF2louL4sMegka2PtpN/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2713 1490078216.37 1490078216.81 435 192.168.1.116 - 55801 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v7VvjXE7tjwNOp4x9QNRtExCsBDkE/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2714 1490078408.16 1490078408.54 380 192.168.1.116 - 55802 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nznTnoBgA1XUQ6jn/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2715 1490078599.99 1490078600.39 403 192.168.1.116 - 55803 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FBrdgYOn48zJw8gY/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2716 1490078791.64 1490078792.07 434 192.168.1.116 - 55804 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2716 1490078792.34 1490078792.85 510 192.168.1.116 - 55804 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5bhDGrSQHDJvay8DacebWaOnrjPC9WTm/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2717 1490078984.36 1490078984.78 422 192.168.1.116 - 55805 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2mKPa3NBJwNEmU89u/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2718 1490079175.18 1490079175.26 78 192.168.1.116 - 55806 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2719 1490079176.7 1490079176.94 238 192.168.1.116 - 55807 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 2718 1490079177.14 1490079177.25 111 192.168.1.116 - 55806 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/EYDPzvu0MRVzuckRv3gmvdZAT/ 327 515 0 372 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2718 1490079177.82 1490079177.89 74 192.168.1.116 - 55806 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/DZXZWEDAZYRMNW/1/ 221 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2720 1490079179.05 1490079179.18 132 192.168.1.116 - 55808 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2721 1490079180.35 1490079180.42 70 192.168.1.116 - 55809 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2722 1490079181.57 1490079181.68 104 192.168.1.116 - 55810 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2723 1490079182.83 1490079182.9 71 192.168.1.116 - 55811 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7nNrCPD6kzRaALE7bRhIwt5GANQqCQZ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2724 1490079373.29 1490079373.37 78 192.168.1.116 - 55812 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OwFPu5rOroeMV8BM4TH/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2725 1490079563.77 1490079563.85 75 192.168.1.116 - 55813 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6ZGUKUbOcZcYDsqiqKCT/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2726 1490079754.27 1490079754.34 73 192.168.1.116 - 55814 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0hE5zg4d5uZs9rP6gCrj0yEKN/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2727 1490079944.72 1490079944.8 76 192.168.1.116 - 55815 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dwKkuVLtN5Qvr3AdYK3IL85ak47Rv/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2728 1490080135.18 1490080135.25 70 192.168.1.116 - 55816 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sgpQBrGvifgRIsQ0i6Xlaq7aQEMv/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2729 1490080325.63 1490080325.7 72 192.168.1.116 - 55817 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BFkygi9OieXg2omrsNh/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2730 1490080516.08 1490080516.15 72 192.168.1.116 - 55818 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zZeObbX38EH9BqvLMxinKeBv0/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2731 1490080706.56 1490080706.63 73 192.168.1.116 - 55819 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/smZPDPYUB3zdWxQBl/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2732 1490080897.0 1490080897.07 76 192.168.1.116 - 55820 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mvWNk1Nf2t6GjaK7QhcG8Li1F5YoGmH/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2733 1490081087.45 1490081087.6 149 192.168.1.116 - 55821 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2733 1490081095.31 1490081095.42 118 192.168.1.116 - 55821 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2733 1490081103.1 1490081103.18 88 192.168.1.116 - 55821 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3OPgjfxvbX5WVzZ7O/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2734 1490081293.59 1490081293.66 73 192.168.1.116 - 55822 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6p8wpxIfgclrzli3/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2735 1490081484.04 1490081484.13 86 192.168.1.116 - 55823 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/faQsJj6sWwZAKqhOgvyLkD9O/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2736 1490081674.5 1490081674.57 73 192.168.1.116 - 55824 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3a5N2pc7VpMRwHKY5gNgTU/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2737 1490081864.94 1490081865.02 78 192.168.1.116 - 55825 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OqSM2c3e4GAiSOd3M4o/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2738 1490082055.44 1490082055.51 72 192.168.1.116 - 55826 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E0pIoRLgmbYF7Wg7kTeh9kjU/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2739 1490082245.87 1490082245.95 73 192.168.1.116 - 55827 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2USNO0KW31ye8sneq8EgfhZcY/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2740 1490082436.36 1490082436.44 80 192.168.1.116 - 55828 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oStEC8yL1pjug1Xhd2KNf9/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2741 1490082626.87 1490082626.94 72 192.168.1.116 - 55829 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UPYVrKrwfA4grqz5DOStCP/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2742 1490082817.32 1490082817.4 77 192.168.1.116 - 55830 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BeQ7I7rZqLAHtjmYbDtd97e/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2743 1490083007.8 1490083008.11 314 192.168.1.116 - 55831 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5cbijKCadiT7NlkaW0J9HAz6HEb/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2744 1490083198.5 1490083198.57 71 192.168.1.116 - 55832 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vi27W4gbFZU2llpRV/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2745 1490083388.97 1490083389.04 70 192.168.1.116 - 55833 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nlcGYU9nhsX5L9kd91hedNwPqXscY/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2746 1490083579.48 1490083579.55 71 192.168.1.116 - 55834 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/APGWvu7qY1Mcr98hMhJhLQKoyd6l1i/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2747 1490083769.96 1490083770.04 77 192.168.1.116 - 55835 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wvSZi0lfLCxfxvKuseNWhyRDw/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2748 1490083960.41 1490083960.5 81 192.168.1.116 - 55836 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GGncOv7SSL5LgJpnYzt/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2749 1490084150.91 1490084150.98 73 192.168.1.116 - 55837 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z6c402SuobqobZ5P7u/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2750 1490084341.35 1490084341.48 132 192.168.1.116 - 55838 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2750 1490084341.74 1490084341.82 89 192.168.1.116 - 55838 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oHLFYd4XBE756X5xP5PrH6/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2751 1490084532.19 1490084532.27 72 192.168.1.116 - 55839 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gKxVF9q9GKkqwvPAZJTfqGnz5/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2752 1490084722.67 1490084722.74 72 192.168.1.116 - 55840 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ykpVHu2QObVClwX0/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2753 1490084913.13 1490084913.2 72 192.168.1.116 - 55841 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nd1Go9egkhqLSDz9L/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2754 1490085103.6 1490085103.68 73 192.168.1.116 - 55842 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CME4DujFBWyusS42v5P/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2755 1490085294.04 1490085294.11 72 192.168.1.116 - 55843 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GcjaX9gyMFwEM104p8fxS6/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2756 1490085484.55 1490085484.63 83 192.168.1.116 - 55844 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5axIi1pk7OIhOviH/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2757 1490085675.0 1490085675.31 307 192.168.1.116 - 55845 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/970JnRK01wKOl0oKoVa61RdPKVRLpYM/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2758 1490085865.7 1490085865.78 75 192.168.1.116 - 55846 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Myg66pgy6Vqm4lGdp/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2759 1490086056.33 1490086056.64 311 192.168.1.116 - 55847 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i60MncOmR8zCQ2WhKbJO3/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2760 1490086247.07 1490086247.15 74 192.168.1.116 - 55848 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UH6eIuIY15cRqbQk3vPjvC/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2761 1490086437.75 1490086437.82 67 192.168.1.116 - 55849 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZIV1mgPpfdQbY6zLpIX/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2762 1490086628.22 1490086628.37 150 192.168.1.116 - 55850 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2762 1490086635.9 1490086636.06 163 192.168.1.116 - 55850 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2762 1490086643.8 1490086643.88 79 192.168.1.116 - 55850 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kKEiG96A8mzymJygv7h55MC0IPv96/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2763 1490086834.26 1490086834.33 72 192.168.1.116 - 55851 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CGyJNHhYZCVNo8FujSPElyE5/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2764 1490087024.71 1490087024.78 70 192.168.1.116 - 55852 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sutZMzaGXKkhIJLU9NqT8vK0jHauCfU/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2765 1490087215.17 1490087215.26 88 192.168.1.116 - 55853 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ac8gU0Yk5yB4I2tkPgYQ3YYPGoS/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2766 1490087405.63 1490087405.71 78 192.168.1.116 - 55854 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7UJwtdSvirh6ML99u/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2767 1490087596.51 1490087596.58 74 192.168.1.116 - 55855 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/msd0l26lle8z4nYqP/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2768 1490087786.99 1490087787.06 73 192.168.1.116 - 55856 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sx4miClGVyVykDBOl/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2769 1490087977.48 1490087977.55 73 192.168.1.116 - 55857 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dQuhkzfUR3sEmsoFY3dZaoz9zpNEQ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2770 1490088167.92 1490088168.0 75 192.168.1.116 - 55858 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0Gh6BOsFshZQTebOoNwP/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2771 1490088358.56 1490088358.63 66 192.168.1.116 - 55859 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2771 1490088364.59 1490088364.67 81 192.168.1.116 - 55859 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mRhX8jEw4o18egYtRigESFS/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2772 1490088555.08 1490088555.16 79 192.168.1.116 - 55860 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/foS8cu7NI3VKpmeDG/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2773 1490088745.56 1490088745.64 78 192.168.1.116 - 55861 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TmI1r1rXAzb6t65SO6HOccnU/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2774 1490088936.03 1490088936.1 75 192.168.1.116 - 55862 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qkQzgfGCN2GRuN4bQIN/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2775 1490089126.52 1490089126.6 74 192.168.1.116 - 55863 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WIZCciyJBmIWN6eNXotzlQr4pFjgz54y/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2776 1490089317.02 1490089317.09 73 192.168.1.116 - 55864 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qGeYZvbwdNcDj3hfBFbGepHI2r8jfJRI/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2777 1490089507.49 1490089507.57 77 192.168.1.116 - 55865 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1zf63eVBQb38mgCbQL94oM/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2778 1490089704.01 1490089704.12 112 192.168.1.116 - 55866 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2779 1490089720.32 1490089720.43 108 192.168.1.116 - 55867 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2780 1490089735.64 1490089735.71 79 192.168.1.116 - 55868 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2781 1490089750.94 1490089751.02 80 192.168.1.116 - 55869 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2781 1490089751.28 1490089751.37 86 192.168.1.116 - 55869 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L57QOHGXqT1m0DXfck/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2782 1490089941.78 1490089941.86 73 192.168.1.116 - 55870 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pvZL0T2OExyYUzEpst29lZptMGmzY/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2783 1490090132.25 1490090132.32 71 192.168.1.116 - 55871 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w7Bezczc4bq9nfaG/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2784 1490090322.73 1490090322.8 75 192.168.1.116 - 55872 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w37Cki0DZ7Nc9FQne/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2785 1490090513.22 1490090513.3 75 192.168.1.116 - 55873 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fifc2tXLKWSZPcwFvk7ObA/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2786 1490090703.76 1490090703.84 79 192.168.1.116 - 55874 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X3lYGbiYG6udZeMo/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2787 1490090894.27 1490090894.35 80 192.168.1.116 - 55875 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F1qxUgEqF1zllpEF/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2788 1490091084.73 1490091084.8 76 192.168.1.116 - 55876 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WOam7lGBULzDpztE0rAP/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2789 1490091275.22 1490091275.31 89 192.168.1.116 - 55877 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9s84la7HrThS7aaQaLkfpPLdbR/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2790 1490091465.72 1490091465.8 75 192.168.1.116 - 55878 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QoyueX1AC89h927xsryN6/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2791 1490091656.2 1490091656.3 103 192.168.1.116 - 55879 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k8OMDQDbv0z851Qfb13tzJ7QFq/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2792 1490091846.71 1490091846.79 71 192.168.1.116 - 55880 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QQtZjLMuLhCwuhIg35AgFZSw69/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2793 1490092037.15 1490092037.29 140 192.168.1.116 - 55881 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2793 1490092044.65 1490092044.76 117 192.168.1.116 - 55881 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2793 1490092052.47 1490092052.55 80 192.168.1.116 - 55881 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rjLUecRByA5iZ4Htw8VDrEgnkN/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2794 1490092243.0 1490092243.07 71 192.168.1.116 - 55882 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a4jiv6p7VvJGRT3x/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2795 1490092433.45 1490092433.53 74 192.168.1.116 - 55883 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fYcZwtIzWrHsx5Q47MYmIfDeXV/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2796 1490092623.93 1490092624.21 278 192.168.1.116 - 55884 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pp4Uar3x1mjbJwqZ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2797 1490092814.6 1490092814.67 70 192.168.1.116 - 55885 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zBVZzucIM1MPVl2zDwkg/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2798 1490093005.08 1490093005.16 78 192.168.1.116 - 55886 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KjePp1DnEUUmXxDQoWCnyQkC8ODr6zk/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2799 1490093195.57 1490093195.67 108 192.168.1.116 - 55887 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7mQuAFWa408pADYPcONEL1xoDzTZ/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2800 1490093386.06 1490093386.13 72 192.168.1.116 - 55888 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hwbeR3PRHWDUS7DTkUMqGF/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2801 1490093576.63 1490093576.71 80 192.168.1.116 - 55889 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kzkpZ6qhx0uRmzJcfFMIXBcAYuLv/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2802 1490093767.11 1490093767.18 66 192.168.1.116 - 55890 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cUKZIhaJbWCNKebl8gL62YssRQMH/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2803 1490093957.61 1490093957.68 76 192.168.1.116 - 55891 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J8EwLYSAqGbBs94ia5wZD/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2804 1490094148.09 1490094148.17 79 192.168.1.116 - 55892 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jB3laVxAp6ytX7hxlW0sW4R8nTT76/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2805 1490094338.62 1490094338.69 72 192.168.1.116 - 55893 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dJNVfcM0nycjLpVW8/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2806 1490094529.1 1490094529.2 94 192.168.1.116 - 55894 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DzzhGxpL74zI8IK3ZudxLceGHYkx/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2807 1490094719.61 1490094719.69 74 192.168.1.116 - 55895 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SJBisvQUvq4MfiXrDJFecX2iQO6p/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2808 1490094910.07 1490094910.15 76 192.168.1.116 - 55896 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V6vBaiThsWO2P95h6c/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2809 1490095100.57 1490095100.65 80 192.168.1.116 - 55897 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8C3fzNYfxz7PhiScwtoQi/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2810 1490095291.09 1490095291.22 129 192.168.1.116 - 55898 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2810 1490095291.48 1490095291.56 78 192.168.1.116 - 55898 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DbW2DxV0rslrqTNWkY9cWfskOYeEElYB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2811 1490095482.25 1490095482.32 74 192.168.1.116 - 55899 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/17Rne2G7FTDC9jDGh9/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2812 1490095672.85 1490095672.93 81 192.168.1.116 - 55900 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dCAIwVhlNGzgA7I9adF3FQKJfwAT/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2813 1490095863.36 1490095863.45 86 192.168.1.116 - 55901 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UBgk8a51ssEFZgDczT/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2814 1490096053.82 1490096053.89 73 192.168.1.116 - 55902 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L744Jvv7jMI4SZUoluVct2F3heQXJ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2815 1490096244.26 1490096244.34 73 192.168.1.116 - 55903 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hn6CK3mwpxhmYllCsymm6o/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2816 1490096434.71 1490096434.78 70 192.168.1.116 - 55904 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xxtLKrv0Ra44O9D6GGOSUEOOnF/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2817 1490096625.15 1490096625.23 75 192.168.1.116 - 55905 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cTzCqGGj0pOgQLmL84/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2818 1490096815.66 1490096815.74 79 192.168.1.116 - 55906 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/meLykCAQEzOaRI4yFhkSjdHJ9k9aPwX/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2819 1490097006.17 1490097006.24 75 192.168.1.116 - 55907 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XHno6kMZckBPPWVH0OJONSgieY8JvmQE/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2820 1490097196.66 1490097196.74 86 192.168.1.116 - 55908 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HKipg2utF1NGDiyVzVautw0WTAvD/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2821 1490097387.13 1490097387.2 71 192.168.1.116 - 55909 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oCkvqeWE2ZQ3MCz0Oslw21q/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2822 1490097577.61 1490097577.73 112 192.168.1.116 - 55910 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32429 0 32288 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2822 1490097585.41 1490097585.54 125 192.168.1.116 - 55910 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2822 1490097593.26 1490097593.33 75 192.168.1.116 - 55910 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pta6GizjWgFlCS7TBLO1yDQLf/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2823 1490097783.75 1490097783.82 71 192.168.1.116 - 55911 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yFyyCHtS0CXW0DFOmOz/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2824 1490097974.19 1490097974.27 75 192.168.1.116 - 55912 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5H93bxhtCwTGz8oXfnK/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2825 1490098164.67 1490098164.75 74 192.168.1.116 - 55913 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EJ2ODRPybgOvmk7hTLe/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2826 1490098356.84 1490098357.49 644 192.168.1.116 - 55914 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2826 1490098357.71 1490098358.42 713 192.168.1.116 - 55914 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/hUPIAh1fNKAKugmHwTrRP/ 324 511 0 368 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2826 1490098358.92 1490098359.53 612 192.168.1.116 - 55914 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/MIRSZIROQO/1/ 218 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2827 1490098362.31 1490098362.95 637 192.168.1.116 - 55915 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2828 1490098365.74 1490098366.41 672 192.168.1.116 - 55916 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2829 1490098368.2 1490098368.84 639 192.168.1.116 - 55917 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2830 1490098370.65 1490098371.46 805 192.168.1.116 - 55918 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dm51ouNPueTUQq9NHZ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2831 1490098563.49 1490098564.1 611 192.168.1.116 - 55919 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yCuiR7My3PKRTBufRJE0am/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2832 1490098756.13 1490098756.75 613 192.168.1.116 - 55920 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FgNtIBr1srEPdf40JZ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2833 1490098948.69 1490098949.33 635 192.168.1.116 - 55921 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hi0cViWze3FPofIRpT7ztJ6Qo9gsxky/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2834 1490099143.11 1490099143.72 612 192.168.1.116 - 55922 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uq30EMHu5yitgXa3y0H05tGFs8z657/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2835 1490099335.79 1490099336.4 606 192.168.1.116 - 55923 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2835 1490099342.36 1490099343.01 647 192.168.1.116 - 55923 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SMJy9PSZBmLbH53YecY0SeLwxb1KMvzx/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2836 1490099534.92 1490099535.49 570 192.168.1.116 - 55924 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQSiYgvoimISJvzUaBuLqdxsoJxoVYT/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2837 1490099727.74 1490099728.35 614 192.168.1.116 - 55925 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2838 1490099731.12 1490099731.73 610 192.168.1.116 - 55926 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZCZn1NjBCJM9iQYu3p4/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2839 1490099923.95 1490099924.55 605 192.168.1.116 - 55927 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vf7lmxgBK6rF6mazZNOtoWOlADioS/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2840 1490100116.55 1490100117.16 607 192.168.1.116 - 55928 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wEttEnYfXNPl44WPd/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2841 1490100309.18 1490100309.79 604 192.168.1.116 - 55929 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JspzqAqBljVMnw4ICPpJ2s/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2842 1490100501.77 1490100502.41 634 192.168.1.116 - 55930 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4fNEp7EKw6RW3fuGiiZH6VYAN/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2843 1490100694.39 1490100695.0 606 192.168.1.116 - 55931 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2843 1490100695.26 1490100695.88 621 192.168.1.116 - 55931 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BHZw7wJRRfZo8YEOW/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2844 1490100887.96 1490100888.57 608 192.168.1.116 - 55932 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oLup8uQhvSZRKRKcDOWe52YVDbTZ/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2845 1490101080.61 1490101081.23 614 192.168.1.116 - 55933 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8uXwFybbLprYO98CCJluUu/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2846 1490101273.28 1490101273.89 605 192.168.1.116 - 55934 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wHBwffB79t4m2Tn1ISPiVdPZlo2D/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2847 1490101465.93 1490101466.54 611 192.168.1.116 - 55935 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3u3QYmjHAYxAggjpVRW3zduVinStmRGR/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2848 1490101658.57 1490101659.19 618 192.168.1.116 - 55936 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/18attta4Epq7xpiIn5cm6qPd/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2849 1490101851.24 1490101851.85 609 192.168.1.116 - 55937 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7OK1v6H1lvyckJIcWTSFjJdb9gq/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2850 1490102043.81 1490102044.44 624 192.168.1.116 - 55938 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DnhrmXIw0uZadMccpR61Ll7u/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2851 1490102236.48 1490102237.09 605 192.168.1.116 - 55939 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PgrFPlvQV87mX8q7m280lFDSagY5xB/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2852 1490102430.84 1490102431.45 608 192.168.1.116 - 55940 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yX4yKRrJE24cR310XowSAWVDE/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2853 1490102623.53 1490102624.14 607 192.168.1.116 - 55941 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4c5AmuUtGeRLWVYZ1R6B9jP/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2854 1490102816.18 1490102816.79 605 192.168.1.116 - 55942 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xBMPY3X6G0gVHO9Q7O8coxC/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2855 1490103008.8 1490103010.59 1790 192.168.1.116 - 55943 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2855 1490103018.34 1490103019.57 1234 192.168.1.116 - 55943 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2855 1490103027.32 1490103027.95 631 192.168.1.116 - 55943 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fWIh8VSY1poOeEO8fUx/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2856 1490103220.01 1490103220.62 608 192.168.1.116 - 55944 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AButCBsZtLEXUSfe/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2857 1490103412.71 1490103413.31 606 192.168.1.116 - 55945 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nsgchxVptYEyZ9sE7r7I5C85i/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2858 1490103605.32 1490103605.94 613 192.168.1.116 - 55946 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IxdmcHmx73FQCjZLxJnDJAYJhR/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2859 1490103798.2 1490103798.81 603 192.168.1.116 - 55947 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N5O0mwzzN0dbQDuP19t/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2860 1490103990.93 1490103991.54 615 192.168.1.116 - 55948 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BE4AdYQqQkMsoVDYSQNekXAGs/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2861 1490104189.53 1490104190.15 616 192.168.1.116 - 55949 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2862 1490104206.99 1490104207.71 714 192.168.1.116 - 55950 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2863 1490104224.56 1490104225.18 621 192.168.1.116 - 55951 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2864 1490104242.05 1490104242.65 606 192.168.1.116 - 55952 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DLn5YKodFxH3n8hLU/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2865 1490104434.68 1490104435.33 651 192.168.1.116 - 55953 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jFv9hoyJrEcnSAexfzFUdkgJ2/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2866 1490104627.38 1490104627.98 606 192.168.1.116 - 55954 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zGZ5QuaL3SGFvGRMbzV1/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2867 1490104820.02 1490104820.64 617 192.168.1.116 - 55955 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5jkOA3GPTrHrXOmRlK2/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2868 1490105012.7 1490105013.32 611 192.168.1.116 - 55956 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P5rplUX5ByfxI0TP7LQF2nLLpES/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2869 1490105205.39 1490105205.99 604 192.168.1.116 - 55957 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e0Mp3a2lKkEnHKV4S3dO/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2870 1490105398.04 1490105398.66 617 192.168.1.116 - 55958 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZDwsGc05MJd6AJAXSp7DvM9kEYqlQCZ/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2871 1490105590.64 1490105591.25 605 192.168.1.116 - 55959 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZGegnlWGsimxpKmbAyl3lle9f4dCA6K/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2872 1490105783.24 1490105783.85 606 192.168.1.116 - 55960 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OxtWrNk1cnNv8o8XRxvK3oy8K0herig3/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2873 1490105975.85 1490105976.47 622 192.168.1.116 - 55961 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M5k0UhUBqA0d6KjFwhHYEPtEXCl9rFqI/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2874 1490106168.53 1490106169.17 636 192.168.1.116 - 55962 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2874 1490106169.42 1490106170.04 619 192.168.1.116 - 55962 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/25lQE7zAZ5nqiL6yTHD/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2875 1490106362.11 1490106362.72 612 192.168.1.116 - 55963 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D374eAGjlE9XXU64/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2876 1490106554.68 1490106555.32 636 192.168.1.116 - 55964 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0S3ssHu0F5SMVABCO0Y/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2877 1490106747.4 1490106748.01 609 192.168.1.116 - 55965 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T6nGDDIX2MbeCiAs5y/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2878 1490106940.04 1490106940.65 613 192.168.1.116 - 55966 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cQZyLZLaOeavZ0ewppUW8cdOii/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2879 1490107132.6 1490107133.24 634 192.168.1.116 - 55967 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h0xWp21eP04ZDKFjNqw4viuB/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2880 1490107325.27 1490107325.87 604 192.168.1.116 - 55968 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GZxPIPcHb62GKXeW/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2881 1490107517.85 1490107518.46 614 192.168.1.116 - 55969 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g6NBOywfSu9Hzfd9mpq4KKPpk/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2882 1490107710.43 1490107711.03 605 192.168.1.116 - 55970 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/obdzRtS8af1WYslekRwXIs9CxoqPv/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2883 1490107903.07 1490107903.67 605 192.168.1.116 - 55971 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6zaaoPGlaORZQJ3Z4o/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2884 1490108095.73 1490108096.34 605 192.168.1.116 - 55972 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hM54M5xgpZ9fKOPsbJo/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2885 1490108288.35 1490108288.96 605 192.168.1.116 - 55973 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7GxAm2U9FcHu9fJ5pUx/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2886 1490108480.99 1490108482.76 1771 192.168.1.116 - 55974 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32429 0 32288 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2886 1490108490.52 1490108491.74 1219 192.168.1.116 - 55974 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2886 1490108499.38 1490108499.99 614 192.168.1.116 - 55974 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Uo1V1wEiK8Jnl2KTAak8dKXCpfInTH9/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2887 1490108692.01 1490108692.63 617 192.168.1.116 - 55975 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cmA8gFnt8OahNcCnG/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2888 1490108884.58 1490108885.19 606 192.168.1.116 - 55976 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WiwukcOgaprzJpr7FAxNPGDf4l9WFSXK/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2889 1490109077.23 1490109077.84 611 192.168.1.116 - 55977 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DYmw2cjMgFJjfRBxG/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2890 1490109269.9 1490109270.5 604 192.168.1.116 - 55978 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/enrafmZWmZHFXUlElmak/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2891 1490109462.64 1490109463.25 614 192.168.1.116 - 55979 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GAryEoD1bU4O4Onru7AsH/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2892 1490109655.24 1490109655.86 616 192.168.1.116 - 55980 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nCLMcfsW7V4RNl627WlIcvrBRStj/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2893 1490109847.87 1490109848.48 606 192.168.1.116 - 55981 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tsA9XSQ4tolhBLZhx8h/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2894 1490110040.52 1490110041.13 607 192.168.1.116 - 55982 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HCXe8gDGzMhipKyK3QkNl8/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2895 1490110233.18 1490110233.82 638 192.168.1.116 - 55983 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2895 1490110239.78 1490110240.4 618 192.168.1.116 - 55983 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UdgItvqM4DMLZyRQ7i2y2cdj7VKXzH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2896 1490110432.45 1490110433.07 614 192.168.1.116 - 55984 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rDh3kKos92wDnjdQ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2897 1490110625.06 1490110625.67 617 192.168.1.116 - 55985 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/732HzyatYXZzJ0jZvMms2LMWy/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2898 1490110817.7 1490110818.31 608 192.168.1.116 - 55986 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oPiEovqXnOz673GS5l7/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2899 1490111010.31 1490111010.93 618 192.168.1.116 - 55987 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K6RBGUBKzUSbWEe74h4rEbAb3LvkX3Jk/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2900 1490111202.95 1490111203.56 615 192.168.1.116 - 55988 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c12TQycEJKYDfilt6V/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2901 1490111395.51 1490111396.08 570 192.168.1.116 - 55989 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oAsA08BkYcRgitndsQJiotQ/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2902 1490111588.03 1490111588.64 611 192.168.1.116 - 55990 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2902 1490111588.9 1490111589.51 607 192.168.1.116 - 55990 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gseUagmllo2cXnnw/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2903 1490111781.52 1490111782.12 603 192.168.1.116 - 55991 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rfxAvf9mK4jmMCsw/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2904 1490111974.17 1490111974.77 606 192.168.1.116 - 55992 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i09Gw8bs7JLmAgUvbeo0g/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2905 1490112166.79 1490112167.41 619 192.168.1.116 - 55993 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vV8rwHKiklCdlE0b/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2906 1490112359.49 1490112360.09 608 192.168.1.116 - 55994 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8EWX8Ki1U5Bbi74eg9NDTphqFUOPgEDk/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2907 1490112552.07 1490112552.69 611 192.168.1.116 - 55995 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ShxRElamUTs9LpvRTLXh5qw9z6nB6z/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2908 1490112744.77 1490112745.4 631 192.168.1.116 - 55996 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QQXgcD44gKDCnXsl0W6/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2909 1490112937.48 1490112938.09 612 192.168.1.116 - 55997 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Ib8gkLoez0quOxTVNsMF7/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2910 1490113130.11 1490113130.71 607 192.168.1.116 - 55998 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m0Fk3mJEhkzVY8pSZtZLSW8CmKgy/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2911 1490113322.76 1490113323.37 609 192.168.1.116 - 55999 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5WCcYn1BDv5T13Zk3w2M8M5mp2GIh/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2912 1490113515.38 1490113515.99 613 192.168.1.116 - 56000 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8YYFcq5sqS04GeEAq/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2913 1490113752.96 1490113753.57 610 192.168.1.116 - 56002 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MtqKINKokl6VkZc0pJCjs7/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2914 1490113945.63 1490113947.47 1847 192.168.1.116 - 56003 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 33181 0 33040 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2914 1490113955.07 1490113956.34 1271 192.168.1.116 - 56003 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2914 1490113963.22 1490113963.86 637 192.168.1.116 - 56003 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X1VGd1CtOzcozhJ3twSiLSXGn0Nl/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2915 1490114155.88 1490114156.49 610 192.168.1.116 - 56004 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/090nk0yoDYgtnMkugXqsXXuMpq/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2916 1490114348.45 1490114349.06 605 192.168.1.116 - 56005 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I8u0gAbz7WMQeY0wK/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2917 1490114541.04 1490114541.65 612 192.168.1.116 - 56006 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nLx0Hk8wsW240UKY8kHO/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2918 1490114733.67 1490114734.28 609 192.168.1.116 - 56007 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WSnvrwYv9wi5K6KXlrIbLa8L/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2919 1490114926.25 1490114926.93 683 192.168.1.116 - 56008 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WkH070d2ARbcqXaYQoVz52JgehwEX8/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2920 1490115118.97 1490115119.57 603 192.168.1.116 - 56009 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ThfAsaS4lhrQ8jUfrXMTgPGO/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2921 1490115311.63 1490115312.25 618 192.168.1.116 - 56010 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/klnB6Rq63AJUJVglVo9rj6DyYFXNsJ0/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2922 1490115504.23 1490115504.87 635 192.168.1.116 - 56011 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p1hCMXdDM6objWtuVb6tlG9gik/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2923 1490115696.92 1490115697.52 603 192.168.1.116 - 56012 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5zBE85Sot5EomQDxXT8/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2924 1490115889.56 1490115890.17 608 192.168.1.116 - 56013 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vCsHOWYrbo9tw4461HyRx/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2925 1490116082.22 1490116082.83 618 192.168.1.116 - 56014 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QgXUHeg07hN3LL4vnYhf916COz/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2926 1490116274.88 1490116275.48 605 192.168.1.116 - 56015 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/90ZgtHwbQzR1214c5/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2927 1490116467.51 1490116468.12 617 192.168.1.116 - 56016 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WEBxqhaQNKhGftSNGMvf6uWyWa/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2928 1490116660.13 1490116660.75 617 192.168.1.116 - 56017 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YZMoFGGHnjiPbkTh1KI/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2929 1490116852.71 1490116853.32 605 192.168.1.116 - 56018 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tGSkeAE8Lk0Ac67Gm5eSAdDzl0/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2930 1490117045.37 1490117046.01 638 192.168.1.116 - 56019 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2930 1490117046.27 1490117046.88 611 192.168.1.116 - 56019 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rtGUhjOCiLOBPiIJQ/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2931 1490117238.92 1490117239.53 612 192.168.1.116 - 56020 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FHmpx1XCapLYPra6VYOzdI/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2932 1490117431.52 1490117432.14 619 192.168.1.116 - 56021 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1psXZ10EefCWZa2b/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2933 1490117624.26 1490117626.44 2172 192.168.1.116 - 56022 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GBy2VAMGoXnMZHmkyTZroEiBf/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2934 1490117953.96 1490117954.58 624 192.168.1.116 - 56026 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2935 1490117955.39 1490117955.66 271 192.168.1.116 - 56027 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 2934 1490117955.87 1490117957.76 1889 192.168.1.116 - 56026 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/x4wxx3QHoWBFJoELiOq1N/ 323 511 0 368 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2934 1490117958.28 1490117961.5 3222 192.168.1.116 - 56026 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/DPXRBVVKYFOCCF/1/ 221 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 2936 1490117963.33 1490117963.97 642 192.168.1.116 - 56028 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2937 1490117969.6 1490117970.15 546 192.168.1.116 - 56029 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2938 1490117972.0 1490117972.62 623 192.168.1.116 - 56030 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2939 1490117979.71 1490117980.32 604 192.168.1.116 - 56031 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KeLhzsGrK9Vh6MvSvs/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2940 1490118173.39 1490118174.01 617 192.168.1.116 - 56032 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6WKsEUNEcMSO5pWC2sHNOTJ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2941 1490118366.06 1490118366.67 603 192.168.1.116 - 56033 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BVAqxhIFeBku3ST8vy/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2942 1490118558.68 1490118559.23 550 192.168.1.116 - 56034 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TZPJvjWWhbYM0KHtTqqjptcHtESxO/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2943 1490118760.35 1490118760.96 616 192.168.1.116 - 56035 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2944 1490118779.59 1490118780.23 643 192.168.1.116 - 56036 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2945 1490118797.08 1490118798.96 1875 192.168.1.116 - 56037 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 2946 1490118817.02 1490118817.63 606 192.168.1.116 - 56038 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Sx4rtaVsslexpV8uyPLQ5M5vL/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2947 1490119010.86 1490119016.34 5481 192.168.1.116 - 56039 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QJLpk3oKMBVc5Zoiz45wg0CCn3sb/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2948 1490119213.22 1490119213.83 606 192.168.1.116 - 56040 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jlECZJ7EhXBR3rOzkaIXny3A/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2949 1490119406.63 1490119409.71 3084 192.168.1.116 - 56041 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 33181 0 33040 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2949 1490119417.23 1490119420.55 3312 192.168.1.116 - 56041 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2949 1490119428.23 1490119428.77 545 192.168.1.116 - 56041 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kydW6TJ09njgby6EMfkIG5/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2950 1490119621.6 1490119622.15 551 192.168.1.116 - 56042 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F6T5qXu8Aj38Lh9LdKrrDY1/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2951 1490119815.21 1490119822.42 7213 192.168.1.116 - 56043 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/farL6DplnVtwn1Rl/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2952 1490120014.46 1490120015.06 605 192.168.1.116 - 56044 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sj1hIUAjeTCwZTOt1qFtqbzMQ6uzx2Uu/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2953 1490120207.09 1490120207.7 611 192.168.1.116 - 56045 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yPF1M0BxpxoprmfvXN63EBD9N/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2954 1490120399.86 1490120400.48 612 192.168.1.116 - 56046 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/scx5aJ7zea5t9TJsHiF3zuefXQd/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2955 1490120592.5 1490120594.34 1836 192.168.1.116 - 56047 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MKOdrw4XjpoQxv8Z/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2956 1490120786.38 1490120786.98 605 192.168.1.116 - 56048 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IlgiDJM6Vj23Cosy23rnUrdb3VvAXX2/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2957 1490120979.03 1490120979.64 611 192.168.1.116 - 56049 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xJdSSm6NciwrfpOwgfEzwJvlaXDp/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2958 1490121171.7 1490121172.3 603 192.168.1.116 - 56050 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2958 1490121178.27 1490121178.88 610 192.168.1.116 - 56050 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ie4CswWVMvwOwAFDtKnt2UWpiQYj291x/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2959 1490121370.68 1490121371.2 521 192.168.1.116 - 56051 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aIWMTP38TO86g1P3SiZm2lG/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2960 1490121563.23 1490121563.84 610 192.168.1.116 - 56052 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5IeTJySVtGFqzWcVKcyMQezMDHT/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2961 1490121755.87 1490121757.67 1806 192.168.1.116 - 56053 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eijkmwJscnJOJnzfeR/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2962 1490121950.72 1490121951.32 604 192.168.1.116 - 56054 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lk2FEMrIQy7JbCvFL4/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2963 1490122143.34 1490122143.95 609 192.168.1.116 - 56055 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SAyPrsjLYI07tfZeaXpm/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2964 1490122338.99 1490122339.6 610 192.168.1.116 - 56056 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IfS9kSFNJAtXvC4VTEM9z1qDPpVMCYn/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2965 1490122533.44 1490122535.72 2283 192.168.1.116 - 56057 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2965 1490122535.98 1490122536.59 609 192.168.1.116 - 56057 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A2CEAgpkNBBASYmVb1IE4f2WsHhXSFI/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2966 1490122728.68 1490122729.29 605 192.168.1.116 - 56058 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yHcJ1QI9TDU5ZO6sblsd4BDEnCo/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2967 1490122922.37 1490122922.97 606 192.168.1.116 - 56059 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9ZZEirsI4UFl34cfkxWLxfHVrfkZA1/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2968 1490123116.2 1490123116.8 607 192.168.1.116 - 56060 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/962cSSp22my41rWpLmT7HMs0xE1Z/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2969 1490123312.78 1490123313.38 607 192.168.1.116 - 56061 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dWvh8soqR3VSgYi9tn8awD6/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2970 1490123506.65 1490123507.25 606 192.168.1.116 - 56062 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6Wt9KHfJ1J3Kxzc6aL3v9/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2971 1490123699.31 1490123699.92 605 192.168.1.116 - 56063 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l9qxwLxBE9m54EMd/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2972 1490123892.03 1490123892.63 603 192.168.1.116 - 56064 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8rQi2IubEXrDsZgpibST/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2973 1490124084.64 1490124085.25 606 192.168.1.116 - 56065 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zuI2byYMNtgYNljoIHMzBjuimMbvjgl/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2974 1490124278.43 1490124279.04 607 192.168.1.116 - 56066 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hCltXPckR1UR1epA3Q6sXsNQ3QN0WOg/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2975 1490124471.07 1490124471.67 606 192.168.1.116 - 56067 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7uaHjZwcY7Qwwm4c/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2976 1490124663.69 1490124664.3 612 192.168.1.116 - 56068 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nbFNgey7L1VUCvzKYKhXXS9DQL0UF/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2977 1490124856.16 1490124857.75 1595 192.168.1.116 - 56069 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 33181 0 33040 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2977 1490124865.51 1490124867.1 1589 192.168.1.116 - 56069 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2977 1490124874.95 1490124875.51 557 192.168.1.116 - 56069 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pTyvIVTwAFiqiJJwIxDIfKrOGpnIrXuX/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2978 1490125067.34 1490125067.88 536 192.168.1.116 - 56070 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IkNW6ozPoF9LlJoRJFqZfjeM5z0b14/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2979 1490125259.91 1490125260.52 611 192.168.1.116 - 56071 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7vxlkYkv06B1MbploaCxorPDxCvlgdt/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2980 1490125452.59 1490125453.2 604 192.168.1.116 - 56072 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xzuIta8F5vEwYbkL/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2981 1490125648.07 1490125648.6 536 192.168.1.116 - 56073 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QKw6pNl5lbKv2d0h6soWjYNYabzno7/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2982 1490125840.68 1490125841.28 605 192.168.1.116 - 56074 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0xOEphHOZKu6F5CsqPX/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2983 1490126033.35 1490126033.96 610 192.168.1.116 - 56075 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GGnciOPM1UjVMI3NKu27dyhd7z/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2984 1490126241.03 1490126241.63 603 192.168.1.116 - 56076 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZE4a1GGo6dkEQHC06OexdcbDkjnn6bg/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2985 1490126433.65 1490126434.25 603 192.168.1.116 - 56077 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dzkc8pUJRFxdjdFgPSBDoGE6akSSr/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2986 1490126626.28 1490126626.89 607 192.168.1.116 - 56078 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pwsb8B6o3A3HQ4OJibOA/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2987 1490126818.97 1490126819.58 607 192.168.1.116 - 56079 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JwN3CIoZPqbRy0NvoV6J0oL22h/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2988 1490127011.6 1490127012.21 603 192.168.1.116 - 56080 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ypx01o8CUgPvlIBcDRP/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2989 1490127204.23 1490127204.84 604 192.168.1.116 - 56081 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qUYEraSJiOa97Aqmn7C/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2990 1490127397.91 1490127398.52 612 192.168.1.116 - 56082 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JSKPjocHeVJIcdZmYv7Qs0d5W8l66A/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2991 1490127590.57 1490127591.18 610 192.168.1.116 - 56083 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g17RteS341yqh08YQZhnGRf2KqLFSDm/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2992 1490127782.98 1490127783.54 554 192.168.1.116 - 56084 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BNyPsDIUzrPzHGHdrH/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2993 1490127976.59 1490127977.21 621 192.168.1.116 - 56085 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 2993 1490127977.64 1490127978.25 613 192.168.1.116 - 56085 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eJ8AR2eT9vaxNypSC9VZ7RbfR/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2994 1490128170.3 1490128174.17 3875 192.168.1.116 - 56086 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oo2UJNARHmKJbb0FJ4IM8aqMARC/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2995 1490128366.0 1490128366.54 540 192.168.1.116 - 56087 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2Y9TmiCm8zV5s7sPWhcTMhGYzRJNStwX/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2996 1490128559.02 1490128559.75 735 192.168.1.116 - 56088 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2997 1490128563.75 1490128564.35 607 192.168.1.116 - 56089 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KF8kFIIeVKKjiZNzNoHixrzZOVv/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2998 1490128756.41 1490128758.68 2273 192.168.1.116 - 56090 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qksK31NXd5VRyCVfvnqEYdF/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 2999 1490128950.54 1490128951.07 536 192.168.1.116 - 56091 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZgYUfYKia1IVNd1Dm/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3000 1490129143.09 1490129143.61 522 192.168.1.116 - 56092 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b3pTCMJeLz3vhNLa/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3001 1490129335.66 1490129336.27 611 192.168.1.116 - 56093 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pUnszlTB3xlghYcJlFjKn3GG/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3002 1490129528.33 1490129528.95 623 192.168.1.116 - 56094 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DrxlQBbGVVUP7xcUrQvMuCi8qrE/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3003 1490129720.81 1490129721.34 535 192.168.1.116 - 56095 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yEFumKK1eFAfFEYtYxtaU/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3004 1490129914.52 1490129915.14 619 192.168.1.116 - 56096 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MYSHZK3dtY2JGYtZAiw3376sTm8xWk/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3005 1490130107.15 1490130107.77 621 192.168.1.116 - 56097 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z5ayGzni5B7rqy6WDOKsWlNshEQT/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3006 1490130299.62 1490130301.21 1592 192.168.1.116 - 56098 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 33181 0 33040 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3006 1490130308.73 1490130309.8 1072 192.168.1.116 - 56098 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3006 1490130317.18 1490130317.72 543 192.168.1.116 - 56098 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B0oKS1YNGdCQcRkgthzJqSRxNQ5U/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3007 1490130509.76 1490130512.05 2286 192.168.1.116 - 56099 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/riSD6CR80txDoJBAaKuyfsWHuD9fZS/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3008 1490130704.06 1490130704.67 604 192.168.1.116 - 56100 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IBxCLeaLY0V84dXvGESU2NDHZZXFk/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3009 1490130897.9 1490130898.5 605 192.168.1.116 - 56101 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Bf6FIHYRJu20h6cRdYoOitcJm6Rx77/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3010 1490131090.54 1490131091.15 607 192.168.1.116 - 56102 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GiUn7qr0M5jbS6X4FfdItVtSdgXZYHp/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3011 1490131283.2 1490131283.81 606 192.168.1.116 - 56103 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CvlXVazNDktmsvl3vmt/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3012 1490131475.92 1490131476.54 616 192.168.1.116 - 56104 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8PzeNYvVltVy1IGzLR8uZGa5jO/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3013 1490131668.56 1490131669.18 621 192.168.1.116 - 56105 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MeaVtl9Aoym8IaHPmy96yVNL/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3014 1490131861.32 1490131861.93 612 192.168.1.116 - 56106 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9VJbwOr6HdXWrY3HzgK1/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3015 1490132054.0 1490132054.6 605 192.168.1.116 - 56107 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3015 1490132060.56 1490132061.19 625 192.168.1.116 - 56107 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PLL3y6I9ky1HxE9Jr7V1RMdCV4/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3016 1490132253.25 1490132253.86 609 192.168.1.116 - 56108 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7o8oVlW837xBoGk3B/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3017 1490132445.96 1490132446.56 608 192.168.1.116 - 56109 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aIFLqvgHfCVK6sKbq0h/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3018 1490132640.53 1490132641.14 607 192.168.1.116 - 56110 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NuXFpzMkz5LooL4XoUVtaqOvkXgxRHJJ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3019 1490132833.18 1490132833.79 610 192.168.1.116 - 56111 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XckeAGc4cuVPPXkG/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3020 1490133026.63 1490133027.15 523 192.168.1.116 - 56112 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LxI09YolKWXUFaKgsyzg8zly0S1dj/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3021 1490133226.38 1490133226.99 603 192.168.1.116 - 56113 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3022 1490133243.62 1490133244.16 540 192.168.1.116 - 56114 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3023 1490133263.21 1490133263.84 622 192.168.1.116 - 56115 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3024 1490133281.83 1490133282.45 625 192.168.1.116 - 56116 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kNxrK0QfGDG59JO00n4WJpoY9UgzdWFC/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3025 1490133474.47 1490133475.11 642 192.168.1.116 - 56117 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3025 1490133475.38 1490133475.99 608 192.168.1.116 - 56117 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QdqliN9ohN6QBl9YjAl8u2vfWsm/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3026 1490133667.82 1490133668.35 535 192.168.1.116 - 56118 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bQxjBTbig8Ji2SxnSXUl/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3027 1490133860.44 1490133861.05 609 192.168.1.116 - 56119 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0LxDywHBVzTTtXtm/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3028 1490134054.26 1490134054.88 618 192.168.1.116 - 56120 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QpaKiBDN7HMgbh3L/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3029 1490134246.74 1490134247.27 536 192.168.1.116 - 56121 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uYsBraanjjdD7LqkyNKLS7izlpyj95/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3030 1490134439.33 1490134439.94 605 192.168.1.116 - 56122 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6zZ2OMvAWmobEg8SCl/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3031 1490134631.78 1490134632.32 537 192.168.1.116 - 56123 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/udmC6mpAXBs5ccRFakF11B/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3032 1490134824.36 1490134824.98 621 192.168.1.116 - 56124 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z4sL3Vl3fYbH7nNmfnEaXME8yW1Mm/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3033 1490135018.25 1490135018.87 614 192.168.1.116 - 56125 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d9Q8XlAS7Jvfi5dZX/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3034 1490135210.87 1490135211.49 611 192.168.1.116 - 56126 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PVjxZeHj0azbMVxzhFw6ftjldRXn/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3035 1490135403.5 1490135404.11 607 192.168.1.116 - 56127 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pi3RnWcyqMV3wtkRvVckf0StPLq8Qau/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3036 1490135596.12 1490135596.74 621 192.168.1.116 - 56128 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/191bZQ8aLMUdUY1R7PG/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3037 1490135788.81 1490135790.6 1790 192.168.1.116 - 56129 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 33181 0 33040 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3037 1490135798.15 1490135799.37 1220 192.168.1.116 - 56129 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3037 1490135806.74 1490135807.35 610 192.168.1.116 - 56129 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q2sDXB3SY5SQZoNOMEhcLpIgZE3D9/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3038 1490135999.14 1490135999.66 522 192.168.1.116 - 56130 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DYXVKF7g51L1PU6O3dP2EF8/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3039 1490136191.71 1490136192.32 606 192.168.1.116 - 56131 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Rua7yzJOKnJRMBDneUe21I9UfWgS8U3/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3040 1490136384.34 1490136384.95 609 192.168.1.116 - 56132 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kGY6mO442Ft0luYSDarfccwGmqCusnhI/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3041 1490136576.97 1490136578.55 1577 192.168.1.116 - 56133 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2OIKpQOFfOlRMTycxIa7U2BMMpSNu1u9/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3042 1490136770.6 1490136771.21 612 192.168.1.116 - 56134 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bPCDgBAf7KhD9Msgm/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3043 1490136965.04 1490136965.65 610 192.168.1.116 - 56135 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mNDatHWSPFQym2pVkXXP2d8dCcjK77/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3044 1490137160.58 1490137161.18 603 192.168.1.116 - 56136 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6dkeVP8tX0EIUUz0YDm/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3045 1490137397.89 1490137398.49 606 192.168.1.116 - 56138 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B17FyFJyNd0tMJQNDQqtBLMCc2t/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3046 1490137589.86 1490137590.3 438 192.168.1.116 - 56139 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3046 1490137590.54 1490137591.0 459 192.168.1.116 - 56139 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/5MQEu2eU0fcN9KLeY/ 320 507 0 364 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3046 1490137591.5 1490137591.89 384 192.168.1.116 - 56139 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/GFEUALWOIRSBIKCQO/1/ 225 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3047 1490137593.09 1490137593.5 414 192.168.1.116 - 56140 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3048 1490137594.65 1490137595.17 518 192.168.1.116 - 56141 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3049 1490137596.3 1490137596.7 406 192.168.1.116 - 56142 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3050 1490137597.87 1490137598.28 410 192.168.1.116 - 56143 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fkR65K4UE4nYsljrT11v7IO/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3051 1490137789.61 1490137789.98 370 192.168.1.116 - 56144 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vO9n011MzGGSEALwQIhBZaHa/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3052 1490137981.4 1490137981.81 407 192.168.1.116 - 56145 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d5eCJcvleDsCpYjL3jHcjQ3WCToayS/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3053 1490138173.2 1490138173.64 437 192.168.1.116 - 56146 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lPOSvMZtPL661qiY9SG/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3054 1490138365.08 1490138365.5 414 192.168.1.116 - 56147 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x1waJXLG2hCl296WW2dDo/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3055 1490138556.88 1490138557.29 409 192.168.1.116 - 56148 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UaMb0WVnEvwCWcIVwuXcW3A/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3056 1490138748.71 1490138749.12 405 192.168.1.116 - 56149 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CzdzI7VNMwUGy3GDH3A/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3057 1490138940.47 1490138940.88 409 192.168.1.116 - 56150 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3057 1490138941.15 1490138941.59 439 192.168.1.116 - 56150 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mqZlhBIqREMJBRi7D/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3058 1490139132.95 1490139133.32 374 192.168.1.116 - 56151 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GgDAQ5IKBt9xHXAV/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3059 1490139324.77 1490139325.21 435 192.168.1.116 - 56152 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hhoAslopsYWY1cDJ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3060 1490139516.59 1490139517.0 406 192.168.1.116 - 56153 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MjRnlXgjcZRHowWtfHN/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3061 1490139708.42 1490139708.83 413 192.168.1.116 - 56154 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fHmVCw4FgDjjPMuAyAnH9kuRcXXX/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3062 1490139900.2 1490139900.57 370 192.168.1.116 - 56155 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ooJlrgOZ5oCt6k0j7m/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3063 1490140091.93 1490140092.34 407 192.168.1.116 - 56156 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tvAmgQYXjA2nxJRyvfLIXQSTQ/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3064 1490140283.75 1490140284.16 413 192.168.1.116 - 56157 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qr6i1jFrFU2ALJOWxMtImOABszx5jVDQ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3065 1490140475.56 1490140475.97 408 192.168.1.116 - 56158 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GIzBTuuJhYAoq9hdQ0TRqFIFEaKzR/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3066 1490140667.34 1490140667.75 406 192.168.1.116 - 56159 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aegWTy0zuUBwkWQhjgGk7bt6pCrB/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3067 1490140859.13 1490140859.54 412 192.168.1.116 - 56160 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4Gc1waxk4ll5EEVO/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3068 1490141050.87 1490141051.24 368 192.168.1.116 - 56161 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cRyX6UCYtOuq9vOze4/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3069 1490141242.62 1490141243.74 1116 192.168.1.116 - 56162 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 33181 0 33040 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3069 1490141251.29 1490141252.41 1129 192.168.1.116 - 56162 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3069 1490141259.51 1490141259.94 435 192.168.1.116 - 56162 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mOwpYOZaE5Q6ROvkqNs0cnDTa/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3070 1490141451.34 1490141451.77 437 192.168.1.116 - 56163 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HBmXBP9PBVNGk7BA/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3071 1490141643.24 1490141643.61 368 192.168.1.116 - 56164 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f1o6UmWNtKWmsHJcYsoKhP0b5m5a9f1/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3072 1490141835.0 1490141835.42 418 192.168.1.116 - 56165 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/in4sLcQ3QrlQqQMyUPqI/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3073 1490142026.81 1490142027.22 410 192.168.1.116 - 56166 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BJnJeJpXEfOjI1C3vbUZcRTVBsaOkFsO/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3074 1490142218.55 1490142218.93 371 192.168.1.116 - 56167 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FJkrrtFeo7Z9VhqUGf00ut50e4XF6ypo/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3075 1490142410.33 1490142410.76 434 192.168.1.116 - 56168 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YntaIH0RjtxpdbOpOqS3IwYFRWF/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3076 1490142602.15 1490142603.58 1433 192.168.1.116 - 56169 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BxmNoibIiEc9wDrBPjSQR/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3077 1490142794.92 1490142795.29 370 192.168.1.116 - 56170 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wdOOqN8FecFoZpHX2mynYosLyKZm/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3078 1490142986.68 1490142987.08 407 192.168.1.116 - 56171 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3078 1490142993.05 1490142993.46 409 192.168.1.116 - 56171 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zSzNlIjmPEFbUhgJQBoT/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3079 1490143184.85 1490143185.29 436 192.168.1.116 - 56172 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NizWJltxLFIBW4wLyvmlnaIfeV5KMvmk/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3080 1490143376.67 1490143377.08 407 192.168.1.116 - 56173 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K9fz4o14TMFNO4G2HM/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3081 1490143568.58 1490143568.95 372 192.168.1.116 - 56174 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wpgw6WvXE7ReJnAA5Vb5t6kn/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3082 1490143760.31 1490143760.68 375 192.168.1.116 - 56175 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AH6oRflP3GHI4XuJsfau7YAJ7JBN2pu/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3083 1490143952.11 1490143952.55 434 192.168.1.116 - 56176 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dWciK2goI4G5fwj1BddAb1EBwRxf/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3084 1490144144.08 1490144144.52 435 192.168.1.116 - 56177 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9330iCBf24x4Z7Ocl5Y2zTbLRk/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3085 1490144335.88 1490144336.32 432 192.168.1.116 - 56178 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2OEzK0092ErorOHpy9/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3086 1490144527.67 1490144528.04 367 192.168.1.116 - 56179 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3086 1490144528.3 1490144528.68 378 192.168.1.116 - 56179 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ajcmIpW2uh4RCoqrtp615L/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3087 1490144720.05 1490144720.45 404 192.168.1.116 - 56180 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NiwEcbic0VctazPo3zb/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3088 1490144911.82 1490144912.26 434 192.168.1.116 - 56181 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gm3E8pUXYBN7ORdBnsDQULZOwz7/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3089 1490145103.61 1490145103.98 372 192.168.1.116 - 56182 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1GzL65tBcSm3oiW5zTAhd1cSZkK2/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3090 1490145295.36 1490145295.8 437 192.168.1.116 - 56183 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x6XlGHAtzlYotP9NRW/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3091 1490145487.22 1490145487.63 411 192.168.1.116 - 56184 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PB823oCUOM5NFnEXVcn/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3092 1490145679.02 1490145679.45 433 192.168.1.116 - 56185 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZfGf0IY0xvPnmvd3c/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3093 1490145870.89 1490145871.3 414 192.168.1.116 - 56186 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PHTpU9WD71huttj3jdsqotKxqm/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3094 1490146062.67 1490146063.04 368 192.168.1.116 - 56187 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1EkNrxQ6q5Cec3DCFoK1MA/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3095 1490146254.42 1490146254.83 405 192.168.1.116 - 56188 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OEFDp8EqorOlZ1Ctwa/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3096 1490146446.26 1490146446.63 368 192.168.1.116 - 56189 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2jlUpCHnj82oms7O4t/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3097 1490146638.02 1490146638.46 436 192.168.1.116 - 56190 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dJnM3uvdC6RJaIVZAp9gTgOob/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3098 1490146829.86 1490146830.97 1107 192.168.1.116 - 56191 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 33181 0 33040 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3098 1490146838.4 1490146839.17 774 192.168.1.116 - 56191 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3098 1490146847.06 1490146847.49 431 192.168.1.116 - 56191 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SRsSMRYkXTtA374NOV/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3099 1490147038.88 1490147039.25 366 192.168.1.116 - 56192 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ekk8Qn0hzSlegseb6hp/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3100 1490147230.64 1490147231.05 410 192.168.1.116 - 56193 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6lMW244dB9orOEV6pV6ugzkSmjlvR/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3101 1490147422.43 1490147422.8 367 192.168.1.116 - 56194 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ctjah26dZgMQIdJQlXwD/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3102 1490147614.14 1490147614.51 374 192.168.1.116 - 56195 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WSlkbCR64W17SQFuJn3GlpP/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3103 1490147811.89 1490147812.3 412 192.168.1.116 - 56196 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3104 1490147828.48 1490147828.89 408 192.168.1.116 - 56197 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3105 1490147845.05 1490147845.42 373 192.168.1.116 - 56198 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3106 1490147861.6 1490147861.97 370 192.168.1.116 - 56199 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aOW9o80H0acpDYyS/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3107 1490148053.29 1490148053.66 368 192.168.1.116 - 56200 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QEIamuNBIOVewZmKOXnEtsINDJ9oX9/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3108 1490148245.01 1490148245.42 406 192.168.1.116 - 56201 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/52lqmm3lMJB6uA09kOqVnzoYHfe/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3109 1490148436.83 1490148437.24 412 192.168.1.116 - 56202 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ey5YxfJQ1w0GnTFUQiw5NTNkkSK/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3110 1490148628.63 1490148629.06 430 192.168.1.116 - 56203 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6lWEL3OrlAVM4DbLVi1XgPa/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3111 1490148820.44 1490148820.86 421 192.168.1.116 - 56204 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ERAp39wZyLG7EQEJvM/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3112 1490149012.39 1490149012.79 403 192.168.1.116 - 56205 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FGxSTxqJAnMowGL0u/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3113 1490149204.16 1490149204.58 413 192.168.1.116 - 56206 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CNHCyto8jf9lwbwZJOO8/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3114 1490149395.95 1490149396.33 379 192.168.1.116 - 56207 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wzDQ7XEogvI6CctAMmIVaC/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3115 1490149587.68 1490149588.11 435 192.168.1.116 - 56208 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BjangLngsmKFd3gF2/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3116 1490149779.49 1490149779.9 414 192.168.1.116 - 56209 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LLBVI0fX1tilCoWnnSjNba4mSG0/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3117 1490149971.36 1490149971.77 412 192.168.1.116 - 56210 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3117 1490149972.03 1490149972.44 417 192.168.1.116 - 56210 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X7qiw6j8ExPoWDHXebysLp3z4tkm/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3118 1490150163.81 1490150164.22 405 192.168.1.116 - 56211 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0TzYp4S0NOfYluNc/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3119 1490150355.61 1490150356.02 410 192.168.1.116 - 56212 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VgEXfoBKFAfnvsenfmhLO9KKZ/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3120 1490150548.1 1490150548.54 435 192.168.1.116 - 56213 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PUFccizg1cB0XpreSZ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3121 1490150739.92 1490150740.33 407 192.168.1.116 - 56214 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sw9G1wqFzlQ87dhv7NJgHt/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3122 1490150931.75 1490150932.17 417 192.168.1.116 - 56215 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C2o9b01ndQyHJh57ZrrKedwuQcKmj7/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3123 1490151123.55 1490151123.96 408 192.168.1.116 - 56216 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/grd3sO6eyZowbYfFNgK81J0JCAUT/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3124 1490151315.36 1490151315.79 432 192.168.1.116 - 56217 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0iXel5rJnIajAyeOTbsPTWDie28d0D/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3125 1490151507.28 1490151507.65 374 192.168.1.116 - 56218 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YZUjmwwsbemm7hX0aE9FzfFKukL3/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3126 1490151699.02 1490151699.43 411 192.168.1.116 - 56219 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HyMJDlIbvkMbyeeHUBPyio0Q/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3127 1490151890.85 1490151891.26 408 192.168.1.116 - 56220 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xkrXU5xF4UvPjICdLf/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3128 1490152082.61 1490152082.98 373 192.168.1.116 - 56221 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wtmpolxX1xX08ErYWN33/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3129 1490152274.41 1490152275.59 1180 192.168.1.116 - 56222 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 33181 0 33040 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3129 1490152283.16 1490152283.99 836 192.168.1.116 - 56222 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3129 1490152291.09 1490152291.51 420 192.168.1.116 - 56222 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8IKuYuYVgxcJR0GqW3COI0P/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3130 1490152482.94 1490152483.35 412 192.168.1.116 - 56223 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S11cDgXnWxnkC8xBTXnt2AMscFHKnm/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3131 1490152674.7 1490152675.07 368 192.168.1.116 - 56224 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DtruCKfuEplFOvwfH/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3132 1490152866.42 1490152866.85 434 192.168.1.116 - 56225 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dqVKhLXwOuh4KHDKSwoCEe8tH2y7l/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3133 1490153058.31 1490153058.73 416 192.168.1.116 - 56226 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4OKBdW7rXTCfWGMM83GTd1LT0JpQq/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3134 1490153250.09 1490153250.46 369 192.168.1.116 - 56227 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WrQVtZbqtBAz5R64zzLzQ/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3135 1490153441.83 1490153443.26 1421 192.168.1.116 - 56228 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7VxkSUN1l7VLDSofVXujmxb5adoYI/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3136 1490153634.68 1490153635.09 408 192.168.1.116 - 56229 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kn2RPvcXAsHG78StIXL/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3137 1490153826.48 1490153826.88 407 192.168.1.116 - 56230 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3137 1490153832.85 1490153833.27 425 192.168.1.116 - 56230 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gGicLazrS8XEVQWJgHqG2gCD7fCH1d/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3138 1490154024.72 1490154025.14 422 192.168.1.116 - 56231 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g7AAme0AzcifKOaNS/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3139 1490154216.55 1490154216.96 409 192.168.1.116 - 56232 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0mrMYZ0CsONVpeavcShBuiPYwN/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3140 1490154408.35 1490154408.76 413 192.168.1.116 - 56233 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2ujWzwHcYXo3Pgcf6g83wIb/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3141 1490154600.11 1490154600.55 434 192.168.1.116 - 56234 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k7KFWfH1k9S5Fgh75u7aK4cBYjWV2AIm/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3142 1490154791.94 1490154792.34 405 192.168.1.116 - 56235 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TbIOyh4AaqtdbcICY6wYkpFMTJy9Tw/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3143 1490154983.72 1490154984.08 367 192.168.1.116 - 56236 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bJ7O1kgigWdIcmE1VnmXLFq9OVV/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3144 1490155175.49 1490155175.9 407 192.168.1.116 - 56237 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tjezaXucydPN6kYqo8Z1u/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3145 1490155367.32 1490155367.74 421 192.168.1.116 - 56238 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/92RJVWKrXvoDkvwyRfI0rP26/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3146 1490155559.15 1490155559.59 445 192.168.1.116 - 56239 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3146 1490155559.85 1490155560.22 371 192.168.1.116 - 56239 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YZfLdX6ZtOoZ1FChJXnL945gpP2h9hL/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3147 1490155751.62 1490155752.02 409 192.168.1.116 - 56240 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CEycj9WRw1pzY7woHcKbD89E/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3148 1490155943.33 1490155943.71 373 192.168.1.116 - 56241 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J7ZAbU8uqBaOYdZkpn1OLkYor852UhFu/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3149 1490156135.05 1490156135.42 370 192.168.1.116 - 56242 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oleRnrbN610DCpFDDLzAcbRfR8li/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3150 1490156326.84 1490156327.26 415 192.168.1.116 - 56243 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JgVknbKd7zoymXLc3BYSLPZF3330CD/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3151 1490156518.7 1490156519.12 415 192.168.1.116 - 56244 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pwr68rbdzRbbUPXSaN5Hw1mHUrs/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3152 1490156710.51 1490156710.91 405 192.168.1.116 - 56245 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VOeZBzxu1lpUblrjKY6HPvPpxVmp/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3153 1490156903.13 1490156906.85 3722 192.168.1.116 - 56246 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3154 1490156908.32 1490156908.56 239 192.168.1.116 - 56247 23.21.70.163 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 3153 1490156908.79 1490156909.56 769 192.168.1.116 - 56246 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/j33yqf8LdKaCUQMdQDCnGF/ 323 512 0 369 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3153 1490156910.14 1490156913.8 3653 192.168.1.116 - 56246 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/DKTINXETZSRJUO/1/ 220 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3155 1490156916.87 1490156917.58 709 192.168.1.116 - 56248 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3156 1490156919.55 1490156920.26 708 192.168.1.116 - 56249 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3157 1490156923.27 1490156923.98 708 192.168.1.116 - 56250 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3158 1490156926.96 1490156927.64 674 192.168.1.116 - 56251 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZhsiNVQLpA4uWOey/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3159 1490157126.83 1490157127.51 680 192.168.1.116 - 56252 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2YlF2kKf7V1sIQsVq/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3160 1490157324.25 1490157324.94 685 192.168.1.116 - 56253 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oaigUcYiNLHt9QwLnj/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3161 1490157519.18 1490157519.78 607 192.168.1.116 - 56254 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3162 1490157526.07 1490157528.55 2478 192.168.1.116 - 56255 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/arDKwfiQCusW0KdQ15ewyiOPwU/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3163 1490157721.99 1490157724.61 2620 192.168.1.116 - 56256 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 33181 0 33040 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3163 1490157732.14 1490157734.76 2622 192.168.1.116 - 56256 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3163 1490157742.09 1490157742.77 680 192.168.1.116 - 56256 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lv7Koo6jcncEoDLkaKwScKnqEArUfIT/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3164 1490157940.19 1490157940.88 682 192.168.1.116 - 56257 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dwAu7prOGXwr71bKyt0vt3AwvVM/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3165 1490158137.52 1490158138.19 677 192.168.1.116 - 56258 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fR0Pgm83qOu2K7ht4M/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3166 1490158330.4 1490158331.08 676 192.168.1.116 - 56259 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f6NKpWKRvHhKe6XlHGYt/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3167 1490158524.6 1490158527.08 2482 192.168.1.116 - 56260 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s03w86moOinXzxu7epmd1fZLh5T1yWd/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3168 1490158721.19 1490158721.76 568 192.168.1.116 - 56261 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8WitmHUsI26grXify/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3169 1490158940.13 1490158940.81 682 192.168.1.116 - 56262 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tuA1qnCVUFhC2d2KTKB8QkXDGyhh359T/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3170 1490159133.73 1490159134.3 567 192.168.1.116 - 56263 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jxdjmKdHbYna1Vh3F/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3171 1490159327.51 1490159332.25 4741 192.168.1.116 - 56264 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rirq7KPnmfNsjhcR2jSrr/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3172 1490159524.34 1490159524.98 635 192.168.1.116 - 56265 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o0CDcWPmE3Ll1WYyUgm7JtQb/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3173 1490159717.99 1490159720.22 2231 192.168.1.116 - 56266 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OTEiawtEe2kd2fdOcCPKKnYICrR1tUC/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3174 1490159913.42 1490159914.02 607 192.168.1.116 - 56267 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NOZNn6sjz5J9Y8nV5guE5XYYszWV/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3175 1490160120.68 1490160121.29 610 192.168.1.116 - 56268 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qvBEwqXHYVmCPY0ZQULBLqzcT50Zlc/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3176 1490160314.3 1490160314.92 612 192.168.1.116 - 56269 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tpvjXyf8PRTRlgPQ6c9nsMl/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3177 1490160506.96 1490160507.58 619 192.168.1.116 - 56270 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lBP0s0vhQhMBdYyuzs/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3178 1490160700.63 1490160701.24 608 192.168.1.116 - 56271 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pNqmRBFLpPA1mLHvR/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3179 1490160893.25 1490160893.86 609 192.168.1.116 - 56272 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CUTWlgXBv7TNrrgaVrsrFFzGpwzFn/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3180 1490161087.88 1490161094.22 6341 192.168.1.116 - 56273 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3180 1490161094.48 1490161095.09 609 192.168.1.116 - 56273 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gsEhCvqgsmWh5Di8XqLdGue5/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3181 1490161287.06 1490161287.63 570 192.168.1.116 - 56274 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QYsICHeADLmszXsJP/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3182 1490161488.77 1490161489.39 619 192.168.1.116 - 56275 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1gkRE3BY1OboBKefq5uikIkuIuPjlRvJ/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3183 1490161681.4 1490161682.02 613 192.168.1.116 - 56276 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hPZ1pEpk8jN3fQ1KXm7CKrUfg/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3184 1490161880.54 1490161881.04 505 192.168.1.116 - 56277 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NhOCqV8pxVvL79IzIadLvVOK4DeSu/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3185 1490162074.23 1490162074.85 618 192.168.1.116 - 56278 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OQPTuY7StuVg5VAf5x0V/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3186 1490162288.87 1490162290.69 1819 192.168.1.116 - 56279 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3187 1490162319.74 1490162320.34 606 192.168.1.116 - 56280 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3188 1490162337.15 1490162337.76 607 192.168.1.116 - 56281 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3189 1490162362.72 1490162363.33 613 192.168.1.116 - 56282 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JdgqoL4AiUt4Ew2qHo70X18CeQAyPN/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3190 1490162633.7 1490162635.18 1476 192.168.1.116 - 56285 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BP1rBmjHaWfSRWjOLO4/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3191 1490162827.21 1490162829.44 2224 192.168.1.116 - 56286 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iAYUDcNZXlWH5XzH4voATeU/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3192 1490163043.09 1490163043.6 515 192.168.1.116 - 56287 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6wzRhYd0Zhg9cQXe/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3193 1490163236.26 1490163238.68 2417 192.168.1.116 - 56288 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 33181 0 33040 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3193 1490163246.22 1490163247.68 1461 192.168.1.116 - 56288 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3193 1490163254.82 1490163256.33 1503 192.168.1.116 - 56288 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lgOtVyfFBjsOdZgfHK/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3194 1490163460.55 1490163461.05 503 192.168.1.116 - 56289 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eA0BOLq3xhK5e3FScz5RusuON1/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3195 1490163654.86 1490163655.38 526 192.168.1.116 - 56290 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Epq1mEOrGjvXuCRS5B1fIhHk07Rv/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3196 1490163853.5 1490163859.54 6045 192.168.1.116 - 56291 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hdo9V0qvLlLcaj5FtfGciSD8v3A/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3197 1490164051.38 1490164051.92 540 192.168.1.116 - 56292 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f7dzl6xL7fmR19Wk/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3198 1490164243.74 1490164244.24 503 192.168.1.116 - 56293 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sEtg1vOoob3fMjEbOFDy/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3199 1490164436.03 1490164436.56 522 192.168.1.116 - 56294 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PkMOErsrZCPB90id/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3200 1490164628.4 1490164628.94 541 192.168.1.116 - 56295 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hmos0mlSYGQLYbCwUgTu0XAK8y/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3201 1490164826.89 1490164827.4 507 192.168.1.116 - 56296 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3201 1490164833.36 1490164853.27 19907 192.168.1.116 - 56296 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cMxc9GPV2eHFGLXOsLrPKPRp/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3202 1490165046.05 1490165047.96 1906 192.168.1.116 - 56297 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7G2xHXPvQLYVbtaTqtSNGl03Mx84XTZc/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3203 1490165246.77 1490165247.29 520 192.168.1.116 - 56298 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gdf8SXjVL0mRn2aoaBq/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3204 1490165439.03 1490165443.54 4509 192.168.1.116 - 56299 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xubSm1CwtORBOoO7sxBPKQsnGg5DyK9/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3205 1490165635.25 1490165635.76 508 192.168.1.116 - 56300 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UjIQF4slQJncBH7MTHipAJHP/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3206 1490165828.31 1490165830.05 1737 192.168.1.116 - 56301 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IOk4voYrzjU9MpPxi6vKPvp9ueaf/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3207 1490166022.84 1490166023.35 518 192.168.1.116 - 56302 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yqCRK9N9vkq3uxmEN37Q33Ve/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3208 1490166216.0 1490166217.41 1409 192.168.1.116 - 56303 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7zC5w6c4ut7XdKohd/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3209 1490166410.0 1490166410.47 475 192.168.1.116 - 56304 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D3cOXQeA8DXPf0lKNxBAoGAZiSQnL/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3210 1490166602.21 1490166602.75 536 192.168.1.116 - 56305 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3210 1490166603.01 1490166603.55 545 192.168.1.116 - 56305 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8oTJWtK8NqVLv4ElNSDrGyTlkl1/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3211 1490166806.04 1490166806.55 512 192.168.1.116 - 56306 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kPhKs4OyhS4f6UwDz8NGu8QbWn0KmoO9/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3212 1490167005.14 1490167005.64 506 192.168.1.116 - 56307 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1d8QRKZJ6zawKRyBYYDyfx/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3213 1490167198.9 1490167199.42 527 192.168.1.116 - 56308 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SmSmzWUPf6qULQtIo5q9sPv2FId87L7W/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3214 1490167394.54 1490167395.05 512 192.168.1.116 - 56309 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dQ3lWaBrjionc0b3/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3215 1490167590.47 1490167590.98 509 192.168.1.116 - 56310 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0z3QzcKYzzf1vXJqx4XTCzXM966/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3216 1490167783.6 1490167786.67 3077 192.168.1.116 - 56311 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n7EJHDn863uv2AwfAr/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3217 1490167979.83 1490167981.58 1745 192.168.1.116 - 56312 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mddxgCYbBXEiDDf0lXOXHwvOJ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3218 1490168174.02 1490168174.5 479 192.168.1.116 - 56313 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X2HwNB5eWlzanxHJWHiyJ/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3219 1490168367.32 1490168367.87 543 192.168.1.116 - 56314 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pe2LnQ1cRwQ5wWmUmYVrnCKp/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3220 1490168559.82 1490168560.37 543 192.168.1.116 - 56315 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QmWSVGECT8RAJomNfZvr2s/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3221 1490168753.21 1490168755.32 2104 192.168.1.116 - 56316 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 33181 0 33040 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3221 1490168762.3 1490168764.44 2136 192.168.1.116 - 56316 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3221 1490168771.28 1490168773.05 1765 192.168.1.116 - 56316 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WaxYZZi4FfRwK4pi/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3222 1490168964.86 1490168965.37 514 192.168.1.116 - 56317 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YKuT0CNyyl7M9tS7ETYbrfKtyTk3/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3223 1490169159.47 1490169161.28 1809 192.168.1.116 - 56318 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W9if1i4ivsN315j3siB/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3224 1490169353.02 1490169353.53 513 192.168.1.116 - 56319 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RnalJuJrtQAEoej0EOGUV/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3225 1490169545.32 1490169545.83 510 192.168.1.116 - 56320 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DDlO2b50FFtpT7FkkIRq6dG4/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3226 1490169740.34 1490169745.72 5386 192.168.1.116 - 56321 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/33nbmi6u840axWKrc/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3227 1490169944.47 1490169944.99 518 192.168.1.116 - 56322 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JvUrAvC0zWvOaJLCOOlCvz/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3228 1490170143.25 1490170143.76 509 192.168.1.116 - 56323 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cvz4814rVTu93GbR6wvK3/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3229 1490170335.52 1490170337.33 1808 192.168.1.116 - 56324 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zj4fiIxUvnHG2VkJx/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3230 1490170529.07 1490170529.54 469 192.168.1.116 - 56325 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t7dYTUXqPn1pVsC7dEwyRBGAVfs/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3231 1490170723.91 1490170724.42 506 192.168.1.116 - 56326 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3g8RFb7One0AhIHZt9/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3232 1490170916.1 1490170917.91 1812 192.168.1.116 - 56327 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KYEf2wgY5SQqI8Tgvou3WzLL/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3233 1490171110.4 1490171110.87 469 192.168.1.116 - 56328 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wDTQlbAcAQJyA0rVMo7OzMD3O40/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3234 1490171302.62 1490171313.26 10636 192.168.1.116 - 56329 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zUqSjPcx2WfkL9zwh0DKfn/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3235 1490171505.85 1490171507.59 1736 192.168.1.116 - 56330 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GzpuZXBDBYMKElM0u25gNhnbrYOlR/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3236 1490171705.31 1490171705.82 507 192.168.1.116 - 56331 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JqXuDP5NwHSMZeZQ4AI/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3237 1490171897.46 1490171897.94 474 192.168.1.116 - 56332 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Iu9Qqsm3cZ7DRR1u9rjg8x3T1BT/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3238 1490172090.62 1490172091.19 573 192.168.1.116 - 56333 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3238 1490172091.45 1490172091.96 513 192.168.1.116 - 56333 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IzolPA4B9y5Ts11rSCBiYyhxw/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3239 1490172284.58 1490172285.05 468 192.168.1.116 - 56334 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5lMysTNWTBPd2UZ29vJVg2rW/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3240 1490172476.74 1490172477.24 506 192.168.1.116 - 56335 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sG6GnzvwdWAGTLVck3QidVKrylNtsaB/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3241 1490172668.97 1490172669.48 511 192.168.1.116 - 56336 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ffGQ3poLJjT7AalLrE1Ho/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3242 1490172862.15 1490172862.66 508 192.168.1.116 - 56337 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ed0jk02qoS4Uop3jhEvc3V7/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3243 1490173055.33 1490173057.15 1819 192.168.1.116 - 56338 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aq2a7EPr9XTztkVpuHdo/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3244 1490173251.52 1490173254.23 2713 192.168.1.116 - 56339 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RvTvHEcqpGoGULW7ZFnKFQ6oBZjRw/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3245 1490173445.9 1490173446.4 505 192.168.1.116 - 56340 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tuhcIkiYswrlCUFuD5dQnZ7QMjKOn/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3246 1490173646.01 1490173647.85 1837 192.168.1.116 - 56341 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IemApN1QTlLeoikRky/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3247 1490173840.03 1490173840.52 482 192.168.1.116 - 56342 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rcOf5dCoZZOH5lapfXpRecMEUHxSDI/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3248 1490174032.24 1490174032.76 526 192.168.1.116 - 56343 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QQAuiWPyLRDswQx47nNuPZntUgiBLvHO/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3249 1490174225.45 1490174228.73 3280 192.168.1.116 - 56344 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 33181 0 33040 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3249 1490174236.52 1490174237.51 986 192.168.1.116 - 56344 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3249 1490174244.78 1490174245.33 544 192.168.1.116 - 56344 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ybqBIJJqoOxt7n4w0tvAOqT/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3250 1490174437.0 1490174440.12 3116 192.168.1.116 - 56345 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i3OY2FxryJzj7zClimX1LzwehFj/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3251 1490174631.73 1490174632.21 475 192.168.1.116 - 56346 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s7tRmSZouynBfmgaaftR24/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3252 1490174826.26 1490174826.77 508 192.168.1.116 - 56347 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RAa1MuWNCBOPjpZPhcvmHIvoklFmi/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3253 1490175020.42 1490175020.93 510 192.168.1.116 - 56348 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5cYwh9gPX6w2btUbLDMSwz7hQSdW8F/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3254 1490175215.31 1490175215.83 511 192.168.1.116 - 56349 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mtoiJvdN2rJW09dGwS3/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3255 1490175408.54 1490175411.25 2716 192.168.1.116 - 56350 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SsQlkEsX9ncSJn5bmthrjJeeVUVL/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3256 1490175605.93 1490175608.67 2743 192.168.1.116 - 56351 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NesZ71RRZ2AAf7N1NEpBEY9U0wUF/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3257 1490175800.38 1490175800.91 534 192.168.1.116 - 56352 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3257 1490175806.87 1490175807.39 524 192.168.1.116 - 56352 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ICYGQRXzK6AtBSRtW6j/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3258 1490175999.12 1490175999.63 516 192.168.1.116 - 56353 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vyfzsackGeYeIgGRyNMe5yc5MTPXsy1/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3259 1490176192.33 1490176192.83 505 192.168.1.116 - 56354 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I8LzI0MhIYwyRpvzG6qaealn26/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3260 1490176384.56 1490176385.07 516 192.168.1.116 - 56355 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xn1CMK3reRiEeSXgAq/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3261 1490176577.75 1490176578.21 467 192.168.1.116 - 56356 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jSHByaKCw6BYBVnIth4lh0k4H7R/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3262 1490176904.7 1490176905.28 584 192.168.1.116 - 56360 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3262 1490176905.73 1490176906.36 625 192.168.1.116 - 56360 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/O0uXq2X1M6cG6U6INkr6opnfi/ 329 515 0 372 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3262 1490176907.16 1490176907.69 531 192.168.1.116 - 56360 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/RRQMICVYUFIVIZOX/1/ 225 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3263 1490176909.32 1490176909.89 573 192.168.1.116 - 56361 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3264 1490176912.83 1490176913.4 572 192.168.1.116 - 56362 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3265 1490176915.16 1490176915.68 520 192.168.1.116 - 56363 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3266 1490176925.5 1490176926.05 548 192.168.1.116 - 56364 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3267 1490176947.99 1490176948.51 527 192.168.1.116 - 56365 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3268 1490176965.1 1490176965.62 520 192.168.1.116 - 56366 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3269 1490176982.26 1490176982.78 523 192.168.1.116 - 56367 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DcjPhjJezDQk5YTPHdU/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3270 1490177174.6 1490177175.1 506 192.168.1.116 - 56368 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JJSains1Bxrxocbd2J6pKaStBUtl6J/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3271 1490177366.89 1490177367.41 521 192.168.1.116 - 56369 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pBpfkY61fqW31ukPdA56xfe3g38nyCGJ/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3272 1490177559.28 1490177559.95 672 192.168.1.116 - 56370 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3272 1490177560.25 1490177560.79 544 192.168.1.116 - 56370 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qXg0zWT6UX7V5G1oGdDC0TMD2/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3273 1490177752.62 1490177753.13 505 192.168.1.116 - 56371 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I5QPXy1ZHTE3fF3hI7/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3274 1490177945.03 1490177945.56 523 192.168.1.116 - 56372 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lBhXbs1ahjUu9EGmfXOqScqYb4U/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3275 1490178137.45 1490178137.97 520 192.168.1.116 - 56373 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ljfJ5oMFb1VmycO7MSCLxE6sW/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3276 1490178329.81 1490178330.36 551 192.168.1.116 - 56374 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a5tcAyootpVghGaVrchF1LgJ7WYo4q/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3277 1490178522.2 1490178522.8 600 192.168.1.116 - 56375 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/17nBCBnekVbpUmZFn7T/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3278 1490178714.67 1490178715.19 523 192.168.1.116 - 56376 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iAQHG97HxPyB8DxifeR/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3279 1490178907.0 1490178907.54 536 192.168.1.116 - 56377 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sXcPrmi37nZC5Gig1IC0IN8i0Whnn/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3280 1490179100.98 1490179101.5 522 192.168.1.116 - 56378 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LpizbZNXoGuEuUuKB50Si2srDoDcxf/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3281 1490179294.46 1490179294.99 529 192.168.1.116 - 56379 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4Ve59AAd07LHBrsdZP/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3282 1490179486.83 1490179487.35 520 192.168.1.116 - 56380 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KvtGGSEYQxUB4N0EunD4c/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3283 1490179679.21 1490179680.8 1597 192.168.1.116 - 56381 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 33181 0 33040 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3283 1490179688.38 1490179689.49 1110 192.168.1.116 - 56381 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3283 1490179697.06 1490179697.58 522 192.168.1.116 - 56381 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NbgNS1jzJQau0fnQ9fOMJSxTPvTwhD/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3284 1490179919.74 1490179920.15 410 192.168.1.116 - 56384 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IaAsmD6JYyM2JTNkM0fMa0hYryM/ 230 426 0 13 133 392 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/html; charset=utf-8 GET 403 - - - - - - - CTU.238.1.Malicious 3285 1490179936.24 1490179936.61 367 192.168.1.116 - 56385 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3285 1490179936.83 1490179937.41 579 192.168.1.116 - 56385 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/9CjrGxJphmawMJEuMC/ 319 508 0 365 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3285 1490179937.76 1490179938.16 392 192.168.1.116 - 56385 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QJUQYPOYYZQSLDSXMXH/1/ 225 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3286 1490179940.2 1490179940.63 434 192.168.1.116 - 56386 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3287 1490179941.7 1490179942.07 372 192.168.1.116 - 56387 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3288 1490179943.06 1490179943.4 343 192.168.1.116 - 56388 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3289 1490179944.54 1490179944.92 374 192.168.1.116 - 56389 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HGYjHPOvNONWhRbF16dHf/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3290 1490180136.26 1490180136.63 372 192.168.1.116 - 56390 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/neELAPJtgwyLo1G9KvMamZgOfHGHC/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3291 1490180327.89 1490180328.23 339 192.168.1.116 - 56391 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KcD5bM3KtwFEKZQMbeWY9e5/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3292 1490180519.48 1490180519.82 336 192.168.1.116 - 56392 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fuhwfzmgTXc4FTRqllx/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3293 1490180711.11 1490180711.47 367 192.168.1.116 - 56393 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FFhqwcQ48gdRksCg9HtzG1/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3294 1490180903.4 1490180903.74 338 192.168.1.116 - 56394 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NfHA2pqwk3dPJzYidRFkxaN0nsA/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3295 1490181095.02 1490181095.35 338 192.168.1.116 - 56395 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xTRlYDr590Tc7JWGiWCF/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3296 1490181286.5 1490181286.81 306 192.168.1.116 - 56396 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bUiqSoYTOjGstQj73Mt1M7Y6UFScu5a/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3297 1490181478.1 1490181478.47 373 192.168.1.116 - 56397 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RWG4frWL11rfyt5vARKfzb11r7el710Q/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3298 1490181669.72 1490181670.06 338 192.168.1.116 - 56398 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/05f7NppS9kMeV0kOiXk6R0XTyO09VR/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3299 1490181861.44 1490181861.81 367 192.168.1.116 - 56399 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/95JNI40qjjhc2glGNsd/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3300 1490182053.12 1490182053.5 375 192.168.1.116 - 56400 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SxBEnEErdubeIS12GuNf/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3301 1490182244.74 1490182245.08 335 192.168.1.116 - 56401 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K1Jk9uz5cCRPET2Y/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3302 1490182436.35 1490182436.73 378 192.168.1.116 - 56402 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ayims0kplgd4vOqdPOzr9rL7j2N8uJJp/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3303 1490182628.15 1490182628.62 474 192.168.1.116 - 56403 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dgyoMRN4uBXpdNHXx5XRkm6j3N/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3304 1490182819.94 1490182820.33 383 192.168.1.116 - 56404 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qJVV4mL6hWDKp084VG0v2mugP/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3305 1490183011.55 1490183011.87 319 192.168.1.116 - 56405 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3305 1490183012.13 1490183012.51 372 192.168.1.116 - 56405 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OFNVDJrKqMQg3OZTWKkyM7vbFV4TuLc/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3306 1490183203.82 1490183204.2 379 192.168.1.116 - 56406 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uzTuufkN1MbbhRglWxHhotEQcQm/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3307 1490183395.51 1490183395.89 376 192.168.1.116 - 56407 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HI9uFxXL0BykMuaLPa968PJNZ4Q/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3308 1490183587.32 1490183587.7 381 192.168.1.116 - 56408 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sufvatBjpPOaCiPriFwPKyfvBOr/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3309 1490183778.98 1490183779.35 378 192.168.1.116 - 56409 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L6CAwLCd9bzSJXew/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3310 1490183970.63 1490183971.01 380 192.168.1.116 - 56410 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rYQaw3o6rZxd2etIcoVOV/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3311 1490184163.28 1490184163.75 471 192.168.1.116 - 56411 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gMUPkXPDkdmRugy73IfDfFLHO5s62/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3312 1490184355.03 1490184355.36 336 192.168.1.116 - 56412 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4ALVKNPZTrL7ph3Rg/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3313 1490184546.66 1490184547.03 369 192.168.1.116 - 56413 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9vwbmMDBelmz8V6ePKRP49ZgaDT4q/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3314 1490184738.31 1490184738.7 383 192.168.1.116 - 56414 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MVhxOFKew64qtzQuXPB1t3/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3315 1490184929.98 1490184930.36 375 192.168.1.116 - 56415 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mRZrOII4ZduFLMG2OD8/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3316 1490185121.58 1490185122.53 950 192.168.1.116 - 56416 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3316 1490185130.09 1490185130.8 706 192.168.1.116 - 56416 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3316 1490185137.93 1490185138.25 322 192.168.1.116 - 56416 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dBVtKVQwWqFuBQz9d8JISX/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3317 1490185329.56 1490185329.94 384 192.168.1.116 - 56417 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yYCO9llDu2IOA3XROGtnGvLpVh9h/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3318 1490185522.01 1490185522.38 374 192.168.1.116 - 56418 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WaQaWn1YUOc0W8a9NT5qeZstJBk/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3319 1490185713.75 1490185714.12 376 192.168.1.116 - 56419 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fmpE0NyPCFeCX839UgmKWK2QB/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3320 1490185905.31 1490185905.62 310 192.168.1.116 - 56420 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MXvIMhhglf1lKfXmAbfTp5/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3321 1490186097.85 1490186098.18 336 192.168.1.116 - 56421 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rKExiOyJwgOeFf0w2fJPl1tVd/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3322 1490186289.48 1490186289.82 341 192.168.1.116 - 56422 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jr25OSVk0v65DUUQJ6kVq/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3323 1490186481.33 1490186481.72 388 192.168.1.116 - 56423 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3324 1490186482.78 1490186483.12 339 192.168.1.116 - 56424 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EPH3dGPftG9Mk0KxMZt4KlQmb2I/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3325 1490186674.38 1490186674.77 384 192.168.1.116 - 56425 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3325 1490186680.72 1490186681.14 411 192.168.1.116 - 56425 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9KS2l4DB9yCQCCARIDXxF4W/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3326 1490186873.19 1490186873.57 378 192.168.1.116 - 56426 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wxX0xerDI42w5HWuHK/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3327 1490187064.82 1490187065.16 337 192.168.1.116 - 56427 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VN42Kx8OAIodl3cHg0P/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3328 1490187256.53 1490187256.89 369 192.168.1.116 - 56428 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5vMWhImAdkhHE9d6WecvyjNunRaGU52/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3329 1490187448.18 1490187448.55 375 192.168.1.116 - 56429 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jx6C0KLdbtDYpxdA/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3330 1490187639.84 1490187640.16 319 192.168.1.116 - 56430 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hdiE6BizcLhT0HBIiOyLLYh6TE/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3331 1490187831.38 1490187831.72 338 192.168.1.116 - 56431 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nyiRFSMuZi3Gsd1n4mD3/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3332 1490188023.06 1490188023.43 369 192.168.1.116 - 56432 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1zHUFRRxicZsXwPTD6JM09XVtOwq6nn1/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3333 1490188214.69 1490188215.07 374 192.168.1.116 - 56433 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BBQatpUpX0ZiDOUfFhkBa/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3334 1490188406.36 1490188406.73 369 192.168.1.116 - 56434 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yorUGuxQSg2GyegbUtAGhl/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3335 1490188597.92 1490188598.27 347 192.168.1.116 - 56435 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3335 1490188598.54 1490188598.94 406 192.168.1.116 - 56435 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pRAjePTsKWtunhfwLOoeGqKYh/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3336 1490188790.27 1490188790.64 377 192.168.1.116 - 56436 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oss9MRHxNLG4O3rGhWCfdnYtmmWkkdi/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3337 1490188981.95 1490188982.33 380 192.168.1.116 - 56437 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zQERpwVI4yvWquy6G/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3338 1490189182.06 1490189186.59 4523 192.168.1.116 - 56438 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R1nlgYnzcjIzzDCoxOl7iVo/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3339 1490189392.16 1490189395.04 2877 192.168.1.116 - 56439 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RphzYUrRvOXMyPXV/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3340 1490189606.26 1490189606.66 400 192.168.1.116 - 56440 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XU8hQdJJSUY73LWxKCD0IwrjX9Me/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3341 1490189813.54 1490189813.91 371 192.168.1.116 - 56441 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H64YmLzl4KmkiERqyYJyTKmQYwlQGO/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3342 1490190006.82 1490190007.34 514 192.168.1.116 - 56442 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nPBAMVK2orKccZRRGhkBV1sl7tBe/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3343 1490190196.71 1490190197.04 329 192.168.1.116 - 56443 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yP47z9dHK1Z6ZIrd4IteArwIm/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3344 1490190386.18 1490190386.52 335 192.168.1.116 - 56444 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yBKdIyghqdFaUovj/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3345 1490190575.6 1490190576.63 1031 192.168.1.116 - 56445 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3345 1490190584.4 1490190585.16 759 192.168.1.116 - 56445 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3345 1490190592.2 1490190592.54 341 192.168.1.116 - 56445 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z9R1gJpfSlGpJltlgXsMHS3JU/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3346 1490190781.35 1490190781.72 368 192.168.1.116 - 56446 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5XUJiaSqWSWlHThRPo4XNkpO0Wv/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3347 1490190970.57 1490190970.94 368 192.168.1.116 - 56447 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6uoPwDYSoXLDmYgG7ndaTm/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3348 1490191158.93 1490191159.31 372 192.168.1.116 - 56448 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GiNgxZdo4WcE2KgrC77DZU/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3349 1490191350.72 1490191351.1 383 192.168.1.116 - 56449 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gtaSJ71hftVs6H3PWpNkV/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3350 1490191548.7 1490191549.07 373 192.168.1.116 - 56450 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3351 1490191565.77 1490191566.14 372 192.168.1.116 - 56451 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3352 1490191582.69 1490191583.06 368 192.168.1.116 - 56452 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3353 1490191599.49 1490191599.81 317 192.168.1.116 - 56453 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/boVXqyYB2aEy2RJYSN4/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3354 1490191791.43 1490191791.81 379 192.168.1.116 - 56454 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZlDgiVchCc1WwpHjzuQUD4OJ/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3355 1490191983.44 1490191983.87 425 192.168.1.116 - 56455 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qHvYKmwWSY0uW05ikDM9rT63/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3356 1490192175.17 1490192175.51 339 192.168.1.116 - 56456 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JX6fIqaJTMpkdypibrgxeSgq2OhhOOe/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3357 1490192366.79 1490192367.19 400 192.168.1.116 - 56457 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JhuXyWhB1XiP0PF1/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3358 1490192558.61 1490192559.02 406 192.168.1.116 - 56458 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/StmOKcb20X42J5aQdFMcy4zSajU/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3359 1490192750.33 1490192750.7 371 192.168.1.116 - 56459 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FDVNPUqEthMhPfcyiXQ/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3360 1490192942.35 1490192942.76 414 192.168.1.116 - 56460 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nnD2NsxfpJ8WdYUraOUoHWktd/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3361 1490193134.0 1490193134.33 335 192.168.1.116 - 56461 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zQyrRLzmBgQT1UUVT8GG/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3362 1490193325.61 1490193325.98 368 192.168.1.116 - 56462 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3DYUvJJ1N3GGodEL6PplgUY/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3363 1490193517.32 1490193517.7 379 192.168.1.116 - 56463 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cbo3DwcyLMwaTK6hlPmU6j3Upx/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3364 1490193708.99 1490193709.33 338 192.168.1.116 - 56464 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tHS0I71HtNThhSrXy1/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3365 1490193901.19 1490193901.56 377 192.168.1.116 - 56465 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EUafge0wXPxzjVplYNzvSwoKIMY0/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3366 1490194092.9 1490194093.31 408 192.168.1.116 - 56466 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3366 1490194093.56 1490194093.94 375 192.168.1.116 - 56466 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L6NQdP1Wp7lo56A4diiKTPXXLBC/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3367 1490194285.25 1490194285.62 372 192.168.1.116 - 56467 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/72pVfCfjKe8iC721S/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3368 1490194476.85 1490194477.18 336 192.168.1.116 - 56468 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rCv1DGsR9G077hhhub0RWWrjoVEKV/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3369 1490194668.47 1490194668.84 368 192.168.1.116 - 56469 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PTW4cJ0Ohbi3EeUeTjZDirut0vr/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3370 1490194860.51 1490194860.9 389 192.168.1.116 - 56470 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OyhpquyHS3nsBmmP79hbZG9MrOBxTA/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3371 1490195052.17 1490195052.51 336 192.168.1.116 - 56471 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8tex4EAdGLBYp2wv9tw1r9VcKD/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3372 1490195243.67 1490195243.98 315 192.168.1.116 - 56472 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yPUWJ33oTIspzgrucNxlsH4/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3373 1490195435.36 1490195435.7 343 192.168.1.116 - 56473 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4HIpyeE0JNfh6g0LFb/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3374 1490195626.98 1490195627.36 373 192.168.1.116 - 56474 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YbTOQ9GVzO7LvkEZE/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3375 1490195818.79 1490195819.18 391 192.168.1.116 - 56475 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/97My245WU2Wc8F97oRlabG6pG59o/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3376 1490196010.57 1490196011.65 1078 192.168.1.116 - 56476 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3376 1490196018.83 1490196019.56 727 192.168.1.116 - 56476 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3376 1490196026.82 1490196027.2 379 192.168.1.116 - 56476 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zHD63oEegfgR8u4kX0A/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3377 1490196218.56 1490196219.94 1371 192.168.1.116 - 56477 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uqZTDE9FRYEeKulGZ7j9qofAidpn/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3378 1490196412.33 1490196412.7 369 192.168.1.116 - 56478 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0fWc0DszVEALzl6g/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3379 1490196604.03 1490196604.39 357 192.168.1.116 - 56479 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PieAtE5CKe3zOCIaDdNyYLFubeSM2is/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3380 1490196795.8 1490196796.18 380 192.168.1.116 - 56480 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sJhp5LifHmZPaA0QueCrO/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3381 1490196987.55 1490196987.99 434 192.168.1.116 - 56481 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yeMSz1XFDF0moPZRNCc/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3382 1490197179.36 1490197179.73 367 192.168.1.116 - 56482 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JF1YksmOIBNm7VgBO/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3383 1490197371.73 1490197372.1 369 192.168.1.116 - 56483 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UzQ4fXodrXIS6W8Edcn/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3384 1490197563.56 1490197564.0 434 192.168.1.116 - 56484 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3384 1490197570.02 1490197570.41 385 192.168.1.116 - 56484 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B2m1yBBmh0b6UrB72EPeF5Rft7yi/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3385 1490197761.75 1490197762.12 369 192.168.1.116 - 56485 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EDFIIUezG5rvSUkvGteXiquRvnvO3N/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3386 1490197953.43 1490197953.8 377 192.168.1.116 - 56486 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n0MNsqPR9LhZXJU3h8gL/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3387 1490198145.14 1490198145.52 373 192.168.1.116 - 56487 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K5NmbiZhQySl66wc/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3388 1490198336.92 1490198337.28 368 192.168.1.116 - 56488 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X1JbrS4bCCihqSvcV0T4/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3389 1490198528.95 1490198529.32 372 192.168.1.116 - 56489 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YTy27A8Upn3dhZByzCMZeqZh/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3390 1490198721.91 1490198722.37 458 192.168.1.116 - 56490 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wFGxg5kqOa4pXfbyT/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3391 1490198913.66 1490198914.03 371 192.168.1.116 - 56491 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k0YyvdkHjTKCauEyH6u/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3392 1490199105.28 1490199105.61 334 192.168.1.116 - 56492 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AsQivlq13hhvfcjDbED3bZ/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3393 1490199296.19 1490199296.26 72 192.168.1.116 - 56493 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3394 1490199297.92 1490199298.23 311 192.168.1.116 - 56494 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 3393 1490199298.44 1490199298.59 144 192.168.1.116 - 56493 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/yAztDQWYURcMVxbUnLDwRZzzHM6zBK/ 332 520 0 377 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3393 1490199299.13 1490199299.23 98 192.168.1.116 - 56493 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/LVKEDBQVKKWAGQL/1/ 222 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3395 1490199299.97 1490199300.1 133 192.168.1.116 - 56495 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3396 1490199301.3 1490199301.38 86 192.168.1.116 - 56496 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3397 1490199302.56 1490199302.67 110 192.168.1.116 - 56497 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3398 1490199303.17 1490199303.25 77 192.168.1.116 - 56498 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s8Lxcdcq0kC54Qs4fPOVFFUq6jp/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3399 1490199493.67 1490199493.75 74 192.168.1.116 - 56499 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JxXjyWYbhSwLUaSzt8GtRPINfRyY2/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3400 1490199684.16 1490199684.29 129 192.168.1.116 - 56500 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3400 1490199684.55 1490199684.63 80 192.168.1.116 - 56500 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A40rnW0volg0zDZUmMSLuIxANVJu8nd/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3401 1490199875.22 1490199875.3 73 192.168.1.116 - 56501 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jvNVJbKoNZTypXux2Vfj/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3402 1490200065.73 1490200065.8 73 192.168.1.116 - 56502 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AkDmIaIlTFmsUeQlsJ/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3403 1490200256.25 1490200256.32 74 192.168.1.116 - 56503 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6XHczV1WmUTZLrom/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3404 1490200446.75 1490200446.83 76 192.168.1.116 - 56504 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z5lhe7M5wQLQaD6UpIf4w/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3405 1490200637.24 1490200637.32 74 192.168.1.116 - 56505 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K94g65snawprc37VnA8C/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3406 1490200827.72 1490200827.8 83 192.168.1.116 - 56506 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5TWUHoY7hbMdUEUKE/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3407 1490201018.22 1490201018.3 78 192.168.1.116 - 56507 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QVDHPYxdG9Yeub4iJrU3xIzEIFU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3408 1490201208.79 1490201208.87 72 192.168.1.116 - 56508 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VbMbctPLbaWOM06GJbivHdtosp51xb/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3409 1490201399.24 1490201399.32 73 192.168.1.116 - 56509 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iC44aRHfeEzu5z3nzbYMjKLa4/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3410 1490201589.7 1490201589.83 133 192.168.1.116 - 56510 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3410 1490201597.41 1490201597.53 121 192.168.1.116 - 56510 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3410 1490201604.91 1490201605.02 104 192.168.1.116 - 56510 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ewH69o5kw5nWwihAYTcF/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3411 1490201795.47 1490201795.54 69 192.168.1.116 - 56511 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gp499oP1TYw4JMTif2AXy2AEM3PWUqSR/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3412 1490201985.92 1490201986.0 79 192.168.1.116 - 56512 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W8dw70XOQ92f2tjyKiWnNcuEoG/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3413 1490202176.4 1490202176.48 74 192.168.1.116 - 56513 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RctMmJbTqrxY98F2eXG3HplPGS/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3414 1490202366.9 1490202366.97 70 192.168.1.116 - 56514 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LErEoganz99EYTqzSDMtJmR3yo4x/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3415 1490202557.38 1490202557.45 74 192.168.1.116 - 56515 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uhqPtd73uDoqO14MKAM6knSEx5Ck/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3416 1490202747.82 1490202747.9 73 192.168.1.116 - 56516 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bDpAvevRgQniJASiatfJmNF/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3417 1490202938.3 1490202938.37 76 192.168.1.116 - 56517 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pBQWlA6bZCLOkIbk6yic06/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3418 1490203128.91 1490203128.99 80 192.168.1.116 - 56518 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NVkRBUqeRmwfbRyBSDrkJ35Dk4qmV/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3419 1490203319.5 1490203319.57 73 192.168.1.116 - 56519 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M0q3UIdMWUWBx1KY6d/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3420 1490203509.97 1490203510.04 74 192.168.1.116 - 56520 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MPUXCMv4srYfMhhk5C6jrIPTY/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3421 1490203700.45 1490203700.52 77 192.168.1.116 - 56521 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g9mZV1MKqahvoyKcPEwObH1CvvCxV/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3422 1490203892.5 1490203892.81 312 192.168.1.116 - 56522 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WQ2y9tKhgp9q1dUMr/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3423 1490204083.4 1490204083.47 70 192.168.1.116 - 56523 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nJuiRLLAzYXuL0L5l0W94U/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3424 1490204274.05 1490204274.14 86 192.168.1.116 - 56524 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q58uNxnTc0KZ0QR8SILEVQ9FVAu4tgk/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3425 1490204464.55 1490204464.63 73 192.168.1.116 - 56525 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OPaS0iREPS60ZCCaiWSY7/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3426 1490204654.98 1490204655.06 79 192.168.1.116 - 56526 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L7BGEpi1yuHfJ3vg8n1kP9ktytNTOZ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3427 1490204845.5 1490204845.58 82 192.168.1.116 - 56527 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4yPuIt9hRkDMaGw3lotNEqGP4AOdn/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3428 1490205035.96 1490205036.04 75 192.168.1.116 - 56528 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/haP67lChgxiqqEZngpI7/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3429 1490205226.74 1490205226.85 110 192.168.1.116 - 56529 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3429 1490205227.12 1490205227.26 141 192.168.1.116 - 56529 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BYGWr74Z6MG5vE8TjD5/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3430 1490205417.64 1490205417.71 76 192.168.1.116 - 56530 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wNWEKHhJOUxB4nevhC3vSN/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3431 1490205608.13 1490205608.21 85 192.168.1.116 - 56531 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ohUKZP9FFh27jFviFdmkgSDJXdL/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3432 1490205798.59 1490205798.66 74 192.168.1.116 - 56532 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2KdoEQSHAk4vSVM3vYcyCZMv5NTuXy/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3433 1490205989.1 1490205989.19 87 192.168.1.116 - 56533 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iphUaa9drIJ3rMjma6uQ/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3434 1490206185.93 1490206186.05 123 192.168.1.116 - 56534 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3435 1490206201.29 1490206201.37 81 192.168.1.116 - 56535 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3436 1490206216.56 1490206216.63 72 192.168.1.116 - 56536 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3437 1490206231.84 1490206231.91 74 192.168.1.116 - 56537 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dv96Ir0FYdnvoQqcIVB497aUiNszGN4/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3438 1490206422.32 1490206422.39 73 192.168.1.116 - 56538 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0uzS77fQoislOeF2FUIKD/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3439 1490206612.91 1490206612.99 82 192.168.1.116 - 56539 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rd3AG1TbvzlDoa80S9YO1tkFs/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3440 1490206805.48 1490206805.56 74 192.168.1.116 - 56541 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1EZ35Xz3DOrMIlC2mtdo/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3441 1490206995.96 1490206996.11 145 192.168.1.116 - 56542 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3441 1490207003.62 1490207003.77 151 192.168.1.116 - 56542 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3441 1490207019.2 1490207019.27 72 192.168.1.116 - 56542 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kr94TP8rJKtcOtPpNGkAjK3n/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3442 1490207209.66 1490207209.75 87 192.168.1.116 - 56544 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XZgaGkjQmiHXiiPyA/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3443 1490207401.21 1490207401.28 73 192.168.1.116 - 56545 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vuSTp6wvWYsjUsJCGfRhq0eUwZXBoV01/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3444 1490207591.72 1490207591.79 73 192.168.1.116 - 56546 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r8xIPrwDClxm3KNiYnyVz3AYlZ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3445 1490207782.17 1490207782.24 72 192.168.1.116 - 56547 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/psV5gfkWlpvdN12g7EsxbhIkjXHFI7om/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3446 1490207972.63 1490207972.7 75 192.168.1.116 - 56548 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BVhoAvtg8f8lF8GPpl4iqkFxPYw4bXGE/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3447 1490208163.12 1490208163.2 86 192.168.1.116 - 56549 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MMsadpW9fGt2l71wQZXfGk41HIT/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3448 1490208353.73 1490208353.8 74 192.168.1.116 - 56550 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wFKHXJiXg36qZjyP1Fi/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3449 1490208544.26 1490208544.33 68 192.168.1.116 - 56551 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3449 1490208550.29 1490208550.37 87 192.168.1.116 - 56551 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dNWgrorcPtEm3Ic6b/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3450 1490208740.78 1490208740.87 88 192.168.1.116 - 56552 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wiGNpwI30x4zV336PYU/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3451 1490208931.25 1490208931.33 75 192.168.1.116 - 56553 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SAUHqj2w4LEffWJe50mS80qT7BCpW7l/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3452 1490209121.74 1490209121.81 75 192.168.1.116 - 56554 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z3NQwR9LfHPFeCTS9I6/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3453 1490209312.24 1490209312.31 74 192.168.1.116 - 56555 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v52HmjqFzyzdimIqaIR6lFt/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3454 1490209502.7 1490209502.77 73 192.168.1.116 - 56556 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U1Yy945a9UNEa36fQUz8bti/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3455 1490209693.18 1490209693.26 77 192.168.1.116 - 56557 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m0OHCbbBh4PpLAqjypAcH/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3456 1490209883.67 1490209883.75 73 192.168.1.116 - 56558 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p9jW6h51N5MZ2u4pofgIrZAzEryXAij/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3457 1490210074.14 1490210074.22 75 192.168.1.116 - 56559 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cyIbhNauky6qwzZx22DvGkcZOH5QEDw/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3458 1490210264.64 1490210264.72 77 192.168.1.116 - 56560 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ObK88AFmei93gu160ez3Y/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3459 1490210455.16 1490210455.23 77 192.168.1.116 - 56561 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PwjKAY7Fa2IASuoWp24L1/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3460 1490210645.65 1490210645.98 322 192.168.1.116 - 56562 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3460 1490210646.34 1490210646.48 137 192.168.1.116 - 56562 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cpbAawpKIeqxFHyOJrgTbtQ02PuVFW3Q/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3461 1490210836.89 1490210836.97 76 192.168.1.116 - 56563 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SvNQgRaVCZSd3jAsGKNOTcmtlu7wP/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3462 1490211027.38 1490211027.45 75 192.168.1.116 - 56564 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/APKwOiAA2ykIp6sLPo5P/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3463 1490211217.84 1490211217.91 72 192.168.1.116 - 56565 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/arV0a02kbFgDt10Ik2CEjtOCuh4/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3464 1490211408.33 1490211408.4 75 192.168.1.116 - 56566 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7ZK9UwYYe7XydV7ZkOAajvBqL1/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3465 1490211598.82 1490211598.9 78 192.168.1.116 - 56567 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7aU6zpBjWdf6uirklGBu/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3466 1490211789.3 1490211789.38 72 192.168.1.116 - 56568 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JY98b1ECVjQTWk6WZi19QvU/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3467 1490211979.75 1490211979.82 74 192.168.1.116 - 56569 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UjIUWkdBTuRhiXsHRP4ZuyBOWAB2a/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3468 1490212170.24 1490212170.33 86 192.168.1.116 - 56570 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VmG0PNHEuXG7fxAfe9zGPdHBO/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3469 1490212360.79 1490212360.89 101 192.168.1.116 - 56571 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UK1YfwNUOGd5CeGvi6BzScUZWg/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3470 1490212551.28 1490212551.4 118 192.168.1.116 - 56572 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3470 1490212558.98 1490212559.1 122 192.168.1.116 - 56572 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3470 1490212566.25 1490212566.34 87 192.168.1.116 - 56572 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X61JPZPVTYi5ncr7j95r038x/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3471 1490212756.75 1490212756.82 71 192.168.1.116 - 56573 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jvebPTb8wzyOANMPQdIfkVrwX/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3472 1490212947.22 1490212947.3 76 192.168.1.116 - 56574 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ck9wMQQIrPXhMSWyMz2DCDGTtTK/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3473 1490213137.69 1490213137.77 74 192.168.1.116 - 56575 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C0cf6dj1NVRZNrmpk6fAvTWP6CIg9yFE/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3474 1490213328.2 1490213328.27 69 192.168.1.116 - 56576 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UCVp2FX1AjRYcqqsibxjqEN49/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3475 1490213518.65 1490213518.73 76 192.168.1.116 - 56577 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KSB2Ix4WiBeP6fyiOIaA5nPYpqrvO/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3476 1490213709.08 1490213709.16 73 192.168.1.116 - 56578 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vYfEs0QtOFO5L6hzWiR6uL/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3477 1490213899.53 1490213899.61 76 192.168.1.116 - 56579 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JMBwV768PMW2WdZLr6Vj0otCTQ6k0/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3478 1490214090.03 1490214090.1 75 192.168.1.116 - 56580 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iK4E54ROvfoq6TwFxCEtvb204rylcAA/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3479 1490214280.52 1490214280.59 72 192.168.1.116 - 56581 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n1XCq92HIxnDI68pWvcvWVl88K8Ewfo/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3480 1490214471.0 1490214471.08 76 192.168.1.116 - 56582 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pN4xykC6oqOrXjNhKSVRmYxfGB/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3481 1490214661.52 1490214661.6 74 192.168.1.116 - 56583 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QIqDzCiFGSYw0kaXjkG1Tf1hfg/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3482 1490214851.97 1490214852.04 75 192.168.1.116 - 56584 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sMsIo2HUny6m3IEvqLd/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3483 1490215042.42 1490215042.5 74 192.168.1.116 - 56585 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wFFHSYZKnKbuPi33HF/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3484 1490215232.97 1490215233.05 77 192.168.1.116 - 56586 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vwtrCIMcM4kdz9os0B4eQIh/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3485 1490215423.82 1490215423.94 125 192.168.1.116 - 56587 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3486 1490215425.12 1490215425.19 75 192.168.1.116 - 56588 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1uYeG1CKmc3H0FrMZ9YXh/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3487 1490215615.59 1490215615.66 72 192.168.1.116 - 56589 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vzVx5unkbNbrs0KWC/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3488 1490215806.05 1490215806.12 74 192.168.1.116 - 56590 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WzFG1aotHKTyMY8sZm/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3489 1490215996.53 1490215996.63 103 192.168.1.116 - 56591 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H8fFXlz8ki2UsmOCQCAv/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3490 1490216187.04 1490216187.11 74 192.168.1.116 - 56592 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3490 1490216187.37 1490216187.45 78 192.168.1.116 - 56592 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e9oo2VMmeVU0OhanXp/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3491 1490216377.96 1490216378.04 80 192.168.1.116 - 56593 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LPWN5yAFewGk1KB6rqhV9YE/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3492 1490216568.46 1490216568.53 72 192.168.1.116 - 56594 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VHnf0nOw9dKpvDiGCW4hzUTJym4/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3493 1490216758.94 1490216759.01 71 192.168.1.116 - 56595 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w7xXZ70fKSJQ484r2NWTXFUKS/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3494 1490216949.41 1490216949.5 90 192.168.1.116 - 56596 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MMMoyGkbxlrZp36iPwIy7Qa0XGV/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3495 1490217139.93 1490217140.0 74 192.168.1.116 - 56597 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sH671ReAqKpNF2PCu9IhiXr/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3496 1490217330.42 1490217330.49 74 192.168.1.116 - 56598 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sSOFvKrH1ciysuMt4m5NeeA/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3497 1490217521.12 1490217521.19 71 192.168.1.116 - 56599 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JsViVtI7lrRLZwBnnTiZ5Mtv3Q2dh/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3498 1490217711.6 1490217711.68 72 192.168.1.116 - 56600 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q5fR1brSNGhRKciAUJ5nBK8/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3499 1490217902.11 1490217902.18 69 192.168.1.116 - 56601 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZTG9sEFHt058Focs/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3500 1490218092.53 1490218092.65 119 192.168.1.116 - 56602 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3500 1490218099.99 1490218100.09 105 192.168.1.116 - 56602 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3500 1490218107.91 1490218107.98 71 192.168.1.116 - 56602 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D6haHzXGWia3kyhcZIfch/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3501 1490218298.4 1490218298.47 77 192.168.1.116 - 56603 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xzaPmNZBvB0Bxzo9K2E/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3502 1490218490.87 1490218491.55 677 192.168.1.116 - 56604 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3502 1490218491.78 1490218492.53 751 192.168.1.116 - 56604 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/2jvZ3Ui1g6Gma1yG7k/ 321 508 0 365 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3502 1490218493.05 1490218493.73 686 192.168.1.116 - 56604 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/VYCJFVIUTBHXWK/1/ 222 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3503 1490218496.64 1490218497.27 635 192.168.1.116 - 56605 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3504 1490218499.18 1490218499.82 638 192.168.1.116 - 56606 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3505 1490218501.82 1490218502.49 673 192.168.1.116 - 56607 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3506 1490218505.36 1490218505.98 629 192.168.1.116 - 56608 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5oo6KUePaNMdYzvuCiMkpRv3/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3507 1490218698.15 1490218698.83 674 192.168.1.116 - 56609 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4CR2EMxp5uQP5hAbjFhJ6/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3508 1490218891.08 1490218891.76 682 192.168.1.116 - 56610 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eAeshU8V3bAZQVALFwHec94DDoI/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3509 1490219083.94 1490219084.61 668 192.168.1.116 - 56611 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CUY0FZrjRMT1V2r204uXFF1m/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3510 1490219276.79 1490219277.46 670 192.168.1.116 - 56612 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ygXYLrcXtb5Dv0hiF/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3511 1490219469.63 1490219470.3 672 192.168.1.116 - 56613 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3511 1490219476.27 1490219476.92 651 192.168.1.116 - 56613 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PwtM6JRiRcTdzcMLdgCbs/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3512 1490219669.11 1490219669.78 669 192.168.1.116 - 56614 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PGKI5xZWQrH9qqmDgJde/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3513 1490219862.0 1490219862.68 680 192.168.1.116 - 56615 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gjG8eGOHkHIsFqGlk/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3514 1490220054.79 1490220055.43 637 192.168.1.116 - 56616 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jU1KepuaY0tjdriK2ap6PidBByG0/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3515 1490220247.57 1490220248.22 643 192.168.1.116 - 56617 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZVDSoI8O8oNvDqrGClj8mJVm/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3516 1490220440.38 1490220441.02 638 192.168.1.116 - 56618 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hroCTz6LgHvREJamiJU1bEzXH/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3517 1490220633.22 1490220633.86 635 192.168.1.116 - 56619 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kCgNNNmvYTAZsiDgJNQ7hQ8uM5mC/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3518 1490220831.97 1490220832.68 707 192.168.1.116 - 56620 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3519 1490220849.64 1490220850.32 687 192.168.1.116 - 56621 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3520 1490220867.34 1490220868.05 706 192.168.1.116 - 56622 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3521 1490220885.04 1490220885.71 675 192.168.1.116 - 56623 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aV5vIdPvyyJGva18g0rqCdVf85ckTMf/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3522 1490221077.92 1490221078.59 672 192.168.1.116 - 56624 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6WdRzbKqBJvnqrkC77e5XIQqlE4/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3523 1490221270.76 1490221271.4 638 192.168.1.116 - 56625 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bfIS8AKBGA6ZvHY9/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3524 1490221463.53 1490221464.16 625 192.168.1.116 - 56626 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/igjhYJsFgXM3hiEyfCaUda/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3525 1490221656.34 1490221657.06 719 192.168.1.116 - 56627 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3525 1490221657.32 1490221658.0 679 192.168.1.116 - 56627 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SVZxhi4gmfZeXsU0yL02nfdrp4/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3526 1490221850.16 1490221852.5 2343 192.168.1.116 - 56628 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ysayn6pLx0uqe0sUfoUAk6/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3527 1490222044.69 1490222045.36 669 192.168.1.116 - 56629 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dnev1MKnpgGvt81ysHBXVY/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3528 1490222237.62 1490222238.27 650 192.168.1.116 - 56630 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WGY6mAXuyROOPcchTcc085UC1t/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3529 1490222430.33 1490222430.94 607 192.168.1.116 - 56631 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H7HQJihXmG3P0b9YKIyipaUGXD/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3530 1490222623.14 1490222623.77 635 192.168.1.116 - 56632 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CQo4dqZzrfGTCDuTOpm9wIkkn/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3531 1490222815.86 1490222816.51 642 192.168.1.116 - 56633 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H2Ijes6iNQM0Ga66/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3532 1490223008.65 1490223009.27 620 192.168.1.116 - 56634 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ATKAIf1eCx7shckTKpTn/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3533 1490223201.63 1490223202.31 676 192.168.1.116 - 56635 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/etxPooYEQvDlaWQwy1Wu/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3534 1490223394.5 1490223395.14 643 192.168.1.116 - 56636 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9inTeBFkgYRMyzp9tiA8jGYa/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3535 1490223587.35 1490223589.26 1907 192.168.1.116 - 56637 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3535 1490223596.26 1490223597.58 1325 192.168.1.116 - 56637 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3535 1490223604.47 1490223605.17 703 192.168.1.116 - 56637 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R3W40Jc6FZ9gnO56cG9Ejv/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3536 1490223798.76 1490223799.39 636 192.168.1.116 - 56638 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Evde6pK9P5GmEJ9PEq/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3537 1490223991.58 1490223992.26 678 192.168.1.116 - 56639 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eh678Kyzrl8ruDfTz1t59jnsv3sIHSTG/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3538 1490224184.52 1490224185.19 671 192.168.1.116 - 56640 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LkEFGw6nLTCmUlkZ233VVH/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3539 1490224377.37 1490224378.05 674 192.168.1.116 - 56641 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1wGlNY1GHMZuzOkUwFxtxp/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3540 1490224570.25 1490224570.89 642 192.168.1.116 - 56642 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UvBXhx0LfLZq4mMWfVQgLqJEnvjf1Y/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3541 1490224763.13 1490224763.8 672 192.168.1.116 - 56643 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qUpnszncp8tdoi0Q0sQ65nnFHz/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3542 1490224956.22 1490224956.9 676 192.168.1.116 - 56644 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ms4VDzmE6UsBQeBN9Cl3Od/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3543 1490225149.08 1490225149.72 637 192.168.1.116 - 56645 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4I2xF5tjR6rcr4kEm/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3544 1490225341.94 1490225342.62 683 192.168.1.116 - 56646 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YMF9sLg3LJO4dEjOC8ZMa0np5EzedN/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3545 1490225534.84 1490225535.52 682 192.168.1.116 - 56647 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ncT8bZyv9xssOG4NYz2ZiX05Jv0lx/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3546 1490225727.67 1490225728.31 638 192.168.1.116 - 56648 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cZ7YiJIugO724swy3eSDTXzQE/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3547 1490225920.4 1490225921.04 641 192.168.1.116 - 56649 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A210eE1d23ApK8K8b/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3548 1490226113.26 1490226113.95 691 192.168.1.116 - 56650 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WAxfxwZTGDZ2QpywuW1N01G9/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3549 1490226306.1 1490226306.77 672 192.168.1.116 - 56651 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dzbZK4FpWlvmKmghjcnegAxm01TCRuAp/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3550 1490226499.01 1490226499.67 668 192.168.1.116 - 56652 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AhnONZeAuoJbP8blnZdpWEofgv3GunD/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3551 1490226691.8 1490226692.42 621 192.168.1.116 - 56653 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQBwof9E035i7vLs0RUFnHdd/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3552 1490226884.57 1490226886.94 2370 192.168.1.116 - 56654 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FCZf467vndp2hxKrPSNyTmd/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3553 1490227079.71 1490227080.41 700 192.168.1.116 - 56655 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3553 1490227080.68 1490227081.33 646 192.168.1.116 - 56655 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OY5fn4OkxTQ0HVdvCjLkx/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3554 1490227273.51 1490227274.19 677 192.168.1.116 - 56656 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fi0Ut7QZ9nusPrqueS/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3555 1490227466.34 1490227466.98 640 192.168.1.116 - 56657 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4pbkwWwWG0np2djLmY3czyOOg/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3556 1490227659.16 1490227659.83 671 192.168.1.116 - 56658 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vLMr4WURB4KHS2TKoKAloMQLRO2B/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3557 1490227851.99 1490227852.63 642 192.168.1.116 - 56659 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N8YnWLMA5FMUBYXJ7qSTCYz/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3558 1490228045.2 1490228045.86 668 192.168.1.116 - 56660 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6X8NRoCjaYin5E9uG0842NwYx4UCe7/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3559 1490228239.94 1490228240.57 634 192.168.1.116 - 56661 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BJu6PwM4vaVoXLMq2yBgI56NjPV/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3560 1490228432.72 1490228433.36 636 192.168.1.116 - 56662 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mVcXUW1NH79vS9iD/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3561 1490228625.5 1490228626.17 670 192.168.1.116 - 56663 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/41DLtOmQHtKTgorLXptm37R7hb6zqd/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3562 1490228818.51 1490228819.13 621 192.168.1.116 - 56664 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rZvAGPw8ydww4hEmIWTvG0agvv7Y/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3563 1490229011.61 1490229013.54 1926 192.168.1.116 - 56665 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3563 1490229021.15 1490229022.48 1334 192.168.1.116 - 56665 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3563 1490229030.08 1490229030.77 688 192.168.1.116 - 56665 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JEpSci9OE95UerjNMDldiB7VGTIDiH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3564 1490229222.94 1490229223.62 673 192.168.1.116 - 56666 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6gZa8DOV28PsRKUl59o8dKUi63sV1TM4/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3565 1490229415.79 1490229416.47 681 192.168.1.116 - 56667 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oMQnUPadrTe9qBwMj5UEnngRK3yZZ/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3566 1490229608.69 1490229609.37 677 192.168.1.116 - 56668 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lFkzBbibYlLpb85ManOf/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3567 1490229801.54 1490229802.17 636 192.168.1.116 - 56669 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8sk9JwwSjTK2j5OLivW0Mw/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3568 1490229994.53 1490229995.22 683 192.168.1.116 - 56670 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X3jAUqVBR1Pk8GJRJx2WNcPsX/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3569 1490230187.44 1490230188.11 673 192.168.1.116 - 56671 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QLs7Y9wABQCFvClkapZCtQ/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3570 1490230380.26 1490230380.93 674 192.168.1.116 - 56672 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3570 1490230386.89 1490230387.55 656 192.168.1.116 - 56672 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OoDN5D1C5Rql2FbfI7CI9lfj9Ba/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3571 1490230579.85 1490230580.52 673 192.168.1.116 - 56673 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9CzJ18IIM4KWWeGpZ3R57X1K/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3572 1490230772.63 1490230773.27 635 192.168.1.116 - 56674 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gcXpqyaE4xgSVMO9DWRvXrye/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3573 1490230965.48 1490230966.16 685 192.168.1.116 - 56675 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9z5m2HjpJjhp4ZhFTO/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3574 1490231158.38 1490231159.06 682 192.168.1.116 - 56676 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/muNzpCmRoTCxf5YpbA0lJrv2V0ayU9/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3575 1490231351.26 1490231351.93 674 192.168.1.116 - 56677 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X5mlq3ayRyvJd7B0G/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3576 1490231544.14 1490231544.82 681 192.168.1.116 - 56678 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hE9k8KstDuTdIovBDSiS4V/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3577 1490231737.02 1490231737.69 671 192.168.1.116 - 56679 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8pxRjXdVuoVPhXEyl35htI9j5t7hYe/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3578 1490231930.05 1490231930.73 672 192.168.1.116 - 56680 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NBk5YuwN1rdBXAhxO/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3579 1490232122.95 1490232123.62 671 192.168.1.116 - 56681 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lTcwE9DUpokr0wP990F6CiTt7wed/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3580 1490232315.79 1490232316.47 678 192.168.1.116 - 56682 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yyVVoFxpIUmvrzKwC9o/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3581 1490232508.62 1490232509.25 637 192.168.1.116 - 56683 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3581 1490232509.51 1490232510.16 647 192.168.1.116 - 56683 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pQfvLlyczCYSCJ5F48QYwfpdpivJSpuP/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3582 1490232702.35 1490232703.01 667 192.168.1.116 - 56684 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eK9xjFZRTLgJ38QsLW594vh7m/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3583 1490232895.22 1490232895.92 699 192.168.1.116 - 56685 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WkDv1QZoeyyWdh7Rj0Ze/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3584 1490233088.08 1490233088.72 644 192.168.1.116 - 56686 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VbV7Y0opymIgFNTpWMjmr3B/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3585 1490233281.03 1490233281.75 719 192.168.1.116 - 56687 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QtkNS3FpVojabOqWXS0Picq5/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3586 1490233473.94 1490233474.61 677 192.168.1.116 - 56688 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9mXxFbpDSM33stZVpmwRLm6/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3587 1490233666.82 1490233667.49 671 192.168.1.116 - 56689 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QXsCPiOWXKNlUy5JSTFUdTtbR/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3588 1490233859.6 1490233860.24 643 192.168.1.116 - 56690 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GWAKjyKBsXuefb3tRc0/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3589 1490234052.61 1490234053.31 703 192.168.1.116 - 56691 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nKUTUCbFeuSgiXPzN/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3590 1490234245.52 1490234246.2 678 192.168.1.116 - 56692 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hMlmY8Ach8O7ds3U5/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3591 1490234438.39 1490234440.27 1878 192.168.1.116 - 56693 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3591 1490234447.43 1490234448.8 1368 192.168.1.116 - 56693 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3591 1490234455.8 1490234456.5 697 192.168.1.116 - 56693 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v9GyxPbudAIRz4uKuShh/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3592 1490234648.72 1490234649.4 682 192.168.1.116 - 56694 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yjbG9u7cElUJmchOWbveD6v5xzeb4xg/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3593 1490234841.54 1490234842.16 618 192.168.1.116 - 56695 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Uq7D76BWqtFHBhKhEd/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3594 1490235034.27 1490235034.91 640 192.168.1.116 - 56696 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s3rdQLknBuWaJlfyB/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3595 1490235227.12 1490235227.8 677 192.168.1.116 - 56697 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/obC2YT5ss9uEKS55gN/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3596 1490235427.03 1490235427.73 699 192.168.1.116 - 56698 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3597 1490235445.73 1490235446.45 717 192.168.1.116 - 56699 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3598 1490235463.43 1490235464.12 690 192.168.1.116 - 56700 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3599 1490235481.17 1490235481.85 683 192.168.1.116 - 56701 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FxRsGDTQv5SIB1FSvANxzD/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3600 1490235674.03 1490235674.7 667 192.168.1.116 - 56702 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7xDmIr31SQhe6sg0cyxJevM57bjRB/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3601 1490235866.87 1490235867.54 669 192.168.1.116 - 56703 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KZnsrgmxeCN4k9NoFN/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3602 1490236059.79 1490236060.5 714 192.168.1.116 - 56704 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6KKpqJgnkDVU1ubvC3Ry/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3603 1490236252.69 1490236253.36 674 192.168.1.116 - 56705 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c8pwWVoNGigMDCIZctZql7/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3604 1490236445.55 1490236446.22 675 192.168.1.116 - 56706 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1FwNULbWhu7fDWlIxSPIFDEMQv/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3605 1490236638.42 1490236639.09 670 192.168.1.116 - 56707 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VoCs6VXAygwCJ1ql/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3606 1490236833.15 1490236833.83 676 192.168.1.116 - 56708 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZNYUJxDyEYm2wHjAXYVCVLABkcPXsfx/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3607 1490237026.06 1490237026.73 673 192.168.1.116 - 56709 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aRfnEGi8hAI7M6j9rOHU/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3608 1490237218.96 1490237219.6 637 192.168.1.116 - 56710 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Es4tS5e2U8rbsvqpIBWZIeaCX/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3609 1490237411.95 1490237412.62 679 192.168.1.116 - 56711 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y0VW7EsUyKegrPxotTbnsPD42R/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3610 1490237604.75 1490237605.38 637 192.168.1.116 - 56712 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0mnh3tGA8nRVxGgNH/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3611 1490237797.51 1490237798.15 639 192.168.1.116 - 56713 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ikbfjIeriyi0bDlnzVEXi/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3612 1490238124.37 1490238124.84 466 192.168.1.116 - 56717 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3613 1490238127.06 1490238127.47 418 192.168.1.116 - 56718 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 3612 1490238127.67 1490238128.18 509 192.168.1.116 - 56717 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/9xbEgmnpxWLRRAcERWtwGhuqe/ 327 515 0 372 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3612 1490238128.69 1490238129.18 484 192.168.1.116 - 56717 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/KRNHYKUEGBHFY/1/ 220 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3614 1490238131.58 1490238132.1 520 192.168.1.116 - 56719 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3615 1490238134.55 1490238135.06 509 192.168.1.116 - 56720 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3616 1490238137.51 1490238138.02 511 192.168.1.116 - 56721 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3617 1490238141.41 1490238144.51 3109 192.168.1.116 - 56722 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3617 1490238144.78 1490238145.32 537 192.168.1.116 - 56722 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BncIY0dbfG9hzeOlShF2/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3618 1490238337.01 1490238337.52 514 192.168.1.116 - 56723 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xz9NF19XCHmdPiOEBHH/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3619 1490238534.38 1490238536.19 1807 192.168.1.116 - 56724 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A8cVEpnFgW46tpNDdHcr1b/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3620 1490238731.31 1490238731.78 467 192.168.1.116 - 56725 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e0JBFChYJXt2QnsZBCDO1/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3621 1490238924.47 1490238925.86 1385 192.168.1.116 - 56726 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2B8BJuijsxdVhseM/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3622 1490239117.5 1490239119.28 1774 192.168.1.116 - 56727 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T6EZiC7gktaNPR4XV0sGjcOPHsBGYgeC/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3623 1490239310.95 1490239311.45 507 192.168.1.116 - 56728 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/COnJrdfgJY70uDTSa4mEDjjq28nLD662/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3624 1490239504.23 1490239506.05 1820 192.168.1.116 - 56729 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UlTBp0VK41ybbIq4P3YHzA/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3625 1490239697.72 1490239699.49 1772 192.168.1.116 - 56730 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hIhGkoxqWNbHSE8zjVE3/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3626 1490239891.2 1490239894.49 3284 192.168.1.116 - 56731 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3626 1490239901.66 1490239903.2 1538 192.168.1.116 - 56731 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3626 1490239910.65 1490239911.19 540 192.168.1.116 - 56731 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/06Nv47Y3zaZp3E8miI/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3627 1490240102.9 1490240103.41 512 192.168.1.116 - 56732 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ClE2MV57rugkapM6mHbTzd/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3628 1490240297.4 1490240299.14 1739 192.168.1.116 - 56733 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BoXda3vv6VrNj6vWQUleQdE/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3629 1490240494.14 1490240494.67 534 192.168.1.116 - 56734 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5OntQMzUWp94LfoXMSsk8Fy798/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3630 1490240686.31 1490240686.84 532 192.168.1.116 - 56735 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8NiWrl1yjNL7tcPuW3MfooyBh/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3631 1490240881.57 1490240882.08 518 192.168.1.116 - 56736 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jOjOgp1t4WNACnEdfUn7qZu/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3632 1490241073.8 1490241074.31 515 192.168.1.116 - 56737 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SLzHiuZWYQKILVha/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3633 1490241267.93 1490241268.44 504 192.168.1.116 - 56738 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3633 1490241274.4 1490241274.92 523 192.168.1.116 - 56738 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N96eCP3uHgtcG4TsQPqRxWhk/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3634 1490241466.62 1490241477.5 10889 192.168.1.116 - 56739 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sf30gcYQeOCujXAYFfiguO5yA/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3635 1490241669.17 1490241670.58 1409 192.168.1.116 - 56740 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A7eXAOz67gN1CX9SMWj0jBVUwH/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3636 1490241867.68 1490241868.21 537 192.168.1.116 - 56741 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iFCM2TMfN424uhpTRk1BCXM/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3637 1490242060.88 1490242062.33 1441 192.168.1.116 - 56742 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W3RlmGg5GyPai1fA1Ka7lMx3AR/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3638 1490242254.03 1490242254.56 532 192.168.1.116 - 56743 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m9HYfXsfA1lIcodznp9oz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3639 1490242446.23 1490242446.71 479 192.168.1.116 - 56744 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/68WXEnRONexVcXjOK8/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3640 1490242638.38 1490242638.9 515 192.168.1.116 - 56745 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tdFxT1rzhDNf8vjhBzQ9CR57/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3641 1490242831.59 1490242832.09 503 192.168.1.116 - 56746 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jRmnoDaB4yxFgvZg96v27UTJu/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3642 1490243026.21 1490243026.73 514 192.168.1.116 - 56747 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QWPxeoqDgPcmFpP7hX24sKz3hAs09hLT/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3643 1490243218.35 1490243218.83 476 192.168.1.116 - 56748 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EJhPrkYTDoeRtWhRBIlEHI5djBw/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3644 1490243410.46 1490243410.94 480 192.168.1.116 - 56749 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ikH04YnBQNPrdnG67OsfqY/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3645 1490243607.26 1490243607.77 516 192.168.1.116 - 56750 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3645 1490243608.04 1490243608.54 506 192.168.1.116 - 56750 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a783B7h13O7Zd0z002GlBr7LUrxi1Zh/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3646 1490243800.22 1490243800.75 526 192.168.1.116 - 56751 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3wJc93sspNrboHbOw8A7HuvgDR7Q/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3647 1490243993.4 1490243995.24 1834 192.168.1.116 - 56752 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RxlfC57zPDnq0wh6B9F1jGFat/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3648 1490244186.98 1490244188.85 1871 192.168.1.116 - 56753 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YXeV4qFdsDdLaF5huHSzZYLU/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3649 1490244386.05 1490244387.57 1514 192.168.1.116 - 56754 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3650 1490244390.96 1490244391.46 503 192.168.1.116 - 56755 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WUbPdRIUw4z0krb1LW3BmGl2QbUkwH/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3651 1490244585.68 1490244587.16 1474 192.168.1.116 - 56756 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xUB70BwwD1c0fWWThPdY4WlZG9MAdmuR/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3652 1490244778.97 1490244779.49 515 192.168.1.116 - 56757 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1IvgT1jn5Yu3z6yDPQ851cGQjeJM2fR/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3653 1490244972.07 1490244972.58 505 192.168.1.116 - 56758 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kgxFGeuCPgtGMaMrx/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3654 1490245164.23 1490245164.7 473 192.168.1.116 - 56759 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HIgtmqh1tblMkNCjpb/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3655 1490245357.38 1490245362.94 5558 192.168.1.116 - 56760 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3655 1490245370.5 1490245372.0 1508 192.168.1.116 - 56760 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3655 1490245379.76 1490245380.3 536 192.168.1.116 - 56760 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZaVvhzW293JWHruYYB/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3656 1490245575.37 1490245577.19 1818 192.168.1.116 - 56761 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mDHmtTmvvbFxrDsUKyvVlhciM/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3657 1490245769.94 1490245772.68 2744 192.168.1.116 - 56762 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oVHHO41R5y1yO2JtXCihNg9H1HmjGmjY/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3658 1490245965.37 1490245965.88 507 192.168.1.116 - 56763 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A36g37gCHAe2sHxye/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3659 1490246158.56 1490246159.07 509 192.168.1.116 - 56764 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VkiE7NhlnwNGDj0AGL8cKW/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3660 1490246353.77 1490246355.54 1770 192.168.1.116 - 56765 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nc1atAHr2CQpMK61YX/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3661 1490246548.14 1490246552.58 4439 192.168.1.116 - 56766 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WX43b2dSkW8PI4XuYfceQJQ8Xi/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3662 1490246744.31 1490246744.83 518 192.168.1.116 - 56767 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pvbgvwTTiSFbLw9CjRlhaNxp/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3663 1490246937.64 1490246938.15 513 192.168.1.116 - 56768 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jptr1ntDdW2v4RWR/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3664 1490247130.84 1490247131.35 509 192.168.1.116 - 56769 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UDf2FOv4KQ9oZYrwrOKfWXvEZxqWbgyp/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3665 1490247325.77 1490247326.27 503 192.168.1.116 - 56770 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XG0wTvVJ7yL9xDlnn4bHfeoeOS/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3666 1490247517.87 1490247518.34 467 192.168.1.116 - 56771 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6HW8cFnZGVe6wmBgHy17j/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3667 1490247711.13 1490247711.64 514 192.168.1.116 - 56772 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LcFmZQlPG1QsNJb3/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3668 1490247903.34 1490247903.87 533 192.168.1.116 - 56773 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/87r3Z3VjiOO6JpigEYePXaa/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3669 1490248096.74 1490248097.25 509 192.168.1.116 - 56774 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q0zoBsI1ooHb9fQmXo/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3670 1490248290.87 1490248292.64 1774 192.168.1.116 - 56775 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i6RMt79xQ6ycvZYK9PJrKNXHJUs/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3671 1490248487.63 1490248489.34 1706 192.168.1.116 - 56776 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mvnDfCZg3jy7nxJmBrnYfly/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3672 1490248681.04 1490248681.57 532 192.168.1.116 - 56777 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/INOkAi0ItQvpmHnwW/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3673 1490248874.26 1490248874.73 474 192.168.1.116 - 56778 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IvKWlvPZIZhKZRM2JuBOtSehE/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3674 1490249070.0 1490249070.55 549 192.168.1.116 - 56779 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3674 1490249070.87 1490249072.22 1351 192.168.1.116 - 56779 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ClgcTNKKDySUpzmQsxeELh2/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3675 1490249264.03 1490249264.54 512 192.168.1.116 - 56780 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/049IgM9yYjyreZt2fwZL7Dx3mJlk7/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3676 1490249459.57 1490249461.42 1852 192.168.1.116 - 56781 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jNMxYEq7dgdpO9PM/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3677 1490249653.14 1490249653.68 536 192.168.1.116 - 56782 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HsjVDVniXJdiBhaFN40W4lINk85TZgd2/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3678 1490249845.45 1490249847.37 1918 192.168.1.116 - 56783 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1xtquY9BCsuXA93qYVk/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3679 1490250052.97 1490250053.51 540 192.168.1.116 - 56784 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3680 1490250072.07 1490250079.51 7441 192.168.1.116 - 56785 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3681 1490250095.98 1490250096.49 516 192.168.1.116 - 56786 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3682 1490250113.04 1490250113.55 505 192.168.1.116 - 56787 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U7dk6BzyMjH7TkuZa5cMdVmgHq/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3683 1490250311.57 1490250313.4 1828 192.168.1.116 - 56788 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V7amHr9PeTjmSLtsggl/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3684 1490250512.66 1490250513.27 604 192.168.1.116 - 56789 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SmXwnnF7Q8LRlI5gcFvPWS8jZvd9fu5/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3685 1490250706.24 1490250706.82 578 192.168.1.116 - 56790 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2290hUlIPiZF2Tv6UU5pO9m/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3686 1490250898.77 1490250900.45 1681 192.168.1.116 - 56791 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3686 1490250907.61 1490250908.72 1114 192.168.1.116 - 56791 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3686 1490250916.45 1490250917.0 553 192.168.1.116 - 56791 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rZifL9W3AfNNnQOSes3dM1TWI19h/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3687 1490251109.82 1490251110.36 538 192.168.1.116 - 56792 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v4445zUQq8SZzihZl/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3688 1490251304.48 1490251307.3 2825 192.168.1.116 - 56793 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fNRWnhnpCIOdKaSJ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3689 1490251500.9 1490251501.41 512 192.168.1.116 - 56794 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kxh3qYxQ4UMKV5Oce5pqtomc/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3690 1490251695.47 1490251696.01 540 192.168.1.116 - 56795 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QXFPFrKfjLtSNo7xKM63iPpFmhbdD/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3691 1490251888.68 1490251889.21 525 192.168.1.116 - 56796 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E5QPKOu4EVFTaHUKJ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3692 1490252085.28 1490252085.79 504 192.168.1.116 - 56797 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3692 1490252091.75 1490252092.26 515 192.168.1.116 - 56797 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fei6dO8M07OtYu0tLBCpGfZkPBxU/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3693 1490252286.45 1490252286.95 506 192.168.1.116 - 56798 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DZeOJAJTY93QU9cGJ9ebvTC5vfxOcoTb/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3694 1490252483.96 1490252484.47 504 192.168.1.116 - 56799 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dYI4RgWDRo0QGhlTafzlNORKT/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3695 1490252676.28 1490252676.79 508 192.168.1.116 - 56800 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wwpP8wDhtOik9u0oLB2GiYVX/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3696 1490252869.42 1490252871.25 1827 192.168.1.116 - 56801 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P0EsBV1zO0yVxHiEC1f9nsT/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3697 1490253062.93 1490253063.39 469 192.168.1.116 - 56802 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v8UiKBYqOm5S2LkFW9NG/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3698 1490253256.01 1490253256.52 504 192.168.1.116 - 56803 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s3bCAWIDh0nC44LF/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3699 1490253451.88 1490253452.38 503 192.168.1.116 - 56804 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HLgRqgVhIasPlz9gyV/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3700 1490253646.22 1490253646.69 469 192.168.1.116 - 56805 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KzIejseQ6B8MI4f7YsTOo0YokOAQN/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3701 1490253841.12 1490253842.72 1605 192.168.1.116 - 56806 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dsSBKhEIITQ4WqA23T2cGd2Uz6xR/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3702 1490254035.44 1490254035.96 520 192.168.1.116 - 56807 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KGcNWwnX76HqXwST/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3703 1490254228.63 1490254230.01 1376 192.168.1.116 - 56808 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e5VrdUOIldKRgA6Gj6qLOUUIHa/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3704 1490254421.78 1490254423.3 1517 192.168.1.116 - 56809 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iwap4uIGHtPdZU5IKNr8IhcKYI/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3705 1490254622.04 1490254622.55 512 192.168.1.116 - 56810 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3705 1490254622.81 1490254624.28 1471 192.168.1.116 - 56810 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ecEmqHQyBemYpuLf6OpERInm1a/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3706 1490254818.32 1490254818.86 547 192.168.1.116 - 56811 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oq5edM4On5Vwgpqv4u4wg/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3707 1490255011.55 1490255012.05 505 192.168.1.116 - 56812 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PC3muDC2PqBpUGLXcuHz6I/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3708 1490255204.87 1490255205.41 543 192.168.1.116 - 56813 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Fxb8iU6TWlnE2oZwc67C/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3709 1490255398.04 1490255398.51 468 192.168.1.116 - 56814 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wAKRWa9snmGSFFouRk0Q6PXCoSo803Bx/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3710 1490255591.4 1490255591.98 577 192.168.1.116 - 56815 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QLjaouT2jekDs26XxERpdZEF/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3711 1490255783.7 1490255785.57 1871 192.168.1.116 - 56816 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9TWEgvF1fPzHETSx2v/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3712 1490255979.42 1490255981.43 2009 192.168.1.116 - 56817 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bY8rakW9V0uwrRNfCKoY/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3713 1490256174.74 1490256175.28 531 192.168.1.116 - 56818 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o1HgQoLJ5ZmJLGMW1Krk7r/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3714 1490256371.12 1490256373.14 2013 192.168.1.116 - 56819 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3714 1490256380.28 1490256381.3 1029 192.168.1.116 - 56819 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3714 1490256388.61 1490256389.12 517 192.168.1.116 - 56819 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RbZ4f9M9fTopeHWe/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3715 1490256592.9 1490256593.42 514 192.168.1.116 - 56820 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b69EUxMZO9jIuqdsYCSMP5mepT/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3716 1490256785.31 1490256785.89 579 192.168.1.116 - 56821 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DI9ceKwy0mNhCcJ1Mw00ErWyyImEg0F/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3717 1490256979.51 1490256980.03 517 192.168.1.116 - 56822 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4IpCaZ2X0bWJ4NZqM/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3718 1490257171.62 1490257173.34 1714 192.168.1.116 - 56823 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4LETldjpqG6gEUnci9gJV9sBrQbb/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3719 1490257365.07 1490257365.54 471 192.168.1.116 - 56824 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/58TP6C0safvI7q5l6sP/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3720 1490257557.33 1490257557.81 479 192.168.1.116 - 56825 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YcihN64OlIrtuLISee08DmmcRV4/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3721 1490257749.23 1490257749.67 440 192.168.1.116 - 56826 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3721 1490257749.89 1490257750.34 450 192.168.1.116 - 56826 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/SlsL3JF1EkfwY1kp5/ 320 507 0 364 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3721 1490257750.87 1490257751.24 372 192.168.1.116 - 56826 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/BOZFFPJWLUHUWU/1/ 222 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3722 1490257753.39 1490257753.81 421 192.168.1.116 - 56827 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3723 1490257755.0 1490257755.42 417 192.168.1.116 - 56828 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3724 1490257757.6 1490257758.04 438 192.168.1.116 - 56829 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3725 1490257760.18 1490257760.61 435 192.168.1.116 - 56830 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XCeu9qQfzslB6t8A6kVjAfO/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3726 1490257952.43 1490257952.86 433 192.168.1.116 - 56831 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0g5q8BWy1qLfXLvUTr04kfM3ktccxy/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3727 1490258144.2 1490258144.64 434 192.168.1.116 - 56832 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vDszEefehVr9dcSQr4JuESw/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3728 1490258336.02 1490258336.38 366 192.168.1.116 - 56833 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zy5ZhLlkJcqTM8TQ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3729 1490258527.73 1490258528.17 436 192.168.1.116 - 56834 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CdO4DmSO5UH4is7hGaAZ1YmbUxWHAX/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3730 1490258719.62 1490258720.02 405 192.168.1.116 - 56835 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/znIvxuDKgCMPig5WaWnofPClQVBHE3/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3731 1490258911.39 1490258911.77 385 192.168.1.116 - 56836 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0Bt3fdT5EQdThbHaQm/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3732 1490259103.15 1490259103.56 403 192.168.1.116 - 56837 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m078T1xMCwoEw9N6G/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3733 1490259294.94 1490259295.31 371 192.168.1.116 - 56838 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5tdcG2ZduYBmNICotU1/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3734 1490259486.71 1490259487.13 414 192.168.1.116 - 56839 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LAmGmP1eOTxXCJvqrxSm3JC/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3735 1490259678.47 1490259678.91 432 192.168.1.116 - 56840 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0ttsg2uKmxL7lSpH9TGQzdz0Pygmm3F/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3736 1490259870.35 1490259870.78 434 192.168.1.116 - 56841 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p8qtwz4eUmytZ0Ea2Y/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3737 1490260062.15 1490260062.56 410 192.168.1.116 - 56842 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3737 1490260062.83 1490260063.19 367 192.168.1.116 - 56842 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/powUw60RtxHQHCGEcP3D/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3738 1490260254.54 1490260254.91 366 192.168.1.116 - 56843 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z2c5XPnXLstQv7DnWxK/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3739 1490260446.27 1490260446.69 418 192.168.1.116 - 56844 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ey6YFJNyWa6Ozw9FbQOrtSrTT/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3740 1490260638.06 1490260638.43 374 192.168.1.116 - 56845 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LY3WFISHcj5ZBu7At3RrKMW/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3741 1490260829.78 1490260830.23 448 192.168.1.116 - 56846 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EvZlltuJk903mgUgi3Xj/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3742 1490261021.63 1490261022.07 433 192.168.1.116 - 56847 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SeRvoOyFnXeiyAaOrq1dZX25Nw0X/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3743 1490261213.67 1490261214.08 407 192.168.1.116 - 56848 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JA2vNtIsm5Z4b2gIRKBo3c3JM8/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3744 1490261405.46 1490261405.87 408 192.168.1.116 - 56849 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IcTUvBIMrhOT0WBb2Migl3za/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3745 1490261597.2 1490261597.63 434 192.168.1.116 - 56850 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5huq5Zx8VhN4nmSe/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3746 1490261789.05 1490261790.19 1147 192.168.1.116 - 56851 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3746 1490261797.69 1490261798.52 823 192.168.1.116 - 56851 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3746 1490261805.6 1490261806.04 445 192.168.1.116 - 56851 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cuASrLrXRsTpj8p0XZgNwUjP862SjL/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3747 1490262000.55 1490262000.99 435 192.168.1.116 - 56853 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DDTxEXQcqwqTJqzQXH/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3748 1490262192.38 1490262192.78 407 192.168.1.116 - 56854 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g7gh2o1DEXFny86nUPohWG4r/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3749 1490262384.18 1490262384.59 406 192.168.1.116 - 56855 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g2wznfima2QjVTb9Xr9uXAI4kixByh3P/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3750 1490262575.99 1490262576.36 367 192.168.1.116 - 56856 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zu2xDK6GdEAZrQZEq/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3751 1490262767.75 1490262768.17 413 192.168.1.116 - 56857 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UUomsK0PxTGnJIYVMjTBEX1AlTxUgb/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3752 1490262959.54 1490262959.95 409 192.168.1.116 - 56858 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3752 1490262965.91 1490262966.36 445 192.168.1.116 - 56858 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZAUTdARyLDDD5LFWh7CXnFc/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3753 1490263158.14 1490263158.55 407 192.168.1.116 - 56859 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LR0otOR57UwoGFCG4SHH/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3754 1490263349.88 1490263350.25 367 192.168.1.116 - 56860 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fb4c3DNlqejiHGS8JOyEBA9rg8kfJT9w/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3755 1490263541.63 1490263542.04 411 192.168.1.116 - 56861 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pA8zC1IqO0JzsahZA/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3756 1490263733.46 1490263733.9 434 192.168.1.116 - 56862 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tMQsoS0Cpnn5tQiyIWvAPmHR3q90/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3757 1490263925.27 1490263925.69 416 192.168.1.116 - 56863 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SXr876UkCyoFvKPemS55jscusA/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3758 1490264117.03 1490264117.46 431 192.168.1.116 - 56864 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uaTY1yeuyzCYeG5Wego08EdJ477/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3759 1490264308.83 1490264309.23 405 192.168.1.116 - 56865 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o8LHNPvffpVSSxsFejoeH/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3760 1490264500.63 1490264501.05 418 192.168.1.116 - 56866 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cMYnFsIcuMTDPISwiNouY/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3761 1490264698.44 1490264698.85 408 192.168.1.116 - 56867 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3762 1490264715.02 1490264715.45 434 192.168.1.116 - 56868 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3763 1490264731.63 1490264732.04 409 192.168.1.116 - 56869 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3764 1490264749.24 1490264749.64 407 192.168.1.116 - 56870 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rEqQ5arJe5KvogZudfgCNDqycZeOcA6/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3765 1490264941.03 1490264941.47 436 192.168.1.116 - 56871 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gAI4VB4FA8ANTimxCB/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3766 1490265133.08 1490265133.51 432 192.168.1.116 - 56872 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dh1M8RDgTVIduAfVFwO5/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3767 1490265325.04 1490265325.45 407 192.168.1.116 - 56873 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dmyNiWehk56gM9crBp6ctHBc5Xb80/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3768 1490265516.8 1490265517.2 406 192.168.1.116 - 56874 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3768 1490265517.45 1490265517.9 445 192.168.1.116 - 56874 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1zZqVxRF38JJ6iiSKOtTrkZrZWNk/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3769 1490265709.27 1490265709.71 433 192.168.1.116 - 56875 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MDvrWuZxfKdoC0DUQZtRi4fDYLPegfuu/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3770 1490265901.2 1490265901.64 433 192.168.1.116 - 56876 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cQ8OsTQnf8xbAwYP31dF/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3771 1490266093.02 1490266093.47 450 192.168.1.116 - 56877 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xJJ41pNnx1jhHXc2LejN7QBtC6/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3772 1490266284.91 1490266285.33 416 192.168.1.116 - 56878 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tpfIqFdLpIK1I4jJCTuIJgk/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3773 1490266476.71 1490266477.14 434 192.168.1.116 - 56879 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/quoq4YlFKCTjieUHrpZ2t2C6MJFaogkp/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3774 1490266668.46 1490266668.83 368 192.168.1.116 - 56880 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OHZKd6A7y5zexZcKcbTdvOEvBA/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3775 1490266860.24 1490266860.65 416 192.168.1.116 - 56881 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SG3QwkCS6r5Z1xjeFeW8yB2v/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3776 1490267052.04 1490267052.46 412 192.168.1.116 - 56882 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yE6iqRzOVUFUiZ8Xp3zr/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3777 1490267243.85 1490267244.97 1123 192.168.1.116 - 56883 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3777 1490267252.1 1490267252.91 811 192.168.1.116 - 56883 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3777 1490267259.86 1490267260.29 435 192.168.1.116 - 56883 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gLtLFbmkqbEKLIEervJdzDQdC8T/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3778 1490267451.7 1490267452.1 404 192.168.1.116 - 56884 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QFLgVK8E0d0UVJoM4/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3779 1490267643.52 1490267643.92 410 192.168.1.116 - 56885 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SJbW2ZfoJZv3zZ6r/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3780 1490267835.32 1490267835.73 416 192.168.1.116 - 56886 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JdHcGi9byYSKp7Mzt/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3781 1490268027.14 1490268027.56 413 192.168.1.116 - 56887 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rjF5sjiDFWyMYmdESoDip7HMzWeuBwfK/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3782 1490268219.3 1490268219.73 435 192.168.1.116 - 56888 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/appqUipVH05pRCflWfnsjb74Xamza/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3783 1490268411.12 1490268411.49 368 192.168.1.116 - 56889 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dLaqwZajmMmYg7Ff6L13oLgcC5tBAh/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3784 1490268602.89 1490268603.3 407 192.168.1.116 - 56890 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tflh83v8YNWWOYIiIV1u9d/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3785 1490268794.64 1490268795.07 430 192.168.1.116 - 56891 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wBJbSrTebn3xDtFAsXDRMYchuqVLhV/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3786 1490268986.48 1490268986.92 435 192.168.1.116 - 56892 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s6Atu4pdgDKZ4qYBZic5D0xM9bF94/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3787 1490269178.36 1490269178.78 415 192.168.1.116 - 56893 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4cuMYgSPB8XugJxi1ynC/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3788 1490269370.13 1490269370.56 431 192.168.1.116 - 56894 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cg8JhqARabVYaN4t9x/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3789 1490269561.95 1490269562.37 412 192.168.1.116 - 56895 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/luUg5BeHuJXUfAsF9bW7T/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3790 1490269753.76 1490269754.16 405 192.168.1.116 - 56896 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6W2u7knXGSoRB6sGtxCqMQNM/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3791 1490269945.52 1490269945.89 371 192.168.1.116 - 56897 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GtcKdziwNwXyWTLTUskiuVzfyDGoSh/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3792 1490270137.34 1490270137.76 416 192.168.1.116 - 56898 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7zDBN2e9eaSPlgDsPQJpjU/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3793 1490270329.1 1490270329.53 433 192.168.1.116 - 56899 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x5WamvguWkdeNCHIzyy9yBfMA1soD/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3794 1490270520.97 1490270521.38 415 192.168.1.116 - 56900 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mg9YAJ7ANSZFG4CKuD/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3795 1490270712.75 1490270713.16 408 192.168.1.116 - 56901 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PJvjvzOWXtuShgSD4o8/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3796 1490270904.55 1490270904.96 406 192.168.1.116 - 56902 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QNnSDMeijisLZDRAdNHUquT85kU7xK/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3797 1490271096.31 1490271096.72 413 192.168.1.116 - 56903 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3797 1490271096.98 1490271097.39 415 192.168.1.116 - 56903 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XhfGH02afu1US4AGfrGevqYrMGJ8nO91/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3798 1490271288.8 1490271289.21 411 192.168.1.116 - 56904 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0W193V6KCm8KlWulAJjwrKoI7Cj/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3799 1490271480.58 1490271481.0 418 192.168.1.116 - 56905 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7214QpRy5rusB9vtBNn2kZO/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3800 1490271672.38 1490271672.75 372 192.168.1.116 - 56906 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rrSA1UeL8f8cOKgWycXqk2Bsyaw3Z/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3801 1490271864.18 1490271864.57 389 192.168.1.116 - 56907 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EAETyeZ1SMKPk0qxtTitk1hi/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3802 1490272055.92 1490272056.36 437 192.168.1.116 - 56908 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Opad4wOQn6ZE7DyEjlHWr1/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3803 1490272247.72 1490272248.08 366 192.168.1.116 - 56909 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iWzO6uDHVVbQwY367/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3804 1490272439.45 1490272439.85 406 192.168.1.116 - 56910 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fdyAKM6j8Js05IIG1/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3805 1490272631.23 1490272631.6 368 192.168.1.116 - 56911 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OfMfFIqg9gXJ0lHi55hWf8l/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3806 1490272822.99 1490272824.12 1131 192.168.1.116 - 56912 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3806 1490272831.62 1490272832.54 924 192.168.1.116 - 56912 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3806 1490272839.66 1490272840.1 436 192.168.1.116 - 56912 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2k7efBaSylKvs1fi5r9/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3807 1490273031.46 1490273031.9 434 192.168.1.116 - 56913 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/85luFviSk36meYwoPHK/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3808 1490273223.91 1490273224.34 428 192.168.1.116 - 56914 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3809 1490273225.53 1490273225.94 405 192.168.1.116 - 56915 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HKazRiJIiZSrUju3RY/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3810 1490273417.27 1490273417.64 369 192.168.1.116 - 56916 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ybv5JuCMR6qwBrq3Wlo9Or/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3811 1490273610.2 1490273610.61 415 192.168.1.116 - 56917 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RmGwj1PdbIHaZnjQIjUn/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3812 1490273802.03 1490273802.45 414 192.168.1.116 - 56918 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3812 1490273808.42 1490273808.86 440 192.168.1.116 - 56918 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cWR8RcruAAWWAUGVk26Fk4ruo/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3813 1490274000.24 1490274000.67 433 192.168.1.116 - 56919 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YJDWl2K3oPw7wme2Hp7EbSD4m/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3814 1490274192.08 1490274192.52 435 192.168.1.116 - 56920 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ou5vzGuv2vPjQrgm74GqSl12vMfEXiv1/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3815 1490274383.89 1490274384.33 435 192.168.1.116 - 56921 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KCYNWFisR7dSMuPh1GoY3khS/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3816 1490274576.6 1490274576.96 367 192.168.1.116 - 56922 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w6kaulhgF46SqUzVDmuIJOw6/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3817 1490274768.31 1490274768.74 432 192.168.1.116 - 56923 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7mwUMKodvEaYhzr91G/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3818 1490274960.15 1490274960.57 413 192.168.1.116 - 56924 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U0F4ru7GmmNU3MSHoUCempI/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3819 1490275151.99 1490275152.41 411 192.168.1.116 - 56925 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FN3t28ntUx9IPzmCfZ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3820 1490275343.8 1490275344.2 403 192.168.1.116 - 56926 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UdtfFIWtLc76Ktk6KlJ3G9zMlXjZoLD/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3821 1490275535.56 1490275535.97 411 192.168.1.116 - 56927 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yQEysTLPdjJD5KkupWDl5qlgkeQzD/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3822 1490275727.33 1490275727.73 404 192.168.1.116 - 56928 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/daOE6J0Ulrkse7w0l/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3823 1490275919.1 1490275919.47 367 192.168.1.116 - 56929 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cl912vmY3wiSHHClG/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3824 1490276110.85 1490276111.26 407 192.168.1.116 - 56930 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TzJQbV38XBVM9QWdgNGja24MKk/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3825 1490276302.65 1490276303.06 410 192.168.1.116 - 56931 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OC59yRiHu6FzL65cnB/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3826 1490276494.43 1490276494.86 431 192.168.1.116 - 56932 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R9WD9BdMHaH3BWvtHIsajcQb46CXXo9/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3827 1490276686.26 1490276686.67 406 192.168.1.116 - 56933 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3827 1490276686.92 1490276687.3 373 192.168.1.116 - 56933 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fBAPh3ecznZSIkOolDU84lA32xEx/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3828 1490276879.66 1490276880.07 410 192.168.1.116 - 56934 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TThfyy3LpKgLWsOEJwIOnsRlZERq6NeG/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3829 1490277073.79 1490277074.32 527 192.168.1.116 - 56935 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3830 1490277075.53 1490277075.77 241 192.168.1.116 - 56936 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 3829 1490277076.08 1490277076.63 542 192.168.1.116 - 56935 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/JSzcpMofID1wBGCyKrb/ 320 509 0 366 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3829 1490277077.13 1490277078.77 1635 192.168.1.116 - 56935 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/WRAKKLYVUWP/1/ 217 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3831 1490277081.39 1490277081.9 509 192.168.1.116 - 56937 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3832 1490277085.76 1490277086.31 551 192.168.1.116 - 56938 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3833 1490277088.8 1490277089.32 518 192.168.1.116 - 56939 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3834 1490277106.78 1490277107.29 514 192.168.1.116 - 56940 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jwbLDwe7BEr2fSg88CG26H/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3835 1490277298.96 1490277299.47 505 192.168.1.116 - 56941 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i0n7YPJpXlwXQd1jM5/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3836 1490277494.54 1490277495.26 714 192.168.1.116 - 56942 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LugS3ZTlxbWxQbdFrmz/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3837 1490277686.91 1490277687.38 471 192.168.1.116 - 56943 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3dmAk1Ca9gTpuDwo7tC/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3838 1490277880.54 1490277881.05 511 192.168.1.116 - 56944 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A9BdgkJJqpevpybGHVPBKN2X0lY/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3839 1490278072.71 1490278074.12 1416 192.168.1.116 - 56945 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UQukmdUhE98h2oByuL3ur/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3840 1490278271.89 1490278276.24 4343 192.168.1.116 - 56946 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3840 1490278283.8 1490278285.72 1922 192.168.1.116 - 56946 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3840 1490278292.82 1490278294.25 1426 192.168.1.116 - 56946 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HvPJPls5nI6p9AUk6gMoG98ilJjR/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3841 1490278487.39 1490278487.9 513 192.168.1.116 - 56947 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G52BjTcgEKCangsR10/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3842 1490278692.85 1490278693.37 513 192.168.1.116 - 56948 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GyV86ab2jSMA7UXiZufZ6qJCh/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3843 1490278885.05 1490278885.56 504 192.168.1.116 - 56949 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rH97Rtto7ET63S6e2x0q1N7hV/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3844 1490279079.0 1490279079.48 479 192.168.1.116 - 56950 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CCgmbZ1U4aaeIw9ugUuSf/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3845 1490279278.07 1490279278.57 503 192.168.1.116 - 56951 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3846 1490279295.94 1490279297.31 1372 192.168.1.116 - 56952 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3847 1490279316.21 1490279316.73 522 192.168.1.116 - 56953 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3848 1490279342.35 1490279342.86 509 192.168.1.116 - 56954 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YWZNVNWKQoOp1nKLj7TaOz/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3849 1490279536.48 1490279542.16 5679 192.168.1.116 - 56955 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QdExngWP4a1Mw82blEZbsfzL94xZ9eE/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3850 1490279734.81 1490279735.29 475 192.168.1.116 - 56956 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yfepx3PbnvGeDgUh4p/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3851 1490279927.9 1490279928.41 515 192.168.1.116 - 56957 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SedyuaJTyPYwM0jyINCMSZr/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3852 1490280123.74 1490280124.25 510 192.168.1.116 - 56958 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/erTwojvD3zOqoOfAI7tm8mgoco/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3853 1490280316.98 1490280317.49 510 192.168.1.116 - 56959 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H6FzmOmJ1foTpsdzi/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3854 1490280509.18 1490280509.68 503 192.168.1.116 - 56960 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/07DXu1qMeb0zNUwFFgSq/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3855 1490280713.9 1490280714.37 468 192.168.1.116 - 56961 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2qaPDSHavZPMuZ7BHEwzt5y1gZlZXD/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3856 1490280908.41 1490280908.93 517 192.168.1.116 - 56962 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q1v4jAF0DItKz2Ipf3U/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3857 1490281104.01 1490281105.45 1442 192.168.1.116 - 56963 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rgkT2ouAmxU6z7IB5aUji7663Gl/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3858 1490281313.07 1490281316.14 3072 192.168.1.116 - 56964 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VC4TmLwNTibcY5xJwFvCLVkz507gCdR/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3859 1490281507.79 1490281509.56 1772 192.168.1.116 - 56965 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/47uQRYluoDEw7MVvlng2vDD/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3860 1490281703.07 1490281704.44 1369 192.168.1.116 - 56966 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fXGAjwYNZkQEYF5hn9PW/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3861 1490281900.07 1490281900.58 518 192.168.1.116 - 56967 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SfOKgxCNHs8dpJpUG3/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3862 1490282092.32 1490282092.82 505 192.168.1.116 - 56968 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3862 1490282093.08 1490282093.6 518 192.168.1.116 - 56968 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aNkXoZ1V0ZvQ256HA/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3863 1490282286.29 1490282296.04 9750 192.168.1.116 - 56969 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TdYvKtp0b9BPYFHNmZvZbFYRV1MyE6U/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3864 1490282487.72 1490282488.26 534 192.168.1.116 - 56970 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dUt4YUySmwEjfLKfBk/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3865 1490282681.86 1490282684.6 2737 192.168.1.116 - 56971 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Ye6bMRYR3R0JxjZ/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3866 1490282876.38 1490282876.88 497 192.168.1.116 - 56972 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jbuM4SDQucMpoCyesuEs8HKQwFQKZ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3867 1490283068.46 1490283068.94 476 192.168.1.116 - 56973 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/StEfTKigFMpZ27ZIbNrk3E4R8DcZpR/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3868 1490283273.24 1490283273.75 514 192.168.1.116 - 56974 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z65o9yAUv6IMiPtvDHUfq0kT/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3869 1490283466.37 1490283467.82 1441 192.168.1.116 - 56975 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d17OIc2zkp1V6mGDIqeaXhUts1DP5g/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3870 1490283659.55 1490283660.06 515 192.168.1.116 - 56976 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ABQnHHv1utMFiZFxL1/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3871 1490283853.24 1490283854.78 1543 192.168.1.116 - 56977 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3871 1490283862.22 1490283864.66 2437 192.168.1.116 - 56977 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3871 1490283871.75 1490283872.28 525 192.168.1.116 - 56977 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n1hjPjre2elEK3V41z6UhZfz/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3872 1490284068.96 1490284069.49 531 192.168.1.116 - 56978 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YDduxQt5DUZkXfQBOewqMtw/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3873 1490284261.2 1490284261.72 517 192.168.1.116 - 56979 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L782f5WDO7xZQVgWIaIQ/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3874 1490284454.36 1490284454.87 511 192.168.1.116 - 56980 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JdwfVOBszuHSrcco1Ngzan1IzTqZnGu/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3875 1490284647.92 1490284649.74 1822 192.168.1.116 - 56981 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3875 1490284655.73 1490284656.29 564 192.168.1.116 - 56981 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ER33s0r0oCDtt7uXi7KTqFQoqL/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3876 1490284853.3 1490284853.81 506 192.168.1.116 - 56982 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/96nmFWTvCHWRUteJ7NS/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3877 1490285048.85 1490285049.36 516 192.168.1.116 - 56983 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cwcc0DPZr3ravezSYfN2U/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3878 1490285241.09 1490285241.6 507 192.168.1.116 - 56984 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oPtTPbJu6Ax9LZC0Zth/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3879 1490285433.3 1490285433.82 516 192.168.1.116 - 56985 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5FlyW38uy1BdUyEaznXqvN/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3880 1490285625.47 1490285625.94 474 192.168.1.116 - 56986 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n6aYNP1iLfiCXYoPNyW1M/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3881 1490285831.25 1490285831.79 539 192.168.1.116 - 56987 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aGA9ZHJJVhEP2V6gHwo3gEXHAdApe9/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3882 1490286024.4 1490286024.94 532 192.168.1.116 - 56988 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xUr347X0H9TgDMS7DHhtZsoD0uCgM6EU/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3883 1490286218.95 1490286219.46 504 192.168.1.116 - 56989 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BExgikFRiHnkyGySQTGqXKzbWA/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3884 1490286414.48 1490286416.29 1811 192.168.1.116 - 56990 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j3JX9uA0J6H2vJq6YHDvNqQyJQ9R/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3885 1490286608.94 1490286609.47 534 192.168.1.116 - 56991 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/INauCRY8iDh31R1VLXT1I5mYSywHIa/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3886 1490286802.18 1490286804.05 1870 192.168.1.116 - 56992 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GFoJCHaDVt8uLmYwwVUFsw54dvCY/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3887 1490286995.72 1490286996.23 508 192.168.1.116 - 56993 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ytDyhCPFTgrRULwV9KDBk07AEsNLCv1/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3888 1490287188.88 1490287189.39 506 192.168.1.116 - 56994 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DntKDwmyYeOEJXSbxyOgEadm9Y1zU/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3889 1490287381.95 1490287382.42 470 192.168.1.116 - 56995 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RMswr4eeghHJSgW1WaXdBzSypNE/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3890 1490287574.11 1490287574.62 509 192.168.1.116 - 56996 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3890 1490287574.89 1490287580.03 5144 192.168.1.116 - 56996 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kOt6hDuPkeZz2VtYDG09LnxODN/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3891 1490287772.74 1490287773.27 529 192.168.1.116 - 56997 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQprfPcO1YqJW8JURa1Xfnzica/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3892 1490287965.75 1490287966.24 486 192.168.1.116 - 56998 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vsXgIo9CCCHVTW3o/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3893 1490288157.85 1490288158.32 474 192.168.1.116 - 56999 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fyh5IiKbdohwu02pZaPc1nweW/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3894 1490288350.19 1490288350.71 516 192.168.1.116 - 57000 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IoFRU7Z6rN6R2wNyyDdyZ9l1g10n/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3895 1490288542.39 1490288542.9 510 192.168.1.116 - 57001 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nwFLHhIoq8U65G7COWXZFGIFFw4S/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3896 1490288734.6 1490288735.1 504 192.168.1.116 - 57002 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OPnEsuqxI2BTQ8S98uzIqs/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3897 1490288927.73 1490288931.54 3815 192.168.1.116 - 57003 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S7yVxC2RAkD9TurHbor2K4dm/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3898 1490289125.64 1490289126.15 508 192.168.1.116 - 57004 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tJzoEuK0SvH5HLaAQ8nSjaJiTq/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3899 1490289320.12 1490289323.53 3405 192.168.1.116 - 57005 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3899 1490289330.87 1490289332.3 1428 192.168.1.116 - 57005 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3899 1490289339.89 1490289341.32 1424 192.168.1.116 - 57005 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hsa5ry0Uiqd54bVjp3bK/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3900 1490289550.36 1490289550.87 507 192.168.1.116 - 57006 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s9GK9HvB3BYsObZyU5NZu/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3901 1490289744.93 1490289745.46 534 192.168.1.116 - 57007 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YUp0xKoVIFpLbSAp/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3902 1490289938.3 1490289941.03 2738 192.168.1.116 - 57008 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SigFAnA3F6YuLmyvzt2/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3903 1490290133.58 1490290134.05 472 192.168.1.116 - 57009 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5sRrYR3o5k28PXctQtJzRio71/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3904 1490290326.66 1490290331.01 4345 192.168.1.116 - 57010 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZDbLB8vorFVRBKYTGj2c/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3905 1490290525.56 1490290526.07 509 192.168.1.116 - 57011 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YbywqDRIplJazKp3AQWbf/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3906 1490290717.74 1490290718.27 536 192.168.1.116 - 57012 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kiqQpjtpCkXqelcDvz8WSpId9NKr/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3907 1490290909.96 1490290911.8 1835 192.168.1.116 - 57013 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FusMBpwguhC7PvXxorXX0prIVjNlzNA/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3908 1490291103.48 1490291104.01 534 192.168.1.116 - 57014 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mEVwGU2mBF0uO5iJT2FmX3c27LvkE/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3909 1490291296.66 1490291297.17 510 192.168.1.116 - 57015 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2GvN7pdKOHiaZDM8CWuEJFofmm1HXIaH/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3910 1490291488.92 1490291489.43 509 192.168.1.116 - 57016 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uMCyQcbNDUNBL5wwoeyDh8/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3911 1490291681.05 1490291681.52 470 192.168.1.116 - 57017 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/40NeXI5O8wzVjoWo/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3912 1490291873.13 1490291873.6 472 192.168.1.116 - 57018 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2MDZCrA7FYNLayNO6e7blqvEd/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3913 1490292069.95 1490292070.45 505 192.168.1.116 - 57019 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bXlMG95UnuObi5KoT3PHXtpiorKXtbf/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3914 1490292264.08 1490292264.59 509 192.168.1.116 - 57020 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LSccUh0MEq5JHzPuuBs7GMLBOxGR7/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3915 1490292457.7 1490292458.21 509 192.168.1.116 - 57021 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aKa3NuJpxljyhUJYG/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3916 1490292660.85 1490292661.32 471 192.168.1.116 - 57022 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HSIchLC34TVwCasejJCQKRuNUph/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3917 1490292855.29 1490292855.8 507 192.168.1.116 - 57023 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zoXJGdf2KYKdXNcQygNoAAruM/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3918 1490293048.35 1490293048.86 506 192.168.1.116 - 57024 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3918 1490293049.11 1490293049.59 482 192.168.1.116 - 57024 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OWWLemWIhZbmQZe0QYoxQYIIpPebkFKv/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3919 1490293242.23 1490293244.01 1775 192.168.1.116 - 57025 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l4sRzk5Cmu7GPTWp/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3920 1490293435.67 1490293436.14 471 192.168.1.116 - 57026 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YqqkyhWbz7ZR9SGIZWjG7QRf/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3921 1490293627.86 1490293628.39 531 192.168.1.116 - 57027 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rgtjoBSzC3gSIHVVXbO1144Ogt3QB/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3922 1490293825.98 1490293826.45 471 192.168.1.116 - 57028 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3923 1490293842.91 1490293843.48 574 192.168.1.116 - 57029 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3924 1490293859.97 1490293860.48 511 192.168.1.116 - 57030 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 3925 1490293879.26 1490293879.73 469 192.168.1.116 - 57031 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HognwWMZMvYTFKsI7q7A/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3926 1490294072.34 1490294072.88 541 192.168.1.116 - 57032 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OtiTE6GB198bUvuXIiaY1CqmvEA/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3927 1490294264.52 1490294264.99 475 192.168.1.116 - 57033 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nl6jk4FGroxGF7qTBuDelydzXRC/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3928 1490294457.61 1490294458.12 512 192.168.1.116 - 57034 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VUt2gfLZN7zQSmgNEtfEKaZqnXZ9zh/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3929 1490294650.72 1490294651.19 467 192.168.1.116 - 57035 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qQeYsfukxGhUdEsy/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3930 1490294842.86 1490294845.51 2650 192.168.1.116 - 57036 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3930 1490294852.94 1490294858.5 5561 192.168.1.116 - 57036 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3930 1490294865.38 1490294867.9 2519 192.168.1.116 - 57036 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L5JTHW8oT3GVvme8rfQSZuyzVJxC/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3931 1490295060.47 1490295061.85 1378 192.168.1.116 - 57037 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZInsm8v5Pgbr0gxeHjnZXG7guwAsN/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3932 1490295254.43 1490295254.9 467 192.168.1.116 - 57038 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Pd68sGFu3BIVaOW3BbIEVvoUsd/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3933 1490295447.57 1490295448.04 473 192.168.1.116 - 57039 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RuSApGFSiYuvAIBaEdKXDSXVj/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3934 1490295640.67 1490295642.48 1813 192.168.1.116 - 57040 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3934 1490295648.44 1490295648.98 539 192.168.1.116 - 57040 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/txSiBMy8JPBoSpzas/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3935 1490295840.63 1490295841.1 469 192.168.1.116 - 57041 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9Htja8clPUoRPwkTnTLDkq/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3936 1490296033.64 1490296034.11 468 192.168.1.116 - 57042 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/On1JQJVWxLvYE1e0f/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3937 1490296225.76 1490296226.24 472 192.168.1.116 - 57043 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IYnFTD57yjfoyEt1sEax2oeRZ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3938 1490296418.86 1490296420.2 1343 192.168.1.116 - 57044 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZrFIvFI4jCDLjB4o1MWVi/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3939 1490296611.85 1490296612.32 475 192.168.1.116 - 57045 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ponb81elWCySx3P390NtN9YIxhzPW/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3940 1490296804.68 1490296805.39 708 192.168.1.116 - 57046 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3940 1490296805.63 1490296806.37 742 192.168.1.116 - 57046 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/hwd70u40Uhs2Zp2lssnTltYkN1TWov8/ 333 521 0 378 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3940 1490296806.88 1490296807.56 683 192.168.1.116 - 57046 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/PFXLIXDHKGJJN/1/ 220 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 3941 1490296809.59 1490296810.3 709 192.168.1.116 - 57047 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3942 1490296812.32 1490296813.03 707 192.168.1.116 - 57048 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3943 1490296815.06 1490296815.8 737 192.168.1.116 - 57049 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3944 1490296818.78 1490296819.45 677 192.168.1.116 - 57050 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IgbUuQzDVjdsV35PRP81Fz30nZ8km0L/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3945 1490297011.7 1490297012.37 670 192.168.1.116 - 57051 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i8BCPZmraQZWt60MHBx/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3946 1490297204.63 1490297205.3 669 192.168.1.116 - 57052 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/39BM7ce1BKbCjztkeXNpVnHuV5I/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3947 1490297397.39 1490297398.01 621 192.168.1.116 - 57053 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQeeKb6gZZ8UpbveR1DL/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3948 1490297590.22 1490297590.89 673 192.168.1.116 - 57054 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hnD41nygfblpOxcGsirBQCQNyAbz/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3949 1490297783.01 1490297783.63 622 192.168.1.116 - 57055 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gPQntcaUHvvOsZk3FBD/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3950 1490297975.82 1490297976.49 673 192.168.1.116 - 57056 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GkTo0SDNwlsYUfGVHgi7RDTgzMTwvDJd/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3951 1490298168.71 1490298169.4 684 192.168.1.116 - 57057 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lMXJQQEjL8CJauLT5AW45lNWNxlXJpD/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3952 1490298361.49 1490298362.11 619 192.168.1.116 - 57058 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nl3SunnrZfGwQkHpQ3TZWvDSp/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3953 1490298554.31 1490298554.98 671 192.168.1.116 - 57059 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3953 1490298555.24 1490298555.92 678 192.168.1.116 - 57059 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KsnHHbzPGtxIvvbQlYJ8eM/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3954 1490298748.12 1490298748.79 670 192.168.1.116 - 57060 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EvD6f5IrvA1vu527YZXZN/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3955 1490298941.04 1490298941.72 681 192.168.1.116 - 57061 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/voG23lfRUZQHql3mEpub8EVWFyQ2Opbm/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3956 1490299133.96 1490299134.63 673 192.168.1.116 - 57062 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KEBWsYRRvF3kxGiLbNUMj/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3957 1490299326.84 1490299327.52 674 192.168.1.116 - 57063 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NUricLCkWV8VtgZ2t7HPG6liF7vCm/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3958 1490299519.83 1490299520.5 673 192.168.1.116 - 57064 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/miosb8nOrMmyGBMM59/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3959 1490299712.76 1490299713.43 669 192.168.1.116 - 57065 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nS4yg0WBJYE1vwIPL1Jo/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3960 1490299905.62 1490299906.29 674 192.168.1.116 - 57066 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nf2uhLYws4X5mtyKnV/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3961 1490300098.68 1490300099.36 684 192.168.1.116 - 57067 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZHGVz7O6fwrz0kX9J/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3962 1490300291.58 1490300293.52 1930 192.168.1.116 - 57068 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3962 1490300301.0 1490300302.34 1335 192.168.1.116 - 57068 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3962 1490300310.11 1490300310.79 682 192.168.1.116 - 57068 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GkkeK5TniM4RnrqLkdV4PIxnd/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3963 1490300503.02 1490300503.7 683 192.168.1.116 - 57069 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iRCAFQ7Cf5njdzytqT/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3964 1490300695.95 1490300696.62 671 192.168.1.116 - 57070 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9BY7aZVkdgul05kcvwZgBE4X/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3965 1490300888.82 1490300889.5 673 192.168.1.116 - 57071 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Sj2LCc3APP7SaYzyv5QGOaqThuXBlnb/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3966 1490301081.68 1490301082.36 675 192.168.1.116 - 57072 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qQjD8wpEg12SRoY7klTrQfuJ5IBle/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3967 1490301274.45 1490301275.07 623 192.168.1.116 - 57073 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HCW1PAGkUX21d0343/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3968 1490301467.29 1490301467.91 620 192.168.1.116 - 57074 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XMB07QZp297dNa1B4xpYj8Mh/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3969 1490301660.05 1490301661.92 1869 192.168.1.116 - 57075 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YZcSTLLUro4P8mLINE9/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3970 1490301854.06 1490301854.69 626 192.168.1.116 - 57076 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p4zKjCooT0CVlX0irvYDEZ/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3971 1490302046.97 1490302047.62 646 192.168.1.116 - 57077 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3972 1490302049.52 1490302050.13 610 192.168.1.116 - 57078 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cy0rZQ2S5o3Y3RIYTHo/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3973 1490302242.38 1490302243.01 635 192.168.1.116 - 57079 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BHlAyykHn7QUqy4sBkhYyREXXaeOiKZ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3974 1490302435.45 1490302436.07 623 192.168.1.116 - 57080 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8spKaUyI3zWsF6E3/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3975 1490302628.48 1490302629.09 604 192.168.1.116 - 57081 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kiXISeVrIZLMMBEc0zM/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3976 1490302821.44 1490302822.08 642 192.168.1.116 - 57082 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c9LHZYFI9sLBzSS4RB2TJPu7w5yLC/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3977 1490303014.21 1490303014.83 622 192.168.1.116 - 57083 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mS0rdYHLqORzvRT6rFekvYnO36Jm5fs/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3978 1490303207.07 1490303207.75 673 192.168.1.116 - 57084 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d9yN8dVzst2ckz2gnGRrHxGXnQFr/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3979 1490303399.89 1490303400.5 611 192.168.1.116 - 57085 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EsAWXQT1yPwA8YvXF/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3980 1490303592.61 1490303593.25 641 192.168.1.116 - 57086 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2sxLcPHcDB8IW1qMb2UUW/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3981 1490303785.72 1490303786.34 620 192.168.1.116 - 57087 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G90UOr6nPtLBhSgUjh8ii2VKzSUmn/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3982 1490303978.41 1490303979.05 638 192.168.1.116 - 57088 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3982 1490303979.31 1490303979.93 617 192.168.1.116 - 57088 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3sDPxoMzfNm8nzXpeUnHpCF/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3983 1490304172.04 1490304172.66 623 192.168.1.116 - 57089 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7XlsoITIExw8Up1IUcEv7jr5dmaSdssB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3984 1490304364.75 1490304365.37 619 192.168.1.116 - 57090 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zWuWWMBsf9AHppIm9p6xXiq4/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3985 1490304557.51 1490304558.13 619 192.168.1.116 - 57091 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iuDdHW3RgZq5LxdExpcdz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3986 1490304750.43 1490304751.14 708 192.168.1.116 - 57092 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WN6ePkojFtHy6NkV/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3987 1490304943.25 1490304944.88 1623 192.168.1.116 - 57093 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U1APAUAUluVKKMzveVFd/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3988 1490305136.95 1490305137.56 610 192.168.1.116 - 57094 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1iJ5qdyJmkqnGBxjUkF1/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3989 1490305329.66 1490305330.28 620 192.168.1.116 - 57095 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IqG4WYMZgPttDk9P31S4pv/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3990 1490305522.32 1490305522.93 609 192.168.1.116 - 57096 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XilWnXWCpNC0sqMQ7LYKkSLpsz2WUeal/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3991 1490305715.1 1490305716.99 1884 192.168.1.116 - 57097 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3991 1490305724.21 1490305732.77 8561 192.168.1.116 - 57097 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3991 1490305740.55 1490305741.15 607 192.168.1.116 - 57097 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mXJfLcOEG1pNxBlZiQHADNAu0/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3992 1490305933.27 1490305933.89 622 192.168.1.116 - 57098 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pM96euMUPeZcJpL1SXv/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3993 1490306125.94 1490306126.55 611 192.168.1.116 - 57099 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pafDuqJiBImI4DVIL9Mm9fS/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3994 1490306318.59 1490306319.2 611 192.168.1.116 - 57100 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6vx9qM3wx0BGwhJmsdvh1C5GyujBGH/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3995 1490306511.6 1490306512.27 675 192.168.1.116 - 57101 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 3995 1490306518.23 1490306519.28 1051 192.168.1.116 - 57101 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lps7ZVeNDl01XrUuY9X/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3996 1490306711.35 1490306711.96 612 192.168.1.116 - 57102 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dFDNL9pFtQSACIeuvJSLquD0g1e3DmQ9/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3997 1490306905.0 1490306905.61 605 192.168.1.116 - 57103 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ljcTqfVlmvvuZ9OIKA/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3998 1490307097.73 1490307098.34 607 192.168.1.116 - 57104 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1aoweWR90iInR6D7Sn/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 3999 1490307290.44 1490307291.06 617 192.168.1.116 - 57105 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qR7HyXtgc8KHWN50EzKto9t/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4000 1490307483.12 1490307483.72 605 192.168.1.116 - 57106 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h4mEFjjpcQYH4vOVeu5x0h5QDg/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4001 1490307675.79 1490307676.4 609 192.168.1.116 - 57107 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2RaftC2xSfwHJkeMpi2543/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4002 1490307868.49 1490307869.1 612 192.168.1.116 - 57108 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bsgVeToeN3gwH770RbozTY/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4003 1490308061.21 1490308061.83 617 192.168.1.116 - 57109 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YPLlgykwBVJu2HMuHugUYLsqVf0/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4004 1490308253.93 1490308254.54 612 192.168.1.116 - 57110 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RCxfTlrFEoCupXcihm/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4005 1490308452.63 1490308453.25 623 192.168.1.116 - 57111 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4006 1490308470.14 1490308470.76 623 192.168.1.116 - 57112 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4007 1490308487.62 1490308488.26 637 192.168.1.116 - 57113 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4008 1490308505.25 1490308505.89 637 192.168.1.116 - 57114 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zFr6bYmHpR9j0ex3amsUFsRAPjTb/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4009 1490308698.01 1490308698.63 624 192.168.1.116 - 57115 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oIXks6LVDnfM8TZaQIqD1ce0Yeslzm/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4010 1490308890.94 1490308891.56 619 192.168.1.116 - 57116 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qwIxTKkpp4nzbcTRAUvZQmVOX/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4011 1490309083.63 1490309084.26 629 192.168.1.116 - 57117 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/20gdE12z7NN6NMGdpgJKN70dByb3caJ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4012 1490309276.35 1490309276.96 611 192.168.1.116 - 57118 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EioNs7M6s1yjZPcj782jRYUu/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4013 1490309469.1 1490309469.77 669 192.168.1.116 - 57119 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4013 1490309470.03 1490309470.65 625 192.168.1.116 - 57119 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tn8W0SByp1UKW0pC5Ae2YPacvboy/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4014 1490309663.0 1490309663.62 627 192.168.1.116 - 57120 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pSi2sxEm1mHfvkowRo3JcRh5/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4015 1490309855.69 1490309856.3 604 192.168.1.116 - 57121 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HLIXoXxOZiKhro4Gpk/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4016 1490310048.51 1490310049.13 618 192.168.1.116 - 57122 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tEHXFrpdAW4Qjp9hhxP/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4017 1490310241.22 1490310241.83 605 192.168.1.116 - 57123 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uIWrpCrDgVREDExYP/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4018 1490310433.91 1490310434.51 608 192.168.1.116 - 57124 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AmPlnE0Tro6EktEcEwPHZD0/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4019 1490310626.92 1490310627.54 619 192.168.1.116 - 57125 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OqgUqkfuaiSSBl6h9dJZn6XmL/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4020 1490310819.73 1490310820.34 610 192.168.1.116 - 57126 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2LJ4ET0Kd8V14rYnQn8pAB/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4021 1490311012.43 1490311013.03 604 192.168.1.116 - 57127 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YtRx8CACMs66Pic3wrM/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4022 1490311205.17 1490311207.01 1844 192.168.1.116 - 57128 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4022 1490311214.37 1490311215.65 1281 192.168.1.116 - 57128 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4022 1490311223.45 1490311224.08 628 192.168.1.116 - 57128 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i6XE8G5Zjgm2YOziB0shQIMYu1WqgQs/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4023 1490311416.21 1490311416.85 640 192.168.1.116 - 57129 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9V17Py0LBMTWvFRIx/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4024 1490311608.98 1490311609.59 611 192.168.1.116 - 57130 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IV5FN6saWMV7Bf5xUwRnF/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4025 1490311801.7 1490311802.31 607 192.168.1.116 - 57131 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L3ij7EEBQQi4D1ABiYX1yp9t7B/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4026 1490311994.37 1490311994.98 611 192.168.1.116 - 57132 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fB7ERJWmQMFgEqY4hVExCP0IInU8/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4027 1490312187.06 1490312187.67 604 192.168.1.116 - 57133 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dkGU1p130loHuEgHiPh46S/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4028 1490312380.08 1490312380.69 608 192.168.1.116 - 57134 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5iJNQjydxHmCxQCKyYTui02I/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4029 1490312572.76 1490312573.4 640 192.168.1.116 - 57135 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oEGdFGlOgTHa28GhR/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4030 1490312765.51 1490312766.14 629 192.168.1.116 - 57136 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vWp12mMXz2RUimBZRBc5VjbmwgzFHwJD/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4031 1490312958.19 1490312958.79 605 192.168.1.116 - 57137 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lhw597XtLTIIsd6hOyu8lWg72u4c/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4032 1490313150.87 1490313151.48 606 192.168.1.116 - 57138 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o1N0Xi8HknqaQj0ED/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4033 1490313343.59 1490313344.21 613 192.168.1.116 - 57139 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QfV5dIlHyE4kpi9fML/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4034 1490313536.26 1490313536.9 639 192.168.1.116 - 57140 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/syTyoy37QSemeOq2/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4035 1490313728.95 1490313729.56 610 192.168.1.116 - 57141 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b8vxbBKx5lJrha72T9kH/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4036 1490313921.67 1490313922.31 638 192.168.1.116 - 57142 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Is1Rwv7l1ptGEsIuA1/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4037 1490314114.4 1490314115.01 604 192.168.1.116 - 57143 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iOWYklvDjFL7fGYZpXXeddd/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4038 1490314307.24 1490314307.86 622 192.168.1.116 - 57144 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/03D0nH0nhIHpFjotvJ/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4039 1490314500.07 1490314500.75 682 192.168.1.116 - 57145 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vwDWcfRETRyJBoDpZ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4040 1490314692.85 1490314693.46 613 192.168.1.116 - 57146 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q9UBmL2sBJyMSj1kD99eCP2zcfvrMuAY/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4041 1490314885.55 1490314886.17 612 192.168.1.116 - 57147 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4041 1490314886.42 1490314887.04 619 192.168.1.116 - 57147 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SY00PxDpA39ygAWo3Vs5Q8rpsENWKz/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4042 1490315080.94 1490315081.55 611 192.168.1.116 - 57148 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c4FQiA16G8uhWxbkaXl/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4043 1490315273.6 1490315274.21 604 192.168.1.116 - 57149 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1NokJlhJ6huAnQ4uAk9viKukqxtysm6u/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4044 1490315466.3 1490315466.91 606 192.168.1.116 - 57150 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WWS7EMQ2z6lCFRtE6X/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4045 1490315659.08 1490315659.77 685 192.168.1.116 - 57151 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NkjpxxprIde1F2G1Kc/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4046 1490315851.86 1490315852.47 609 192.168.1.116 - 57152 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QHyxl4U86J83IiZxLngqCh8t/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4047 1490316044.56 1490316045.19 625 192.168.1.116 - 57153 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I4GVKwANnpWjPHr9qHBXUg50qm4Jj1/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4048 1490316237.03 1490316237.55 520 192.168.1.116 - 57154 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4049 1490316239.12 1490316239.42 298 192.168.1.116 - 57155 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 4048 1490316239.62 1490316240.18 559 192.168.1.116 - 57154 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/Hs0eXsXR5PsfC28jfZ5wV349Kml6eC/ 334 520 0 377 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4048 1490316240.59 1490316241.12 530 192.168.1.116 - 57154 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/LYCLYWEYOCBVJI/1/ 223 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4050 1490316243.82 1490316244.4 572 192.168.1.116 - 57156 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4051 1490316246.0 1490316246.54 539 192.168.1.116 - 57157 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4052 1490316248.31 1490316248.88 569 192.168.1.116 - 57158 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4053 1490316251.49 1490316252.03 537 192.168.1.116 - 57159 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gyFU1ef1gFgx9xC1WGOB/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4054 1490316443.92 1490316444.44 521 192.168.1.116 - 57160 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jZJJAJ7LQKsciCcddC9Z7u1qnz2T0/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4055 1490316636.3 1490316637.92 1620 192.168.1.116 - 57161 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4055 1490316645.39 1490316646.48 1082 192.168.1.116 - 57161 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4055 1490316653.54 1490316654.09 550 192.168.1.116 - 57161 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lP61vzovBVGvhrp4ecbGvL8RraU2/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4056 1490316845.92 1490316846.44 523 192.168.1.116 - 57162 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PgIyhBjsEEf8fK5S2f/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4057 1490317038.35 1490317038.87 520 192.168.1.116 - 57163 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FxJL8kckNpP461K8/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4058 1490317230.68 1490317231.26 577 192.168.1.116 - 57164 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CfbsRP1SQEzkpQFXDL5PP97Rar3SG/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4059 1490317423.2 1490317423.72 521 192.168.1.116 - 57165 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4059 1490317429.68 1490317430.23 548 192.168.1.116 - 57165 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8xS5W8J6YrCQKuuYhfVwyp/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4060 1490317622.09 1490317622.6 511 192.168.1.116 - 57166 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eo8AYLWo5aGE62GaSS3Wdm3/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4061 1490317814.44 1490317814.96 512 192.168.1.116 - 57167 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DMeJUOqfbOCS5VWXGeirjd/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4062 1490318006.82 1490318007.35 521 192.168.1.116 - 57168 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ampUy2xFYMMeXrXD/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4063 1490318199.19 1490318199.77 582 192.168.1.116 - 57169 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/acekHlYmffN4jZAIM0uwYhB7lZfpkt9/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4064 1490318391.64 1490318392.17 533 192.168.1.116 - 57170 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w4K3GqWus2erFzNb5rlZyb0SoSx1HEPo/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4065 1490318584.04 1490318584.55 508 192.168.1.116 - 57171 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uw2Zorhbl9wNNap3pOc4CRcV1/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4066 1490318779.64 1490318780.18 539 192.168.1.116 - 57172 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gRgFAOsJ74YYPhQJg2TbpxSnbPGiZY/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4067 1490318972.0 1490318972.52 521 192.168.1.116 - 57173 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B18gSLtlAuaKYH8AKD4PepbKn/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4068 1490319165.38 1490319165.92 535 192.168.1.116 - 57174 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1R2jmmU0fVJ6Z0RE/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4069 1490319357.75 1490319358.27 512 192.168.1.116 - 57175 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cqS3j8nDd65W8TwGBdXZQmmg/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4070 1490319550.14 1490319550.68 541 192.168.1.116 - 57176 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d6SXI4sLvYFNtS5ujjIe8LwHJo5A/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4071 1490319742.53 1490319743.05 512 192.168.1.116 - 57177 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CFul1lSkACBKA6XcNgpt/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4072 1490319934.93 1490319935.45 522 192.168.1.116 - 57178 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gCPDhqnKWStoog0vorXv8BbHg/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4073 1490320127.24 1490320127.78 539 192.168.1.116 - 57179 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3zuJwA6D9c7LwsmGCPFBl/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4074 1490320319.73 1490320320.27 540 192.168.1.116 - 57180 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4074 1490320320.53 1490320321.08 544 192.168.1.116 - 57180 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wQloOQB3IfNtMRxWnsJq7YLiK/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4075 1490320512.95 1490320513.53 578 192.168.1.116 - 57181 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6THHttG10omSsz4yoo2IxZt1lMX/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4076 1490320705.51 1490320706.12 611 192.168.1.116 - 57182 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gPMAGegsDa55xHJQYDHgHIqm/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4077 1490320898.09 1490320898.71 619 192.168.1.116 - 57183 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CpzpSuX22yQCJWXlbbA45Qf/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4078 1490321090.61 1490321091.14 526 192.168.1.116 - 57184 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HxD3VPhGHcFOA8GZsNqS1gm5KjZ80517/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4079 1490321283.02 1490321283.54 518 192.168.1.116 - 57185 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RBMQroEkdshN92UL2BQi21vi/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4080 1490321476.41 1490321476.92 510 192.168.1.116 - 57186 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lJ3hlVIJSIPKnE4wFN/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4081 1490321668.8 1490321669.32 521 192.168.1.116 - 57187 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w7AtCsQcVE7r3uh7larB/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4082 1490321861.22 1490321861.76 540 192.168.1.116 - 57188 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5L6TIyNvNR3zhfZoZ6oU/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4083 1490322053.58 1490322055.13 1551 192.168.1.116 - 57189 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4083 1490322062.49 1490322063.66 1163 192.168.1.116 - 57189 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4083 1490322070.55 1490322071.13 572 192.168.1.116 - 57189 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KhlxPqn5lSka7FIYmpUANfzyzOL/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4084 1490322262.93 1490322263.47 538 192.168.1.116 - 57190 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RdXD7MWHOSxh3hwsBL3ScQm/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4085 1490322455.3 1490322455.84 539 192.168.1.116 - 57191 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x4YziX9JfEfmqIbvhdEwCnz22Y3nQQ/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4086 1490322647.67 1490322648.22 542 192.168.1.116 - 57192 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ctkg5tadVeQFKQfWsYqPTKvLgMvqx/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4087 1490322840.05 1490322840.6 545 192.168.1.116 - 57193 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9zeTwJaoAccMjm6HWM2L578/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4088 1490323038.43 1490323039.0 573 192.168.1.116 - 57194 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4089 1490323055.64 1490323056.24 600 192.168.1.116 - 57195 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4090 1490323073.9 1490323074.47 571 192.168.1.116 - 57196 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4091 1490323091.12 1490323091.67 546 192.168.1.116 - 57197 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lYUuB2JL1pKXn7FYCdUM3kRx2WDq68DT/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4092 1490323283.51 1490323284.03 520 192.168.1.116 - 57198 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DZg8B4gWL5XL3DpFAc1hvL7/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4093 1490323475.85 1490323476.41 565 192.168.1.116 - 57199 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jOfTqAsMpBRAXsy0Ny/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4094 1490323668.27 1490323668.81 545 192.168.1.116 - 57200 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fuE8UK6ojvkwDiDNqMLG7lS/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4095 1490323860.65 1490323861.16 511 192.168.1.116 - 57201 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o99wSZ5sFrLJxhkxDCx1acFIzywf/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4096 1490324053.05 1490324053.57 517 192.168.1.116 - 57202 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MvVAq7eD6WocNr9SSLkpvUSL94ojlq3/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4097 1490324245.45 1490324245.98 526 192.168.1.116 - 57203 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/13yuCA8tALBS9EnAh6fFZbAI/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4098 1490324437.92 1490324438.45 538 192.168.1.116 - 57204 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D317bIjcoDn1oGUy19/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4099 1490324630.24 1490324630.75 511 192.168.1.116 - 57205 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ACIa5ComNjW5Q8AObacdYagA0toIk/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4100 1490324822.57 1490324823.11 534 192.168.1.116 - 57206 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zOfe3WHjxJKTA96IXr5k96lEv/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4101 1490325014.99 1490325015.53 538 192.168.1.116 - 57207 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TtwQFkbfffwcTHSIBilooW8dlnP/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4102 1490325207.45 1490325208.02 571 192.168.1.116 - 57208 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gZgd5SErCY3Ew4AsLvNlTTJgog/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4103 1490325399.87 1490325400.41 542 192.168.1.116 - 57209 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xy8oGHqHFjWbrOjXa1pIac6sKVy/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4104 1490325592.24 1490325592.78 536 192.168.1.116 - 57210 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gNXAcRrfa1lF08APYc/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4105 1490325784.61 1490325785.16 550 192.168.1.116 - 57211 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4105 1490325785.44 1490325786.05 610 192.168.1.116 - 57211 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kdEZ5HAKo1ZIlSbuJUebz/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4106 1490325977.94 1490325978.44 509 192.168.1.116 - 57212 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ns9JKd8aaNypUyZHolZ/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4107 1490326170.32 1490326170.83 511 192.168.1.116 - 57213 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LwXbYV3x3z5Ix1o96vd5I3LlQ/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4108 1490326362.71 1490326363.23 518 192.168.1.116 - 57214 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V2u5L2Rf53ExfZsS4HOMzDsK8HQZRM0/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4109 1490326556.06 1490326556.58 525 192.168.1.116 - 57215 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O9sePQq4A9icjkmV15ZQgegokwjnI8B/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4110 1490326748.37 1490326748.88 512 192.168.1.116 - 57216 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TW1CQNAYi9wKi76PIpfmnMd/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4111 1490326940.75 1490326941.26 515 192.168.1.116 - 57217 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mGn6NHYkfWub4X1lSAeWaRB/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4112 1490327133.14 1490327133.68 543 192.168.1.116 - 57218 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u5C1iIRvkKVNdbH6ar1AS/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4113 1490327326.66 1490327327.22 556 192.168.1.116 - 57219 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gchiP6m6SeZm0EI3sOt46/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4114 1490327519.05 1490327520.64 1588 192.168.1.116 - 57220 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4114 1490327528.02 1490327530.7 2682 192.168.1.116 - 57220 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4114 1490327537.84 1490327538.45 604 192.168.1.116 - 57220 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V2xGI967z2Vl5w3QenV5ls/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4115 1490327730.71 1490327731.22 514 192.168.1.116 - 57221 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E9WuuvCM59I2D76v3TtZ9ozXQ9m/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4116 1490327924.12 1490327924.66 544 192.168.1.116 - 57222 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ETQS7rztQddzmPCb1/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4117 1490328116.54 1490328117.08 537 192.168.1.116 - 57223 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5mYsmel2bbqoxGnzSCOKYT3WHWvWjKFN/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4118 1490328308.91 1490328309.48 579 192.168.1.116 - 57224 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4118 1490328315.45 1490328316.0 547 192.168.1.116 - 57224 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xvEf3v0OpdYPHZHnH/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4119 1490328507.82 1490328508.34 521 192.168.1.116 - 57225 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kH67Mt7Uvp3kRF8J34t0kDg3CIX2hLNk/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4120 1490328700.24 1490328700.78 542 192.168.1.116 - 57226 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vdxTACtKT1eskidN21pwBwX/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4121 1490328892.62 1490328893.17 544 192.168.1.116 - 57227 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nYPxgboUEOjDhkiTk/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4122 1490329085.01 1490329085.53 518 192.168.1.116 - 57228 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5chvUdM9uctaFL7MdqZPalvwxFX/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4123 1490329277.41 1490329277.93 518 192.168.1.116 - 57229 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EoRJfP4OYo6Ag7MYxhiFZ/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4124 1490329469.74 1490329470.26 522 192.168.1.116 - 57230 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F97iS1y7lVFLBewkMC/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4125 1490329662.09 1490329662.62 522 192.168.1.116 - 57231 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XAfUdhkdHHfOpVeXxV829x1Ken9o0ctp/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4126 1490329854.46 1490329855.0 536 192.168.1.116 - 57232 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5yzCTWswomFB69AE7sq0CabvQ5bPL0e/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4127 1490330047.07 1490330047.59 521 192.168.1.116 - 57233 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m6mbJfMC5U8bMvTn/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4128 1490330240.97 1490330241.49 523 192.168.1.116 - 57234 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9sE7SNNvv2xewO1MkNYpRyXZrwZY7zXj/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4129 1490330433.34 1490330433.86 520 192.168.1.116 - 57235 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5drsYrxM904dTukKd1AWjc/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4130 1490330625.81 1490330626.33 520 192.168.1.116 - 57236 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9SpYNUN3Bnq3XkHwExDCSSS6zqry7F5h/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4131 1490330818.21 1490330818.75 543 192.168.1.116 - 57237 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sUinpOVDFPM39b3fL8AByGqV7gQ/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4132 1490331010.83 1490331011.47 645 192.168.1.116 - 57238 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 218 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4133 1490331013.14 1490331013.67 535 192.168.1.116 - 57239 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sFR33ZdvSBx2zigvQaVX/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4134 1490331207.16 1490331207.73 570 192.168.1.116 - 57240 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4134 1490331207.99 1490331208.57 572 192.168.1.116 - 57240 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iF7WY61k1Yot67Ba6dJwJ/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4135 1490331400.4 1490331400.9 505 192.168.1.116 - 57241 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s0sVw8RwEtzxpeUdayufSfAJ/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4136 1490331592.69 1490331593.2 503 192.168.1.116 - 57242 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XF0hV3acwaqBB7DJWUQq0239oPIsJ/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4137 1490331785.0 1490331785.52 513 192.168.1.116 - 57243 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IkqAnVIPZVDCBvDZ8/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4138 1490331977.46 1490331978.03 577 192.168.1.116 - 57244 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xc9QspevaUekYkcNLZ2o0TAqhkSy4Xf/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4139 1490332171.07 1490332171.58 513 192.168.1.116 - 57245 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gN8ZLNXCgHwvlff0IKlaWgCqgSgplc/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4140 1490332363.39 1490332363.91 514 192.168.1.116 - 57246 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KDSUc83CFraz8YTecOu9zQMlMxAULzIc/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4141 1490332555.77 1490332556.28 511 192.168.1.116 - 57247 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/09v5idNssHCnmLcgn/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4142 1490332748.09 1490332748.61 522 192.168.1.116 - 57248 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uSWlJdDK4X9Td4PxBpBoh/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4143 1490332942.08 1490332943.64 1562 192.168.1.116 - 57249 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4143 1490332951.61 1490332952.73 1123 192.168.1.116 - 57249 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4143 1490332960.53 1490332961.12 590 192.168.1.116 - 57249 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NpDc9ToBCxIfB47m/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4144 1490333152.96 1490333153.48 519 192.168.1.116 - 57250 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XTPnxduFMHuA4IdVO5M3UiHm8RJp/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4145 1490333345.29 1490333345.81 520 192.168.1.116 - 57251 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VO2nglQw1rLEJVdWb/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4146 1490333537.59 1490333538.11 520 192.168.1.116 - 57252 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/npFNZ7ZWyXP8BV7MVsSvgvIUZY5Js/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4147 1490333729.9 1490333730.42 514 192.168.1.116 - 57253 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/73c8ukeJEU5KpotU2/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4148 1490333922.26 1490333922.78 512 192.168.1.116 - 57254 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/di1maRUFUBY0OAPaNiq/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4149 1490334114.66 1490334115.18 517 192.168.1.116 - 57255 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wgP6SbzXO4I3LkpDxjW1j/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4150 1490334306.98 1490334307.5 516 192.168.1.116 - 57256 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MLVbRLTz5kM4F9vQKAsIHmYpq/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4151 1490334499.33 1490334499.85 520 192.168.1.116 - 57257 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ohkxNAkCJQZvrHgu71FEt/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4152 1490334691.75 1490334692.29 538 192.168.1.116 - 57258 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S5myonhlId2VL5Z5cz6HXETtOXAFJhC/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4153 1490334885.13 1490334885.67 536 192.168.1.116 - 57259 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YjoYa8DoUMh0vBSrWjzVTwG57XkEFK/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4154 1490335077.56 1490335078.07 512 192.168.1.116 - 57260 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f0gUlADbFLFejzSBBc2K7t9CVOzK/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4155 1490335269.89 1490335270.4 514 192.168.1.116 - 57261 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EhYtI4Vw1EoiVe2RNMS8EWGrFCnrL/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4156 1490335462.23 1490335462.74 511 192.168.1.116 - 57262 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BDpgRm54Qi1ENpBxE2ODQGoSBgoo/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4157 1490335654.12 1490335654.53 406 192.168.1.116 - 57263 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4157 1490335654.75 1490335655.22 474 192.168.1.116 - 57263 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/Cfo5VAkgIYwBFAbXgHMdLg/ 323 512 0 369 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4157 1490335655.75 1490335656.16 417 192.168.1.116 - 57263 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/FNXOXRYMEALDTQ/1/ 220 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4158 1490335658.43 1490335658.88 449 192.168.1.116 - 57264 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4159 1490335660.06 1490335660.55 499 192.168.1.116 - 57265 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4160 1490335661.63 1490335662.04 408 192.168.1.116 - 57266 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4161 1490335664.22 1490335664.63 411 192.168.1.116 - 57267 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YQM2xY0px0cCMFr4UZoaXQViBF0NJp/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4162 1490335855.87 1490335856.2 327 192.168.1.116 - 57268 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bxVxpLFicMbI6gV2LkstbDqBs/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4163 1490336047.69 1490336048.1 412 192.168.1.116 - 57269 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dJtmBZ3fhCjQ0zWNpL11GgUsPl/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4164 1490336239.71 1490336240.19 479 192.168.1.116 - 57270 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cVaRs4NboDL2krecZE/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4165 1490336431.76 1490336432.18 420 192.168.1.116 - 57271 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vrhQep9ek9TI6znUBe9NevL6QjB/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4166 1490336623.47 1490336623.85 374 192.168.1.116 - 57272 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4166 1490336624.1 1490336624.45 349 192.168.1.116 - 57272 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9YLOANQgPJcAfsIiM5dBVjjahFMWs/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4167 1490336815.97 1490336816.38 418 192.168.1.116 - 57273 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T7cDEb4yrjPTAPt3AWK/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4168 1490337007.81 1490337008.18 370 192.168.1.116 - 57274 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hfjy5s5WdKyFtykYmQso1fHMGYzmIXB/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4169 1490337199.54 1490337199.91 370 192.168.1.116 - 57275 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OueWEsawXS3KGX1ggR/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4170 1490337391.29 1490337391.66 370 192.168.1.116 - 57276 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4JIBDQpyj0ToO7s7TvQTj1guPV/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4171 1490337589.16 1490337589.57 411 192.168.1.116 - 57277 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4172 1490337606.87 1490337607.3 426 192.168.1.116 - 57278 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4173 1490337623.6 1490337624.02 419 192.168.1.116 - 57279 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4174 1490337640.04 1490337640.36 321 192.168.1.116 - 57280 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g1LAWeDjknSufHzSBjklOMs/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4175 1490337831.74 1490337832.15 407 192.168.1.116 - 57281 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RmPSXFEaneOF1W0qe8bRRT4s2Nih5/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4176 1490338023.51 1490338023.88 369 192.168.1.116 - 57282 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FKxvXh43HX74X27t1D/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4177 1490338215.24 1490338215.65 405 192.168.1.116 - 57283 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q9QGQR1U86LfK5MrPoL/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4178 1490338406.92 1490338407.97 1043 192.168.1.116 - 57284 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4178 1490338415.69 1490338416.4 707 192.168.1.116 - 57284 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4178 1490338423.73 1490338424.1 373 192.168.1.116 - 57284 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eoeUGVpEVXy26kCGMQF5nxt/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4179 1490338615.52 1490338615.93 410 192.168.1.116 - 57285 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0GoLuq2MaLdxDpi3aPONjKa0Y/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4180 1490338807.2 1490338807.57 370 192.168.1.116 - 57286 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nfDW2gATnPDJzoVRbnm9Vs/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4181 1490338998.97 1490339000.38 1408 192.168.1.116 - 57287 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C27YiqigcYtBreeIFm2Xj9FX/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4182 1490339191.61 1490339191.95 335 192.168.1.116 - 57288 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4182 1490339197.91 1490339198.24 330 192.168.1.116 - 57288 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ztv2LUeQ9gCXJB0AcVpqFjdj4SABEY0u/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4183 1490339389.54 1490339389.89 350 192.168.1.116 - 57289 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ld1vgHqsJ4EkpIJ0dayJHYh74s5kd/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4184 1490339581.24 1490339581.61 372 192.168.1.116 - 57290 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HlenZMORodHp3vkkbQ4DU4nSZX29/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4185 1490339773.1 1490339773.52 426 192.168.1.116 - 57291 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iwdSuDq3ZKAZNmWUaGzaju6WCJLQ/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4186 1490339964.73 1490339965.07 337 192.168.1.116 - 57292 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YhOOM3gjI2OUKyamOWxVKK/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4187 1490340156.29 1490340156.61 320 192.168.1.116 - 57293 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wdLFL1Jeua4iwRbQM7uV0Qzcj/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4188 1490340348.02 1490340348.43 404 192.168.1.116 - 57294 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZzJYZtK9RneFVq9cde/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4189 1490340539.58 1490340539.89 309 192.168.1.116 - 57295 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KrTfjtnwEvAKDhYBA8DKDhP8RhulP/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4190 1490340731.07 1490340731.37 304 192.168.1.116 - 57296 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ClLZLjcEj43WXM2mAA2UmaTnH/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4191 1490340922.74 1490340923.11 369 192.168.1.116 - 57297 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hh2QfYriwSJm7vm8nCFoDzsICFVy0g6/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4192 1490341114.6 1490341115.04 433 192.168.1.116 - 57298 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mt7RyIiNBvSk0NvKVObPkOiZoV/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4193 1490341306.45 1490341306.82 368 192.168.1.116 - 57299 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3F79Y2GMPnXnFoOZ/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4194 1490341498.13 1490341498.51 380 192.168.1.116 - 57300 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OneHw3Bz5pFwe1Ua0ldQX/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4195 1490341689.86 1490341690.23 368 192.168.1.116 - 57301 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jX2m9BDNlOJFS5sqKE0x/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4196 1490341881.56 1490341881.97 410 192.168.1.116 - 57302 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IC5PX3YNWPqQHxPs7tSr0h3um/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4197 1490342073.33 1490342073.77 435 192.168.1.116 - 57303 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4197 1490342074.02 1490342074.39 378 192.168.1.116 - 57303 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wztRW2VujqmJS1bF2g4eqZWi/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4198 1490342265.77 1490342266.08 313 192.168.1.116 - 57304 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O8nhZ7zuoqSS7lxNayxlxdpH/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4199 1490342457.36 1490342457.7 340 192.168.1.116 - 57305 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uZ0mv3oRElvDIALu4nhHbHkX/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4200 1490342649.03 1490342649.39 366 192.168.1.116 - 57306 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U6zzSlVKuMrpVuKpStqpOsOu/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4201 1490342840.86 1490342841.28 411 192.168.1.116 - 57307 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fB88AOmUf6epaxt4xQAHWGXa5dm/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4202 1490343032.5 1490343032.82 325 192.168.1.116 - 57308 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2MCCxHBgHIgnE9oWAYAXKj8xUvzW43/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4203 1490343224.21 1490343224.62 408 192.168.1.116 - 57309 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MBvfnDGGT5SWneCpykD8UiM7ZQxgj0l/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4204 1490343416.03 1490343416.44 409 192.168.1.116 - 57310 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WRk4kcc7xL3m6KZp3QnjBMCfx/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4205 1490343607.68 1490343608.02 340 192.168.1.116 - 57311 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dcN3ob2qQ492YBwkoUNJu5z4jrY/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4206 1490343799.43 1490343799.84 408 192.168.1.116 - 57312 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o6RQ9mDYNfOAgHkHZZeEyXU845vRRNho/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4207 1490343992.35 1490343993.49 1140 192.168.1.116 - 57313 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4207 1490344001.05 1490344001.9 841 192.168.1.116 - 57313 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4207 1490344009.67 1490344010.08 411 192.168.1.116 - 57313 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hPivxFiq9TOkhkrmHCVNBEMZZ9ll/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4208 1490344201.4 1490344201.7 305 192.168.1.116 - 57314 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LtpGFJffYvMwlERdH52Hzlid7ZYinv/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4209 1490344393.13 1490344393.54 410 192.168.1.116 - 57315 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HbcWJKIJVhbL5urmn/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4210 1490344584.7 1490344585.01 303 192.168.1.116 - 57316 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1MV7MWi8LQNVHfU9192E/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4211 1490344776.31 1490344776.68 369 192.168.1.116 - 57317 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/myISZnMvbSkH2KB6YfdGYi7tmIcIIQf/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4212 1490344968.12 1490344968.46 336 192.168.1.116 - 57318 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G5NxvYMQwST7OJ2dRIQ3M2hjPZbGZ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4213 1490345159.84 1490345160.25 411 192.168.1.116 - 57319 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VbmN0dt5JGEAJwMr8VAMjdqUVbAAePB/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4214 1490345351.68 1490345352.09 413 192.168.1.116 - 57320 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uUiQ9hVsJDFyJmP5mCwCmzaw0HRSlK/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4215 1490345543.54 1490345544.95 1416 192.168.1.116 - 57321 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Eh9EjESMEBUZDtLeOp3Qci/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4216 1490345736.19 1490345736.52 336 192.168.1.116 - 57322 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DYMsTqwoAGP5ruduffxd5o3PDwTGVx/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4217 1490345927.99 1490345928.4 407 192.168.1.116 - 57323 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kUjRusi1DJHlEvZiAiUK7/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4218 1490346119.66 1490346119.98 321 192.168.1.116 - 57324 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f90KAzUw3dQjgJnWVQ5RMhOcJDULmF/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4219 1490346311.27 1490346311.64 369 192.168.1.116 - 57325 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1D1AoHxEKnDqKrlJdeRbdoMHPl/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4220 1490346503.05 1490346503.45 404 192.168.1.116 - 57326 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mUrKROOThZicO55piERm/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4221 1490346694.69 1490346695.06 368 192.168.1.116 - 57327 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m4q42l4VA5WY8KOdO/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4222 1490346886.27 1490346886.59 319 192.168.1.116 - 57328 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ES3itGxIPuVx0wMmNyv2Q2VOA0v1Uv/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4223 1490347078.01 1490347078.44 430 192.168.1.116 - 57329 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WXzHkQ3zrqQH6s53kBs8mbIvOQSx/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4224 1490347269.75 1490347270.13 375 192.168.1.116 - 57330 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qFmQzPv7aI7hROFRvTRRP25M5VkG/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4225 1490347461.5 1490347462.88 1380 192.168.1.116 - 57331 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M1yPskOE69pPz1lU6hiVMsPeKjx/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4226 1490347654.18 1490347654.61 433 192.168.1.116 - 57332 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4226 1490347654.87 1490347655.26 385 192.168.1.116 - 57332 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CUJPyztbYPPnx8i6Xeo2mwp5/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4227 1490347846.59 1490347846.96 373 192.168.1.116 - 57333 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XnazlB048yZ7In3u7kdE1RG0f1Gi/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4228 1490348038.78 1490348039.28 501 192.168.1.116 - 57334 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S7vU8tZGwMcNlDhP8DXq4QrdQH9l/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4229 1490348234.15 1490348234.83 683 192.168.1.116 - 57335 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DeICQhd94wjYG6OAXe/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4230 1490348427.95 1490348428.56 619 192.168.1.116 - 57336 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fk4HqQh4Ug4nEHuG5yVbgtdHsJRhMfGY/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4231 1490348619.97 1490348620.4 432 192.168.1.116 - 57337 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wDxjHRxTdvO4Ijx8PelEuVzCh/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4232 1490348811.6 1490348811.91 308 192.168.1.116 - 57338 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1i68hIHlcaXYOfPRvey7yI0RGU7B1m/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4233 1490349003.99 1490349004.37 372 192.168.1.116 - 57339 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2umjho9o6Hx8t0JS/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4234 1490349195.75 1490349196.18 433 192.168.1.116 - 57340 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/38surTclTOPgUMeRcNMjC4G8D8t/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4235 1490349387.55 1490349387.99 432 192.168.1.116 - 57341 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wYqtCPUnhWrdb2Wq22qU/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4236 1490349579.23 1490349580.18 952 192.168.1.116 - 57342 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4236 1490349587.49 1490349588.17 686 192.168.1.116 - 57342 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4236 1490349596.97 1490349597.32 347 192.168.1.116 - 57342 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lS6auy6yyubUTLmjhxVJZ9J08Ec/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4237 1490349788.78 1490349789.79 1008 192.168.1.116 - 57343 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V0RDgS7m3AA4x9rMl/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4238 1490349981.17 1490349981.55 373 192.168.1.116 - 57344 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ll6JCVZKRJ4mgZ8UioqZ/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4239 1490350173.52 1490350174.14 617 192.168.1.116 - 57345 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4239 1490350180.11 1490350180.79 680 192.168.1.116 - 57345 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G8CkpLEaaxpCEIZd5vWCwVG8O2HlC/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4240 1490350372.96 1490350373.58 616 192.168.1.116 - 57346 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TJjteoUyFXvfCtY1JWWVLRb/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4241 1490350565.29 1490350565.76 470 192.168.1.116 - 57347 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hi1j1yVLAL9f937dzN/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4242 1490350757.31 1490350758.63 1320 192.168.1.116 - 57348 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YNgggQXU9iEcxfbnVO86/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4243 1490350949.98 1490350950.36 385 192.168.1.116 - 57349 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WwPJeFZPrxXQbromPC57JcgyRU7pg/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4244 1490351192.09 1490351226.35 34256 192.168.1.116 - 57351 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sFScpS98RZX2oRSxx4pw/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4245 1490351255.42 1490351276.11 20699 192.168.1.116 - 57352 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0K11avckm3wrNWapBsV/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4246 1490351467.49 1490351467.85 368 192.168.1.116 - 57353 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F0PSJlLgUaBBCE4heWqFsD4LZ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4247 1490351659.29 1490351659.7 407 192.168.1.116 - 57354 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OcdVJ6piGcGF9lPDEcbUnafRIH/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4248 1490351850.9 1490351851.22 320 192.168.1.116 - 57355 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LrLlVMIeCIefBdJuq8bh9QIZ0/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4249 1490352048.69 1490352049.1 413 192.168.1.116 - 57356 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4250 1490352065.17 1490352065.54 369 192.168.1.116 - 57357 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4251 1490352081.64 1490352082.03 382 192.168.1.116 - 57358 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4252 1490352098.17 1490352098.54 368 192.168.1.116 - 57359 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0kICx6daI9XGbnyyYrp/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4253 1490352289.84 1490352290.21 373 192.168.1.116 - 57360 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AKAAJQIBcMOQWuGPGAvg7VY2av6j6s/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4254 1490352481.44 1490352481.76 319 192.168.1.116 - 57361 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7kRmUYPttZ4HqME6oad5UrbOmgPsRCRK/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4255 1490352673.04 1490352673.41 368 192.168.1.116 - 57362 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IhnxevCZ3yeix8eArwOsSnYEvyGGw16/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4256 1490352864.71 1490352865.04 337 192.168.1.116 - 57363 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TE4hOcsjc9qkWb9tVqFA/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4257 1490353056.3 1490353056.67 369 192.168.1.116 - 57364 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4257 1490353056.92 1490353057.26 348 192.168.1.116 - 57364 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aoyZoIWR9NISzq3B4Hyrh/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4258 1490353248.64 1490353249.04 404 192.168.1.116 - 57365 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mpEzLKZy87aGbBbw2I9GY6D0pxXV/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4259 1490353440.41 1490353440.78 368 192.168.1.116 - 57366 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ofMIK03bOpaFDc7aZHABQxrI0WD/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4260 1490353632.1 1490353632.47 368 192.168.1.116 - 57367 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lyc8OQ8MaBKtKQrvwBv/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4261 1490353823.64 1490353823.96 319 192.168.1.116 - 57368 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SZmnN3tR1UzPbucy/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4262 1490354015.35 1490354015.72 369 192.168.1.116 - 57369 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NuXYVlz2mfkgqjWj/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4263 1490354207.18 1490354207.59 416 192.168.1.116 - 57370 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CbXO3Xds2OjOXUHjlm3BHGz50i6cynq/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4264 1490354398.87 1490354399.24 368 192.168.1.116 - 57371 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dn8SzJImiH4zIyTQwtBWkikHAB/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4265 1490354590.66 1490354591.08 423 192.168.1.116 - 57372 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c54HEuO9JH693fqoGIN1Bv8QE/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4266 1490354782.48 1490354782.91 437 192.168.1.116 - 57373 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xx7aPSuPp8p8nVQzMMnhrzoNlKUtbY/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4267 1490354974.11 1490354974.43 321 192.168.1.116 - 57374 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FVoZv2t5Ilb02IssblfrmN/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4268 1490355164.84 1490355164.94 105 192.168.1.116 - 57375 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4269 1490355166.45 1490355166.72 272 192.168.1.116 - 57376 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 4268 1490355166.93 1490355167.04 108 192.168.1.116 - 57375 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/fy45Vv8gdHtjb0bo6IMLNWN5zKayqH/ 332 520 0 377 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4268 1490355167.46 1490355167.59 135 192.168.1.116 - 57375 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4268 1490355170.39 1490355170.52 126 192.168.1.116 - 57375 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4268 1490355172.24 1490355172.33 88 192.168.1.116 - 57375 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/RUJTXRJPIWXWALE/1/ 222 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4270 1490355173.51 1490355173.63 119 192.168.1.116 - 57377 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4271 1490355173.84 1490355173.96 121 192.168.1.116 - 57378 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4272 1490355175.14 1490355175.25 112 192.168.1.116 - 57379 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4273 1490355176.4 1490355176.47 74 192.168.1.116 - 57380 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yZ11HUImeODptXmJiczvL2GM0/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4274 1490355366.84 1490355366.92 72 192.168.1.116 - 57381 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KX4UAjCbQuQlbUz3Y7w644XPz/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4275 1490355557.32 1490355557.4 78 192.168.1.116 - 57382 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mx6QlVTHt7U0TypcQloPGm0YOB6/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4276 1490355747.82 1490355747.9 74 192.168.1.116 - 57383 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lmMp4M0qconsgQdZwQd6hOLHMfUagZf/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4277 1490355938.33 1490355938.41 78 192.168.1.116 - 57384 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bkdOaaFZF8aZntOHpHYv4pBp/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4278 1490356128.82 1490356128.91 89 192.168.1.116 - 57385 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JBGeOXJtQclQF13TfNI1G3naw/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4279 1490356319.33 1490356319.41 76 192.168.1.116 - 57386 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vhfnCU00vX4Wb6Wtr/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4280 1490356509.82 1490356509.89 78 192.168.1.116 - 57387 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o5BifUi3AvrkN8bgGC1S0g2RO/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4281 1490356700.27 1490356700.37 104 192.168.1.116 - 57388 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4MmHlT5Co6zZAR1p6V8UBTovM1E/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4282 1490356890.81 1490356890.88 74 192.168.1.116 - 57389 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pOSepu2tqceciL3PE9b6cgLnaU/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4283 1490357081.29 1490357081.36 76 192.168.1.116 - 57390 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0jFcGgmeSxAE5ZUyBAprB/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4284 1490357271.79 1490357271.87 81 192.168.1.116 - 57391 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WTdSGh0OPkSeKitkuHGyhJzg2J9r2V/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4285 1490357462.26 1490357462.34 79 192.168.1.116 - 57392 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ol5mdr2wWSBszadNoQsPtduW7Y/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4286 1490357652.75 1490357652.89 138 192.168.1.116 - 57393 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mvg6F729ubiAaP8eJgW4EtvtqbM9MV/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4287 1490357843.27 1490357843.34 74 192.168.1.116 - 57394 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jf12vcCMGRlEXHpr0u2kplD/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4288 1490358033.75 1490358033.83 73 192.168.1.116 - 57395 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2wWmmOBQ9ugWmXE7opUShYjx/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4289 1490358224.25 1490358224.33 77 192.168.1.116 - 57396 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EMTEXi7OeTXaLfPtSQE3yS/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4290 1490358414.73 1490358414.81 74 192.168.1.116 - 57397 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WRa1FGE8QwrfDuWPLulszAEAQBDsD/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4291 1490358605.23 1490358605.35 126 192.168.1.116 - 57398 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4291 1490358605.62 1490358605.71 86 192.168.1.116 - 57398 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oKxeWYJxDD463EYid2U12/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4292 1490358796.1 1490358796.18 79 192.168.1.116 - 57399 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vlRRa0YENcYUFBxxV7N/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4293 1490358986.55 1490358986.63 77 192.168.1.116 - 57400 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AHdgJJw8E0JddpsBxiyxAQiQ0YFjM/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4294 1490359177.02 1490359177.1 80 192.168.1.116 - 57401 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VpedYSbbeK1I0ULQHphUevMh6uyYdj/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4295 1490359367.51 1490359367.58 71 192.168.1.116 - 57402 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3VRBLTEd7uQ25KJZcaeb4UCt98oE/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4296 1490359557.95 1490359558.02 70 192.168.1.116 - 57403 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lBdSrgCFuw8HwJiCrynQ/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4297 1490359748.42 1490359748.49 73 192.168.1.116 - 57404 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1DvFAGUN3aceb67leMQK/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4298 1490359939.26 1490359939.43 169 192.168.1.116 - 57405 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4299 1490359940.6 1490359940.67 76 192.168.1.116 - 57406 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ebnFqPWVc8d4EVl12XIKzeA3jgHsG/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4300 1490360131.09 1490360131.17 77 192.168.1.116 - 57407 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pOkcIKa62VqGKqstjG3s/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4301 1490360321.6 1490360321.67 71 192.168.1.116 - 57408 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ufuNpgTiCLPy0xkv9/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4302 1490360512.09 1490360512.17 77 192.168.1.116 - 57409 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nVNjBgmcnl8kiORQVnqNqopOi/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4303 1490360702.53 1490360702.66 133 192.168.1.116 - 57410 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4303 1490360710.39 1490360710.5 116 192.168.1.116 - 57410 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4303 1490360719.0 1490360719.09 88 192.168.1.116 - 57410 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6SXEDzZfyBsHegmoFlkNV5Ljz1Ca9KjE/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4304 1490360909.5 1490360909.57 72 192.168.1.116 - 57411 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hs8e6JidxqDytokYI/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4305 1490361100.18 1490361100.28 107 192.168.1.116 - 57412 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4305 1490361106.25 1490361106.32 75 192.168.1.116 - 57412 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t0qWJ3QiGmqrCb89vrIPrLAY/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4306 1490361296.76 1490361296.84 80 192.168.1.116 - 57413 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e4ytz7Fu0tYCohAeDS3bsmlCH/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4307 1490361487.24 1490361487.31 73 192.168.1.116 - 57414 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3QuWMUqjchzuhOAUcr13O7GRleipcvqc/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4308 1490361677.73 1490361677.81 78 192.168.1.116 - 57415 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MUp98BBrMh7gXClz4do/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4309 1490361868.21 1490361868.29 73 192.168.1.116 - 57416 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MM0USsV9zxXmHtKE06f2d19WShwaGni4/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4310 1490362058.71 1490362058.78 73 192.168.1.116 - 57417 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RzoPNwYoSA54aFjpX/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4311 1490362249.22 1490362249.29 72 192.168.1.116 - 57418 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VVaLMOFvpGKrkeOsr8uhP/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4312 1490362439.71 1490362439.79 74 192.168.1.116 - 57419 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9j0rIbcMJ5imfRfzt/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4313 1490362630.2 1490362630.27 74 192.168.1.116 - 57420 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m4kGki1JR2tc62K4a/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4314 1490362820.69 1490362820.76 76 192.168.1.116 - 57421 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sLAMFlgTmWHT65XSLnT5fYopuYrMgC1O/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4315 1490363011.14 1490363011.21 74 192.168.1.116 - 57422 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pT86VWOeaIbLFH1ZFi/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4316 1490363201.64 1490363201.71 72 192.168.1.116 - 57423 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VVtNIgEorDzGnm1UaHQ7d1CbS/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4317 1490363392.14 1490363392.23 90 192.168.1.116 - 57424 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IZ0J4ylEeRYa5OTuKMvI1jr/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4318 1490363582.67 1490363582.75 80 192.168.1.116 - 57425 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eTQbkipxOha1z6aP9TOk/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4319 1490363773.16 1490363773.23 78 192.168.1.116 - 57426 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bdiug3PchaZY5mW5FkrW/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4320 1490363963.65 1490363963.73 80 192.168.1.116 - 57427 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/prDpYsWCFWpTKeBxYViGIk2HFo9TRjC/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4321 1490364154.11 1490364154.26 145 192.168.1.116 - 57428 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4321 1490364154.54 1490364154.65 104 192.168.1.116 - 57428 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P27mU7DlXfLhzEN7hQjH3mNI/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4322 1490364345.07 1490364345.15 77 192.168.1.116 - 57429 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bFskz6yXeQJgfTlR/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4323 1490364535.55 1490364535.63 74 192.168.1.116 - 57430 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z2GEz4v66EZSppiZTYTaYWgB4y0n/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4324 1490364726.03 1490364726.1 72 192.168.1.116 - 57431 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/weklUzvMLlLT9kx8OqFD2E1ONYDT/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4325 1490364916.47 1490364916.55 76 192.168.1.116 - 57432 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LsYoDZHjJ4GKjagdyeMIPBVsMHfP21P/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4326 1490365106.99 1490365107.07 82 192.168.1.116 - 57433 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ACcSTfIEpvau9PzYhInxq8FVl/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4327 1490365297.46 1490365297.54 81 192.168.1.116 - 57434 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/deP4aPOYDZWuQNgfsd/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4328 1490365487.95 1490365488.02 77 192.168.1.116 - 57435 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h0eOdIJQ1j9rAd66Y4PWfpODL9GZT/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4329 1490365678.43 1490365678.5 75 192.168.1.116 - 57436 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z5xnTXOtP60dN1agPOsprWhXHB/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4330 1490365868.88 1490365868.95 75 192.168.1.116 - 57437 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MQ8QCNavEsbCFN9wX7kPOlmZFktGb/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4331 1490366059.37 1490366059.45 85 192.168.1.116 - 57438 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nQJdY41J2Yf47fgv7sQ3Q/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4332 1490366249.86 1490366249.99 125 192.168.1.116 - 57439 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4332 1490366257.68 1490366257.85 162 192.168.1.116 - 57439 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4332 1490366265.14 1490366265.22 88 192.168.1.116 - 57439 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RveY75MgZq7vRJf1zF/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4333 1490366455.61 1490366455.68 71 192.168.1.116 - 57440 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iaDSZlgU4QAe3ivMV2h1vMHsY/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4334 1490366652.1 1490366652.21 108 192.168.1.116 - 57441 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4335 1490366667.41 1490366667.48 69 192.168.1.116 - 57442 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4336 1490366682.68 1490366682.81 134 192.168.1.116 - 57443 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4337 1490366698.02 1490366698.09 72 192.168.1.116 - 57444 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yAUXgxtjuOvlye4ICUd8xOaK/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4338 1490366888.5 1490366888.57 78 192.168.1.116 - 57445 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pJRFbo8UD6BF6JRbqTb/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4339 1490367078.98 1490367079.06 73 192.168.1.116 - 57446 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ebIjUZg7Qo1DFPErkSgikD6r3K/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4340 1490367269.43 1490367269.51 72 192.168.1.116 - 57447 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x0mmlvujRKVLqZruikG/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4341 1490367459.92 1490367459.99 69 192.168.1.116 - 57448 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IyVZt18vBWWDsnLxRqXXxcgRGUL9QJ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4342 1490367650.41 1490367650.49 78 192.168.1.116 - 57449 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pprKn513fNdbf1m0fvCdnFhk85/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4343 1490367840.9 1490367840.98 76 192.168.1.116 - 57450 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aYdct9NxPT8Pc96yR2NkYFKH4f/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4344 1490368031.37 1490368031.45 77 192.168.1.116 - 57451 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/alOy1zQuahLIHQmaZnz2510/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4345 1490368221.86 1490368221.94 74 192.168.1.116 - 57452 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BeoJHJqiW9WeE7i5loXSkd/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4346 1490368412.31 1490368412.45 136 192.168.1.116 - 57453 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oay9wyyjGHpPVtweauGfJsgRJUU5oH/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4347 1490368602.83 1490368602.9 75 192.168.1.116 - 57454 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RujPTWZaYVx0L5kFR7O/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4348 1490368793.34 1490368793.41 72 192.168.1.116 - 57455 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HBt3fwELGGhX2lUo3zomJt/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4349 1490368983.9 1490368983.97 72 192.168.1.116 - 57456 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XjEP5AYKPAXdg2bhv6Fo0lX4Ct806U/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4350 1490369174.35 1490369174.42 76 192.168.1.116 - 57457 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/57a9v0tSjYSdxDqFI80DOFi7pXhi/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4351 1490369365.03 1490369365.1 75 192.168.1.116 - 57458 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k4PMsC1kfB7sdYkeurzdHCAAE0Cu/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4352 1490369555.48 1490369555.58 105 192.168.1.116 - 57459 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4352 1490369555.84 1490369555.92 76 192.168.1.116 - 57459 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HePhaH9rrY2hsE3f4cO9J9kDX6Du/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4353 1490369746.32 1490369746.4 77 192.168.1.116 - 57460 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zvvphhLLXU3aIsd8W1QJRuRb/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4354 1490369937.05 1490369937.13 78 192.168.1.116 - 57461 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LiYqaEDc3kvLlcQwFPt52N/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4355 1490370127.56 1490370127.63 75 192.168.1.116 - 57462 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JHBL7EK9tKW6jjXAJb4Y6ZFitrJn/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4356 1490370318.07 1490370318.15 81 192.168.1.116 - 57463 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wDFghhv0sQgELxEkLIvnxSiifiJea7/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4357 1490370508.56 1490370508.64 74 192.168.1.116 - 57464 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T5JMX6JG8uZf3Gvx0koKhHyMUeoaQ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4358 1490370699.02 1490370699.1 74 192.168.1.116 - 57465 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C5K2agFZKU8zymWMJjFmaQ76BJND5yH/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4359 1490370889.52 1490370889.59 75 192.168.1.116 - 57466 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TrAxgJ2YbkKMXscB1xtrRvQGCx3AKl/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4360 1490371080.01 1490371080.08 73 192.168.1.116 - 57467 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qJaxaWd3HyYbpQYl9y0wZumyvcZjLaq/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4361 1490371270.45 1490371270.56 107 192.168.1.116 - 57468 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4BdIiJAmLKzbmcYlybg6TMcRb4rJgi/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4362 1490371460.97 1490371461.04 74 192.168.1.116 - 57469 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Sb1FQlWcdgWS1DJMIjL/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4363 1490371651.45 1490371651.52 72 192.168.1.116 - 57470 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AErHx7E6rAJdf9mCF9Mxs0zPD70BQn/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4364 1490371841.93 1490371842.11 181 192.168.1.116 - 57471 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4364 1490371849.82 1490371849.95 134 192.168.1.116 - 57471 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4364 1490371857.79 1490371857.87 82 192.168.1.116 - 57471 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5a4p27SbB6DXLtuBNspCVPqKNzKz/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4365 1490372048.27 1490372048.34 73 192.168.1.116 - 57472 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4365 1490372054.3 1490372054.39 91 192.168.1.116 - 57472 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f7UCOGeZwTEhZTtI7XhvMQR5GYELb/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4366 1490372244.84 1490372244.92 78 192.168.1.116 - 57473 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mYKJ8zoZq2NDH8TmxeWfs1ko/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4367 1490372435.32 1490372435.4 78 192.168.1.116 - 57474 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dqEu2MLOyM7FZzNrTc3ey/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4368 1490372625.82 1490372625.9 73 192.168.1.116 - 57475 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b3POGsPAvYFE41NQ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4369 1490372816.31 1490372816.38 74 192.168.1.116 - 57476 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y5H29oOlbEB2hjpPHrHdLPlqyOC/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4370 1490373006.79 1490373006.87 77 192.168.1.116 - 57477 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VcHBKVGFFSupzpe3UpBFB2su5/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4371 1490373197.3 1490373197.38 72 192.168.1.116 - 57478 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aeba9LWLfzEYVlhBEeovBCoYyej2Qxa/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4372 1490373387.74 1490373387.82 78 192.168.1.116 - 57479 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yyG63Vy6hkQAnquzILrIXrc9i/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4373 1490373578.2 1490373578.27 73 192.168.1.116 - 57480 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v9lQa32PinuovGKn/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4374 1490373768.64 1490373768.71 74 192.168.1.116 - 57481 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x0VPryXKNXh7gHwfGHB/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4375 1490373959.13 1490373959.2 72 192.168.1.116 - 57482 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xLdd9rVd6oTI841TZwPxH5/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4376 1490374149.62 1490374149.69 73 192.168.1.116 - 57483 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dcoxHuzvROflCq6f6qF/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4377 1490374341.75 1490374342.36 613 192.168.1.116 - 57484 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4377 1490374342.59 1490374343.23 636 192.168.1.116 - 57484 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/6t61V3YqDy6spvFbuKDQAiKsG/ 328 515 0 372 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4377 1490374343.72 1490374344.33 609 192.168.1.116 - 57484 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/NQYXZJXEJXI/1/ 219 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4378 1490374347.2 1490374347.88 680 192.168.1.116 - 57485 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4379 1490374349.71 1490374350.42 707 192.168.1.116 - 57486 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4380 1490374352.19 1490374352.9 708 192.168.1.116 - 57487 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4381 1490374354.68 1490374355.28 606 192.168.1.116 - 57488 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Id63NXL7Qs68ukUNJ2q8FsVkUAK0M5/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4382 1490374547.31 1490374547.93 618 192.168.1.116 - 57489 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WrhxvdL6Y5a8TOObV/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4383 1490374741.56 1490374742.13 570 192.168.1.116 - 57490 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YYNtd9ELl5PVqVbxkCip5QR8dMORza17/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4384 1490374934.21 1490374936.49 2280 192.168.1.116 - 57491 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AqGQQacDo5IrK39bsgB7S/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4385 1490375128.55 1490375129.19 638 192.168.1.116 - 57492 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4385 1490375129.44 1490375130.05 610 192.168.1.116 - 57492 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U7wQs728snV4VE439ffP2Xwr/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4386 1490375322.04 1490375322.65 611 192.168.1.116 - 57493 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KaIdfJAHsF6wnuGvo/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4387 1490375514.57 1490375515.14 571 192.168.1.116 - 57494 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/33qEoYf0oPHg7ftjuJVyTKHkQ/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4388 1490375707.19 1490375707.8 611 192.168.1.116 - 57495 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lk3gPX9hBCFyeGFymLJAIQdG49OafU/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4389 1490375899.78 1490375900.4 614 192.168.1.116 - 57496 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wNZ56rcARqjGzzUfO/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4390 1490376092.45 1490376093.06 610 192.168.1.116 - 57497 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0FB6Bh2QTfnP1lnlcITT/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4391 1490376285.03 1490376285.64 609 192.168.1.116 - 57498 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AMGma0afgXEV4upMOkmlV3OKV6/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4392 1490376477.67 1490376478.29 615 192.168.1.116 - 57499 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o3sbRIb2VoImH3h1Nm/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4393 1490376670.32 1490376670.93 610 192.168.1.116 - 57500 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6Pi5gWUjVKqZklYl2TpR7/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4394 1490376862.92 1490376863.54 616 192.168.1.116 - 57501 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UP0jhL8rpL17IoSS/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4395 1490377055.6 1490377056.21 608 192.168.1.116 - 57502 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bftEsQpQseojAhi1HBs7U9N03fpO/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4396 1490377248.33 1490377250.15 1827 192.168.1.116 - 57503 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4396 1490377257.58 1490377258.82 1240 192.168.1.116 - 57503 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4396 1490377266.56 1490377267.21 642 192.168.1.116 - 57503 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2IsRCq6opYTu5y5vkXtf28B/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4397 1490377459.32 1490377459.95 637 192.168.1.116 - 57504 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RWMj3ZkSuKYUCFcaffbIV/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4398 1490377652.02 1490377652.63 609 192.168.1.116 - 57505 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G863qLHRYnZknIfNAUuoAsWPSjp/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4399 1490377844.64 1490377845.25 615 192.168.1.116 - 57506 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RbEEr2uhut20640W2Z0G5be/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4400 1490378037.27 1490378038.99 1724 192.168.1.116 - 57507 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y19dGiRffrqNbavoO88ZBdrjWin/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4401 1490378230.97 1490378231.58 612 192.168.1.116 - 57508 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fQcYI4C97aVK2JaBakt/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4402 1490378423.63 1490378424.24 616 192.168.1.116 - 57509 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7ZYly17wrbLQrDFh2S1WrrZp/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4403 1490378616.25 1490378619.59 3339 192.168.1.116 - 57510 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3RQAx0651092mJGBzkASizRfMfEf/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4404 1490378811.55 1490378812.16 607 192.168.1.116 - 57511 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/asoP2i3FvbkaNbDUs0hHj06fA/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4405 1490379004.27 1490379004.89 616 192.168.1.116 - 57512 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kFNdbNytfQl7GdhXj5GVhCAc/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4406 1490379196.93 1490379197.53 604 192.168.1.116 - 57513 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/imejL92tr71THcraVA1CduwCdzz/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4407 1490379389.56 1490379390.17 607 192.168.1.116 - 57514 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1ZgeIaE70BNq9X0yspQjE/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4408 1490379582.26 1490379582.87 616 192.168.1.116 - 57515 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k4mXOv53DP3OvQEz/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4409 1490379774.86 1490379775.47 614 192.168.1.116 - 57516 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tz0FttWe6puNLzqUpd3hh6/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4410 1490379967.6 1490379968.23 630 192.168.1.116 - 57517 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cAuqBZZa6zaHmN67OBFXBHRHrOI/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4411 1490380160.22 1490380160.86 636 192.168.1.116 - 57518 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ey3HbjFBUEae598eBGaa2/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4412 1490380352.85 1490380353.49 632 192.168.1.116 - 57519 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HwMP0BquInYCdyQPE2yZK9ryUip4Mu/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4413 1490380545.54 1490380546.17 638 192.168.1.116 - 57520 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4413 1490380546.43 1490380547.05 615 192.168.1.116 - 57520 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IUtzUiulGIQp2UoPYw9MK/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4414 1490380739.08 1490380739.69 614 192.168.1.116 - 57521 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oh677GDlUUySAWUV/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4415 1490380931.74 1490380932.36 614 192.168.1.116 - 57522 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t0zijrjIPlVtBOLBpJzwhe4/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4416 1490381130.47 1490381131.11 638 192.168.1.116 - 57523 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4417 1490381148.88 1490381149.49 604 192.168.1.116 - 57524 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4418 1490381166.3 1490381166.94 642 192.168.1.116 - 57525 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4419 1490381183.79 1490381184.39 608 192.168.1.116 - 57526 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GVEL0GP5hWOyaEupfGk/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4420 1490381376.4 1490381378.01 1607 192.168.1.116 - 57527 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QjVE3Hs6dJUUqh4slCJYudMlzJN/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4421 1490381570.02 1490381570.63 613 192.168.1.116 - 57528 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fUk1yJcsVWWJ4btV2/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4422 1490381762.69 1490381763.3 609 192.168.1.116 - 57529 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x8sBHG56pF2EZjgZnIv07XbrQE/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4423 1490381955.4 1490381956.02 620 192.168.1.116 - 57530 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b2SVhDhbU9KY8paS/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4424 1490382148.08 1490382148.68 606 192.168.1.116 - 57531 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Irnxgr8ZQ8o9nuow/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4425 1490382340.73 1490382341.34 611 192.168.1.116 - 57532 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YgO5XnoNQPeihTnzbKI3L/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4426 1490382533.31 1490382533.95 636 192.168.1.116 - 57533 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e59KtkmbEhcIohNkK7qvkIu/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4427 1490382725.9 1490382727.63 1728 192.168.1.116 - 57534 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4427 1490382735.14 1490382736.32 1180 192.168.1.116 - 57534 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4427 1490382743.39 1490382744.03 637 192.168.1.116 - 57534 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4WdxEGzNXtnrm2lD3/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4428 1490382936.03 1490382936.64 607 192.168.1.116 - 57535 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4428 1490382942.6 1490382943.23 629 192.168.1.116 - 57535 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D3okohyiJwqgWRFmapAO4Yn/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4429 1490383135.32 1490383135.92 605 192.168.1.116 - 57536 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tXzUP6zOW208IXNZMFpoc5J/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4430 1490383328.03 1490383328.63 604 192.168.1.116 - 57537 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0kS2j22V6EhhugprduuUiGmblURCf/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4431 1490383520.69 1490383521.32 631 192.168.1.116 - 57538 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7fKF2RhSS7lfw4vns/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4432 1490383713.39 1490383714.01 620 192.168.1.116 - 57539 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYssqGlDqLFjXxUZ3Qqv6zLjivbR4/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4433 1490383906.07 1490383906.68 606 192.168.1.116 - 57540 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zuigupkuLVzn1hTaknJc0/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4434 1490384098.88 1490384099.48 604 192.168.1.116 - 57541 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xhyjNpKYfERrtmHmr41hAYGKXkg8ktP/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4435 1490384291.48 1490384292.09 610 192.168.1.116 - 57542 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5kU9I0SXyTUElYQUu/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4436 1490384484.11 1490384484.72 610 192.168.1.116 - 57543 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A7uZce5uy67cYNBJaB0I0QZ/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4437 1490384676.74 1490384677.35 614 192.168.1.116 - 57544 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K0LUTeTagJMdzfsar/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4438 1490384869.38 1490384869.98 605 192.168.1.116 - 57545 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IvifBYp9iKC8mOcvHrmqwmtNEh/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4439 1490385061.95 1490385062.56 608 192.168.1.116 - 57546 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kQjQq9ioztAnzeV1SLYRkH/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4440 1490385254.57 1490385255.21 633 192.168.1.116 - 57547 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wX3ga7m6N7aNlEBc2zzpyp8y4cm3Ov6/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4441 1490385447.21 1490385447.82 613 192.168.1.116 - 57548 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/faMIySOMdv6ZPSyaiEPpr/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4442 1490385639.82 1490385640.43 610 192.168.1.116 - 57549 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZfhhSQy4b7Pjh3mwzmzDyr/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4443 1490385832.47 1490385833.07 604 192.168.1.116 - 57550 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eemvfzppavoy9YD7uE/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4444 1490386025.09 1490386025.73 644 192.168.1.116 - 57551 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4444 1490386025.99 1490386026.6 612 192.168.1.116 - 57551 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lHzItmJY4LoCnn1PLs/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4445 1490386218.62 1490386219.23 608 192.168.1.116 - 57552 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xhJLyz1jueaUqJiy3XcypEZn7/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4446 1490386411.21 1490386411.82 610 192.168.1.116 - 57553 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bOL9RB9tqN9HjW6fTJN2NryaUzL2/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4447 1490386603.92 1490386605.53 1612 192.168.1.116 - 57554 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ncsv1DkVxztl0yq0u9YZ7ikZNx0Wve0/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4448 1490386797.56 1490386798.18 616 192.168.1.116 - 57555 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AmkGYdMTW0lRfFtvJ2rpESAAr9Vrboz/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4449 1490386990.23 1490386990.84 605 192.168.1.116 - 57556 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/maeRVEDMzxnA7nXfd6M1n/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4450 1490387182.82 1490387183.39 567 192.168.1.116 - 57557 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ToDyQTDwuSe8iIffyG4tS5UzMAP/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4451 1490387375.51 1490387376.12 612 192.168.1.116 - 57558 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2sKKnfv5Njlb0nqslw/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4452 1490387568.13 1490387568.74 613 192.168.1.116 - 57559 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5G11eyKAePPldYX7nld2wct/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4453 1490387760.78 1490387761.39 610 192.168.1.116 - 57560 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TbAyYovdi7WBnBIOhAW/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4454 1490387953.37 1490387954.0 623 192.168.1.116 - 57561 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0IwprsBiHAdqdOZIZ6hDkZq08/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4455 1490388146.04 1490388147.81 1767 192.168.1.116 - 57562 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4455 1490388155.17 1490388156.4 1233 192.168.1.116 - 57562 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4455 1490388163.48 1490388164.13 650 192.168.1.116 - 57562 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BRCuoKlNfQAl3htX0F14/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4456 1490388356.19 1490388356.79 605 192.168.1.116 - 57563 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bmsRqX726n7tad0gWUx51FWa5Q8dCST5/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4457 1490388549.82 1490388550.44 614 192.168.1.116 - 57564 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/77BUqDFPUBDVuyleNtD6z4JMDjjsAtAg/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4458 1490388742.79 1490388743.45 668 192.168.1.116 - 57565 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4459 1490388745.35 1490388745.98 622 192.168.1.116 - 57566 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TcmEmA3G24yz7EryjShr2EfHAWHEPP/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4460 1490388937.99 1490388938.59 609 192.168.1.116 - 57567 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NzwDWCxVEORiRV7nF0hYnqa/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4461 1490389130.66 1490389131.27 611 192.168.1.116 - 57568 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EHQgFq7K8pMa1AbV9zfCX/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4462 1490389323.28 1490389323.9 618 192.168.1.116 - 57569 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OC4NLHF1Qu9uLS6X8pSbfIrzmAH9/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4463 1490389516.1 1490389516.72 623 192.168.1.116 - 57570 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MexxIKQEWzRZAa7tZTPKGgOji/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4464 1490389708.8 1490389709.42 620 192.168.1.116 - 57571 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f2SydcgtqigLCLS1mmu/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4465 1490389901.46 1490389902.08 616 192.168.1.116 - 57572 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NCbOW1ogj7LhxMdU6GF9tMH/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4466 1490390094.22 1490390094.84 620 192.168.1.116 - 57573 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BHvaLDmA5A7dEr6pa0mkG/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4467 1490390287.02 1490390287.64 620 192.168.1.116 - 57574 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J9kzEZk0qhLIjFfvJxAiKhZxX/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4468 1490390479.72 1490390480.32 604 192.168.1.116 - 57575 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oifgkpuog7M6oEvL7ILmToL2Q01Rij/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4469 1490390672.28 1490390672.89 603 192.168.1.116 - 57576 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hXjEuCM9pR5vO8tQqKnGFhC/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4470 1490390864.94 1490390865.54 607 192.168.1.116 - 57577 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WAGYs7Y6Fs8neC7f33xLQyn79Kz8zUnR/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4471 1490391057.55 1490391058.16 612 192.168.1.116 - 57578 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7tpNsBBcfejOxYMMyxaMq80hLhb6/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4472 1490391250.17 1490391250.78 607 192.168.1.116 - 57579 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DMFzRNWsEpnDDVoQPyifxAGv0VTeKQv/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4473 1490391442.74 1490391443.35 618 192.168.1.116 - 57580 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4473 1490391443.62 1490391444.19 568 192.168.1.116 - 57580 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xRHn4rKQtYRadKbLVg/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4474 1490391636.29 1490391636.9 620 192.168.1.116 - 57581 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xIdJSBBrTn7W5DX32u4z/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4475 1490391829.01 1490391829.63 616 192.168.1.116 - 57582 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CYY17fkbpcNIOBjQOYFUa06zh3Jj/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4476 1490392021.96 1490392022.58 620 192.168.1.116 - 57583 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NuyfEkptdTlNW9JZ7OB/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4477 1490392214.54 1490392215.1 568 192.168.1.116 - 57584 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tcJvuLAePuuvPk6J67xpHm2/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4478 1490392407.07 1490392407.67 606 192.168.1.116 - 57585 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/APTe08G3ILPDb75FemuqF/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4479 1490392599.73 1490392600.36 632 192.168.1.116 - 57586 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/09Knb01RBRPcvCK9ESVreeDdk8URnm/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4480 1490392792.46 1490392793.06 605 192.168.1.116 - 57587 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dl5Czh9DZRllLAwTy8Us985/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4481 1490392985.1 1490392985.71 613 192.168.1.116 - 57588 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TeuH0utnDSXBVUEZ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4482 1490393177.81 1490393178.42 610 192.168.1.116 - 57589 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bLQEuqfRa2vqhbAx/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4483 1490393370.44 1490393371.04 607 192.168.1.116 - 57590 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7x7MzXJerpEwSDPvVAT84aifvp5R/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4484 1490393563.07 1490393564.85 1779 192.168.1.116 - 57591 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4484 1490393572.0 1490393573.21 1212 192.168.1.116 - 57591 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4484 1490393580.63 1490393581.24 612 192.168.1.116 - 57591 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wFtmtsIn885CDtHpnfvW73DicW/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4485 1490393908.36 1490393908.89 523 192.168.1.116 - 57595 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4486 1490393910.36 1490393910.64 276 192.168.1.116 - 57596 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 4485 1490393910.83 1490393911.41 574 192.168.1.116 - 57595 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/S6HG1pKS782ulptWyUdtcVfZFmo/ 329 517 0 374 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4485 1490393911.83 1490393912.36 530 192.168.1.116 - 57595 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4485 1490393912.67 1490393913.2 529 192.168.1.116 - 57595 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/MQYPBWTNYSWFEX/1/ 221 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4487 1490393916.02 1490393916.62 605 192.168.1.116 - 57597 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4488 1490393918.17 1490393918.7 536 192.168.1.116 - 57598 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4489 1490393920.49 1490393921.14 650 192.168.1.116 - 57599 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4490 1490393922.92 1490393923.52 605 192.168.1.116 - 57600 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lVO8Gd9780vkpHOOn2/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4491 1490394115.5 1490394116.12 615 192.168.1.116 - 57601 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mRs75foB7UDGZyGmfH3SoRprcVRY/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4492 1490394308.12 1490394308.73 608 192.168.1.116 - 57602 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/adacLZneZo8iYs0s/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4493 1490394501.72 1490394502.36 640 192.168.1.116 - 57603 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w48Ezvcmuyn1J0BhRxLyiKy6h0CNmW/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4494 1490394695.53 1490394696.14 611 192.168.1.116 - 57604 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/toXCH1LEiDQJRmGDxHXQQ5XGKg78jCZI/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4495 1490394889.23 1490394889.84 608 192.168.1.116 - 57605 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CpgU6XJPKgsF2nnE3JZj/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4496 1490395081.85 1490395082.46 605 192.168.1.116 - 57606 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G628ZtImwbCYGgJxrwiLy/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4497 1490395274.45 1490395275.07 614 192.168.1.116 - 57607 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hd9S6D2ClCq6eUCS6wQwuMTRcE/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4498 1490395468.2 1490395468.81 609 192.168.1.116 - 57608 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9bTqVpOP8FHguq7AmhhhXdxo3nCL/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4499 1490395666.79 1490395668.57 1785 192.168.1.116 - 57609 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4500 1490395685.37 1490395685.98 615 192.168.1.116 - 57610 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4501 1490395702.8 1490395703.41 607 192.168.1.116 - 57611 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4502 1490395720.22 1490395720.83 615 192.168.1.116 - 57612 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lWLMsQI0MNKnoproqVy/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4503 1490395915.72 1490395916.33 615 192.168.1.116 - 57613 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PK96QowJEyJ20RLYYv5yQ54j4PCWOT1/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4504 1490396108.35 1490396110.09 1739 192.168.1.116 - 57614 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gbl2xN0H9sKEyiW2qgtyh7x/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4505 1490396302.07 1490396304.2 2127 192.168.1.116 - 57615 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ur7pXAs01lsb4BGkTg9Tv/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4506 1490396497.37 1490396497.99 615 192.168.1.116 - 57616 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cHU4DA8HF4lXhCwg/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4507 1490396689.99 1490396690.55 569 192.168.1.116 - 57617 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UQFFeJCPttaLdxiAjA75YrjUHTRXs/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4508 1490396882.53 1490396883.13 605 192.168.1.116 - 57618 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4508 1490396883.39 1490396884.05 659 192.168.1.116 - 57618 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/myLgqgjUQM8OG3fP/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4509 1490397075.85 1490397076.38 527 192.168.1.116 - 57619 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JyJl33IpmFxHdxT6p6P3mjKO/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4510 1490397268.38 1490397268.99 605 192.168.1.116 - 57620 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7AHfr7lcxxqgcxrAYKt7BjSjN5p/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4511 1490397460.81 1490397461.33 519 192.168.1.116 - 57621 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IGi3QN0V2KuxtOHzBvJ1sXukwR0D/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4512 1490397653.37 1490397653.98 614 192.168.1.116 - 57622 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/keJ4yxknmqwklqHSe5Ch4MSv4zgIfhhT/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4513 1490397846.79 1490397847.33 539 192.168.1.116 - 57623 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zBIuMnr8dSzsHy9odh9SL1EQhppH/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4514 1490398039.31 1490398039.92 615 192.168.1.116 - 57624 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zJph1knPw6ikHQLimqUpzAxL8A8/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4515 1490398232.93 1490398233.54 611 192.168.1.116 - 57625 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bCM3nFPftJdHnGouflDGL/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4516 1490398426.65 1490398427.25 605 192.168.1.116 - 57626 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jyEPdd5vFBCen3jdp92T9pMyBr6Hi/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4517 1490398619.23 1490398621.47 2237 192.168.1.116 - 57627 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ejgqh5RB5XoPoXhnGbgR/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4518 1490398813.25 1490398813.79 536 192.168.1.116 - 57628 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kM7YffocMNwLlyCL3zfEqugPl1h/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4519 1490399005.59 1490399007.12 1534 192.168.1.116 - 57629 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4519 1490399014.43 1490399016.53 2101 192.168.1.116 - 57629 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4519 1490399023.58 1490399024.09 513 192.168.1.116 - 57629 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m64lHjjCAnWPYlrwZQF3rIwNJa/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4520 1490399216.6 1490399217.24 640 192.168.1.116 - 57630 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dk7a4otLe4BGAlxmzkPM7TTAF0qjR00/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4521 1490399409.24 1490399409.81 567 192.168.1.116 - 57631 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ihYRAGZ6EqNyTlxpP/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4522 1490399601.76 1490399602.33 573 192.168.1.116 - 57632 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/28zL60cnTFSxzhC7ZjcA6/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4523 1490399798.25 1490399798.86 609 192.168.1.116 - 57633 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Cj64bySQBUcmLNig3AV7B/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4524 1490399990.82 1490399991.43 610 192.168.1.116 - 57634 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N84lSHqype9TFX9dwGCbGBg/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4525 1490400184.6 1490400185.21 609 192.168.1.116 - 57635 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZcvBMFc7jIgXb3RzQJ/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4526 1490400377.16 1490400379.34 2171 192.168.1.116 - 57636 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QHBxKfcrI7yCwDl041iwZ5OR1SJixJ8M/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4527 1490400571.76 1490400573.51 1750 192.168.1.116 - 57637 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hS64nkVhR4Kt2XY9ZU2CfD6t2/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4528 1490400768.48 1490400769.09 614 192.168.1.116 - 57638 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fRJq7oejnlDvs6WcdujSKxAjWsb3z/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4529 1490400962.24 1490400962.86 623 192.168.1.116 - 57639 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wmUzaAtknWVgkyGtmb/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4530 1490401154.89 1490401155.5 611 192.168.1.116 - 57640 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fNTR4WsgJrClLtq8SXsb/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4531 1490401348.49 1490401349.1 614 192.168.1.116 - 57641 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PgKVVeK8BDnmqdXnx81dgTdV6fg/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4532 1490401540.91 1490401541.47 551 192.168.1.116 - 57642 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WBaGLGCIrKDVltrfKuB3Lzk/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4533 1490401733.49 1490401734.12 630 192.168.1.116 - 57643 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9EflSMzh7uciV8dz/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4534 1490401926.13 1490401926.75 617 192.168.1.116 - 57644 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pYqCN6krqus9AmqDIVYqG2hlIy4v/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4535 1490402118.79 1490402119.4 615 192.168.1.116 - 57645 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ryQWLe8D6FI0AyOfi/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4536 1490402311.39 1490402312.0 610 192.168.1.116 - 57646 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4536 1490402312.25 1490402312.87 626 192.168.1.116 - 57646 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NXOo4UDAvtBqet3vzN9N9/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4537 1490402504.88 1490402505.48 605 192.168.1.116 - 57647 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0SFVypWkTee9zdVy/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4538 1490402701.38 1490402702.0 621 192.168.1.116 - 57648 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wIDPFbDmy2w0xZbjY0nRyhbxuoN6So/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4539 1490402894.11 1490402894.72 614 192.168.1.116 - 57649 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xLhNRC7vZesjcAVXJkq5t1tqam/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4540 1490403087.81 1490403088.38 568 192.168.1.116 - 57650 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xo5eaiRTQq29nDgQ48eFQSasZB/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4541 1490403281.51 1490403282.12 613 192.168.1.116 - 57651 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QZdhTvPPWVzAVnsHPp/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4542 1490403477.02 1490403477.63 610 192.168.1.116 - 57652 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8dBrXr5GqkWN6tfDNPIGtbWY/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4543 1490403670.76 1490403672.97 2209 192.168.1.116 - 57653 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iuMStgCsSKn6H4jj7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4544 1490403864.99 1490403865.6 607 192.168.1.116 - 57654 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dE87ppzrsbwHbH1Aogol6dQAVBYdDB/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4545 1490404057.43 1490404059.4 1973 192.168.1.116 - 57655 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gHTKBvzlFxdF7Dcpstg/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4546 1490404253.57 1490404254.18 611 192.168.1.116 - 57656 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9wRzqjC7FWYZaH0rIo1D4mh47p0bopE/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4547 1490404449.18 1490404451.48 2300 192.168.1.116 - 57657 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4547 1490404458.87 1490404460.63 1763 192.168.1.116 - 57657 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4547 1490404467.36 1490404469.09 1727 192.168.1.116 - 57657 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4MKYu0mSYEli8bfGyzvoBzp3/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4548 1490404663.95 1490404664.57 613 192.168.1.116 - 57658 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ZQX1tmoZ7U8nIN0RyW0lKWO/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4549 1490404857.35 1490404857.87 519 192.168.1.116 - 57659 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4549 1490404863.82 1490404864.35 524 192.168.1.116 - 57659 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9reWiFVGg55swUllRP/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4550 1490405057.53 1490405058.15 617 192.168.1.116 - 57660 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XrNtuCQip83nFDtCVAOyInVckAV07/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4551 1490405249.91 1490405250.42 512 192.168.1.116 - 57661 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uh8bcQkqcunwEqtkEFZDbJZdSR5IX/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4552 1490405442.2 1490405443.72 1526 192.168.1.116 - 57662 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xuJdGjSyWMTKO1v734xLlbf/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4553 1490405636.87 1490405637.48 607 192.168.1.116 - 57663 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TB84yqMTQl8H3XI1noKUR6hTG/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4554 1490405831.61 1490405836.97 5352 192.168.1.116 - 57664 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wGmb0fdb8NziNwvsk88FdiI/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4555 1490406028.96 1490406032.74 3779 192.168.1.116 - 57665 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X6lmoso9YihOiPTmQ3Bie0do/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4556 1490406224.79 1490406225.4 606 192.168.1.116 - 57666 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0hTbF6QjHDfbqkdUel/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4557 1490406417.37 1490406418.01 638 192.168.1.116 - 57667 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TVBJN3gCoEUxi3NrU/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4558 1490406610.07 1490406610.68 610 192.168.1.116 - 57668 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wj0Q8mcytPqtamBzgyIGb/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4559 1490406803.85 1490406804.45 606 192.168.1.116 - 57669 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lm9IJENzjw9KIpR8xRop85O1Jyj/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4560 1490406996.43 1490406997.04 612 192.168.1.116 - 57670 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HK66wpd45POprPJoTWz9/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4561 1490407202.28 1490407204.02 1741 192.168.1.116 - 57671 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1sWiisJyjFMujmuRF9iPAdtc/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4562 1490407395.81 1490407396.31 506 192.168.1.116 - 57672 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7ylRhFV2BFs4Ia0W1AcIMTWKCqxULaLX/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4563 1490407588.29 1490407588.92 635 192.168.1.116 - 57673 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JmH1lgvcyImLlmDXnChzr651oqfHJ2S/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4564 1490407783.95 1490407784.59 638 192.168.1.116 - 57674 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4564 1490407784.84 1490407785.45 609 192.168.1.116 - 57674 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BaohNnGz1awhlwJixzPSBSE/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4565 1490407977.4 1490407979.11 1705 192.168.1.116 - 57675 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tL8jEOHveatM4OjnO2JTgr2xiXE40/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4566 1490408173.29 1490408173.89 609 192.168.1.116 - 57676 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A85z7Hc7VMh6e58lnmygshz7Y0wu/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4567 1490408372.35 1490408372.95 606 192.168.1.116 - 57677 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SMAJ20EmmCJzITJEBmwuAG4TsmSg4/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4568 1490408565.01 1490408565.63 624 192.168.1.116 - 57678 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i4RPOMDJMRTn05oJoXT7ecOyim1bo/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4569 1490408757.61 1490408758.23 614 192.168.1.116 - 57679 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/66TUpILEGH3AADUhHHWrII9ZCXw/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4570 1490408951.99 1490408952.62 625 192.168.1.116 - 57680 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A0DsrA3KV4PIYwrwc/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4571 1490409144.43 1490409144.95 522 192.168.1.116 - 57681 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bpoemFVnyxcaW7qTtSrvmLpIb/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4572 1490409336.93 1490409337.55 614 192.168.1.116 - 57682 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FXi1eSN5INM9zAEarvbf9O/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4573 1490409533.62 1490409539.1 5477 192.168.1.116 - 57683 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7pjo8AuAaCSVVa8T4s/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4574 1490409731.11 1490409731.74 624 192.168.1.116 - 57684 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rn7NdI24j28hUaM6GdvMsZ5OuJlMBZzk/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4575 1490409929.73 1490409931.26 1532 192.168.1.116 - 57685 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4575 1490409938.62 1490409940.17 1555 192.168.1.116 - 57685 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4575 1490409947.93 1490409948.47 540 192.168.1.116 - 57685 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eR32vOKoJgC2pl7INHg/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4576 1490410147.25 1490410149.15 1907 192.168.1.116 - 57686 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4577 1490410166.96 1490410167.58 621 192.168.1.116 - 57687 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4578 1490410187.42 1490410188.02 607 192.168.1.116 - 57688 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4579 1490410204.61 1490410205.11 507 192.168.1.116 - 57689 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f3KPqzzK5UqSlkQkYa4XE/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4580 1490410397.16 1490410399.0 1833 192.168.1.116 - 57690 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h2V0QBZ4C9OeV3Q9I/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4581 1490410591.01 1490410591.63 616 192.168.1.116 - 57691 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CSsgAsk4VE71EzLPxUdHh/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4582 1490410783.62 1490410785.83 2215 192.168.1.116 - 57692 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UZT0p0EBRPYfW7IqQcnh/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4583 1490410979.09 1490410979.74 647 192.168.1.116 - 57693 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fnkhoThsvo9csFr9mJTNgm/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4584 1490411171.74 1490411172.36 615 192.168.1.116 - 57694 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SwgloY6hxSzJU2pRhb/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4585 1490411364.38 1490411366.19 1802 192.168.1.116 - 57695 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hw8fMjQD3E6Fp6tFrlHlnd/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4586 1490411559.5 1490411561.41 1909 192.168.1.116 - 57696 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pm7900Skt1NcwXXUQZcKzlmCR1n/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4587 1490411753.4 1490411754.0 605 192.168.1.116 - 57697 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lz7gktXwdUPsC6zQSJS1tpkKIu6d/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4588 1490411948.09 1490411948.72 635 192.168.1.116 - 57698 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ISDZeTkD0h2axZ0eIKtLVe6/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4589 1490412141.72 1490412143.46 1739 192.168.1.116 - 57699 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mwJe1XxZIr4PWVhZdEkvp/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4590 1490412336.62 1490412337.23 613 192.168.1.116 - 57700 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/enf5dtK9ocUZlfhKu7rkcVI/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4591 1490412536.21 1490412536.82 610 192.168.1.116 - 57701 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AcxJjxOIrelzVcrmGXg7xl/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4592 1490412728.58 1490412729.1 514 192.168.1.116 - 57702 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dLyvs5kweFAi9r7qaC/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4593 1490412921.57 1490412922.18 610 192.168.1.116 - 57703 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQeiaDcVjasVbq4Ia9UBRb5wN7F/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4594 1490413114.2 1490413118.01 3809 192.168.1.116 - 57704 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JWjBzEU8uSxFdbpgYGOE3zb55uJd/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4595 1490413310.19 1490413312.11 1924 192.168.1.116 - 57705 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4595 1490413312.37 1490413337.22 24847 192.168.1.116 - 57705 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OdZ7LrXLlXMEpk66YjRo3idjQ/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4596 1490413528.54 1490413528.95 413 192.168.1.116 - 57706 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4596 1490413529.19 1490413529.66 471 192.168.1.116 - 57706 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/TMXPvIfKbF64bDauD5EldU/ 325 512 0 369 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4596 1490413530.16 1490413530.53 367 192.168.1.116 - 57706 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/BEHORQSWPZDKSALLIG/1/ 226 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4597 1490413532.7 1490413533.13 427 192.168.1.116 - 57707 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4598 1490413534.31 1490413534.78 473 192.168.1.116 - 57708 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4599 1490413535.91 1490413536.31 406 192.168.1.116 - 57709 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4600 1490413538.46 1490413538.9 434 192.168.1.116 - 57710 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4LjApRgqFRLKGsPwnQA1mqnyzpIExjPz/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4601 1490413730.32 1490413730.74 423 192.168.1.116 - 57711 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qN0KTBjr3m6MorsoJ9fPRE9O/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4602 1490413922.08 1490413922.45 370 192.168.1.116 - 57712 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EZFsMysPPi6DMhkfqvs/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4603 1490414113.86 1490414114.29 436 192.168.1.116 - 57713 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lyiz0WJaPcbGSCnGvyV/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4604 1490414305.72 1490414306.15 437 192.168.1.116 - 57714 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YIeoMVp6HF7FcR4LfWEelaQ4hEP6/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4605 1490414497.56 1490414497.99 434 192.168.1.116 - 57715 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vHjNdzORUnrhJuc2yjzNSSz/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4606 1490414689.35 1490414689.72 367 192.168.1.116 - 57716 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S12Wbv1IrBDMvc21/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4607 1490414881.08 1490414881.44 367 192.168.1.116 - 57717 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ac6kbxGyGFpxEPW8fg/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4608 1490415072.83 1490415073.24 406 192.168.1.116 - 57718 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zh7byvkND5l8wdJuzV/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4609 1490415264.65 1490415265.06 414 192.168.1.116 - 57719 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EqaA3Tr8183m2D4T4Q2RfrvX0vi/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4610 1490415456.42 1490415457.5 1078 192.168.1.116 - 57720 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4610 1490415464.63 1490415465.41 776 192.168.1.116 - 57720 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4610 1490415472.66 1490415473.05 395 192.168.1.116 - 57720 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qddhoXm2QTY75Z4Nd8/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4611 1490415664.43 1490415664.87 436 192.168.1.116 - 57721 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4611 1490415670.83 1490415671.24 412 192.168.1.116 - 57721 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l6uSk99k8FF1QK28EkynAIRN6aPFbZ/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4612 1490415862.69 1490415863.1 408 192.168.1.116 - 57722 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vus7dZHighDltPtF4HVAb8GDw0yo2lsG/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4613 1490416054.43 1490416054.87 433 192.168.1.116 - 57723 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M3MBcjhFu90RtYx4LcvrwISUhznu/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4614 1490416246.24 1490416246.62 373 192.168.1.116 - 57724 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A5JVlXic3326FCacA9pOr/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4615 1490416437.97 1490416438.34 367 192.168.1.116 - 57725 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wVmDXMjooysuHqSEPgvvtmTtLHJtM/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4616 1490416629.73 1490416630.17 432 192.168.1.116 - 57726 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yvHhi5rreVFQa3AAYySR9yzinSB1c/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4617 1490416821.56 1490416821.99 433 192.168.1.116 - 57727 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vDydnqiJwI8wiS1SsN/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4618 1490417013.4 1490417013.84 438 192.168.1.116 - 57728 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3WvDuCpU6dSP12trLRFbd/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4619 1490417205.19 1490417205.63 435 192.168.1.116 - 57729 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yv1jeb43fscpeD3Bmkrge8sULS6B/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4620 1490417397.0 1490417397.37 375 192.168.1.116 - 57730 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FwiMAvnZLz9OJd55OLrNAbN6NjL43IU/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4621 1490417588.87 1490417589.3 435 192.168.1.116 - 57731 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4622 1490417590.47 1490417590.91 433 192.168.1.116 - 57732 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M1uflcM3IJpn0aMtWt1Xx2wAvlM/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4623 1490417782.28 1490417782.69 407 192.168.1.116 - 57733 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p8TeTDIYcepJE0AMpuz9CtUhEzYV/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4624 1490417974.07 1490417974.44 373 192.168.1.116 - 57734 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6rFBGXzjSoF2CsX3tQdadxm0ki/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4625 1490418165.83 1490418166.24 406 192.168.1.116 - 57735 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TY9RYRPZTb2DGt75LVaBrEwfL/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4626 1490418357.56 1490418357.93 371 192.168.1.116 - 57736 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N5BuuYEpYAcaIKhfd1/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4627 1490418549.37 1490418549.8 428 192.168.1.116 - 57737 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l5zk5zFSqt9cusp3PdDskZtns/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4628 1490418741.2 1490418741.61 411 192.168.1.116 - 57738 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4628 1490418741.87 1490418742.29 418 192.168.1.116 - 57738 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nreeZ5QgDpUzFhfBdQ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4629 1490418933.68 1490418934.08 409 192.168.1.116 - 57739 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5cCtcVUqqRHGMpNSQ4kICfj/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4630 1490419125.46 1490419125.83 370 192.168.1.116 - 57740 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j2ihYrdUBwKTD2UTvDA3f7sgiZ7SM/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4631 1490419317.21 1490419317.58 369 192.168.1.116 - 57741 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wbFxoSfxwU88C2tqDnNA/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4632 1490419508.96 1490419509.37 411 192.168.1.116 - 57742 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4oIxi2jsO9MFeDB8hUepXsSzbC/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4633 1490419700.76 1490419701.16 403 192.168.1.116 - 57743 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xt4NSI3Ax7k0EfFxZu9BoY7k4bF5wdrZ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4634 1490419892.59 1490419893.0 418 192.168.1.116 - 57744 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1Ej84K30CAhPAtOBHXJYi/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4635 1490420084.4 1490420084.84 434 192.168.1.116 - 57745 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/77HxUl4iZ6D0U3IjMTvvSfpXZZ/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4636 1490420276.17 1490420276.61 434 192.168.1.116 - 57746 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eBWgvCkRcQjHFUrAsiA/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4637 1490420467.98 1490420468.39 410 192.168.1.116 - 57747 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T5zzahjVDw1sDJO22/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4638 1490420659.75 1490420660.16 409 192.168.1.116 - 57748 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y6E244a8jnHGxhMoTnbFuV704RsxP/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4639 1490420851.54 1490420851.98 436 192.168.1.116 - 57749 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KI6XCk5IzFtgVOLrvBb/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4640 1490421043.4 1490421044.56 1158 192.168.1.116 - 57750 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4640 1490421051.96 1490421052.76 808 192.168.1.116 - 57750 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4640 1490421059.87 1490421060.29 418 192.168.1.116 - 57750 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8g0MmpC4i9pyvEpN44/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4641 1490421251.67 1490421252.11 433 192.168.1.116 - 57751 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QlrQjFB5c8swLKw3kP/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4642 1490421443.52 1490421443.96 432 192.168.1.116 - 57752 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WGa7jDUdnfHlzVg1gsv0V6AHKqn/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4643 1490421635.33 1490421635.7 369 192.168.1.116 - 57753 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IZ5DP4h2q89bnylPjHk2yKC/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4644 1490421827.19 1490421827.56 369 192.168.1.116 - 57754 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NXIJIBlGpitT31A91krJro/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4645 1490422018.94 1490422019.36 417 192.168.1.116 - 57755 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IMbVuHDHzWDBzwlEQ/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4646 1490422210.74 1490422211.15 409 192.168.1.116 - 57756 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XKsGNJcTeZYau5byMQMAObSzw1QPFL/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4647 1490422402.55 1490422402.91 367 192.168.1.116 - 57757 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ivogs9BygPesBLFsxxSD/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4648 1490422594.25 1490422594.62 368 192.168.1.116 - 57758 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XmPG5Pyw2zptIoHqez92cwMSOqc2nxQ/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4649 1490422785.99 1490422786.4 410 192.168.1.116 - 57759 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7exZ0O2rqjWV49hfwfxfOEGD8lAoJo4/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4650 1490422977.79 1490422978.2 406 192.168.1.116 - 57760 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IHfzWUiY4pSGe9dVqL65/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4651 1490423169.61 1490423169.98 369 192.168.1.116 - 57761 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FyQO8k9xGRzXrNSZBCzzHpD3bsy/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4652 1490423361.35 1490423361.77 422 192.168.1.116 - 57762 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ug7BDYZlo2nAbuj5MvC/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4653 1490423553.38 1490423553.75 369 192.168.1.116 - 57763 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/usDWGjHBiOL9NhQUEAF9o/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4654 1490423745.06 1490423745.43 368 192.168.1.116 - 57764 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mQUyfQwynJ0ELSfc8/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4655 1490423936.84 1490423937.26 417 192.168.1.116 - 57765 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eIyXz1UTTc77MczF6pvnvbcsq/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4656 1490424128.62 1490424129.05 434 192.168.1.116 - 57766 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bI5Mq9YIFVCQ7nvu/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4657 1490424320.4 1490424320.81 408 192.168.1.116 - 57767 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4657 1490424321.08 1490424321.45 376 192.168.1.116 - 57767 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mhHzUIAig4xD96Vk5pEY/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4658 1490424512.84 1490424513.27 432 192.168.1.116 - 57768 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nEYZuFZjxhZHo68WImcn2xO3zi0HiA/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4659 1490424710.72 1490424711.13 407 192.168.1.116 - 57769 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4660 1490424727.32 1490424727.72 404 192.168.1.116 - 57770 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4661 1490424743.89 1490424744.3 406 192.168.1.116 - 57771 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4662 1490424760.67 1490424761.08 410 192.168.1.116 - 57772 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5W4apJRIJYTLYhHekTO27d/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4663 1490424952.46 1490424952.89 434 192.168.1.116 - 57773 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/425krT1UAeyHCLPqCSwcA64YDSZ/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4664 1490425144.29 1490425144.66 373 192.168.1.116 - 57774 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WZ1tITnPmOCxXZjX/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4665 1490425336.07 1490425337.5 1424 192.168.1.116 - 57775 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aiRLKGZnU4NTrPjOR091DDJisug75/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4666 1490425529.07 1490425529.47 406 192.168.1.116 - 57776 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JnYpD0Hd3Esr1n2YQ6D/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4667 1490425720.81 1490425721.18 373 192.168.1.116 - 57777 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rogtY5knNoXvo47HWYBzyMFagiZFOP/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4668 1490425912.59 1490425913.0 412 192.168.1.116 - 57778 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eDMGYOjgzkCJPsBwfG5ZTwvRt1/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4669 1490426104.36 1490426104.76 406 192.168.1.116 - 57779 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A3fViUmb2nor8ARVtKbyZdkkT1/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4670 1490426296.1 1490426297.47 1368 192.168.1.116 - 57780 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/56RdVbHQQTo5U4PS/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4671 1490426488.84 1490426489.94 1098 192.168.1.116 - 57781 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4671 1490426497.26 1490426498.07 811 192.168.1.116 - 57781 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4671 1490426505.3 1490426505.72 426 192.168.1.116 - 57781 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4671 1490426511.69 1490426512.1 413 192.168.1.116 - 57781 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WZcuNfpXBxmcQpJVCr1Hc18tj2ibZIq/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4672 1490426703.5 1490426703.93 437 192.168.1.116 - 57782 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dUoP2dRbAoIzU8SgSIEQ1O4uKYp7VNvM/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4673 1490426895.29 1490426895.65 368 192.168.1.116 - 57783 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b16iMCVIhBKVyIOx3PY4hOjY/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4674 1490427087.01 1490427087.42 404 192.168.1.116 - 57784 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mDu5gBfQF4TqE1QGf2s/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4675 1490427278.79 1490427279.2 410 192.168.1.116 - 57785 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B4ST6WCQq5EiaQF2yh6/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4676 1490427470.61 1490427471.02 410 192.168.1.116 - 57786 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e54USuJlYIhMMifYy3SOXn/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4677 1490427662.51 1490427662.88 368 192.168.1.116 - 57787 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/utaFEtfb5PCPYiTicmZJr/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4678 1490427854.27 1490427854.68 406 192.168.1.116 - 57788 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IltlYfJQ9vGLiJZuLWeljhE21KNl/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4679 1490428046.03 1490428046.4 369 192.168.1.116 - 57789 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQZKppFkKpHSKQjh3JLwjUZoFYstHiZ/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4680 1490428237.79 1490428238.22 434 192.168.1.116 - 57790 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5zhJTipd7wAYRdM6n8Gn2nlk7W2uf/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4681 1490428429.59 1490428430.02 433 192.168.1.116 - 57791 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sdQQknC8TOUYYpLnCo4a8ddTLC6wZx/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4682 1490428621.44 1490428621.89 447 192.168.1.116 - 57792 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9KYH0bJUHCZWRB44x/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4683 1490428813.29 1490428813.7 407 192.168.1.116 - 57793 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TZ9jpIXMV74ONwpl8Wr/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4684 1490429005.67 1490429006.1 433 192.168.1.116 - 57794 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xFzAv2K7k5oySHdfe86WOMXkamkVOA0/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4685 1490429197.53 1490429197.94 405 192.168.1.116 - 57795 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/muj105Dlgp89vHnpxI0VDBLjT0M1f/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4686 1490429389.36 1490429389.76 404 192.168.1.116 - 57796 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pxtn745p7PLgxyLP/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4687 1490429581.1 1490429581.52 419 192.168.1.116 - 57797 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0cnAgABujSR7oVINdtevflit3d/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4688 1490429773.02 1490429773.42 408 192.168.1.116 - 57798 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4688 1490429773.68 1490429774.12 443 192.168.1.116 - 57798 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uFcUZYrVSR6SPEdbyNX1j7FPR/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4689 1490429965.5 1490429965.93 433 192.168.1.116 - 57799 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N8JyGSBLqN8THxXtdPtiykv/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4690 1490430157.3 1490430157.71 407 192.168.1.116 - 57800 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lV44owe9ufxxMwbBkItcXi810mYcUwq/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4691 1490430349.11 1490430349.48 367 192.168.1.116 - 57801 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uRcmXwCpQilHDwuDECUfH15vZ/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4692 1490430540.85 1490430541.23 377 192.168.1.116 - 57802 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f4uBpe0IVSoIYXDwqP/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4693 1490430732.64 1490430734.05 1408 192.168.1.116 - 57803 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pWEUcYQhQRY502M2jhBPc/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4694 1490430925.44 1490430925.84 405 192.168.1.116 - 57804 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U9fqtx49Rcm5Q33cpYiUlcHOuBfPG/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4695 1490431117.22 1490431117.63 410 192.168.1.116 - 57805 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ucubzwUZJC7QESNnaCU/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4696 1490431308.97 1490431309.4 437 192.168.1.116 - 57806 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R8o0mPnLHgvmkMqJuPFOQqqtMCZuj/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4697 1490431500.78 1490431501.2 418 192.168.1.116 - 57807 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/79u5KV1GhU8O6dBz61vWUW8/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4698 1490431692.56 1490431693.0 438 192.168.1.116 - 57808 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cadWst3m6oEgLczWyj5fZZmtfVEDTvEy/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4699 1490431884.35 1490431884.78 433 192.168.1.116 - 57809 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AGQY7eXRok0ljFj6GFoa6cQ3BKBmN/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4700 1490432076.18 1490432077.29 1112 192.168.1.116 - 57810 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4700 1490432084.89 1490432085.69 798 192.168.1.116 - 57810 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4700 1490432093.47 1490432093.91 434 192.168.1.116 - 57810 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQQ645SvddLhfGd1/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4701 1490432285.25 1490432285.68 433 192.168.1.116 - 57811 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YG3g0LVT0ea3N2MR28jP8/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4702 1490432477.14 1490432477.56 421 192.168.1.116 - 57812 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eexGlmkRwCnLF293rb/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4703 1490432668.97 1490432669.39 416 192.168.1.116 - 57813 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GORSjGll5HXllr2GNmJxO4mvQnq/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4704 1490432861.28 1490432864.79 3514 192.168.1.116 - 57814 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4705 1490432865.62 1490432865.9 274 192.168.1.116 - 57815 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 4704 1490432866.09 1490432866.73 640 192.168.1.116 - 57814 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/FpO5cTOZEL5clZG3rYCMxHug/ 325 514 0 371 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4704 1490432867.29 1490432868.91 1619 192.168.1.116 - 57814 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QYEETJPRPFDBKMP/1/ 221 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4706 1490432870.33 1490432870.84 505 192.168.1.116 - 57816 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4707 1490432875.53 1490432876.14 615 192.168.1.116 - 57817 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4708 1490432881.86 1490432885.43 3571 192.168.1.116 - 57818 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4709 1490432888.79 1490432890.21 1413 192.168.1.116 - 57819 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7v4bfn1dHcGpHJVxCk0gZ8Rq5uT/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4710 1490433087.96 1490433090.0 2041 192.168.1.116 - 57820 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SGviiul1vSN0Efdlw4JR/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4711 1490433281.91 1490433282.49 579 192.168.1.116 - 57821 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ookU6d5ulBE132GHsR19eOGbhn4jHJo/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4712 1490433475.45 1490433476.03 583 192.168.1.116 - 57822 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gBxhtdzRcicj4Ym7/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4713 1490433667.97 1490433668.55 580 192.168.1.116 - 57823 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vpfTqbPMzAz74Wm9vY8PuqKXU/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4714 1490433860.43 1490433861.01 575 192.168.1.116 - 57824 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iWyZUZ1Ezdox0axScLuEMJOEK67/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4715 1490434052.65 1490434053.12 473 192.168.1.116 - 57825 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BsXdkCybUTWpir9RCgS/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4716 1490434246.26 1490434246.8 537 192.168.1.116 - 57826 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kKuFs6rdT2IFypOTjWW7dJGG/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4717 1490434438.72 1490434439.26 537 192.168.1.116 - 57827 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0QM9Flx5RvgqIDrurctZS4sFwN/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4718 1490434634.15 1490434634.72 573 192.168.1.116 - 57828 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/px882WWkvjfD1FaG5wmxbl7mi/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4719 1490434830.11 1490434832.08 1969 192.168.1.116 - 57829 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cMSUXsMCSvbr5KTQzk/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4720 1490435024.99 1490435025.54 543 192.168.1.116 - 57830 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nmTI0QQf23jZScqEHHYv6dAxcUV7QW/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4721 1490435220.41 1490435220.94 535 192.168.1.116 - 57831 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4721 1490435221.2 1490435224.14 2946 192.168.1.116 - 57831 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x6cdlmJd8B5cI4E6fQfmlR0NbG/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4722 1490435417.0 1490435417.52 520 192.168.1.116 - 57832 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eZyanT3KguAqP0kbxxqb6nAYerl2b6sU/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4723 1490435634.58 1490435635.12 536 192.168.1.116 - 57833 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0DLKbU60h8DPOAxYXpnkqb9sft59hcv/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4724 1490435826.99 1490435827.51 520 192.168.1.116 - 57834 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IO5R6nLWaOuMldjqpNw8cpK6/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4725 1490436019.39 1490436019.94 551 192.168.1.116 - 57835 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Le6DAKFDsHvtmJbzoSFHDHI2v/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4726 1490436214.3 1490436214.81 510 192.168.1.116 - 57836 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dCqhznJIJh1HQxDVi8dZgn/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4727 1490436407.79 1490436408.33 543 192.168.1.116 - 57837 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UJrOKtKZktnWnDq7ESraeYf4/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4728 1490436600.3 1490436600.91 608 192.168.1.116 - 57838 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bguWgokCZ4WQeL2fFt7Nx8EAsABfe/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4729 1490436792.77 1490436793.31 539 192.168.1.116 - 57839 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F3aZbtYLguIisQZAEY/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4730 1490436986.14 1490436986.68 541 192.168.1.116 - 57840 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7K7RBiQFF1Kjvgqya3EHd8w1mYYfoA/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4731 1490437178.3 1490437180.01 1709 192.168.1.116 - 57841 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lLBzMSqP1QA0q1zcpeWQpL9j5S7o/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4732 1490437371.86 1490437372.44 584 192.168.1.116 - 57842 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4732 1490437378.41 1490437381.32 2910 192.168.1.116 - 57842 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3e51UclzbXFBakZjWMyjMQq/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4733 1490437573.18 1490437574.78 1599 192.168.1.116 - 57843 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4733 1490437582.27 1490437583.9 1621 192.168.1.116 - 57843 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4733 1490437591.56 1490437592.11 551 192.168.1.116 - 57843 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZR93RYFDBsjXEqSctNIeXYtgQ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4734 1490437783.73 1490437784.22 486 192.168.1.116 - 57844 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ttIwx9558AHCazVUaOqXjnW/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4735 1490437977.16 1490437985.0 7837 192.168.1.116 - 57845 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R4aJC6X7JVm29Yhe82hcbaaR9p9/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4736 1490438176.86 1490438177.4 546 192.168.1.116 - 57846 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/btmwnlrwjG6ktNjI32DdhKn59A/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4737 1490438371.28 1490438371.8 519 192.168.1.116 - 57847 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J6vbW8HFFtLL9Wnj27Ekb/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4738 1490438563.64 1490438564.18 541 192.168.1.116 - 57848 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FzkpyQlquBQhTxVmIUCp/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4739 1490438756.0 1490438756.55 543 192.168.1.116 - 57849 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h1Luyn1U5EqmGmCBZCBWsCH4WfkryRn/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4740 1490438948.4 1490438948.94 539 192.168.1.116 - 57850 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n5NHRZkqlpknHFWPzKyB/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4741 1490439140.77 1490439141.3 538 192.168.1.116 - 57851 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hoYwoApdGWiEhY75T1JxSrvBkbt7TL/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4742 1490439340.73 1490439341.3 573 192.168.1.116 - 57852 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4743 1490439357.91 1490439358.45 537 192.168.1.116 - 57853 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4744 1490439376.14 1490439378.15 2013 192.168.1.116 - 57854 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4745 1490439394.79 1490439396.83 2037 192.168.1.116 - 57855 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QNUXBgGHoa0B0jlu4FxWQ/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4746 1490439589.71 1490439590.24 536 192.168.1.116 - 57856 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1JX0DT08NRLRASS7Aib59oHaQP/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4747 1490439782.11 1490439782.64 534 192.168.1.116 - 57857 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oksWjBJiUT8OUwpEv9qHdBGRlCLy/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4748 1490439974.3 1490439975.67 1373 192.168.1.116 - 57858 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FU8RgHld7vHhiZsvuGoJ7G3eF9j4Q/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4749 1490440170.06 1490440170.58 522 192.168.1.116 - 57859 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iYNyzgDuBvC8qSkzvXW5kh/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4750 1490440366.11 1490440366.58 470 192.168.1.116 - 57860 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZtQ7eobg8MuigzltE0ZeTTgQsGq/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4751 1490440558.39 1490440558.91 526 192.168.1.116 - 57861 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/89Ncqc7S3ybsrS0YxfUsV6RSyitkR/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4752 1490440751.81 1490440753.44 1634 192.168.1.116 - 57862 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4752 1490440753.7 1490440754.24 549 192.168.1.116 - 57862 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gbqqi9nWg1JDCd4Pk6KD/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4753 1490440947.07 1490440949.05 1977 192.168.1.116 - 57863 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0SbD1cD2K6shmvb8xmWf/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4754 1490441149.33 1490441151.34 2005 192.168.1.116 - 57864 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HzQcwsZfo60JsHblo5ZBV0PgVzm2vxU/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4755 1490441345.2 1490441345.74 538 192.168.1.116 - 57865 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FEfCRn6jXDVJKA8posKnLxDiST/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4756 1490441541.75 1490441542.29 542 192.168.1.116 - 57866 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8ABHtKjif4qkeymTLuzAk1PVB262jK/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4757 1490441736.73 1490441737.28 553 192.168.1.116 - 57867 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FgoMeJoq8O78wngdcv/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4758 1490441929.1 1490441930.68 1585 192.168.1.116 - 57868 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r4YZYZdOhIXnMRL5zfy4/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4759 1490442122.52 1490442123.05 535 192.168.1.116 - 57869 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kXt18xRdNowCkh9Ikd5IzRf1fQZQ3aeh/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4760 1490442314.94 1490442315.48 544 192.168.1.116 - 57870 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vVlHMelzR6i5edhzshn3bP/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4761 1490442509.25 1490442510.93 1681 192.168.1.116 - 57871 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GzGHQHkXHZyupCmZSSmUUEVr3DisSm7/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4762 1490442705.89 1490442707.9 2011 192.168.1.116 - 57872 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sGZ3wgegfjDnoAZ9XEaSuoQVxHyc/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4763 1490442901.33 1490442901.91 574 192.168.1.116 - 57873 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X1IsEC4LKqskL2AhpIFimxmI9/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4764 1490443101.02 1490443104.16 3146 192.168.1.116 - 57874 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4764 1490443111.87 1490443113.47 1596 192.168.1.116 - 57874 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4764 1490443120.66 1490443121.22 568 192.168.1.116 - 57874 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fnyq0I5HyrWRNAFMZm9pmZ/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4765 1490443312.8 1490443313.27 471 192.168.1.116 - 57875 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R5kTFdolanNJ79zN0FLWpFz0Th/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4766 1490443507.71 1490443508.25 536 192.168.1.116 - 57876 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u4eCfyzibbGa4l1N3DSYs7nPa/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4767 1490443700.14 1490443700.68 535 192.168.1.116 - 57877 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F8FeYtV0RxjyHsH22a0h/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4768 1490443893.6 1490443894.14 535 192.168.1.116 - 57878 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JGe7bOO8e2EDcd2OmhRrr85CJoDfR/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4769 1490444086.13 1490444086.67 541 192.168.1.116 - 57879 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iwix2sWNs5Ah08A3aKnCJkAkNiAy/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4770 1490444280.8 1490444282.54 1738 192.168.1.116 - 57880 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rXwWs9393Rb2pbHSXI3kJ/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4771 1490444474.39 1490444474.93 539 192.168.1.116 - 57881 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CiuNdGfY0aTVchpCys3kyoN4W/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4772 1490444666.79 1490444668.76 1975 192.168.1.116 - 57882 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YoSnbUqtLJ5ZCcbItHhEwQ5nr84v1F/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4773 1490444860.58 1490444861.11 526 192.168.1.116 - 57883 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VLEjNIqigXT20p1NFbW/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4774 1490445054.03 1490445054.57 536 192.168.1.116 - 57884 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zHRAX31lXPnZYiO26IfKbbigeq/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4775 1490445247.41 1490445247.95 541 192.168.1.116 - 57885 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vpBCdjcsYUHcYi3t27ULlONqiIE7P/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4776 1490445439.61 1490445440.09 480 192.168.1.116 - 57886 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/udoVE0ldANO5ErgOjkWlbT/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4777 1490445636.0 1490445638.03 2027 192.168.1.116 - 57887 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7aGn3gVFZzDUOzRrDsZOSE23Nd50i3/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4778 1490445833.51 1490445833.99 481 192.168.1.116 - 57888 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/91MMyIHW2wMSSokjnR6df/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4779 1490446026.86 1490446027.39 535 192.168.1.116 - 57889 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d4MP9duJRNaiP257wX/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4780 1490446219.25 1490446219.82 572 192.168.1.116 - 57890 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4780 1490446220.07 1490446220.65 577 192.168.1.116 - 57890 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iBAZvQsFWq9PwybpMZCfTdNsXChtz/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4781 1490446412.59 1490446413.16 575 192.168.1.116 - 57891 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4782 1490446417.5 1490446418.03 535 192.168.1.116 - 57892 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ifG4UMA65YdXJIXWxmhH/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4783 1490446609.87 1490446610.39 524 192.168.1.116 - 57893 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V1UJ8v4luMwvueTHazdSV7C5J7a/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4784 1490446802.9 1490446803.37 472 192.168.1.116 - 57894 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OLN68wwDip45RsNK2/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4785 1490446997.75 1490446998.27 520 192.168.1.116 - 57895 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lBqBldScLhea5wVJLnyth/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4786 1490447191.1 1490447191.62 521 192.168.1.116 - 57896 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q9TPPAXHbfVZeiLo5A/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4787 1490447383.2 1490447383.67 468 192.168.1.116 - 57897 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tlc2WZz9aZue3XgMYUQ9atYYT/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4788 1490447575.27 1490447575.75 480 192.168.1.116 - 57898 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pg5jvo6YlzhcpYtpyaivQc3lW2xEg1/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4789 1490447767.59 1490447768.13 536 192.168.1.116 - 57899 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hcBTM5ruEMTRMN4p1/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4790 1490447960.78 1490447962.22 1435 192.168.1.116 - 57900 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PZ9nrc8Hz8A8pdUzg06wNgSc4B8E/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4791 1490448155.03 1490448158.04 3014 192.168.1.116 - 57901 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BpV16QQ0BSGLHM3b0Xiacf/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4792 1490448351.92 1490448352.5 582 192.168.1.116 - 57902 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4792 1490448358.48 1490448359.02 544 192.168.1.116 - 57902 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AG9polEVkEr9TugHH8/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4793 1490448552.91 1490448554.55 1638 192.168.1.116 - 57903 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4793 1490448562.08 1490448563.69 1606 192.168.1.116 - 57903 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4793 1490448570.67 1490448571.24 570 192.168.1.116 - 57903 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GpgDHtAhoqYOrAZygPZyF/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4794 1490448764.17 1490448764.73 567 192.168.1.116 - 57904 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iXl6u9AJZpHcFmT00WyLQgUkP/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4795 1490448956.54 1490448957.09 551 192.168.1.116 - 57905 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DGMAwXFhfBpLNujB0B1oFJZtnWRdxQj/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4796 1490449154.8 1490449155.38 579 192.168.1.116 - 57906 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mEZb1dqDQ6UIku1bCwU3byxePb/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4797 1490449347.26 1490449347.8 538 192.168.1.116 - 57907 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FwJNZY168xxBfJCQ/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4798 1490449540.71 1490449542.72 2012 192.168.1.116 - 57908 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Cd5nMx0X05PhfZGo6RHdv3H/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4799 1490449734.37 1490449734.84 476 192.168.1.116 - 57909 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nc4Hq26HCsi1JXM8ymJ2GZ1y/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4800 1490449933.46 1490449934.0 535 192.168.1.116 - 57910 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K4b2WHhWhxooMO8isof2f8XY4fi/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4801 1490450126.49 1490450126.95 467 192.168.1.116 - 57911 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vGCJRyqKDidBBQeH83mhnw8s3t/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4802 1490450318.59 1490450319.06 468 192.168.1.116 - 57912 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IS9OrkSHKhMOyjWUM2DhY1DRAKpyva4/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4803 1490450510.93 1490450511.47 537 192.168.1.116 - 57913 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fq3IWlwLSSHlRJbFaAgUEtucc0Hl/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4804 1490450703.04 1490450703.52 480 192.168.1.116 - 57914 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/txzyAKiHSvMS3r6TNhIRULa/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4805 1490450895.13 1490450895.61 479 192.168.1.116 - 57915 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I2E3Qoggkm9bG22dU/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4806 1490451087.46 1490451088.06 602 192.168.1.116 - 57916 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/abjSdXbyHZHNhTWvR5WWSsg83CRuhpk/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4807 1490451279.74 1490451281.5 1754 192.168.1.116 - 57917 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cikScrsyjXLY3X2mHiKhTDuyLwvpGNmR/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4808 1490451477.37 1490451477.91 539 192.168.1.116 - 57918 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/blzwWFbRWPHxzWf6WhkZ6oC0PSlLZP/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4809 1490451669.76 1490451673.18 3424 192.168.1.116 - 57919 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4809 1490451673.44 1490451673.98 543 192.168.1.116 - 57919 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fO8xaTF1ofyAWzhXCxh28REZ4jgxSl/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4810 1490451865.82 1490451866.36 542 192.168.1.116 - 57920 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kgytpz2EGT9oXa4XwgQ3m7vr39CLYVoh/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4811 1490452059.17 1490452059.7 535 192.168.1.116 - 57921 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aRxIW6XhMQkx2PlUb8YepE/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4812 1490452251.64 1490452252.18 545 192.168.1.116 - 57922 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dyZ3SSePfMsIgI1CiyFVlRQLSxgPfRv8/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4813 1490452444.46 1490452445.17 706 192.168.1.116 - 57923 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4813 1490452445.39 1490452446.18 789 192.168.1.116 - 57923 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/5WjLwZLP3LQXoPyPe/ 319 507 0 364 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4813 1490452446.68 1490452447.35 669 192.168.1.116 - 57923 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/WDMNGIYCKQHBQZZXO/1/ 224 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4814 1490452449.43 1490452450.13 707 192.168.1.116 - 57924 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4815 1490452452.22 1490452452.96 737 192.168.1.116 - 57925 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4816 1490452455.02 1490452455.72 704 192.168.1.116 - 57926 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4817 1490452457.78 1490452458.45 671 192.168.1.116 - 57927 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wTWQgrrzrifGqXVOlvs/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4818 1490452650.72 1490452651.43 712 192.168.1.116 - 57928 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bB0uDFE3vTCmUZx7CHmdd/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4819 1490452843.68 1490452844.35 674 192.168.1.116 - 57929 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Siq0uwMT0gJ4Lssnr0/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4820 1490453036.55 1490453037.23 681 192.168.1.116 - 57930 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qbDjlzracp8wL0Qa/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4821 1490453229.5 1490453230.17 675 192.168.1.116 - 57931 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b4ulO4Ktn2WEUCob3lvTUiI7/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4822 1490453422.44 1490453423.12 677 192.168.1.116 - 57932 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7d0XpsLcJPFFH3bD0400BEhM9uDZOB/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4823 1490453615.34 1490453616.02 674 192.168.1.116 - 57933 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G4ez2YWcW7bS7vkQVK5bWgx/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4824 1490453814.31 1490453815.02 712 192.168.1.116 - 57934 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4825 1490453832.09 1490453832.8 715 192.168.1.116 - 57935 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4826 1490453849.82 1490453850.48 667 192.168.1.116 - 57936 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4827 1490453867.51 1490453868.18 671 192.168.1.116 - 57937 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aA6I878Y6GKqS13HtRX/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4828 1490454060.43 1490454062.4 1964 192.168.1.116 - 57938 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4828 1490454069.76 1490454071.11 1349 192.168.1.116 - 57938 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4828 1490454078.92 1490454079.59 671 192.168.1.116 - 57938 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wil9S9DmqbRvhb8IaMP5uOcvR6sgIj/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4829 1490454271.83 1490454272.5 673 192.168.1.116 - 57939 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gmg7R7ViUjZQGDfMQ7sykJqo8iIx/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4830 1490454465.87 1490454466.54 675 192.168.1.116 - 57940 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gorTErRcYEvQlPEiUitpNapyqirfBI/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4831 1490454659.77 1490454660.45 683 192.168.1.116 - 57941 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AClB1YstQ8vkZnlam6clUVhOcQ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4832 1490454852.63 1490454853.3 669 192.168.1.116 - 57942 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aDv2TRJu9PL39QsYOJZPmFqeKR4d9/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4833 1490455045.49 1490455046.17 683 192.168.1.116 - 57943 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EHezveSMewK8Aq0s2S/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4834 1490455238.43 1490455239.1 668 192.168.1.116 - 57944 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8rmdBCunhcP9c7BUi9Nmp3R4HWpoL/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4835 1490455432.31 1490455432.98 677 192.168.1.116 - 57945 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PF1ru9rsyhp7A3a7vQ71Zv44N5rN/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4836 1490455625.2 1490455625.89 681 192.168.1.116 - 57946 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z8DX2UgXIrHEPMWCbDWtYx/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4837 1490455818.09 1490455818.76 671 192.168.1.116 - 57947 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HxXS8qy9T4MlMp0QTf30WYtk/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4838 1490456011.04 1490456011.71 673 192.168.1.116 - 57948 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5CIHKV7AyQASkfj1cqmo28dh/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4839 1490456205.29 1490456205.98 685 192.168.1.116 - 57949 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0LWh1c0N3bD43v1gGNVwaQ0LDYB/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4840 1490456398.23 1490456398.91 677 192.168.1.116 - 57950 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NKsv7LqBpu7Q2JBrO5nvHwpvJ0lxM4h/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4841 1490456591.12 1490456591.8 683 192.168.1.116 - 57951 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KvlOVBz7zQbHcVbcoja1UtL/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4842 1490456784.06 1490456784.73 669 192.168.1.116 - 57952 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zEDnwUQz2tDEbHI2aMUY8Uk8A1byi/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4843 1490456976.98 1490456977.65 669 192.168.1.116 - 57953 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NyHluHrhtRc1qSXlZmI/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4844 1490457170.88 1490457171.62 733 192.168.1.116 - 57954 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4844 1490457171.88 1490457172.55 672 192.168.1.116 - 57954 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m2BEKKL7cLQSZuFvHj7dC4Hal4uQVvy/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4845 1490457364.8 1490457365.47 668 192.168.1.116 - 57955 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GUfiPInFQPtnciARO/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4846 1490457559.07 1490457559.79 720 192.168.1.116 - 57956 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TCGx8m5zfzgpcxugUtBfYS9AuXSnJAqy/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4847 1490457753.38 1490457754.25 871 192.168.1.116 - 57957 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nzD37m3ehYdfCw8LDlGohhWP0DSQu/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4848 1490457946.51 1490457948.49 1982 192.168.1.116 - 57958 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ari6DQtzu7MbTNIbF4n12je/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4849 1490458143.94 1490458144.61 669 192.168.1.116 - 57959 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MQbk9DGhGZp847FR6yT7fL1dQ9/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4850 1490458336.87 1490458337.54 671 192.168.1.116 - 57960 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bjpNyREKB5hD6BV6L3pgIiF4bm3VIyiu/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4851 1490458529.77 1490458530.44 670 192.168.1.116 - 57961 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k1IaY7lT8q3KArWGCeUGD7jL3QBN/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4852 1490458722.71 1490458723.42 715 192.168.1.116 - 57962 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xz7f57pr6YIxTsgVTjii5n62qfQuFq/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4853 1490458915.76 1490458916.48 720 192.168.1.116 - 57963 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nWxApEOeaJQ4lK8xPptkUY52XR/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4854 1490459108.74 1490459109.45 710 192.168.1.116 - 57964 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A2e6UVDkjD3T6LXAVc2byZ1nDeo/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4855 1490459301.7 1490459302.43 731 192.168.1.116 - 57965 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4855 1490459308.39 1490459309.08 686 192.168.1.116 - 57965 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LEiW20GXgADewv2lBbgKxjNZGSXR/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4856 1490459501.39 1490459503.4 2005 192.168.1.116 - 57966 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4856 1490459511.53 1490459512.91 1373 192.168.1.116 - 57966 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4856 1490459520.63 1490459522.3 1677 192.168.1.116 - 57966 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1XlV8SN8nxzbnPrSnj0jkaP7z/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4857 1490459714.51 1490459715.2 681 192.168.1.116 - 57967 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r9Jq4vjlPwckV4NE2WXR1beB/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4858 1490459907.42 1490459908.09 669 192.168.1.116 - 57968 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RTHtZYduVNVvbJ6H7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4859 1490460100.3 1490460100.98 677 192.168.1.116 - 57969 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s05oy1BNIBYlLBvkQNNndDUP/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4860 1490460293.2 1490460293.88 679 192.168.1.116 - 57970 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dl8wmQVJuewpZKZsOjUl/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4861 1490460486.1 1490460486.79 682 192.168.1.116 - 57971 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z8p64CZdcx1fh20NhcD2MxInlV7Vk/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4862 1490460678.98 1490460679.66 679 192.168.1.116 - 57972 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q3xvLVMhOZMFiDrfOTe/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4863 1490460871.85 1490460872.52 670 192.168.1.116 - 57973 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iy5TjM9j06ycoEYUzJF4KO8funy/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4864 1490461064.73 1490461065.41 673 192.168.1.116 - 57974 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QZXq57syGP9P8XQhCDVKlXL/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4865 1490461257.61 1490461258.28 675 192.168.1.116 - 57975 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q3LBi6POreXUA5SKO8LtATo/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4866 1490461450.55 1490461451.22 678 192.168.1.116 - 57976 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uTxfpQUbcTmRshjpjhn/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4867 1490461643.42 1490461644.1 674 192.168.1.116 - 57977 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rFHqvCnbqm6R8WUGN0GIc5jF8qke/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4868 1490461836.35 1490461837.03 683 192.168.1.116 - 57978 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kMWeG1eUKXB0bR7PuB5eYuRTMx/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4869 1490462029.25 1490462029.92 674 192.168.1.116 - 57979 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sZSW5omo6Z2n5D0q1Peo/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4870 1490462222.14 1490462222.82 681 192.168.1.116 - 57980 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/92iYdtIZH6G1D3UHw1wsrMGyecyP/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4871 1490462415.03 1490462415.73 698 192.168.1.116 - 57981 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oUrH2tz4M07MrE7KvSsBa/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4872 1490462607.94 1490462608.61 673 192.168.1.116 - 57982 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4872 1490462608.87 1490462609.55 682 192.168.1.116 - 57982 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iFgG2eI6MvlGzYiPzqej932W6cwzZ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4873 1490462801.77 1490462802.45 681 192.168.1.116 - 57983 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wr1bA4lO49kOS9qcm944QgAOFb3/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4874 1490462994.68 1490462995.37 687 192.168.1.116 - 57984 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uU0bpcmjpWuY85nHGWzHfoBsNwqVz5Z4/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4875 1490463188.6 1490463189.28 672 192.168.1.116 - 57985 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n2UtJIoPZ9joHY1lGKN6TBHYy/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4876 1490463381.51 1490463382.2 687 192.168.1.116 - 57986 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VzqTsX0zE2pUDpayamkfT/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4877 1490463574.37 1490463575.05 675 192.168.1.116 - 57987 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/88GAL3ZEYH5u0f3Fa2udkt7iNglAam9/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4878 1490463767.27 1490463767.95 680 192.168.1.116 - 57988 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M1FxonnrvBMujdGmwgezjVyN5xv89D/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4879 1490463960.15 1490463960.83 680 192.168.1.116 - 57989 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ztDVNXmdgW3avRywIo1McUxKEk/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4880 1490464153.05 1490464153.73 679 192.168.1.116 - 57990 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kolgZTzWLgR6QnSKT3CMfqViS/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4881 1490464346.11 1490464346.9 782 192.168.1.116 - 57991 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4XomPUUeOyBAP4sVkbICR/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4882 1490464539.08 1490464539.77 687 192.168.1.116 - 57992 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3k9vhaKq0cXxF3WJMt6qBoXm/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4883 1490464731.97 1490464732.64 670 192.168.1.116 - 57993 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IKuZdHzmKaOu0YaZ5JinHayHMS/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4884 1490464924.85 1490464926.77 1929 192.168.1.116 - 57994 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4884 1490464934.15 1490464935.46 1311 192.168.1.116 - 57994 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4884 1490464943.21 1490464943.91 701 192.168.1.116 - 57994 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VFPWlkarRbBEfQMfDWHqQhWOEA/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4885 1490465136.1 1490465136.78 675 192.168.1.116 - 57995 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NO5x5NQCTStFSWipMuYbhAC/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4886 1490465328.98 1490465330.92 1939 192.168.1.116 - 57996 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bgcalce1Yad8kilj05pwMhGz/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4887 1490465523.13 1490465523.81 675 192.168.1.116 - 57997 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/45YsxjqHJi0F6qsAw9PiMRAivFhT/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4888 1490465716.04 1490465716.73 685 192.168.1.116 - 57998 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EDzf7Wwp6AvABO73siUFSr/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4889 1490465908.94 1490465909.61 677 192.168.1.116 - 57999 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OH5XpGktwMXZilrqhVN/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4890 1490466101.05 1490466101.29 240 192.168.1.116 - 58000 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 4891 1490466105.53 1490466106.23 697 192.168.1.116 - 58002 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1OEjZmPk0BUMstZpAHSStL8oAsOou1PB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4892 1490466303.99 1490466304.67 673 192.168.1.116 - 58004 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e8AzpriP9xOJX7cNSh0A6L/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4893 1490466496.9 1490466497.58 679 192.168.1.116 - 58005 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eMpWw0wLiTK9XFB12Nd6qsJ0LaK/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4894 1490466691.76 1490466692.44 679 192.168.1.116 - 58006 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PWMrt5ijcyPtDUbcOv4edHWDz4j/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4895 1490466884.61 1490466885.29 675 192.168.1.116 - 58007 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Ve0tWloFc9NCbUT1qivdHJ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4896 1490467077.52 1490467078.19 669 192.168.1.116 - 58008 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jk0De7sg3XJWsLQien/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4897 1490467270.39 1490467271.08 684 192.168.1.116 - 58009 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tUTzIA4GRnvqNJ4oT8jOsNO/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4898 1490467463.28 1490467463.95 669 192.168.1.116 - 58010 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/49vHOEuGioMlpM2fXpX/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4899 1490467656.14 1490467656.81 669 192.168.1.116 - 58011 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eeRWyChPfuAVIOHnxJ1YM/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4900 1490467849.08 1490467849.76 681 192.168.1.116 - 58012 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7pnZa9c8VdZTRUf5/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4901 1490468041.95 1490468042.69 734 192.168.1.116 - 58013 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4901 1490468042.95 1490468043.64 691 192.168.1.116 - 58013 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bcp5tAWT3xA9ERpqLmgMTJuqKe3zGIw/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4902 1490468237.16 1490468237.84 679 192.168.1.116 - 58014 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v5dfdp5TcRW6WeMnXaUIvQMRg3C/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4903 1490468436.08 1490468436.75 671 192.168.1.116 - 58015 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4904 1490468453.74 1490468454.42 679 192.168.1.116 - 58016 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4905 1490468472.42 1490468474.89 2475 192.168.1.116 - 58017 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4906 1490468491.9 1490468492.58 683 192.168.1.116 - 58018 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aUISZyVcB0rA0QwPUZI/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4907 1490468684.81 1490468685.48 673 192.168.1.116 - 58019 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UNM5y9hMwAgIswvmYGcD/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4908 1490468877.72 1490468878.4 673 192.168.1.116 - 58020 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AZ5ZG4aTFUAtM2pPEEWh96/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4909 1490469070.62 1490469072.53 1910 192.168.1.116 - 58021 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cjsZzCOiMnXQsqJbo4jBm004Pr/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4910 1490469264.77 1490469265.46 689 192.168.1.116 - 58022 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UobKeqlJRCSLj7Rd96KvnGqjRmzzyGh/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4911 1490469457.71 1490469458.4 683 192.168.1.116 - 58023 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PaqZFWEykA8Ir6LoYbjXQX1/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4912 1490469650.54 1490469651.22 681 192.168.1.116 - 58024 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AFpx4GUPcS4NiAMDc8jxCYs76UO4Lqf/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4913 1490469843.44 1490469844.12 673 192.168.1.116 - 58025 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tGzk3AhzI9sa7eZt/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4914 1490470036.3 1490470036.98 680 192.168.1.116 - 58026 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U6mvAWAcW9oLI2Ls5F1W7v1rzELX/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4915 1490470229.16 1490470229.84 671 192.168.1.116 - 58027 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4915 1490470235.79 1490470236.47 681 192.168.1.116 - 58027 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a1i4U3DY6f4eyPqQeW52S03ClN/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4916 1490470428.67 1490470430.61 1935 192.168.1.116 - 58028 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4916 1490470438.34 1490470439.67 1329 192.168.1.116 - 58028 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4916 1490470446.98 1490470447.65 678 192.168.1.116 - 58028 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ov1zd2ehy7A5A4Txr4lCYqe76Hqei5Vp/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4917 1490470640.09 1490470640.78 687 192.168.1.116 - 58029 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3BzBlxfzzjNZFYuub56TPbgUd/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4918 1490470832.99 1490470833.67 679 192.168.1.116 - 58030 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u3QlJWC2PD0UiAbeOAL9ogoRrFq/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4919 1490471025.87 1490471026.54 672 192.168.1.116 - 58031 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TNNUSirlfxMcg0zDUEXpPor/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4920 1490471218.76 1490471219.44 681 192.168.1.116 - 58032 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RzOpCxf3XnTQ4W0i/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4921 1490471411.7 1490471412.38 678 192.168.1.116 - 58033 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ayLFo2EO4Eb9IXkoox1L22CA0IHVj7x/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4922 1490471604.58 1490471605.26 677 192.168.1.116 - 58034 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1oObsAfbk0YRPBPGuz9VwI/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4923 1490471797.39 1490471797.99 605 192.168.1.116 - 58035 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PyBm4b8Pm55KDpzj2a785pnp/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4924 1490471989.88 1490471990.45 575 192.168.1.116 - 58036 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4924 1490471990.68 1490471991.25 572 192.168.1.116 - 58036 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/nNAQyLlrpnrd5q4hGLlgDFN0/ 328 514 0 371 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4924 1490471991.75 1490471992.29 541 192.168.1.116 - 58036 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/FUADIYOOQEM/1/ 220 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 4925 1490471996.0 1490471996.58 574 192.168.1.116 - 58037 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4926 1490471998.21 1490471998.84 633 192.168.1.116 - 58038 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4927 1490472000.45 1490472001.02 569 192.168.1.116 - 58039 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4928 1490472003.66 1490472004.23 571 192.168.1.116 - 58040 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ij8Mnd5Ejt6DAGHkObgJRUe/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4929 1490472196.09 1490472196.62 527 192.168.1.116 - 58041 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3h0rKVzXKI9shqcubw8T/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4930 1490472388.6 1490472390.73 2127 192.168.1.116 - 58042 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6wqPdbji3Vj72LeweH0SfZ1XDoE/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4931 1490472583.73 1490472585.65 1921 192.168.1.116 - 58043 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BDc151qTDkhKQDUOqVnvrMCbRHJNe6/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4932 1490472777.53 1490472778.05 522 192.168.1.116 - 58044 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CsIwDLtOItDwgUcjdVwbV1d/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4933 1490472969.84 1490472970.35 512 192.168.1.116 - 58045 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C2fEwbC0v1Ik9W8LSRh8mnHJSFbI67Na/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4934 1490473162.19 1490473162.75 554 192.168.1.116 - 58046 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C8DbbcfZaEFltbERY/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4935 1490473354.61 1490473355.18 572 192.168.1.116 - 58047 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vKtajtcUbDh3LkzZbLp3GdDYb9mv/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4936 1490473547.05 1490473547.62 574 192.168.1.116 - 58048 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4936 1490473547.88 1490473548.46 581 192.168.1.116 - 58048 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FJRauRSFx27TWNDHGBnPIf/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4937 1490473740.29 1490473740.82 535 192.168.1.116 - 58049 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sYLp4GfMfQHjvsGDLNqswWDhyq/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4938 1490473932.79 1490473933.33 538 192.168.1.116 - 58050 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9S1VstM6qCjBjFMB5ee/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4939 1490474125.18 1490474125.7 523 192.168.1.116 - 58051 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AtwY6DeGdceTRmkyKg6PoPPjHcFau4w/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4940 1490474317.64 1490474318.23 587 192.168.1.116 - 58052 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rPZrUV1zKQcMe2X23nj/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4941 1490474510.08 1490474510.62 545 192.168.1.116 - 58053 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d0yzkmEAklfecyG1imqeOhcCphf36ngB/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4942 1490474702.47 1490474703.01 538 192.168.1.116 - 58054 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/alU7mumfYuM89OVcj/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4943 1490474894.89 1490474895.47 582 192.168.1.116 - 58055 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3H9wgcUZJpGnZyUt8JcJvq/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4944 1490475087.33 1490475087.87 537 192.168.1.116 - 58056 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xAQ1JNYKTknasbFtuwsJREHL4/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4945 1490475279.92 1490475280.49 570 192.168.1.116 - 58057 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 218 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4946 1490475282.1 1490475282.62 519 192.168.1.116 - 58058 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xWoWCUmubRoT0teMSLj1teUCAo/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4947 1490475474.46 1490475475.0 546 192.168.1.116 - 58059 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OL6lnLgJXHBhvPMFpTcXK5XTmBuSBI/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4948 1490475668.41 1490475668.99 574 192.168.1.116 - 58060 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dSE8sgLlQHPxZoy4lV148R/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4949 1490475860.79 1490475863.35 2564 192.168.1.116 - 58061 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4949 1490475870.86 1490475871.95 1083 192.168.1.116 - 58061 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4949 1490475879.05 1490475879.67 624 192.168.1.116 - 58061 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/40NejtXbOXysurofEbI8ougMWxl/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4950 1490476072.53 1490476074.5 1971 192.168.1.116 - 58062 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FWrEymdm0Jg5A3EwAa/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4951 1490476266.39 1490476266.9 512 192.168.1.116 - 58063 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6PZlnut1DioYKvLjl5ERxsfn02/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4952 1490476459.77 1490476460.31 539 192.168.1.116 - 58064 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pBQASQEJ2dKUIP1ByG3/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4953 1490476652.21 1490476652.71 507 192.168.1.116 - 58065 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B6eEHy2Y7m31y3RZnEWp/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4954 1490476844.65 1490476845.18 536 192.168.1.116 - 58066 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MUX5qGYCsMZ7dgOw/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4955 1490477037.02 1490477037.54 515 192.168.1.116 - 58067 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/95WLQvlMxAagSKrYpMaV8bI8bl/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4956 1490477229.46 1490477229.98 520 192.168.1.116 - 58068 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mx3eYQk3EiSjECFxzPDMboj9UWFBI/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4957 1490477421.94 1490477422.48 535 192.168.1.116 - 58069 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RtYUBUs5Zs2CpE4WfA/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4958 1490477614.34 1490477614.88 541 192.168.1.116 - 58070 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ab3CuLnQ74jVzMF7cUUdLyJ/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4959 1490477808.29 1490477809.91 1612 192.168.1.116 - 58071 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x05i87dctm4Q6Mc3KMeAEEB7OOXkQLpp/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4960 1490478001.86 1490478002.38 519 192.168.1.116 - 58072 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8wivnuHYm3dNOPfud455DJJfWPZ8WU/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4961 1490478195.36 1490478195.93 566 192.168.1.116 - 58073 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p4t1AMB42pw1IW59oaTKuSPY0Bkeip/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4962 1490478387.81 1490478388.35 540 192.168.1.116 - 58074 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9OMquEsma5JberlCTlenqWWsGKNey/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4963 1490478580.15 1490478580.66 512 192.168.1.116 - 58075 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yL35HBxTwC5gsoL7b/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4964 1490478772.45 1490478772.96 510 192.168.1.116 - 58076 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gnNINoviREMYJihRg/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4965 1490478964.8 1490478965.33 521 192.168.1.116 - 58077 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4965 1490478965.58 1490478966.14 567 192.168.1.116 - 58077 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oWxbVdMlJX0jHHOSW7Qe13ha5hx/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4966 1490479157.99 1490479158.51 518 192.168.1.116 - 58078 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jtqvjNVZY1HL4Pokzen1kV4HjOp/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4967 1490479350.43 1490479350.98 550 192.168.1.116 - 58079 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6Tdae0iyK1ooiSu1IYBnVpRG/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4968 1490479542.99 1490479543.53 542 192.168.1.116 - 58080 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h0uwxGgJ7BAKxK1OCpc/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4969 1490479735.42 1490479735.94 518 192.168.1.116 - 58081 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4awhVF6FG9nkaAotdvXe2z8yDtz/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4970 1490479927.76 1490479928.3 536 192.168.1.116 - 58082 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RTmdXPQr3cOjS2ztO1/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4971 1490480120.09 1490480120.63 537 192.168.1.116 - 58083 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wtZIrzSNwqu6XfFVhai4IPTodVyoCAY/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4972 1490480312.57 1490480313.16 581 192.168.1.116 - 58084 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6nfZCYTJEwcjB4cTt5eZMV0RJ3Y56KE/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4973 1490480505.01 1490480505.55 537 192.168.1.116 - 58085 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bxUFg7VEziWwri5LTQatLfMLBrgBN/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4974 1490480697.34 1490480697.87 523 192.168.1.116 - 58086 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aTi34MIuzxzyP4sxAdJ5/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4975 1490480889.73 1490480891.28 1543 192.168.1.116 - 58087 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQ3HWOE4mEJ7XNOgBuTN/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4976 1490481083.22 1490481083.74 519 192.168.1.116 - 58088 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4976 1490481089.92 1490481090.49 567 192.168.1.116 - 58088 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XP5fmLmDzluuN9CXoPQXxSOI/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4977 1490481282.31 1490481283.94 1623 192.168.1.116 - 58089 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4977 1490481291.07 1490481292.16 1090 192.168.1.116 - 58089 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4977 1490481299.17 1490481299.72 546 192.168.1.116 - 58089 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FboSLRgbjiE18a6G6M4d63OML8uSiWI/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4978 1490481491.59 1490481492.14 551 192.168.1.116 - 58090 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UVv6txVfw2uJXLRHjHVshIMZZVOPkUi/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4979 1490481684.02 1490481684.53 510 192.168.1.116 - 58091 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iKjQCuwa0VriQHQibjmd7WL/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4980 1490481876.37 1490481876.91 537 192.168.1.116 - 58092 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yWlznqHcG5kU7jpXX04nhFCHaX43V/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4981 1490482070.14 1490482070.65 511 192.168.1.116 - 58093 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PivYtbj3cPBOG50hT9GwLpBtOAodl2l/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4982 1490482262.59 1490482264.71 2122 192.168.1.116 - 58094 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fvycxsJTvI5THBUODUXsmk7hfXRT4fo/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4983 1490482456.55 1490482457.1 543 192.168.1.116 - 58095 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i9ImN7hEpsmagV9kwcMO6m5UiwN9ui/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4984 1490482648.94 1490482649.51 576 192.168.1.116 - 58096 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ngeFgsMSK3DB2zOR0V/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4985 1490482841.37 1490482841.95 576 192.168.1.116 - 58097 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sfyH4QFxak0CiJAAIWupW2k/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4986 1490483039.81 1490483040.34 536 192.168.1.116 - 58098 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4987 1490483057.02 1490483057.61 581 192.168.1.116 - 58099 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4988 1490483075.27 1490483075.8 536 192.168.1.116 - 58100 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 4989 1490483092.44 1490483092.96 528 192.168.1.116 - 58101 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3JimUpO5Da0Eibsyj0exirOhq2q9V/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4990 1490483284.88 1490483285.42 548 192.168.1.116 - 58102 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/51REoe6gRCftLW5WWDB/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4991 1490483477.31 1490483477.85 541 192.168.1.116 - 58103 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BVReoSNXNfiv57AR5eaqmjST/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4992 1490483669.73 1490483670.27 538 192.168.1.116 - 58104 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hU91sUOyiM4jQzopxT0gB6VJVmRi/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4993 1490483862.16 1490483862.73 571 192.168.1.116 - 58105 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YwbDjfQtxFJrPTYrPxjeRmJYxPIRA7oa/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4994 1490484054.59 1490484055.13 535 192.168.1.116 - 58106 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mVxnOXxC5z7cqzJB/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4995 1490484247.97 1490484248.54 573 192.168.1.116 - 58107 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3MK6BDruL8qfvwhk6GE8/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4996 1490484440.46 1490484441.03 573 192.168.1.116 - 58108 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 4996 1490484441.29 1490484441.83 544 192.168.1.116 - 58108 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zfQKocDIGiUTJso7C47nQpRCL2Dr/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4997 1490484633.68 1490484634.21 527 192.168.1.116 - 58109 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M6svTitv4GRRTkuk3PP/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4998 1490484826.29 1490484826.81 522 192.168.1.116 - 58110 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Md7SKXLUOCbJAdFqLpV5gQzIUv8/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 4999 1490485018.67 1490485019.23 567 192.168.1.116 - 58111 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p7oAkDtzYxvaF94WzKdM6PHQ8waYeTNu/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5000 1490485211.19 1490485211.73 543 192.168.1.116 - 58112 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QM9Jg4HZDV0Wz2ZVInM5Z0fr/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5001 1490485404.91 1490485405.51 599 192.168.1.116 - 58113 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hppn3S26SxeOKY841Yaa1ibsn8eN/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5002 1490485599.07 1490485599.64 573 192.168.1.116 - 58114 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e05ozVkATp4SosesBKPNkup/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5003 1490485791.46 1490485791.99 524 192.168.1.116 - 58115 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lW6hkAMIlZZAlZew5RTZ9/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5004 1490485983.8 1490485984.35 551 192.168.1.116 - 58116 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hcb1slTwxyZBjNdVx8yD4TFUo/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5005 1490486176.29 1490486176.83 540 192.168.1.116 - 58117 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wSeNqVh6okIrzbkbdrg91bc2oS/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5006 1490486368.7 1490486369.24 539 192.168.1.116 - 58118 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qHktnJjdMXEoWuPC9pNPUzV/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5007 1490486562.73 1490486563.27 536 192.168.1.116 - 58119 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fTJi0uY2B6HbvWPgRDR/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5008 1490486755.07 1490486756.64 1563 192.168.1.116 - 58120 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5008 1490486764.17 1490486769.96 5795 192.168.1.116 - 58120 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5008 1490486777.13 1490486777.66 531 192.168.1.116 - 58120 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g5JNJiGWEZbif2bE/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5009 1490486969.58 1490486970.16 586 192.168.1.116 - 58121 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gzGVuGp6QpaNmljlopXxE1ICsyNraRTC/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5010 1490487162.05 1490487162.62 570 192.168.1.116 - 58122 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KOyw5hrweitITDcSE5tCpfeN/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5011 1490487354.5 1490487355.05 550 192.168.1.116 - 58123 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hTdVv82u9RdqqBmRRarEmAt6/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5012 1490487546.9 1490487547.51 603 192.168.1.116 - 58124 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RqeOvB1ZYiGKdEI0G2cbaWDrI6tzmHU/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5013 1490487740.5 1490487741.02 521 192.168.1.116 - 58125 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2UhRmmDlizv9xm4lTiG5U0z0VfXe/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5014 1490487934.19 1490487934.71 519 192.168.1.116 - 58126 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/811kUQzIP35pez1GrLojrt1hvIOJqZ/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5015 1490488126.66 1490488127.22 554 192.168.1.116 - 58127 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EHHwoJ8tyiqHHVEKbzhtmDONvJjUW/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5016 1490488319.07 1490488319.6 528 192.168.1.116 - 58128 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/68hQsS5yJjE7sTgNd7sUoEb5urkWpCX/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5017 1490488511.57 1490488512.11 538 192.168.1.116 - 58129 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XYLXzlZ7koLNWLHl1/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5018 1490488704.01 1490488704.53 517 192.168.1.116 - 58130 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q0IXltNMfDhqrXZDSvk/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5019 1490488896.48 1490488897.05 577 192.168.1.116 - 58131 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uQ05V6cSOftSy2pww7Sv2tRmkdcN/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5020 1490489088.88 1490489089.39 510 192.168.1.116 - 58132 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/moQOBNkGi0NYhceata/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5021 1490489281.28 1490489281.82 534 192.168.1.116 - 58133 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YJaM8RAFTiN9WXuRRhQfaQ43vX/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5022 1490489473.69 1490489474.24 543 192.168.1.116 - 58134 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cIjkoY60A6T0UW4IC02Bc/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5023 1490489666.22 1490489666.8 571 192.168.1.116 - 58135 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w1TJMDyGRdxSWZK4jfWVz9ezRfUQtuw/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5024 1490489858.64 1490489859.17 534 192.168.1.116 - 58136 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5024 1490489859.43 1490489859.97 541 192.168.1.116 - 58136 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cy5GJr8YaqHM0mLR3gSxHxjyBB7/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5025 1490490051.91 1490490052.49 583 192.168.1.116 - 58137 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DNOLSHuYdkKV4oZG/ 219 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5026 1490490244.32 1490490244.86 540 192.168.1.116 - 58138 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EGMzyBYTnQPOVKRjjRT3rT0/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5027 1490490436.72 1490490437.26 539 192.168.1.116 - 58139 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Rj1LzdQ8D3bdfXGt7aexpIzOKTZ8bEP/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5028 1490490629.08 1490490629.6 522 192.168.1.116 - 58140 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i9IzCFtDENp5b6OJHLVaf7/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5029 1490490823.04 1490490823.56 524 192.168.1.116 - 58141 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f1Ekelx4rxylpbt6Cwy/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5030 1490491017.02 1490491017.58 567 192.168.1.116 - 58142 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9WMkSjLaiOHdslwIj2FGJFBaroyaj/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5031 1490491209.42 1490491210.01 598 192.168.1.116 - 58143 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6nK2WdTcNAQm3kRcSIlVYMOkqI/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5032 1490491401.35 1490491401.72 370 192.168.1.116 - 58144 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5032 1490491401.95 1490491402.32 375 192.168.1.116 - 58144 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/Ib8BCJYb5sZvbyCwXlQKa/ 322 511 0 368 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5032 1490491402.83 1490491403.21 377 192.168.1.116 - 58144 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/JZTSPHYNEVJSXRUQDAN/1/ 225 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5033 1490491404.45 1490491404.82 370 192.168.1.116 - 58145 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5034 1490491405.95 1490491406.37 418 192.168.1.116 - 58146 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5035 1490491407.43 1490491407.8 369 192.168.1.116 - 58147 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5036 1490491408.87 1490491409.25 375 192.168.1.116 - 58148 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/esZGebI39aN2BB2EblQQemzVyJmvSw/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5037 1490491600.56 1490491600.94 379 192.168.1.116 - 58149 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GzE2nH8ykNgNG4J6W7W4AsS0wMr9/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5038 1490491792.39 1490491792.77 380 192.168.1.116 - 58150 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zg0ACDWHrvzvKClQKgEZvKoElnz0IuV/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5039 1490491984.15 1490491984.52 368 192.168.1.116 - 58151 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5039 1490491990.48 1490491990.87 392 192.168.1.116 - 58151 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bzx8Rsk2z3Jl3TDk6KelNgd/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5040 1490492182.11 1490492183.04 934 192.168.1.116 - 58152 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5040 1490492190.61 1490492191.26 649 192.168.1.116 - 58152 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5040 1490492198.39 1490492198.71 319 192.168.1.116 - 58152 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/99AFbxuZb730lxmAOGJ/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5041 1490492390.03 1490492390.4 373 192.168.1.116 - 58153 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mCaHbpj7TflORNzaJFVUXysw/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5042 1490492581.61 1490492581.92 306 192.168.1.116 - 58154 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bb56Llx61ejHdpYz0Q5y/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5043 1490492773.27 1490492773.65 388 192.168.1.116 - 58155 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NM1Hl3nD80ZUX4V7WkeuEHh/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5044 1490492965.21 1490492966.52 1308 192.168.1.116 - 58156 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HIKHVwAKGHE5pKoYD2CWmb/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5045 1490493157.83 1490493158.2 375 192.168.1.116 - 58157 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n9EJIBUIWpLBIdENQGli0nq2NA5NJN/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5046 1490493349.49 1490493349.87 380 192.168.1.116 - 58158 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0EEFC2BvSqHMYJGES9xZuoR/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5047 1490493541.35 1490493541.72 370 192.168.1.116 - 58159 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KD2YDHBNjORvbnGhXAVL8uAC/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5048 1490493733.06 1490493733.43 378 192.168.1.116 - 58160 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lZfVAy01AXVxEugSvWb2gjvMhwZk7w/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5049 1490493924.78 1490493925.1 321 192.168.1.116 - 58161 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DkuJp4uNsZPqZtafcaJwEBm/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5050 1490494116.44 1490494116.83 382 192.168.1.116 - 58162 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/en9YUJ3nK9LXTx3R7LxEjoX/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5051 1490494308.12 1490494308.5 379 192.168.1.116 - 58163 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dGhq7ftg7Tk3fnkaZEH/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5052 1490494499.75 1490494500.72 968 192.168.1.116 - 58164 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gBYLSYb5MUS1sXBSFuP1SsPd/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5053 1490494691.99 1490494692.33 340 192.168.1.116 - 58165 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j675onbSxRl1wp4zo/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5054 1490494883.66 1490494884.03 375 192.168.1.116 - 58166 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5eYpEW4RtEHQ6riaJNRxJwr/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5055 1490495075.31 1490495075.65 343 192.168.1.116 - 58167 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qsJh8wWYihBHrPAVS1/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5056 1490495266.93 1490495267.3 375 192.168.1.116 - 58168 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5056 1490495267.56 1490495267.91 341 192.168.1.116 - 58168 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3lMlpBhPSswxG8Te6m34/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5057 1490495459.25 1490495459.64 382 192.168.1.116 - 58169 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HRXq9lvbSeNj1D2LjSH5jztQeriWj/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5058 1490495650.91 1490495651.25 343 192.168.1.116 - 58170 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bx0nIC1DoEaYmxaU1QDe/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5059 1490495842.51 1490495842.85 341 192.168.1.116 - 58171 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z343tXwrgfPzYf6nb/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5060 1490496034.19 1490496034.52 336 192.168.1.116 - 58172 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1rOjIdsXZeJxPaffh5myld1sHDSSPSK/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5061 1490496225.8 1490496226.14 341 192.168.1.116 - 58173 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jWrA8OhuUTX0jvfx0CWNiQTceM4IgacB/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5062 1490496417.39 1490496417.76 371 192.168.1.116 - 58174 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I8tdMdCQau71aogjGHK/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5063 1490496609.1 1490496609.48 377 192.168.1.116 - 58175 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RYc3Z3HGHmIlp3dpfvIBATEX/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5064 1490496800.76 1490496801.14 380 192.168.1.116 - 58176 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O5IdzAeFEXcZMfrVckPHim4GpeiV/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5065 1490496992.47 1490496992.85 381 192.168.1.116 - 58177 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UTflqHoruuCzz8fCybzvE5PO/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5066 1490497184.14 1490497184.48 343 192.168.1.116 - 58178 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ATY58vFGNACeKLrE/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5067 1490497375.73 1490497376.07 341 192.168.1.116 - 58179 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0MZxF3v0sZpZYEXHsvNdNtaDW62JpE7M/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5068 1490497573.31 1490497573.68 372 192.168.1.116 - 58180 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5069 1490497589.79 1490497590.2 411 192.168.1.116 - 58181 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5070 1490497606.25 1490497606.59 343 192.168.1.116 - 58182 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5071 1490497622.62 1490497623.6 980 192.168.1.116 - 58183 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5071 1490497631.41 1490497632.09 679 192.168.1.116 - 58183 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5071 1490497639.08 1490497639.44 359 192.168.1.116 - 58183 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IsSUgdgHXXVLSETApWK/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5072 1490497830.66 1490497830.98 319 192.168.1.116 - 58184 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w4IZFKdK8qxTHItYUgACjyPvv3c1/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5073 1490498022.28 1490498022.66 380 192.168.1.116 - 58185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/myykiEM3bTjhKmRd3m6UVowBAxE11pT9/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5074 1490498213.91 1490498214.25 337 192.168.1.116 - 58186 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kd40qpGVsU1ooywwEuopg5UvpWAuUVF/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5075 1490498405.54 1490498405.94 397 192.168.1.116 - 58187 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SllrUzrkuX5USLXXEBbHS9WJTLNO6/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5076 1490498597.24 1490498597.62 380 192.168.1.116 - 58188 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L9nuI9AzZBXYMZqsZa8NXSwLO4t25At/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5077 1490498788.88 1490498789.22 340 192.168.1.116 - 58189 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kzoRYg2YQQ7ZN8Czv2joLQ6PV/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5078 1490498980.51 1490498980.89 382 192.168.1.116 - 58190 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KKLn8JwZVdWnMPgGQUcJu/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5079 1490499172.21 1490499172.58 371 192.168.1.116 - 58191 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G2B8Bf29W5WleMHKEfhW9fZxuCb06/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5080 1490499363.84 1490499364.2 367 192.168.1.116 - 58192 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ySzT3mIgUTsq0hZsuQAGAUv1D/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5081 1490499555.49 1490499555.87 380 192.168.1.116 - 58193 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uPe8u34WJLFZvsrMkwoK7Hl/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5082 1490499747.13 1490499747.47 338 192.168.1.116 - 58194 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6UYlJTVSFn1j5V06fy9dK5dLb8H9t/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5083 1490499938.84 1490499939.22 375 192.168.1.116 - 58195 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jc3ErKL7o1Gy0zCSCyJKRQ/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5084 1490500130.46 1490500130.8 342 192.168.1.116 - 58196 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AW6eMBYTxmowX17ZXYy/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5085 1490500322.08 1490500322.45 371 192.168.1.116 - 58197 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GpOMBF2g1liTsmJOGBfSu5JrDKmUh/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5086 1490500513.81 1490500514.18 373 192.168.1.116 - 58198 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b2d4JeWrjYTbaoRtG/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5087 1490500705.48 1490500705.86 377 192.168.1.116 - 58199 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5087 1490500706.12 1490500706.49 370 192.168.1.116 - 58199 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FN2bYwqkMwwbQIB2B9AiW8iGF/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5088 1490500897.83 1490500898.2 370 192.168.1.116 - 58200 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9DxQl8eMm7K6yAsSZ3vinPYkwgTR66/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5089 1490501089.47 1490501089.84 369 192.168.1.116 - 58201 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CsFw0QA7EvlLJisDaQwFN9utdefhG/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5090 1490501281.08 1490501281.46 382 192.168.1.116 - 58202 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FVQF1GxpNM3sMg28D7OnzXBnWz69oSPp/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5091 1490501472.78 1490501473.16 382 192.168.1.116 - 58203 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ePFjTCqIGHvJHvwkwOpsI6MwoH5FV/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5092 1490501664.44 1490501664.84 398 192.168.1.116 - 58204 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3zjbfY7IsnPm6zdmOKkw/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5093 1490501856.17 1490501856.55 374 192.168.1.116 - 58205 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/m2mZ9akydShsoBoeD9Twzbmrpb/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5094 1490502047.74 1490502048.06 323 192.168.1.116 - 58206 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HbpqdyC0EOgP57WCgo7mAS148k/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5095 1490502239.31 1490502239.68 370 192.168.1.116 - 58207 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PrjZk4OglKfhgDAD/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5096 1490502430.94 1490502431.28 337 192.168.1.116 - 58208 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8OgFvIu7V0Z36DrhF8K7FNUi3cNMSH/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5097 1490502622.55 1490502622.89 341 192.168.1.116 - 58209 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/439YO8kYnHdf45J0Zs16XMyeD562kyE/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5098 1490502814.14 1490502814.51 369 192.168.1.116 - 58210 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5098 1490502820.47 1490502820.82 351 192.168.1.116 - 58210 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k32QTCPpTXY09jT3fFlJ3uSGt4W5dV7w/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5099 1490503012.02 1490503012.35 332 192.168.1.116 - 58211 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SLrNAvgJvjZFg3JjTrxGhDI/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5100 1490503203.66 1490503204.71 1050 192.168.1.116 - 58212 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5100 1490503212.23 1490503212.93 706 192.168.1.116 - 58212 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5100 1490503220.48 1490503220.88 401 192.168.1.116 - 58212 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HiflQbftyUyclO59y20fP4nHDMfUIeL/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5101 1490503412.18 1490503412.56 374 192.168.1.116 - 58213 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zeJpljRi38FdSJNH6PHq/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5102 1490503603.86 1490503604.23 376 192.168.1.116 - 58214 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wcW1Lrja7uOV9AGjE3TWpsV2O1XJ/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5103 1490503795.5 1490503795.84 340 192.168.1.116 - 58215 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zgj41kCgcARY0qftQGxk/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5104 1490503987.08 1490503987.41 335 192.168.1.116 - 58216 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xEVedYCbyCdbLH0YN9oiRX6/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5105 1490504178.83 1490504179.25 414 192.168.1.116 - 58217 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5106 1490504181.32 1490504181.7 379 192.168.1.116 - 58218 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HZfGn4gGEUwqCzxi50lTK0eZQr4Ljs/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5107 1490504372.92 1490504373.26 339 192.168.1.116 - 58219 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4XM1zuXN4suCfKZzbZypIU6ds/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5108 1490504564.57 1490504564.95 375 192.168.1.116 - 58220 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mcSVLe7rv4RLhOZc/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5109 1490504756.25 1490504756.63 380 192.168.1.116 - 58221 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sRVssSYnRbrX5CBgsy2jKTg3/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5110 1490504947.84 1490504948.18 337 192.168.1.116 - 58222 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dLWzyJqqiCZgASiWeos0C/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5111 1490505139.49 1490505139.87 379 192.168.1.116 - 58223 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D0VB3Mh0PObr9QtQA4aA2/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5112 1490505331.13 1490505331.47 335 192.168.1.116 - 58224 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xnPiHSMmqi0rf3XgfLfrxCRCg/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5113 1490505522.74 1490505523.08 337 192.168.1.116 - 58225 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WiouNrN4ykOCvAwP4rDaeb58QOv/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5114 1490505714.3 1490505714.64 341 192.168.1.116 - 58226 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Rpb4f48DNMmH1UzBFKeyw/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5115 1490505906.02 1490505906.43 407 192.168.1.116 - 58227 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zPVnUyFRE8t8CWL2wc11rRZybqgp/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5116 1490506097.97 1490506098.41 442 192.168.1.116 - 58228 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AYPsxSskLd6oYmtJhEhdw1q/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5117 1490506289.99 1490506290.51 515 192.168.1.116 - 58229 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5117 1490506290.77 1490506291.19 416 192.168.1.116 - 58229 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5zjkFGJXO7sdgHTCHCAVkZxMzumQze/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5118 1490506482.49 1490506482.87 375 192.168.1.116 - 58230 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uCD0tONgfIv5Z3hClF/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5119 1490506674.48 1490506674.96 477 192.168.1.116 - 58231 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pQgR57Pch4wZeG3QykS8hXTRTbRA/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5120 1490506866.23 1490506866.57 341 192.168.1.116 - 58232 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2MErrCKqwgxzBvHUTjfnXK/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5121 1490507057.88 1490507058.26 378 192.168.1.116 - 58233 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q1zQJg5ayfvwE3Y5mqRjwxKlK5/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5122 1490507249.66 1490507251.08 1426 192.168.1.116 - 58234 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Lh69ONly8SLWXQYkA0uHIn8nfTFKCJtA/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5123 1490507442.73 1490507443.14 418 192.168.1.116 - 58235 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Kp0vGZnOC1lXyeaR/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5124 1490507634.74 1490507636.38 1642 192.168.1.116 - 58236 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9hlWPwhRJwP9cebEV2KMS4nxdGQ/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5125 1490507827.64 1490507827.98 336 192.168.1.116 - 58237 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0FMSDnrSQgI3ybVJfSKs7Jkhm2P/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5126 1490508019.26 1490508019.6 336 192.168.1.116 - 58238 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gjDb9EJGIjhH308bGxpiy47sONDlin/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5127 1490508211.03 1490508211.44 418 192.168.1.116 - 58239 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pjZrTyUu0UtHbyviksUZYdgwUIuhpzL/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5128 1490508402.94 1490508403.38 440 192.168.1.116 - 58240 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hcpAjMzxNcOxQsxA/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5129 1490508594.78 1490508595.19 407 192.168.1.116 - 58241 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nOFnp0vTWs0YoB71yLQlE8smmT/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5130 1490508786.57 1490508788.06 1483 192.168.1.116 - 58242 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5130 1490508795.17 1490508795.92 752 192.168.1.116 - 58242 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5130 1490508802.75 1490508803.13 379 192.168.1.116 - 58242 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RBmKth2LJPKG8udAI/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5131 1490508994.55 1490508994.95 403 192.168.1.116 - 58243 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dYRyvyDEBOHoHduuah51yNg/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5132 1490509186.32 1490509186.74 414 192.168.1.116 - 58244 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sHVyYdpXpeGWkRpcQJWeO0N/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5133 1490509377.99 1490509378.33 343 192.168.1.116 - 58245 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pGLJT6DaykgkkNtOi0yqpob5/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5134 1490509569.77 1490509570.18 411 192.168.1.116 - 58246 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9mn0jddYSvMKkov5U/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5135 1490509761.53 1490509761.94 412 192.168.1.116 - 58247 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/igW46hupO1I1nWlxBrge6ZvXnsYY/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5136 1490509953.34 1490509953.74 406 192.168.1.116 - 58248 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tUZntiAyVNvP62iVGJLblDWiVXDVQ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5137 1490510144.93 1490510145.26 325 192.168.1.116 - 58249 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5XrUrBM2Zubcm0veuYE5/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5138 1490510336.46 1490510336.8 338 192.168.1.116 - 58250 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AvexQCLRnJYmxEPYtfTNql2m/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5139 1490510528.05 1490510528.42 368 192.168.1.116 - 58251 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pk2OE8kKChNhF61kQt5u/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5140 1490510718.78 1490510718.85 66 192.168.1.116 - 58252 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5141 1490510719.48 1490510719.75 272 192.168.1.116 - 58253 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 5140 1490510719.96 1490510720.08 126 192.168.1.116 - 58252 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/7Ad8Rf4ZOdU1QWK7OtPOhb4NDzE/ 329 517 0 374 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5140 1490510720.59 1490510720.66 72 192.168.1.116 - 58252 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/OLLFGAZFEFOWS/1/ 220 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5142 1490510721.84 1490510721.95 116 192.168.1.116 - 58254 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5143 1490510723.12 1490510723.23 110 192.168.1.116 - 58255 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5144 1490510724.4 1490510724.53 136 192.168.1.116 - 58256 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5145 1490510725.69 1490510725.76 75 192.168.1.116 - 58257 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CmXF19JaqtXgrK4IOH58/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5146 1490510916.15 1490510916.22 76 192.168.1.116 - 58258 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYfYYVa1DLsLGEjXCTwfwvAm7/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5147 1490511106.6 1490511106.68 72 192.168.1.116 - 58259 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KmYlzzTX0RKd8v5O8w6d9bU6EyQ/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5148 1490511297.22 1490511297.29 74 192.168.1.116 - 58260 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z8EDXoysqs1HE8pxORRFWyU/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5149 1490511487.71 1490511487.79 75 192.168.1.116 - 58261 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d0LlQDfu5OIBxTgi5dKad/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5150 1490511678.23 1490511678.31 80 192.168.1.116 - 58262 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dw4UEGAyTrrkNwAmyuyr/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5151 1490511868.7 1490511868.83 130 192.168.1.116 - 58263 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5151 1490511869.09 1490511869.17 81 192.168.1.116 - 58263 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gwccn0ZC4G8b3lFj9cI79qN75s6bsNr/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5152 1490512065.61 1490512065.69 76 192.168.1.116 - 58264 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5153 1490512080.87 1490512080.94 75 192.168.1.116 - 58265 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5154 1490512096.15 1490512096.23 82 192.168.1.116 - 58266 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5155 1490512111.43 1490512111.52 89 192.168.1.116 - 58267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7yLTm2HEdrt8HcFNh/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5156 1490512301.91 1490512301.98 71 192.168.1.116 - 58268 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JrC6ZgArF0CZg9GgCq7jBf2toXMXq/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5157 1490512492.35 1490512492.42 74 192.168.1.116 - 58269 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NN3YHe5h9GClHEK1/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5158 1490512682.83 1490512682.9 74 192.168.1.116 - 58270 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IcVnqHJIMwly2ubPvvOqFoSclhPXdFYB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5159 1490512873.27 1490512873.35 78 192.168.1.116 - 58271 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KNdamlFoBk5VrrIm7OXg0J/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5160 1490513063.76 1490513063.83 71 192.168.1.116 - 58272 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BNCvbh5ROV2ZLWVaMQ1d9lms7Hj/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5161 1490513254.24 1490513254.31 76 192.168.1.116 - 58273 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0fttNozzddm5gHCX/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5162 1490513444.69 1490513444.76 74 192.168.1.116 - 58274 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7upbQmhuU0nbXebXUmjg/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5163 1490513635.17 1490513635.25 80 192.168.1.116 - 58275 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5163 1490513641.21 1490513641.3 87 192.168.1.116 - 58275 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b0vTaaKMQaVah5XPYiZU3ymE8e/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5164 1490513831.72 1490513831.79 74 192.168.1.116 - 58276 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pfWiBVNmZbQjsh1kNYZJC/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5165 1490514022.17 1490514022.25 80 192.168.1.116 - 58277 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nbwtl3uBMp7soVmWytpQcroJxmIna4/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5166 1490514212.67 1490514212.8 135 192.168.1.116 - 58278 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5166 1490514220.13 1490514220.25 123 192.168.1.116 - 58278 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5166 1490514227.97 1490514228.05 73 192.168.1.116 - 58278 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zdSHjl9nTUUb9Wc0vH/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5167 1490514418.41 1490514418.48 71 192.168.1.116 - 58279 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g92ClznK3MJf6h4pZSacdZpXFg4/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5168 1490514609.01 1490514609.08 78 192.168.1.116 - 58280 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5BaPdJpu1ulEip6QSYDpvv/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5169 1490514799.47 1490514799.54 72 192.168.1.116 - 58281 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hkECHDLoKlDuVdX3F1/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5170 1490514989.95 1490514990.02 74 192.168.1.116 - 58282 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zrZ7aOQ0Qgua3cQC/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5171 1490515180.39 1490515180.47 77 192.168.1.116 - 58283 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YwxUKXApWfeSd5VTNC/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5172 1490515372.27 1490515372.34 74 192.168.1.116 - 58284 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fcESc8MchUVCIre3e9PAeEO9ALy5LZ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5173 1490515563.76 1490515563.84 80 192.168.1.116 - 58285 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z7K7Ft2qKhHnplEmJmVrII/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5174 1490515754.32 1490515754.4 79 192.168.1.116 - 58286 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JiBz49Lks9cgOfVoFoXjcEkobCkQU3HM/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5175 1490515944.87 1490515944.94 71 192.168.1.116 - 58287 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lPTCJOOOQiaKzmSep4PNtip4noFIvLH/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5176 1490516135.34 1490516135.42 78 192.168.1.116 - 58288 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vdYG7Wvc9rLksIXyozlP/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5177 1490516325.84 1490516325.92 85 192.168.1.116 - 58289 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l1zwbfMrJRwz1KbVuyxDPWRWAlq/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5178 1490516516.33 1490516516.41 77 192.168.1.116 - 58290 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S1d9BnOgAClicyA0Ag8vtfZG55/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5179 1490516706.84 1490516706.92 78 192.168.1.116 - 58291 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WCIhaUGRYo5XERC6KwhwAWrHnvGN/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5180 1490516897.33 1490516897.46 128 192.168.1.116 - 58292 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VmdQJVFKzOEVktWWFpUWUSntyyxt8X6r/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5181 1490517087.87 1490517087.94 78 192.168.1.116 - 58293 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gpH7GtwlcTK7KACG5Y/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5182 1490517278.32 1490517278.4 79 192.168.1.116 - 58294 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5182 1490517278.65 1490517278.74 88 192.168.1.116 - 58294 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cnvxaLTKOif18nLYr7q5HN9OE050dM6/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5183 1490517469.13 1490517469.2 72 192.168.1.116 - 58295 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HcmYK6is3feTqnZcJSyrzPzHTFuIL3L2/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5184 1490517659.57 1490517659.65 73 192.168.1.116 - 58296 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WnPk4UF422bXVAhV/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5185 1490517850.05 1490517850.16 112 192.168.1.116 - 58297 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7f6pPA5nZk5YkEzLdZo0DLJ5KS29/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5186 1490518040.57 1490518040.65 77 192.168.1.116 - 58298 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NsLhFsRAML1aPHrvYRjXW/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5187 1490518231.06 1490518231.13 74 192.168.1.116 - 58299 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E0KvIXfHSiuIgAtkbJKp/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5188 1490518421.5 1490518421.57 74 192.168.1.116 - 58300 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ULRVIMabCFv7K3W2EAqqWEUWXHG/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5189 1490518611.98 1490518612.05 71 192.168.1.116 - 58301 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fm6fKWhfajNIr95hK340RUTBLX8ZI1fL/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5190 1490518802.43 1490518802.5 72 192.168.1.116 - 58302 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/77wdPN3iO6uH7eU1bxkF032JAjMQjlY/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5191 1490518992.88 1490518992.95 74 192.168.1.116 - 58303 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w8g2NvzPL1vjvk95dP4C64ykCEk/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5192 1490519183.32 1490519183.39 78 192.168.1.116 - 58304 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xYXX3PN4nQpBFE7VtDMXnaBR7ffFt/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5193 1490519373.8 1490519373.88 79 192.168.1.116 - 58305 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xzBeWbzVMsv4WFTl3sjTQ5UY34JBrEjT/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5194 1490519564.29 1490519564.37 79 192.168.1.116 - 58306 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WNpNuvtJ6ZEde5zie78j/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5195 1490519754.78 1490519754.9 128 192.168.1.116 - 58307 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5195 1490519762.44 1490519762.56 120 192.168.1.116 - 58307 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5195 1490519769.68 1490519769.76 80 192.168.1.116 - 58307 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p7nKaaM0ArcGpIh4X7IUsCUb5t/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5196 1490519960.16 1490519960.24 73 192.168.1.116 - 58308 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1E1WnASQdAHy9PJZAbNMqLNnjop/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5197 1490520150.62 1490520150.7 73 192.168.1.116 - 58309 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYTxiZ2p1td5ByEu/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5198 1490520341.1 1490520341.17 73 192.168.1.116 - 58310 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HlPRD9jTa2g3WpxR1hHX/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5199 1490520531.56 1490520531.64 74 192.168.1.116 - 58311 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ntH33cXKT7mawz9Y8VTSJ/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5200 1490520722.04 1490520722.11 71 192.168.1.116 - 58312 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dWAepcsjvsutbOFA1wxR6GBt/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5201 1490520912.51 1490520912.59 75 192.168.1.116 - 58313 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rZvngWirGBB2ZtozuK/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5202 1490521103.01 1490521103.09 73 192.168.1.116 - 58314 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mjnb7TOKwLR2jqeiJ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5203 1490521296.01 1490521296.09 73 192.168.1.116 - 58316 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HdwaIPOdfaCqLBIG8dFV8O/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5204 1490521486.45 1490521486.52 71 192.168.1.116 - 58317 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ED6kHwsdulTPWIc25tq9/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5205 1490521676.93 1490521677.0 74 192.168.1.116 - 58318 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uInzbzyK0qhhCPBSR9NGiV2KD/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5206 1490521867.42 1490521867.49 74 192.168.1.116 - 58319 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vvMGTa6f5d07OTpLKyMc4mroor/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5207 1490522057.91 1490522057.99 73 192.168.1.116 - 58320 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WWWBjV21836BekvypCwaZ6h3m1/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5208 1490522248.4 1490522248.48 80 192.168.1.116 - 58321 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/16QJ6rXgTYtCAfiPzoiNRTXTL/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5209 1490522438.89 1490522438.96 72 192.168.1.116 - 58322 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HIVr4RnSScPsCdQ8uZPeGnx1VT9t/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5210 1490522629.37 1490522629.46 86 192.168.1.116 - 58323 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NhNjBkPlmf9HAQM4hyIYDBOS64uNYD/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5211 1490522819.98 1490522820.05 72 192.168.1.116 - 58324 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5211 1490522820.31 1490522820.39 87 192.168.1.116 - 58324 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3wyJCiD7IBTwOH1cqLY8/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5212 1490523010.78 1490523010.85 73 192.168.1.116 - 58325 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bt3mrVEBzwSNqxjUz7NpWm3aW/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5213 1490523201.27 1490523201.34 74 192.168.1.116 - 58326 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/llc4Uzz9o8k9TYG9wI2SkgI1GX9q9xh/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5214 1490523391.72 1490523391.81 89 192.168.1.116 - 58327 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AMwe1819VZDy5NpXhfRNuKBLa5/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5215 1490523582.22 1490523582.31 90 192.168.1.116 - 58328 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UzQtXBCk6J9xRci7Sb2fL/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5216 1490523772.73 1490523772.8 71 192.168.1.116 - 58329 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mUYOV1mZVdRxMte3BUkeNnI5wLc/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5217 1490523963.18 1490523963.25 78 192.168.1.116 - 58330 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VU4a98hTOs6n5mrbJqcRV7/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5218 1490524153.66 1490524153.74 75 192.168.1.116 - 58331 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NpF7AWIKNJFsUgqaBF7Pm0Fx5r6yqG8W/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5219 1490524344.15 1490524344.22 74 192.168.1.116 - 58332 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XHYbVP0Vcjgh55M3QqR/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5220 1490524534.59 1490524534.67 81 192.168.1.116 - 58333 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5220 1490524540.63 1490524540.72 94 192.168.1.116 - 58333 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JV9r7It1TkzkniNSlRR5cHVS1alNTl5/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5221 1490524731.13 1490524731.21 81 192.168.1.116 - 58334 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oh9QlILXbEEGrJCTGuCz1SJyno/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5222 1490524921.63 1490524921.7 74 192.168.1.116 - 58335 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j3D9tktL57t42Tb1JIqxwUagsPbcsps/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5223 1490525112.1 1490525112.37 277 192.168.1.116 - 58336 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A7JKnWFmnWKSsW6urJqe5LJb/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5224 1490525302.75 1490525302.88 129 192.168.1.116 - 58337 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5224 1490525310.6 1490525310.71 113 192.168.1.116 - 58337 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5224 1490525318.5 1490525318.59 88 192.168.1.116 - 58337 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6uaiYDcFZZscygAXpkCUp2DfAzizn/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5225 1490525508.98 1490525509.05 75 192.168.1.116 - 58338 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vgF1H854yDUT3MvOiiNhXsWf4pykI/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5226 1490525699.46 1490525699.54 75 192.168.1.116 - 58339 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dwemBkftFmulSS5VCDMzNP/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5227 1490525889.94 1490525890.01 73 192.168.1.116 - 58340 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fyKnkjUwpT28YF8gMSIqpWhD1/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5228 1490526080.4 1490526080.48 86 192.168.1.116 - 58341 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OtCZEVYcoAF6qnFhBHSBmhaAGOAwKZak/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5229 1490526270.9 1490526270.98 86 192.168.1.116 - 58342 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FUYxru1gCW5z1MnY8Nv/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5230 1490526461.39 1490526461.47 78 192.168.1.116 - 58343 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VnyaNOs0HSTLfRGz1jE/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5231 1490526657.85 1490526657.93 82 192.168.1.116 - 58344 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5232 1490526673.13 1490526673.21 80 192.168.1.116 - 58345 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5233 1490526688.42 1490526688.49 68 192.168.1.116 - 58346 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5234 1490526703.7 1490526703.79 87 192.168.1.116 - 58347 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r1IhmcaDDmYqOT0ut0IGiZm7I4yC/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5235 1490526894.44 1490526894.52 74 192.168.1.116 - 58348 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fLoGDouannYEKMUrILy8yr5MQPGAPZ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5236 1490527084.93 1490527085.0 74 192.168.1.116 - 58349 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M8FFocYxV8UTISDqxpWydxo8/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5237 1490527275.38 1490527275.45 74 192.168.1.116 - 58350 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6BvHxRAWIbaE0kkG9k0/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5238 1490527465.85 1490527465.93 73 192.168.1.116 - 58351 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FA2yvh7LM1LbKugZdV43y7qcQ/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5239 1490527656.31 1490527656.39 81 192.168.1.116 - 58352 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6WqBEuu3UBqclPoHsAKbgi/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5240 1490527846.84 1490527846.95 113 192.168.1.116 - 58353 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dlFv9fhXpBYf8tnPBWOKDGm3LJylP/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5241 1490528037.33 1490528037.4 77 192.168.1.116 - 58354 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gN2isL9h7nauaz4DxtjCO/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5242 1490528227.87 1490528227.96 81 192.168.1.116 - 58355 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5242 1490528228.24 1490528228.35 103 192.168.1.116 - 58355 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DAH4bNe33vhlTWFiMWMR/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5243 1490528418.75 1490528418.82 72 192.168.1.116 - 58356 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qN1HYr3IKnkYUMxMEwLLaPja7/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5244 1490528609.4 1490528609.49 86 192.168.1.116 - 58357 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9c4WpMSepnDbZwoVUetVH8s/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5245 1490528800.12 1490528800.21 94 192.168.1.116 - 58358 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mZZmUf2dIdMnBOS2fy4YDNca3z4S/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5246 1490528990.63 1490528990.71 81 192.168.1.116 - 58359 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BgQQoFljaBQmfb1cysUMQRZbhdX59NdV/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5247 1490529181.09 1490529181.16 74 192.168.1.116 - 58360 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RTtklWe6tFJZsgg7HNuLp9MokHSl1h/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5248 1490529371.54 1490529371.62 78 192.168.1.116 - 58361 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t0s154wiJ6yLpxYm9o1QW30Rvsga6tTW/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5249 1490529562.04 1490529562.12 81 192.168.1.116 - 58362 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jhDeKaLbkzqvOYGmWkA/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5250 1490529752.5 1490529752.57 73 192.168.1.116 - 58363 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A5A9Sd7xBxijTTZLyiLiid2S/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5251 1490529944.85 1490529945.45 606 192.168.1.116 - 58364 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5251 1490529945.69 1490529946.35 667 192.168.1.116 - 58364 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/bkKOfV9kdxD5YenYSgaWGFgS/ 327 514 0 371 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5251 1490529946.95 1490529947.56 612 192.168.1.116 - 58364 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/XYOKNMHUPGLAKANV/1/ 224 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5252 1490529951.59 1490529952.26 669 192.168.1.116 - 58365 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5253 1490529954.06 1490529954.68 616 192.168.1.116 - 58366 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5254 1490529956.5 1490529957.18 680 192.168.1.116 - 58367 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5255 1490529958.97 1490529959.6 632 192.168.1.116 - 58368 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3ISkYXxSu311u4oRC0h6/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5256 1490530151.61 1490530152.21 607 192.168.1.116 - 58369 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nkdhQzEsSIecAMnwSgDrsC1Sha/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5257 1490530344.16 1490530344.73 567 192.168.1.116 - 58370 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1WLmXguoe7GD7bkLiO6uPsjQE/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5258 1490530536.79 1490530537.4 605 192.168.1.116 - 58371 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W5OWfpm5rD4GVvaIhWXwVFsa/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5259 1490530729.44 1490530731.84 2399 192.168.1.116 - 58372 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5259 1490530738.96 1490530740.76 1802 192.168.1.116 - 58372 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5259 1490530748.42 1490530749.05 633 192.168.1.116 - 58372 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b8uujJTk1ymWsTYWV/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5260 1490530941.12 1490530941.72 604 192.168.1.116 - 58373 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/INkePxU5r08mbTXuX/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5261 1490531133.7 1490531134.32 614 192.168.1.116 - 58374 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5J5ndWUIqWmx8BMDO3Tf3w9UZ38/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5262 1490531327.76 1490531328.38 620 192.168.1.116 - 58375 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mdqBjmNtuEutuprL4O/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5263 1490531520.48 1490531521.1 621 192.168.1.116 - 58376 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NBuU7TvWJRjM9k5e6rnW6DVRKoxCGIgn/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5264 1490531713.19 1490531713.79 603 192.168.1.116 - 58377 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TNd0t7v9KBLDUJtrv/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5265 1490531905.89 1490531906.49 606 192.168.1.116 - 58378 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AAZ2cR0Waru16Wsb13eJ4ae/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5266 1490532098.48 1490532099.09 609 192.168.1.116 - 58379 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AG6cFalGOP1FlzLfnU24xjOngD3a/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5267 1490532291.11 1490532291.72 611 192.168.1.116 - 58380 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/28LHvG7cDV4irgOrfz02bu/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5268 1490532483.73 1490532485.44 1711 192.168.1.116 - 58381 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZdocBY1IHPQJ9Ujd2g7ihdJP/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5269 1490532677.49 1490532678.11 619 192.168.1.116 - 58382 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0SCTKHyM4nLxn52jtqbftqILFPuEV/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5270 1490532870.09 1490532870.73 636 192.168.1.116 - 58383 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YttWult43yGHfSkphi8B7hgWTz4/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5271 1490533062.7 1490533063.32 611 192.168.1.116 - 58384 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 217 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5272 1490533065.14 1490533065.75 605 192.168.1.116 - 58385 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vtusAzo25lJeitwbri2Bgv65lGIIGK9/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5273 1490533257.76 1490533258.38 617 192.168.1.116 - 58386 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wWa9t7dQTbDGdJm55q/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5274 1490533450.44 1490533451.05 607 192.168.1.116 - 58387 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0r31eHJGFRQqo52sf8LX6oE/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5275 1490533644.15 1490533644.77 612 192.168.1.116 - 58388 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5275 1490533645.02 1490533645.64 618 192.168.1.116 - 58388 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BXDDMDrTZ8ytvr1nI6k1GFUdC9ozOv/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5276 1490533837.64 1490533838.26 617 192.168.1.116 - 58389 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k0cuVIT8lcFFZnGFjenXJG9IMPtv/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5277 1490534030.27 1490534030.88 614 192.168.1.116 - 58390 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lpZB2JhYx5R0dPwDew/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5278 1490534222.86 1490534223.47 613 192.168.1.116 - 58391 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k36hcUuYpYov53hZkGeewEKgdXWc/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5279 1490534415.63 1490534416.24 607 192.168.1.116 - 58392 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QjltSoXqvbXsFlrHWZMA6AELigUOaN/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5280 1490534608.41 1490534609.01 603 192.168.1.116 - 58393 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C5KG6akiUhdijObk8OAo6g/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5281 1490534801.05 1490534801.66 606 192.168.1.116 - 58394 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O7VQeUsvwkFZxk6EsDugD2/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5282 1490534993.68 1490534995.96 2279 192.168.1.116 - 58395 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l0S4ZNaZ2TDp5DTmVWF18xXP5gJ/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5283 1490535187.98 1490535188.59 611 192.168.1.116 - 58396 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dwoNd6ZU2LZZ5pHuyLq4aP7Azbckf/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5284 1490535381.73 1490535382.34 605 192.168.1.116 - 58397 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5284 1490535388.3 1490535390.05 1752 192.168.1.116 - 58397 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S0VlvxiNpX7mYFO9/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5285 1490535581.99 1490535582.58 588 192.168.1.116 - 58398 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/chhu6xvWPvwsyLNwdNzgW/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5286 1490535774.56 1490535775.17 617 192.168.1.116 - 58399 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zexq9huZh5WGpTUCzGRIxBbx/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5287 1490535977.05 1490535977.68 636 192.168.1.116 - 58400 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bOnqn33eZLykY05j4E/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5288 1490536169.73 1490536172.06 2335 192.168.1.116 - 58401 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5288 1490536179.18 1490536184.43 5243 192.168.1.116 - 58401 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5288 1490536191.85 1490536192.47 612 192.168.1.116 - 58401 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SgIsgced3TaIFGrcJuo/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5289 1490536384.49 1490536385.09 605 192.168.1.116 - 58402 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1TQXZIQVTpV4LqZ36OSgfjhpoYfw11/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5290 1490536577.08 1490536577.7 617 192.168.1.116 - 58403 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qmPNmbMgQxOgwZUVO25ooL3G4e6v4uK/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5291 1490536769.76 1490536770.37 606 192.168.1.116 - 58404 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2rZ04uYlGYPiePofQWAMgD0jHy/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5292 1490536965.15 1490536965.75 603 192.168.1.116 - 58405 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WxhsjVMOXJn3niG4KhxDPXbZw/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5293 1490537158.96 1490537159.57 609 192.168.1.116 - 58406 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jLw5ZgSAKO8GIprWrgoqdSrC4o7NODS/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5294 1490537352.87 1490537353.48 607 192.168.1.116 - 58407 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/82bSBMvLXMGeliSoR4kUe7npq/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5295 1490537546.67 1490537548.46 1796 192.168.1.116 - 58408 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vywuVMQkqeaihgnulsOPTLgwtrs4GK/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5296 1490537740.38 1490537740.95 570 192.168.1.116 - 58409 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zzeOVJhIMfIbSGVsvhtngFLSmyTME00/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5297 1490537932.95 1490537933.57 618 192.168.1.116 - 58410 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nmaMDDApwTJ2EBdHy1aZ/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5298 1490538126.81 1490538127.42 604 192.168.1.116 - 58411 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AAOGXCB1TJ7jdlTGGQGH1TEi93/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5299 1490538319.5 1490538320.11 611 192.168.1.116 - 58412 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nz4tJKhQHbfvnghtQ/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5300 1490538512.1 1490538512.77 671 192.168.1.116 - 58413 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1Np44eMXOWTam1tq/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5301 1490538705.93 1490538706.55 615 192.168.1.116 - 58414 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vTRvEu3SgtJjJBcWmzvToLYSl4Tti/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5302 1490538898.6 1490538899.2 604 192.168.1.116 - 58415 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DFKqrPFRbLbYi5c2vhpKkQL82/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5303 1490539091.17 1490539091.81 636 192.168.1.116 - 58416 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5303 1490539092.07 1490539092.64 572 192.168.1.116 - 58416 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r6sZKLse7LfdUHIYOElYt7RQvo6yful/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5304 1490539284.67 1490539285.28 615 192.168.1.116 - 58417 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZDo5EhE6PYOLPeCKT/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5305 1490539477.35 1490539477.98 628 192.168.1.116 - 58418 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/94N3TeQrTFVcD4MQ/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5306 1490539670.0 1490539670.61 613 192.168.1.116 - 58419 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oplh8jdDSypGLA6nkS4/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5307 1490539862.58 1490539863.2 614 192.168.1.116 - 58420 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9asyqa06w8DaLo1r9MK8eutvsKoC/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5308 1490540055.26 1490540055.87 604 192.168.1.116 - 58421 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vNj8SPfIQYUAiiJb5uZc3UDIaG/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5309 1490540250.29 1490540250.9 605 192.168.1.116 - 58422 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gkOLPmcjpV8dPHfMTNBrlmCbWX/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5310 1490540442.95 1490540443.57 616 192.168.1.116 - 58423 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/55alaYDCpFEGNvgqaE78TBOYamC8TM/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5311 1490540635.6 1490540636.21 605 192.168.1.116 - 58424 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EWSFAcHPENRBhdgLVm4YbR8QrTqKk2/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5312 1490540828.17 1490540830.29 2120 192.168.1.116 - 58425 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wkI814qC04DKIDnOsh42yAC57IaQQY2/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5313 1490541023.32 1490541023.94 616 192.168.1.116 - 58426 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y1I5A0Qf9XDzoyzm3AMy/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5314 1490541221.95 1490541223.67 1721 192.168.1.116 - 58427 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5315 1490541242.29 1490541242.91 618 192.168.1.116 - 58428 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5316 1490541259.67 1490541260.31 634 192.168.1.116 - 58429 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5317 1490541277.12 1490541277.73 611 192.168.1.116 - 58430 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gG9DiV8GUm6T2CdCI/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5318 1490541469.71 1490541471.92 2209 192.168.1.116 - 58431 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SSmQ6DRpskMPX8xZrqxBk/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5319 1490541666.22 1490541676.21 9987 192.168.1.116 - 58432 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5319 1490541683.59 1490541693.41 9825 192.168.1.116 - 58432 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5319 1490541700.8 1490541701.44 640 192.168.1.116 - 58432 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NFpoPbi2zqW7ebnCHVgrPC/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5320 1490541893.52 1490541894.14 621 192.168.1.116 - 58433 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3yRIhclAfe8rkVKJUMVUKEFnBxibu/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5321 1490542086.11 1490542087.85 1739 192.168.1.116 - 58434 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fEYP9eWZhf9iGJsyk7el/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5322 1490542279.91 1490542280.51 605 192.168.1.116 - 58435 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xLyDWeTbUhjOIjoCLFjrzkx5QfywR7wi/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5323 1490542472.49 1490542473.09 608 192.168.1.116 - 58436 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MyK6EZZiDYZhKWfkIQrLVT0G878ioOR/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5324 1490542669.2 1490542669.82 618 192.168.1.116 - 58437 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wn0mpAvSzAUBL426bxT1gXDe/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5325 1490542862.8 1490542874.36 11556 192.168.1.116 - 58438 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2ERqiVs3wOO4vNHU67VbE/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5326 1490543066.37 1490543066.98 614 192.168.1.116 - 58439 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x9X9tp9tK9iEdgJxyhrip/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5327 1490543260.87 1490543261.91 1043 192.168.1.116 - 58440 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AWXnsWUATHDuMSMF15IlgoV/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5328 1490543453.92 1490543454.53 610 192.168.1.116 - 58441 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hjlgTN52xotRTv7JRX4N5YT22BvCrG/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5329 1490543646.55 1490543648.16 1613 192.168.1.116 - 58442 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EgBtEergP3dP1IEsf1wX3HJL1nVN1/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5330 1490543840.2 1490543840.82 619 192.168.1.116 - 58443 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XddCVI8jMHEPFPbhRr3kw1y0DZnclCp/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5331 1490544032.9 1490544033.51 609 192.168.1.116 - 58444 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BbfvLGBxA6WgmaG2hFcQpCClOUFWZBFL/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5332 1490544225.54 1490544228.96 3421 192.168.1.116 - 58445 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YZFBsA4jO1jIuf5IlE0J6lzaN0CO2M/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5333 1490544420.95 1490544423.16 2208 192.168.1.116 - 58446 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iZsjv6PFdZkcEFP29m2AyZjcjfT4/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5334 1490544616.42 1490544617.06 641 192.168.1.116 - 58447 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5334 1490544617.32 1490544617.95 628 192.168.1.116 - 58447 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7teSpJHhzqJpkSbq7nHbX/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5335 1490544820.78 1490544823.06 2284 192.168.1.116 - 58448 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FTm1rmfTr2SANAWCFnP9PW5eI2hZwrUP/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5336 1490545016.29 1490545016.9 607 192.168.1.116 - 58449 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WksdTzcSl7s1bZNI6AwbhahHaKg5GyX/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5337 1490545209.91 1490545210.52 613 192.168.1.116 - 58450 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j2pVcRne2g0iWx0cGwh5N/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5338 1490545403.6 1490545404.18 570 192.168.1.116 - 58451 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZOhXh7c1QW0beG46OP2/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5339 1490545597.2 1490545598.82 1616 192.168.1.116 - 58452 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ggKrffSS2AFC4FcnJ3YTmOkoH/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5340 1490545792.56 1490545795.8 3243 192.168.1.116 - 58453 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TFBYWOfDKBEmKJhjqsQnZ/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5341 1490545987.89 1490545988.5 613 192.168.1.116 - 58454 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OTxoFdNYmLAsMhhtv9UYZ74a4/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5342 1490546180.52 1490546182.34 1821 192.168.1.116 - 58455 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tqGMlaP3wjrHq5N4KgSIpTT06jP8ro/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5343 1490546374.38 1490546374.99 607 192.168.1.116 - 58456 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5343 1490546380.95 1490546381.57 619 192.168.1.116 - 58456 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dko8vTECn4Do35xC491fdbOlt4Zrcbv3/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5344 1490546576.85 1490546577.47 624 192.168.1.116 - 58457 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IolVzWU0z2PE2eTLZYfPwvbu2erp89Xt/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5345 1490546770.66 1490546771.28 618 192.168.1.116 - 58458 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HypHTJO79ToOdKRPFcxMIq8TIvi/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5346 1490546963.33 1490546963.93 607 192.168.1.116 - 58459 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KzsOzZegCV2lAueH/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5347 1490547157.14 1490547164.97 7821 192.168.1.116 - 58460 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5347 1490547172.12 1490547178.69 6572 192.168.1.116 - 58460 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5347 1490547185.71 1490547186.34 627 192.168.1.116 - 58460 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/waGo6WowX3kafDGITHVz548dZnRO/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5348 1490547379.38 1490547379.99 605 192.168.1.116 - 58461 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nLXl7wyVyI9ybCmO1lAt3MLRuha/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5349 1490547573.81 1490547575.63 1817 192.168.1.116 - 58462 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FxrH7ro5DdOOwA32mmnglUXGd/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5350 1490547768.83 1490547769.44 614 192.168.1.116 - 58463 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qol6VgMQCXxbd297Xe014C2u/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5351 1490547961.45 1490547963.23 1779 192.168.1.116 - 58464 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DoI0u8bVvaZpta4LpPKsftAZo1i8lr8j/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5352 1490548155.29 1490548157.53 2237 192.168.1.116 - 58465 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WKg8K6BgDBx03DTg0fMWyAvAJXA5z/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5353 1490548349.53 1490548350.15 616 192.168.1.116 - 58466 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X45cgAciFjworKTj5Kf/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5354 1490548542.37 1490548542.98 609 192.168.1.116 - 58467 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V1A9qCY0dvBkRr7Sfj/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5355 1490548735.03 1490548766.68 31650 192.168.1.116 - 58468 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VqPpCy5m8Mj9zj8Ibnbq3z0v8ps/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5356 1490548781.82 1490548782.39 572 192.168.1.116 - 58469 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xmwi1ojStGUxOLWfKtCtC1kdK/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5357 1490548974.35 1490548974.95 606 192.168.1.116 - 58470 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UmumNsJjvYRmvEkH/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5358 1490549166.96 1490549167.77 805 192.168.1.116 - 58471 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gfk4HLyZ36XEIuJV2ZEJmc9DTzex/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5359 1490549359.76 1490549360.37 608 192.168.1.116 - 58472 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zwHHfbuSnuWZc8J5eoAYaJpQaJKZ1aS/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5360 1490549687.28 1490549688.74 1458 192.168.1.116 - 58476 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5361 1490549689.78 1490549690.05 269 192.168.1.116 - 58477 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 5360 1490549690.26 1490549691.97 1711 192.168.1.116 - 58476 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/tLqfYs55N7HT3dYuz2I5/ 322 510 0 367 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5360 1490549692.89 1490549693.41 517 192.168.1.116 - 58476 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/WMMRAIMJUHVLFKD/1/ 222 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5362 1490549694.9 1490549696.32 1416 192.168.1.116 - 58478 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5363 1490549698.76 1490549699.27 504 192.168.1.116 - 58479 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5364 1490549706.14 1490549707.57 1421 192.168.1.116 - 58480 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5365 1490549709.95 1490549711.3 1341 192.168.1.116 - 58481 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mhJ4i1Vi5ZHLX0m4a3wcHkGCYps/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5366 1490549902.95 1490549903.42 471 192.168.1.116 - 58482 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nXBWyyWPYCWH8EEwwdsPKSO/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5367 1490550095.06 1490550095.57 513 192.168.1.116 - 58483 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5367 1490550095.84 1490550100.72 4882 192.168.1.116 - 58483 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SHL7CzLJeoFe598H7Z73gWWLJV/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5368 1490550292.41 1490550296.73 4325 192.168.1.116 - 58484 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y1US69uDnJ9yIbOpuMArbLb/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5369 1490550489.44 1490550500.09 10654 192.168.1.116 - 58485 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0hnGTqaopctYyr1UgPT/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5370 1490550692.7 1490550693.21 504 192.168.1.116 - 58486 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g1ccJaVzlw4jx74KRT5Nzq4tAs/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5371 1490550887.2 1490550888.63 1436 192.168.1.116 - 58487 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zTzjrIKySQPusIaC1dO9m/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5372 1490551080.21 1490551081.55 1340 192.168.1.116 - 58488 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f6UMc7u3C9qQQLjaalyWtGTRb6NHu2/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5373 1490551274.23 1490551274.71 478 192.168.1.116 - 58489 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hegjwhkZJzPVJYNAqbCdlbboj0GzBy/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5374 1490551466.33 1490551466.8 472 192.168.1.116 - 58490 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/71Jj06snyJf4FukXB7/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5375 1490551658.6 1490551659.13 534 192.168.1.116 - 58491 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PHpU60SZbm6POZnG4VNJnEkJ/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5376 1490551850.87 1490551851.37 507 192.168.1.116 - 58492 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iRgdrDgt0V03HBEOzLQXWwKroi/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5377 1490552044.03 1490552045.44 1412 192.168.1.116 - 58493 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/odXktoneBPhM0IV2xpi8HFDhqxgUhlAh/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5378 1490552237.31 1490552237.78 468 192.168.1.116 - 58494 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RRxtoEmH5OYYQ6Rq3BeM0XRVQ/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5379 1490552429.55 1490552435.48 5928 192.168.1.116 - 58495 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U5ZhIHXO80p6DBFvYh1Zz0rt/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5380 1490552627.37 1490552628.76 1387 192.168.1.116 - 58496 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5380 1490552636.44 1490552637.82 1382 192.168.1.116 - 58496 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5380 1490552644.9 1490552645.42 520 192.168.1.116 - 58496 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D023gl3QaAEBCMPg/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5381 1490552840.11 1490552840.58 473 192.168.1.116 - 58497 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2BJPsCtEsBlphy7pTkcm/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5382 1490553034.1 1490553034.58 482 192.168.1.116 - 58498 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xqSj45TolecstgDtTySIVTLl0SGQFJ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5383 1490553226.25 1490553226.92 675 192.168.1.116 - 58499 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LRRE5B48NII76hbsoaazAkfEHJadef/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5384 1490553418.6 1490553419.13 531 192.168.1.116 - 58500 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8cvwre1Odv9QclWOZkzCGLS/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5385 1490553611.9 1490553612.39 485 192.168.1.116 - 58501 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ahfBXylDErmQlFit7yIa/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5386 1490553803.97 1490553804.45 481 192.168.1.116 - 58502 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rSxGQx1Fdlai9Kk7bRi9DFnsfVv/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5387 1490553996.09 1490553996.63 535 192.168.1.116 - 58503 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GBj0Oij8rg4Lp3bgUqb/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5388 1490554188.29 1490554188.83 541 192.168.1.116 - 58504 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FDOyUyFfekUmF4ZDneIBEkm/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5389 1490554380.59 1490554382.0 1415 192.168.1.116 - 58505 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dFfPFFuLYnLXkTMcu/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5390 1490554573.63 1490554574.11 480 192.168.1.116 - 58506 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aBZBfytmGft8LLkR4zhP/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5391 1490554766.8 1490554767.27 473 192.168.1.116 - 58507 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qdTj1gfzC6tLW42xi3Fq6SgJClri/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5392 1490554959.84 1490554960.35 509 192.168.1.116 - 58508 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ka7AXjHInqLwJmzpof/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5393 1490555152.94 1490555153.41 470 192.168.1.116 - 58509 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OYnoFidYeIP9Y4xy2lA/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5394 1490555345.05 1490555346.47 1418 192.168.1.116 - 58510 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1gDSL85JvYNkx6NW8efFEM5Nc/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5395 1490555540.32 1490555540.86 534 192.168.1.116 - 58511 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5395 1490555541.48 1490555541.95 475 192.168.1.116 - 58511 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EK2mW8cJtmnr1xNPY0CFc02DZvzT09zk/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5396 1490555739.64 1490555740.15 514 192.168.1.116 - 58512 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5397 1490555758.51 1490555759.05 539 192.168.1.116 - 58513 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5398 1490555778.73 1490555779.24 505 192.168.1.116 - 58514 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5399 1490555795.71 1490555796.23 518 192.168.1.116 - 58515 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/po1pgKKT8IFRc7ZBgjakDBJnXb/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5400 1490555987.83 1490555988.3 475 192.168.1.116 - 58516 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tu4HY6GflMm0nhYicrvqD29sEUMoIjv1/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5401 1490556179.9 1490556180.37 467 192.168.1.116 - 58517 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dVK28uoWGDGeLBbk6Xcod2NBTqrcC/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5402 1490556372.04 1490556372.51 470 192.168.1.116 - 58518 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qafgiOavYwKz0ff6voWc/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5403 1490556564.16 1490556565.94 1781 192.168.1.116 - 58519 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GgZDHF9dLFH5yXada6x/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5404 1490556757.56 1490556758.93 1370 192.168.1.116 - 58520 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XDCdPl3uu3SaFKLiM5Sgtlvk/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5405 1490556950.57 1490556951.98 1409 192.168.1.116 - 58521 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6MiSN5DNNAwBkrNesc/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5406 1490557143.57 1490557144.04 469 192.168.1.116 - 58522 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jjQHj68U16tSUtOv65MWaXJX8lhmGxnp/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5407 1490557335.72 1490557336.25 534 192.168.1.116 - 58523 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5407 1490557342.21 1490557342.69 477 192.168.1.116 - 58523 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYS7kEbdM3uNwIiUDGk5UmGTzC0s89/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5408 1490557534.28 1490557534.75 472 192.168.1.116 - 58524 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qIWfFNQIGcSeufviAaFqV2Yc/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5409 1490557727.39 1490557727.91 524 192.168.1.116 - 58525 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/23xh0nWBWa2pc5zkNEvdcLkWpZU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5410 1490557919.53 1490557920.01 483 192.168.1.116 - 58526 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4XKkpMd4ewgpi6D8Q84/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5411 1490558111.72 1490558114.53 2817 192.168.1.116 - 58527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5411 1490558121.64 1490558127.03 5389 192.168.1.116 - 58527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5411 1490558134.31 1490558134.81 497 192.168.1.116 - 58527 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XbRkTPjJChXYBD5xWMmltatrOw9TmVL/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5412 1490558326.5 1490558327.91 1410 192.168.1.116 - 58528 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QbFevMZcznKPwMb5AvFPMb5SsXm/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5413 1490558519.58 1490558520.11 533 192.168.1.116 - 58529 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wXOmQtEfckRcGUF4PxRDm5eDYR/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5414 1490558711.8 1490558712.27 469 192.168.1.116 - 58530 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LXyI4XhnSh995I0kLTzB9R7Jo/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5415 1490558904.91 1490558905.45 536 192.168.1.116 - 58531 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L0g1Y2RFC4oxutRnlpgpbZ3USUfU/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5416 1490559098.12 1490559098.6 478 192.168.1.116 - 58532 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GTCbOmzW4LoxSZF9MwgVXdlBpCWF/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5417 1490559291.11 1490559292.48 1370 192.168.1.116 - 58533 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/efcY0PVMykR4NuppqcXZ/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5418 1490559486.34 1490559486.81 472 192.168.1.116 - 58534 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gXdcDq9TBdA2FagyMaz7I133/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5419 1490559679.6 1490559681.06 1455 192.168.1.116 - 58535 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D6YMgAt4EPjUMyj0CMk6wT6VAO3GWqc/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5420 1490559872.73 1490559873.26 533 192.168.1.116 - 58536 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tfZxKcpurm221yXPKV9ICzofxe4On0T/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5421 1490560064.89 1490560065.36 475 192.168.1.116 - 58537 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NTmTnbiGV42QD6fBl23/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5422 1490560257.02 1490560258.44 1416 192.168.1.116 - 58538 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RXkWRuPalMEyaQPExaHU6gkOSZ7W2Oi/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5423 1490560451.1 1490560451.64 541 192.168.1.116 - 58539 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MjlgPKHMy1k8kXl3oIxQMVXGEMYU/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5424 1490560643.33 1490560643.8 470 192.168.1.116 - 58540 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4NjEQs941JQSqYcOkVUMFvEMy/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5425 1490560835.48 1490560835.98 504 192.168.1.116 - 58541 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4DENa1XELLksIshc/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5426 1490561028.69 1490561030.1 1413 192.168.1.116 - 58542 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5426 1490561030.38 1490561030.91 524 192.168.1.116 - 58542 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/koclfdWym0fXIB2Y/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5427 1490561222.55 1490561223.02 470 192.168.1.116 - 58543 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ddxhPKLun6bS50lDCKQYeF1z/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5428 1490561414.7 1490561415.21 515 192.168.1.116 - 58544 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PjUdT6VbCAzXjjqVIDYwTYyzUMNVvEP/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5429 1490561606.99 1490561607.46 477 192.168.1.116 - 58545 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ombcj5VtGbD5DVCrM/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5430 1490561799.16 1490561799.63 471 192.168.1.116 - 58546 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3vmhw3XkCfIe0dpzmFT1dEJ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5431 1490561993.75 1490561994.26 510 192.168.1.116 - 58547 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 216 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5432 1490561995.88 1490561996.35 468 192.168.1.116 - 58548 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VQw8LvEvKwcKxPLTQIh3/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5433 1490562188.16 1490562188.64 484 192.168.1.116 - 58549 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ItSwxnVRXXJBTpC8F/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5434 1490562380.44 1490562380.97 534 192.168.1.116 - 58550 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FMeysVHphWv89jfB1x9VIGusk7VksCVd/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5435 1490562572.64 1490562573.11 473 192.168.1.116 - 58551 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n4Z6jPdK1lB95AfAZ0LCKs/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5436 1490562764.83 1490562765.31 485 192.168.1.116 - 58552 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lJIynjCTBr5TXfjiDcwh/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5437 1490562957.05 1490562957.53 472 192.168.1.116 - 58553 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lDB2zxeqp5pwejTNggw2GdE/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5438 1490563149.36 1490563149.9 539 192.168.1.116 - 58554 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d2Kfud8Ay9PmudIAcUSs1Lhl8is2D/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5439 1490563343.64 1490563344.17 535 192.168.1.116 - 58555 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aw6y5Zzh0XEhpXyClpnRH9hsDNvyRKl/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5440 1490563535.8 1490563537.52 1722 192.168.1.116 - 58556 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5440 1490563545.09 1490563546.46 1372 192.168.1.116 - 58556 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5440 1490563554.26 1490563554.75 482 192.168.1.116 - 58556 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1WmSql9by8G3NmRTBehbNL/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5441 1490563746.61 1490563747.09 473 192.168.1.116 - 58557 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t9aiESJitYjM68Yk0cWSxjshpNpeH0h/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5442 1490563938.89 1490563939.35 469 192.168.1.116 - 58558 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jhDPQ25qxiylN4bq3OTMeXNSb5q/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5443 1490564131.02 1490564131.5 472 192.168.1.116 - 58559 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w3XD8sx1qSA6c29S40WFz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5444 1490564323.16 1490564324.87 1706 192.168.1.116 - 58560 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S8DWHIg8QkkEzMN0p0G3EU54/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5445 1490564517.43 1490564517.9 474 192.168.1.116 - 58561 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xgTI34C7XbZ073ktT6uwIDPXtFJuk/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5446 1490564709.56 1490564710.03 473 192.168.1.116 - 58562 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J4NXELj5NCtTnr6BgkdBDG7xsvl5u/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5447 1490564901.68 1490564903.05 1371 192.168.1.116 - 58563 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YKBHwADS2qt7YGy2oZ/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5448 1490565094.83 1490565095.37 548 192.168.1.116 - 58564 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AUut9nO6zJLIVs3ZOsPbla8xwXfg7dg1/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5449 1490565287.03 1490565287.51 474 192.168.1.116 - 58565 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oW0laLGqps4Zz2q02MhspI/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5450 1490565479.13 1490565479.61 477 192.168.1.116 - 58566 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qOgb4l5dG0zD43eSEdlZ6U3GpMq/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5451 1490565671.24 1490565671.71 473 192.168.1.116 - 58567 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D1gjfC0dHkmuS22T0femYcNH9qtc/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5452 1490565863.36 1490565863.83 477 192.168.1.116 - 58568 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q2YeEcaMjfwytKqcS9/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5453 1490566055.53 1490566055.99 468 192.168.1.116 - 58569 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pAEmtpsS8pN5pYl1uN1maFRJJRlMZ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5454 1490566247.58 1490566248.06 474 192.168.1.116 - 58570 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/98F8FtNpd2QWJp8dkebDF/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5455 1490566440.63 1490566441.13 504 192.168.1.116 - 58571 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5455 1490566441.39 1490566441.9 515 192.168.1.116 - 58571 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qLMloDw9FcfyZl5vRbt1ukgKqq/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5456 1490566633.56 1490566634.03 468 192.168.1.116 - 58572 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ees2QVGfHaKgQDQnW90xhmxyhWYaLPR/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5457 1490566825.66 1490566826.14 484 192.168.1.116 - 58573 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nuk4u0wOzkXpa42MDfZ8XNtI/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5458 1490567017.82 1490567018.29 466 192.168.1.116 - 58574 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D06fpYLcZ21gmdyYsn6uV/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5459 1490567209.95 1490567210.44 483 192.168.1.116 - 58575 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/edtdqRDWfJhXwC6QMht7Mcv/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5460 1490567402.07 1490567402.55 481 192.168.1.116 - 58576 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7ZKZFsJLlmWoDduE9P1d/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5461 1490567594.21 1490567594.69 481 192.168.1.116 - 58577 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xEXbqQuui18iUpKx3IXR2WIst/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5462 1490567788.68 1490567789.15 475 192.168.1.116 - 58578 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6yJZIq6LcPcZM2cJFpAvbL/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5463 1490567980.81 1490567981.28 474 192.168.1.116 - 58579 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KVdfDnMDWZYKXVBxfjKy3/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5464 1490568172.96 1490568173.46 505 192.168.1.116 - 58580 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5464 1490568179.42 1490568179.97 544 192.168.1.116 - 58580 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9IwWV59TXGDgw3jip53/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5465 1490568371.7 1490568372.18 477 192.168.1.116 - 58581 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I2zeqmikQB6wHJ6fId/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5466 1490568564.66 1490568565.12 468 192.168.1.116 - 58582 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TKJdZfRH3GrSMcAPswKyqnOzvQ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5467 1490568756.77 1490568757.24 476 192.168.1.116 - 58583 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lLzRau0V6d8AruX143YaK/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5468 1490568948.9 1490568950.25 1350 192.168.1.116 - 58584 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5468 1490568957.39 1490568958.3 911 192.168.1.116 - 58584 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5468 1490568965.54 1490568966.01 471 192.168.1.116 - 58584 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uDyGSpHiDbGKdmA8E/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5469 1490569157.42 1490569157.86 437 192.168.1.116 - 58585 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5469 1490569158.22 1490569158.64 420 192.168.1.116 - 58585 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/rE0o5XpTeAvdOLQPNR/ 321 508 0 365 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5469 1490569159.31 1490569159.75 437 192.168.1.116 - 58585 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/EQSCQTCEJPOU/1/ 220 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5470 1490569162.0 1490569162.42 415 192.168.1.116 - 58586 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5471 1490569163.6 1490569164.08 474 192.168.1.116 - 58587 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5472 1490569165.42 1490569165.86 440 192.168.1.116 - 58588 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5473 1490569168.03 1490569168.46 435 192.168.1.116 - 58589 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NOj4Fv7Z0hTcNpBZX7ijyTza/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5474 1490569360.07 1490569360.49 412 192.168.1.116 - 58590 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ryQKsDyWepFEvKTSGbTIORaUPBQ6/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5475 1490569551.87 1490569552.24 369 192.168.1.116 - 58591 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7GamFmFD2KcWuz6PU/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5476 1490569743.62 1490569744.06 437 192.168.1.116 - 58592 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C3s9QxuP23mjIFJa0sXRLokhzo/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5477 1490569935.43 1490569935.83 406 192.168.1.116 - 58593 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0KBp4cT5rvoVzojyNTa7x/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5478 1490570127.22 1490570127.66 437 192.168.1.116 - 58594 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n4oTjhw78S4nfj0pru/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5479 1490570325.05 1490570325.42 370 192.168.1.116 - 58595 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5480 1490570341.59 1490570342.01 418 192.168.1.116 - 58596 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5481 1490570358.18 1490570358.62 440 192.168.1.116 - 58597 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5482 1490570374.86 1490570375.24 377 192.168.1.116 - 58598 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KGKpXkKbC7V3Lrkw/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5483 1490570567.32 1490570567.69 370 192.168.1.116 - 58599 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cpxKU0AWjVMZzNvC6e6neLCq2/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5484 1490570759.07 1490570759.5 435 192.168.1.116 - 58600 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JLhgldtKsPmYdAftr0uH3tV2A6/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5485 1490570950.88 1490570951.3 415 192.168.1.116 - 58601 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/62wR9xxKwXAXTWTOOC5hKoDia/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5486 1490571142.64 1490571143.01 370 192.168.1.116 - 58602 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/70avmCld6evl1prwZl2dzjaI38RXJ7/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5487 1490571334.36 1490571334.77 418 192.168.1.116 - 58603 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5ufJxp5GtEWx7wbSWnQF5RsPG7rkX2cH/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5488 1490571526.2 1490571526.62 415 192.168.1.116 - 58604 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7TBQnxEc5tH6jkRFclqPOEnslklseU/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5489 1490571718.0 1490571718.41 406 192.168.1.116 - 58605 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iQ38CH3SykhLMTBGS8fyCXwR/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5490 1490571909.83 1490571910.23 406 192.168.1.116 - 58606 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5490 1490571910.49 1490571910.91 414 192.168.1.116 - 58606 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CLwzFpaB0eFkmeBxxmU6Tfwo6/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5491 1490572102.23 1490572102.6 370 192.168.1.116 - 58607 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oujCsve7UiyrsPAEmb5iE7O2M/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5492 1490572293.95 1490572294.38 430 192.168.1.116 - 58608 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jIF9UBIVPOGJ4N0Fx6Thxtv7kI/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5493 1490572485.82 1490572486.22 405 192.168.1.116 - 58609 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FN49bDL30TVf4ncjqvJ/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5494 1490572677.59 1490572677.99 404 192.168.1.116 - 58610 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WyO4ffhXwux9UF05hfiMeSte/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5495 1490572869.33 1490572869.77 436 192.168.1.116 - 58611 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lELTuT6VjAwgvfHDmOdfXq/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5496 1490573061.17 1490573061.59 411 192.168.1.116 - 58612 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JlOC35zLmEGExPqHDv/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5497 1490573252.97 1490573253.38 407 192.168.1.116 - 58613 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NMO9beOOfvTYtRBbfSFP6HVoYJU/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5498 1490573444.8 1490573445.21 407 192.168.1.116 - 58614 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dchkn64wpurQTg0ts50c1txahQsC8/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5499 1490573636.63 1490573637.04 414 192.168.1.116 - 58615 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yXXEaeE36g7CA6N3H59m/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5500 1490573828.4 1490573828.77 372 192.168.1.116 - 58616 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tVfzOek4oJ1KIjaAIC8KSvjHeJVch/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5501 1490574020.13 1490574020.54 409 192.168.1.116 - 58617 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XcWyqH5LBHF3jGVhktoM2Lg/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5502 1490574211.95 1490574212.36 411 192.168.1.116 - 58618 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mbTCh6FNSsjNh2H0EefqWB9IlE/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5503 1490574403.75 1490574404.85 1097 192.168.1.116 - 58619 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5503 1490574412.25 1490574413.03 785 192.168.1.116 - 58619 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5503 1490574420.2 1490574420.57 373 192.168.1.116 - 58619 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/44R5OVBmuCafufRJuDGqymjnHdi5BH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5504 1490574611.93 1490574612.36 433 192.168.1.116 - 58620 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/udR3tFwl6PBUvCa8CP/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5505 1490574803.74 1490574804.15 411 192.168.1.116 - 58621 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iPkUVZRdwHdxYsvhiJ8F6qBHdJ2BFBCa/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5506 1490574995.52 1490574995.96 433 192.168.1.116 - 58622 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sBRQvwQwl8XezqIoFQMLCm4o6/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5507 1490575187.34 1490575187.71 368 192.168.1.116 - 58623 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HbNUH115m72MsewhFg8xgTqN88/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5508 1490575379.13 1490575379.53 404 192.168.1.116 - 58624 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Il4lLwXs9TDrDVl2PTFNgZEauwiO9ie/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5509 1490575570.92 1490575571.33 406 192.168.1.116 - 58625 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3di0YcQCinkV7wW2RnBqLqP/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5510 1490575762.71 1490575763.15 436 192.168.1.116 - 58626 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZiByIcYIS2LBI09snOkNLC63wyfsK/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5511 1490575954.52 1490575954.96 434 192.168.1.116 - 58627 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LVshrFGaZi4OHvPkap/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5512 1490576146.33 1490576146.73 407 192.168.1.116 - 58628 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/402DHCb4EA8DFENxjxhrKQa7gd17C/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5513 1490576338.14 1490576338.55 409 192.168.1.116 - 58629 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yrdAH3S4d6pS0OBBq2/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5514 1490576529.94 1490576530.36 419 192.168.1.116 - 58630 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0RJEoJS2ISabH8KUb4WPPVwf0/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5515 1490576721.75 1490576722.16 407 192.168.1.116 - 58631 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FBRVXvjnk8WoXatuo2udpfzcd20eeC6m/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5516 1490576913.55 1490576913.99 435 192.168.1.116 - 58632 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EeNyaBqeeIsWZLpENTjjCBoOecJwxH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5517 1490577105.38 1490577105.8 426 192.168.1.116 - 58633 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6e2S1kAnQFvJ9pJp6qTdUluE6L/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5518 1490577297.16 1490577297.54 371 192.168.1.116 - 58634 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ic1NODXqgVbhdqeCLMikf9VNU/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5519 1490577488.91 1490577489.31 404 192.168.1.116 - 58635 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5519 1490577489.57 1490577490.01 437 192.168.1.116 - 58635 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FptyChwnvPhhd3RmvGsI/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5520 1490577681.35 1490577681.72 370 192.168.1.116 - 58636 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hZA14eijwwoS3DVA/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5521 1490577873.06 1490577873.5 434 192.168.1.116 - 58637 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YWjrSi4Hw9NVLisINBLLnCb/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5522 1490578064.89 1490578065.32 433 192.168.1.116 - 58638 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/l6SeX8seLWRCswqdIBqXwy/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5523 1490578256.73 1490578257.16 431 192.168.1.116 - 58639 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M7HPa5qBgeTVbWcGsHR/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5524 1490578448.56 1490578448.97 417 192.168.1.116 - 58640 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QYfhxavLyr3tiySlgYQOe/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5525 1490578640.29 1490578640.66 368 192.168.1.116 - 58641 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aphyaSgJ9mmI6heE4xh2HLh/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5526 1490578832.08 1490578832.5 417 192.168.1.116 - 58642 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O4JJ31sgCpxP6z9objLeHmbi/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5527 1490579023.87 1490579024.3 436 192.168.1.116 - 58643 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5527 1490579030.27 1490579030.65 371 192.168.1.116 - 58643 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/US1JNcq6TzQVDU3hQPpowWs5/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5528 1490579221.98 1490579222.41 431 192.168.1.116 - 58644 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EfPyALHBYefJbM1B/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5529 1490579413.79 1490579414.16 368 192.168.1.116 - 58645 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M2AT1A2YYjWkMmQVRwjk/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5530 1490579605.56 1490579605.92 367 192.168.1.116 - 58646 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bwfjMmUAKATlhaKOY4LsM/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5531 1490579797.3 1490579797.72 416 192.168.1.116 - 58647 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1unNzhw0v3ayE0ekl6WtuhuQpc5/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5532 1490579989.09 1490579990.16 1071 192.168.1.116 - 58648 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5532 1490579997.3 1490579998.03 734 192.168.1.116 - 58648 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5532 1490580005.26 1490580005.64 388 192.168.1.116 - 58648 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t7yartgYL1h0NlxzcUMWBl/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5533 1490580197.03 1490580197.44 407 192.168.1.116 - 58649 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DXdUw9jQoSkvzRA8tSr9BtAxRn/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5534 1490580388.77 1490580389.14 369 192.168.1.116 - 58650 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aFsKhVnVt5mjIkqLeET/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5535 1490580580.48 1490580580.85 370 192.168.1.116 - 58651 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AhxbYc0tpQRAHV7zqwSbsx/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5536 1490580772.23 1490580772.64 407 192.168.1.116 - 58652 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VjVsZft1LSbZorZvp/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5537 1490580964.03 1490580964.44 408 192.168.1.116 - 58653 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qj9QySkBTp42FAfP78quGcC/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5538 1490581155.85 1490581156.26 413 192.168.1.116 - 58654 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LEFMBvqqV8LPfw166X/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5539 1490581347.71 1490581348.12 409 192.168.1.116 - 58655 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P1QLAeSHB4rw9D9sJQHnBmrB0w/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5540 1490581539.5 1490581539.9 405 192.168.1.116 - 58656 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/95PtLv7u5UJRACIJt37p/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5541 1490581731.36 1490581731.83 469 192.168.1.116 - 58657 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oXlPFTvqpREUI5WTOGBL1py/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5542 1490581923.2 1490581923.56 369 192.168.1.116 - 58658 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xo7sFSz6NAgQWNYevD/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5543 1490582114.9 1490582115.27 367 192.168.1.116 - 58659 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mYLqf1Smdz4BXEGt8cqf8PjK32sHDE/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5544 1490582306.66 1490582307.07 406 192.168.1.116 - 58660 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tmF4S5MZmLMsSg6dGu8L/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5545 1490582498.47 1490582498.87 405 192.168.1.116 - 58661 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lfVZNZstnadlBzcI/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5546 1490582690.37 1490582690.8 437 192.168.1.116 - 58662 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wEmn7IUWRHsITe1yN4CWyQvrgxX5S/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5547 1490582882.19 1490582882.55 368 192.168.1.116 - 58663 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xtc0OLUMCPvKvyNWVRYq/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5548 1490583074.0 1490583074.41 406 192.168.1.116 - 58664 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5548 1490583074.67 1490583075.09 416 192.168.1.116 - 58664 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aEL2ApHQtUoCwpMC0tDTaF6oO/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5549 1490583266.51 1490583266.92 404 192.168.1.116 - 58665 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/or3aO7OtSdH7cQ5ae5wYGmM6PBlI4V/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5550 1490583458.31 1490583458.72 409 192.168.1.116 - 58666 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YU9b6m58VESLELSHu5zR4Es8S/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5551 1490583650.14 1490583650.57 437 192.168.1.116 - 58667 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e8sOr7pP67ADF3U4bEzw9X92pJMNn/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5552 1490583841.92 1490583842.29 370 192.168.1.116 - 58668 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fyFdKuyybSBjUsZjKjGT4bYrcM94EU/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5553 1490584033.66 1490584034.07 411 192.168.1.116 - 58669 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HwSWK8Bs2eS0guBU1Q0n5OjdzY/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5554 1490584225.39 1490584225.76 370 192.168.1.116 - 58670 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9Bh5JRyPdn6QSkmhrK6i/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5555 1490584417.13 1490584417.57 433 192.168.1.116 - 58671 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BJZhI7PjaGlfHbtXY0jRjH5/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5556 1490584608.95 1490584609.37 416 192.168.1.116 - 58672 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ukv8XXKGjO64GhSYXXJBXTGI6/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5557 1490584806.75 1490584807.17 418 192.168.1.116 - 58673 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5558 1490584823.34 1490584823.76 414 192.168.1.116 - 58674 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5559 1490584839.96 1490584840.37 410 192.168.1.116 - 58675 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5560 1490584856.56 1490584856.96 407 192.168.1.116 - 58676 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3XpgqhExGEArkheMrb/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5561 1490585048.31 1490585048.75 433 192.168.1.116 - 58677 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h6ceyo1A8I6lU0RBLf1D09EP27f/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5562 1490585240.13 1490585240.51 380 192.168.1.116 - 58678 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YonrjI4nTWBNuqqf7Ue3zH/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5563 1490585432.09 1490585433.23 1135 192.168.1.116 - 58679 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5563 1490585441.5 1490585442.3 802 192.168.1.116 - 58679 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5563 1490585449.48 1490585449.92 438 192.168.1.116 - 58679 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8yAHkMDQfeBIGXAz2Gk/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5564 1490585641.3 1490585641.74 435 192.168.1.116 - 58680 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CltzxYAFPz35Yo096pH4MuKJKr71fD/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5565 1490585834.3 1490585834.72 418 192.168.1.116 - 58681 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n9l4QBEXNDpzqRE9h9pWccPhzgRP/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5566 1490586026.13 1490586026.54 413 192.168.1.116 - 58682 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cfqXdJajOQFSkEmuCYNGKhw69l/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5567 1490586217.87 1490586218.25 376 192.168.1.116 - 58683 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J3FG6xc9uI5YGe8pzDBOlVxj/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5568 1490586409.69 1490586410.11 422 192.168.1.116 - 58684 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/USDEou4Ebq18QwV4Fv8gDIBvF/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5569 1490586601.53 1490586601.95 424 192.168.1.116 - 58685 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tfj0dFyi10hkonTW5GyviE3I4NzDVJwb/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5570 1490586793.48 1490586793.89 410 192.168.1.116 - 58686 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fNBHX3GdjdVpyj8yfGjt6hkAy8/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5571 1490586985.31 1490586985.72 408 192.168.1.116 - 58687 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KeMKT1DLkcT2uu3qGowCi/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5572 1490587177.05 1490587177.48 431 192.168.1.116 - 58688 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9P4N94MwzUWTY70I/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5573 1490587368.83 1490587369.2 370 192.168.1.116 - 58689 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EuzuaKuiljs3sU8fNzopc5wdOHLREn/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5574 1490587560.65 1490587561.07 417 192.168.1.116 - 58690 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4yTA1drlSi0B2z0tcVnAbRQx/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5575 1490587752.46 1490587753.57 1112 192.168.1.116 - 58691 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BaLyVKB67y6Nz8KRVIqmRYASzwC/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5576 1490587944.96 1490587945.35 388 192.168.1.116 - 58692 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BVhN7LX0yDDN5ms2Aniwqcw7/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5577 1490588136.88 1490588137.29 417 192.168.1.116 - 58693 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2xpTCgAe297Kg2Lo/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5578 1490588328.67 1490588329.11 430 192.168.1.116 - 58694 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YBAbV1GcGynKaOsP/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5579 1490588521.67 1490588524.69 3018 192.168.1.116 - 58695 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5580 1490588525.53 1490588525.77 239 192.168.1.116 - 58696 50.19.97.123 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 5579 1490588525.98 1490588527.42 1443 192.168.1.116 - 58695 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/xlJmJDhy7hUPZn4wTOg/ 320 509 0 366 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5579 1490588527.92 1490588528.39 472 192.168.1.116 - 58695 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/GOBOFLJMXDRXENDE/1/ 222 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5581 1490588530.85 1490588533.96 3113 192.168.1.116 - 58697 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5582 1490588537.35 1490588537.87 521 192.168.1.116 - 58698 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5583 1490588540.33 1490588547.38 7050 192.168.1.116 - 58699 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5584 1490588550.81 1490588552.61 1807 192.168.1.116 - 58700 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5584 1490588552.87 1490588557.96 5087 192.168.1.116 - 58700 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y6su9cfzSiA4UBhL9sclx624I/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5585 1490588749.64 1490588751.41 1772 192.168.1.116 - 58701 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GWA4MATvf0M2TJoMS9dMLgz/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5586 1490588944.07 1490588945.89 1815 192.168.1.116 - 58702 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VkN7tktveJbVfCLfQj3qbMFvSG4t4D2/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5587 1490589138.93 1490589139.47 536 192.168.1.116 - 58703 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nNpBZ30BxIRsQVIauSkejLnxbEVo0d/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5588 1490589338.23 1490589338.74 507 192.168.1.116 - 58704 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zFzMGqmKvQVghiboorV2DE8/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5589 1490589531.29 1490589531.82 532 192.168.1.116 - 58705 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qOmIBYpOIevCtjPTTiQV6J/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5590 1490589724.45 1490589724.92 469 192.168.1.116 - 58706 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oIahENJNHnkAx8Pt0Mkuhd3/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5591 1490589928.21 1490589928.72 511 192.168.1.116 - 58707 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5591 1490589934.68 1490589935.23 546 192.168.1.116 - 58707 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aJIcoQtiiRXL2Z97lwBRymYYhVML7NYx/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5592 1490590126.88 1490590128.59 1709 192.168.1.116 - 58708 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M57pyJWMAt8P85LtCm32gWquuXcR/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5593 1490590321.33 1490590362.99 41661 192.168.1.116 - 58709 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ftVhEoXosMyiIE8KwyRD/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5594 1490590372.06 1490590372.58 513 192.168.1.116 - 58710 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qJ4fvwKDWfQ5KVHW/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5595 1490590566.55 1490590567.08 532 192.168.1.116 - 58711 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mSBWqB5AENBdDmuI1STP/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5596 1490590764.88 1490590765.39 512 192.168.1.116 - 58712 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XJ5qExVAsmAcydTkUexFX78K9Y/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5597 1490590958.23 1490590958.74 507 192.168.1.116 - 58713 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 215 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5598 1490590963.5 1490590967.5 4001 192.168.1.116 - 58714 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5598 1490590975.31 1490590976.31 999 192.168.1.116 - 58714 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5598 1490590983.75 1490590984.28 533 192.168.1.116 - 58714 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XoY8UtbZFBECqzxGonaYYc/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5599 1490591175.96 1490591176.5 535 192.168.1.116 - 58715 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eK8F7h7xwE1L17pZRJ2wSWr9Y5M/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5600 1490591369.07 1490591369.6 532 192.168.1.116 - 58716 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mp0QRyPFMtS3cfjEl2Yl/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5601 1490591566.42 1490591566.93 508 192.168.1.116 - 58717 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dLjNl5EWVgkXXUKleaWSf04dlQws/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5602 1490591759.62 1490591770.66 11035 192.168.1.116 - 58718 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KaUZ7YbdXeNVTBMgHfnYEwu0kyi2cS/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5603 1490591968.53 1490591969.04 507 192.168.1.116 - 58719 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kjTwb1g38QNHh45Vcpd6UWcwp8Gy/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5604 1490592161.63 1490592164.71 3084 192.168.1.116 - 58720 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S3No6JxPj6m6IwPnOrRASRkQCwXy/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5605 1490592358.39 1490592360.2 1809 192.168.1.116 - 58721 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w3Q7lBBEbKk37cnXqHh/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5606 1490592552.79 1490592553.26 468 192.168.1.116 - 58722 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eHQoHFz6cK6rYTnPLdDdHI/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5607 1490592746.83 1490592747.36 532 192.168.1.116 - 58723 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LlWMo7UPlNQTKs4r5V7p7/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5608 1490592940.04 1490592940.57 533 192.168.1.116 - 58724 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HMAsg7ho1KWpCJgIzb1/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5609 1490593132.26 1490593135.34 3074 192.168.1.116 - 58725 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OmLxcTBs0bl9wrJfV5ACCr8PZcTSkZRi/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5610 1490593327.9 1490593328.38 473 192.168.1.116 - 58726 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dxmFMu7iKLHL9OJwc1yMRFLiXtAclnT/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5611 1490593521.02 1490593522.44 1420 192.168.1.116 - 58727 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I8cocvyiEh3sEz958f/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5612 1490593715.02 1490593715.49 470 192.168.1.116 - 58728 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5a2Exow1TFVWYLejYdQSBTU6rHFo/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5613 1490593907.17 1490593907.7 533 192.168.1.116 - 58729 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yJHOOGxnWy78mU74KcwDHgnwbE06Z/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5614 1490594102.46 1490594102.98 514 192.168.1.116 - 58730 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5614 1490594103.23 1490594103.74 517 192.168.1.116 - 58730 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y5Ug7WZ2lRm2OtwDP5PkvhL4N5lx5lVV/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5615 1490594297.95 1490594299.36 1414 192.168.1.116 - 58731 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RyZ7QKdDV7lUO6hPRuilHZZ7kcHUd/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5616 1490594493.58 1490594494.09 513 192.168.1.116 - 58732 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ehtlIF2CYbODTDpN9x2UHJLynSkU/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5617 1490594688.82 1490594689.34 515 192.168.1.116 - 58733 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mDR9aIvMbhMQilCV9f1HMXRkj5aIr/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5618 1490594888.82 1490594889.31 481 192.168.1.116 - 58734 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vJL4HxP1vvryAGEp5qu5W/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5619 1490595080.97 1490595084.11 3140 192.168.1.116 - 58735 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oYS5jSbWgX0z5YEu/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5620 1490595278.65 1490595279.16 508 192.168.1.116 - 58736 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xjmGijubnuekcaDHkDu6Czl1E8C1Gb/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5621 1490595473.84 1490595474.35 509 192.168.1.116 - 58737 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O1Drg2KA7tZCPx7TamqxFJrnL/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5622 1490595667.87 1490595669.66 1785 192.168.1.116 - 58738 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HHD4tch9FDVqPhvK0OmdBuPJR8b33gSu/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5623 1490595862.37 1490595862.88 509 192.168.1.116 - 58739 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CLeIWDGc4EjD3SP4IoQcD/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5624 1490596056.0 1490596056.51 514 192.168.1.116 - 58740 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/41yBQ8xTu3b8NjropalQ9bB2r/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5625 1490596249.18 1490596249.65 478 192.168.1.116 - 58741 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c3rP2EHY7elpUqNIkw/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5626 1490596442.3 1490596443.76 1454 192.168.1.116 - 58742 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5626 1490596451.75 1490596452.79 1032 192.168.1.116 - 58742 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5626 1490596460.48 1490596461.01 530 192.168.1.116 - 58742 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9d1UsEIRI2uZQja8YE8/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5627 1490596654.56 1490596655.09 532 192.168.1.116 - 58743 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SXXo7m29Yw6NQ5rTnbLtO4UyeiV5I/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5628 1490596846.8 1490596847.31 503 192.168.1.116 - 58744 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jEBZxC21XFcHqF9RW/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5629 1490597041.41 1490597041.88 472 192.168.1.116 - 58745 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/APLvHEqIbOf3DZC3Mo45VN/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5630 1490597233.52 1490597233.99 471 192.168.1.116 - 58746 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bft76DG4ekP634Hn8AIWII0HBYC6X2wR/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5631 1490597425.64 1490597426.12 474 192.168.1.116 - 58747 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4IRUjjUbOmgo8A2QiPBYKTe/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5632 1490597617.75 1490597620.37 2622 192.168.1.116 - 58748 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nir9P3JViT0RcJY7OiEte3FsdjRC/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5633 1490597812.03 1490597812.5 467 192.168.1.116 - 58749 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1qQjBLcdBaOSNc82619bI1X1LR/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5634 1490598004.16 1490598005.59 1435 192.168.1.116 - 58750 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/od8ibrlutzfD36E7HMHmuw/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5635 1490598197.2 1490598197.67 468 192.168.1.116 - 58751 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TLa12R5URh0q4iRjvQt5oghcG/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5636 1490598393.26 1490598393.74 477 192.168.1.116 - 58752 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H3DRt791dnIL3EBiektUtSw/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5637 1490598586.39 1490598586.86 473 192.168.1.116 - 58753 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ezpt6SDkRiJaf8a1MZHxDJ/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5638 1490598780.69 1490598782.4 1713 192.168.1.116 - 58754 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IqbrXaYobwvlGgugJ49Y4Et1EDB/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5639 1490598975.04 1490598975.51 472 192.168.1.116 - 58755 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HmrNwJvCg1ViYPZhfw/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5640 1490599169.79 1490599171.14 1353 192.168.1.116 - 58756 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FkNMSsE6Y359CW7oQcDnHazB/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5641 1490599368.77 1490599369.31 534 192.168.1.116 - 58757 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5642 1490599386.7 1490599387.17 467 192.168.1.116 - 58758 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5643 1490599403.56 1490599404.04 481 192.168.1.116 - 58759 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5644 1490599423.48 1490599423.96 475 192.168.1.116 - 58760 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jhmVLgisN9lqSxIs0cE9fXomUC/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5645 1490599615.55 1490599616.02 469 192.168.1.116 - 58761 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5645 1490599616.41 1490599616.89 480 192.168.1.116 - 58761 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LjbZrNNLoibsYdajwIZfhr/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5646 1490599808.51 1490599810.26 1747 192.168.1.116 - 58762 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AFIZxairwje0oPMQg3KXxzaltpw8S4/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5647 1490600001.9 1490600002.38 473 192.168.1.116 - 58763 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gV1qV0ikr0iJJjBz8nkjm/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5648 1490600195.88 1490600196.36 481 192.168.1.116 - 58764 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1C6I3xq0z1yOO6AbKXGNv4/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5649 1490600388.89 1490600389.36 471 192.168.1.116 - 58765 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TIXpMUyun1xgjj8Sj/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5650 1490600580.97 1490600582.68 1712 192.168.1.116 - 58766 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tbThmwUiva3yDyKdxhOmxjb87SQ1/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5651 1490600775.27 1490600775.8 535 192.168.1.116 - 58767 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5651 1490600781.76 1490600782.25 493 192.168.1.116 - 58767 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LEld7OF4ML0vP4UYpgs2UHbaAvatR8qs/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5652 1490600973.88 1490600974.34 467 192.168.1.116 - 58768 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/axpecZQdnswQxKdPhQrI/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5653 1490601165.97 1490601166.45 476 192.168.1.116 - 58769 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RXxmUIwzJLiS0NzMU1/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5654 1490601358.03 1490601358.51 479 192.168.1.116 - 58770 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ynq6dcWkbj2xFi8jDp/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5655 1490601557.23 1490601557.7 472 192.168.1.116 - 58771 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sDhd79XWykjOIJwDt0TeK7i46I/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5656 1490601751.17 1490601751.65 481 192.168.1.116 - 58772 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g1tn8GuhC2Ne1Zzl/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5657 1490601945.12 1490601948.21 3086 192.168.1.116 - 58773 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5657 1490601955.34 1490601958.73 3395 192.168.1.116 - 58773 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5657 1490601966.42 1490601967.82 1398 192.168.1.116 - 58773 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BMqMBfN5Hk5IKQaT32n18AmxZ4/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5658 1490602159.46 1490602164.54 5079 192.168.1.116 - 58774 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FT6DQKpfae6dXYKjljYHO/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5659 1490602357.01 1490602357.49 477 192.168.1.116 - 58775 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hnIel53RCUWvXuyNoHln1nbB/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5660 1490602556.24 1490602556.71 472 192.168.1.116 - 58776 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IwySkveOh0yjFjrB5b2DdFz/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5661 1490602749.63 1490602750.1 468 192.168.1.116 - 58777 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zc0u82QXTRuuyGBjiiyCXD77fhom/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5662 1490602941.68 1490602942.17 489 192.168.1.116 - 58778 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gStq541QbhsgZEuQ5/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5663 1490603133.89 1490603134.36 471 192.168.1.116 - 58779 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xjjraHkjDlj9g09lRCrAx1TW/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5664 1490603327.09 1490603327.57 479 192.168.1.116 - 58780 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7rUr7WQNVYlemxKDGHJgCWVv6FKAiI8w/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5665 1490603519.19 1490603519.67 482 192.168.1.116 - 58781 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zCRa8nNTNg1M0cxjhUR/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5666 1490603715.19 1490603715.66 472 192.168.1.116 - 58782 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5sHRpYusApoOQghpQNvuc0cOw2/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5667 1490603908.17 1490603908.65 480 192.168.1.116 - 58783 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z0itv4IVosBELearRFEzvtr/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5668 1490604103.47 1490604103.96 484 192.168.1.116 - 58784 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oO4eEJ9SrPxIZDGf8pubzj2LhozVvSYs/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5669 1490604297.48 1490604297.95 472 192.168.1.116 - 58785 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WUGla5HYr3Ge9PQXq/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5670 1490604491.45 1490604491.93 481 192.168.1.116 - 58786 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mDtPdheSEu1ybJ1NpsCh0IS/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5671 1490604686.61 1490604687.97 1367 192.168.1.116 - 58787 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DXV5VwJ9Hv17BkybYSuiU/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5672 1490604881.82 1490604883.16 1339 192.168.1.116 - 58788 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5iaU1yq049uXKfG1Ja/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5673 1490605074.76 1490605075.23 469 192.168.1.116 - 58789 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5673 1490605075.49 1490605075.98 486 192.168.1.116 - 58789 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QzdPjnQ48H3F50FzcmgTWYQpEKmqOPH/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5674 1490605269.47 1490605269.95 472 192.168.1.116 - 58790 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gTjQdXhxu7MqA5WDAkw6FAJMc8d/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5675 1490605463.76 1490605464.24 484 192.168.1.116 - 58791 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3BLj3M8omDxA23CFh/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5676 1490605656.85 1490605657.32 471 192.168.1.116 - 58792 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jhNWT5wXQXCeVTjeK/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5677 1490605855.2 1490605855.68 473 192.168.1.116 - 58793 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E9M2IzFZRZklYQYQth8bK6/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5678 1490606047.27 1490606048.99 1715 192.168.1.116 - 58794 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W4Ab3ABbeL0YtVx18uJgLL23tM/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5679 1490606245.36 1490606245.84 480 192.168.1.116 - 58795 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q1sZbUoA9Zk8PoXjttV4x/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5680 1490606437.52 1490606437.98 466 192.168.1.116 - 58796 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lZmorU86rNb0E7aeuk/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5681 1490606629.64 1490606630.1 467 192.168.1.116 - 58797 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D9CkJLIfn1CczBGQC5OS6RlxxkK/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5682 1490606827.84 1490606836.93 9086 192.168.1.116 - 58798 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jpf0siR0AHHEC2ZOiuw1ojn2w5r/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5683 1490607032.45 1490607033.89 1437 192.168.1.116 - 58799 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5VdoSTlgn0LrwKu1tBLU/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5684 1490607226.43 1490607226.91 472 192.168.1.116 - 58800 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3odig8F9EyAMEqQ6EbZsGmLCs/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5685 1490607419.49 1490607420.93 1440 192.168.1.116 - 58801 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5685 1490607428.6 1490607430.59 1980 192.168.1.116 - 58801 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5685 1490607438.28 1490607438.83 553 192.168.1.116 - 58801 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TcH0BFl6FIfxUI9SMu8P5DFC/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5686 1490607630.47 1490607630.94 473 192.168.1.116 - 58802 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JjKLL4qcxuRbHpFZ/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5687 1490607822.59 1490607823.07 475 192.168.1.116 - 58803 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S8GMzeyrQVzlMnVaa32ulYT/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5688 1490608014.71 1490608015.18 474 192.168.1.116 - 58804 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/al2kgbo7ySOMBH5PxVFGan8o6EzjaKE/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5689 1490608344.52 1490608348.89 4375 192.168.1.116 - 58808 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 206 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5689 1490608349.12 1490608349.76 638 192.168.1.116 - 58808 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/MhU2zq8GFf5eB05iz50xP7rbu/ 329 515 0 372 133 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5689 1490608350.29 1490608350.83 546 192.168.1.116 - 58808 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/GNVVLRRIXE/1/ 219 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5690 1490608353.59 1490608354.21 622 192.168.1.116 - 58809 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5691 1490608356.86 1490608357.43 570 192.168.1.116 - 58810 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 217 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5692 1490608359.07 1490608359.68 606 192.168.1.116 - 58811 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 245 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5693 1490608361.38 1490608361.91 521 192.168.1.116 - 58812 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WCaHOHywHv0RwHXbTycq/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5694 1490608554.89 1490608555.41 521 192.168.1.116 - 58813 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KsHAQNZOlneUhYfjrOZFnRpDxZOW/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5695 1490608747.24 1490608747.78 538 192.168.1.116 - 58814 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S0ppdcJ9kGIvIls890KK/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5696 1490608939.78 1490608940.3 519 192.168.1.116 - 58815 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/71FlwphvFw7d0bJ5t8MUpNfu71C/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5697 1490609132.08 1490609132.6 520 192.168.1.116 - 58816 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sTVuFNa3YVmuHaxVskdMIB4H/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5698 1490609324.46 1490609324.97 505 192.168.1.116 - 58817 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JUCalNtpGGHD9vArvxqgOrA6z6Y95z/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5699 1490609516.91 1490609517.43 524 192.168.1.116 - 58818 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PeQBG5ueF6OBvEd4uz1ysKxI1y/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5700 1490609709.31 1490609709.85 537 192.168.1.116 - 58819 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kxacO3D2Ln0lmxHIcQeLXdUnVqV9RqZ/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5701 1490609901.68 1490609902.2 517 192.168.1.116 - 58820 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vmQkfnFu7ZCFYZLL7OTyzNz6Z/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5702 1490610094.03 1490610094.55 521 192.168.1.116 - 58821 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZXjFXeXQyMPDiZsXnu0CiSZdq/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5703 1490610287.5 1490610288.03 537 192.168.1.116 - 58822 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XOUloNk60hS01FCJp/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5704 1490610479.88 1490610480.4 520 192.168.1.116 - 58823 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5704 1490610480.66 1490610481.18 524 192.168.1.116 - 58823 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0OeExin6crcFI99xd/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5705 1490610673.05 1490610673.59 540 192.168.1.116 - 58824 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k9wN0FDzch8TlnA8M5xwkl8A9T/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5706 1490610865.41 1490610865.93 519 192.168.1.116 - 58825 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CSK8BlgErTzEgjQZPn2KD34SyuPxYtTd/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5707 1490611061.16 1490611061.7 540 192.168.1.116 - 58826 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GA57ywHavgeXw6vSfdUJl4QWG/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5708 1490611254.59 1490611255.11 518 192.168.1.116 - 58827 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QbKQAcn6qLvTbEOsQ/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5709 1490611447.95 1490611448.47 522 192.168.1.116 - 58828 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RJ10rBrL0Jpns9g3MKp/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5710 1490611640.33 1490611640.9 576 192.168.1.116 - 58829 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 208 379 0 240 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5710 1490611646.87 1490611647.43 559 192.168.1.116 - 58829 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cLgs0z6rjTJBlz7uZ/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5711 1490611839.29 1490611839.8 505 192.168.1.116 - 58830 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1PiHv1xiOOv57eO0VtWIr9eVp0/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5712 1490612031.71 1490612032.23 520 192.168.1.116 - 58831 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ygpldf6JVRWJhXGzaoiO1nLw6Mn7Na/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5713 1490612225.12 1490612225.63 504 192.168.1.116 - 58832 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9ggCCpcYwASw6HoAoqsmDQcFQ5/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5714 1490612417.51 1490612418.03 522 192.168.1.116 - 58833 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/McupZC5I7MywDpDnRyehEYNNDGXYV/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5715 1490612609.82 1490612610.34 520 192.168.1.116 - 58834 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RB7RiJYSEzJbZC1re3uvLB45/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5716 1490612802.13 1490612802.65 520 192.168.1.116 - 58835 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A8L3e4wS8WqFnz5lUFBU0r2b3OtjLGrD/ 235 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5717 1490612994.49 1490612996.03 1543 192.168.1.116 - 58836 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5717 1490613003.6 1490613004.72 1123 192.168.1.116 - 58836 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5717 1490613011.81 1490613012.4 591 192.168.1.116 - 58836 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PdBMncL3Cbi1kF0MI9NqLUaJNsq48i/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5718 1490613206.85 1490613208.36 1511 192.168.1.116 - 58837 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1fYavVeScwfCyjdSl/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5719 1490613400.15 1490613400.66 512 192.168.1.116 - 58838 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mJYOrjwEo5IfjFb8oZohEdno4/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5720 1490613592.66 1490613593.17 512 192.168.1.116 - 58839 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0eRQGZuJjCWwAxvL6Zoy0/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5721 1490613785.04 1490613785.57 534 192.168.1.116 - 58840 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U7frzUHHxk2XFGXXRgXP8IpJYpVLq5/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5722 1490613983.52 1490613984.06 537 192.168.1.116 - 58841 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5723 1490614001.71 1490614002.23 523 192.168.1.116 - 58842 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5724 1490614019.89 1490614020.41 522 192.168.1.116 - 58843 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 211 131 0 9 133 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5725 1490614037.71 1490614038.29 577 192.168.1.116 - 58844 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CuBlIpdQOGTFgqSyn/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5726 1490614230.12 1490614230.63 506 192.168.1.116 - 58845 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t1o8EGH9KiDBa7yUjx/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5727 1490614422.5 1490614423.0 506 192.168.1.116 - 58846 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wW3R3Rg8WHVZUijFlDZPLggP8GDkNag/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5728 1490614614.89 1490614615.41 521 192.168.1.116 - 58847 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nvKSmFLjCoRE8xCNkGQZKdi51/ 228 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5729 1490614807.32 1490614807.84 521 192.168.1.116 - 58848 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sDaIQ96qO8ULWpQyYY/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5730 1490614999.74 1490615000.26 523 192.168.1.116 - 58849 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a9H5PsobH49yLWGVladjLepdzxkOLL/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5731 1490615192.11 1490615192.62 512 192.168.1.116 - 58850 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nuFOSGirWZzqHJn2TgBxB4ng0JQj/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5732 1490615386.02 1490615386.59 578 192.168.1.116 - 58851 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TfVtXlACWzAvGKPoseJfceG2/ 227 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5733 1490615578.42 1490615578.97 541 192.168.1.116 - 58852 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kStHm1aZZjuSR0jQ1OQ1q29Xl7/ 229 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5734 1490615770.74 1490615771.25 515 192.168.1.116 - 58853 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RYh8iEBtcHHOtOt6RWFBMvO/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5735 1490615964.47 1490615965.04 570 192.168.1.116 - 58854 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 211 363 0 224 133 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5735 1490615965.29 1490615965.83 543 192.168.1.116 - 58854 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AnDI9cnBkE2Cy7nYeu0Orsd/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5736 1490616158.92 1490616159.46 538 192.168.1.116 - 58855 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h2RyfBAangRw7QXZKWzb/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5737 1490616351.24 1490616351.76 520 192.168.1.116 - 58856 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mwa5xLthrtawuvX66Fj/ 222 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5738 1490616543.66 1490616544.18 519 192.168.1.116 - 58857 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4BcSd56Pq92tnBTwlR1a/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5739 1490616735.99 1490616736.5 513 192.168.1.116 - 58858 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FfOXvb2kT4QzMBVriw/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5740 1490616929.41 1490616929.93 529 192.168.1.116 - 58859 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pBBnDPBSDJm4Nkk2eyAX/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5741 1490617121.76 1490617122.28 523 192.168.1.116 - 58860 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9UuecnyVJCRiWv5gWd1jmQ3FzAxz/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5742 1490617314.13 1490617314.64 507 192.168.1.116 - 58861 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R4kmtHEOn0KCRbpqp/ 220 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5743 1490617506.56 1490617507.1 539 192.168.1.116 - 58862 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6xgBpNOMn5CxQBMTukc75ND8xGf/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5744 1490617698.96 1490617699.5 536 192.168.1.116 - 58863 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2adohe87cxnDXf5PtjX0Pz/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5745 1490617891.31 1490617891.83 522 192.168.1.116 - 58864 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g5WIiFOq7rTLD02lcI6zDn/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5746 1490618083.91 1490618084.42 512 192.168.1.116 - 58865 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XruepHzyfLCaT6zxRXHUATS/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5747 1490618276.25 1490618276.76 517 192.168.1.116 - 58866 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oeZfXrEugTWIjMBhv8y2OviQH1xMx2/ 233 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5748 1490618468.7 1490618470.24 1545 192.168.1.116 - 58867 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 207 32029 0 31888 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5748 1490618477.79 1490618478.89 1098 192.168.1.116 - 58867 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 207 22989 0 22848 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5748 1490618486.49 1490618487.08 585 192.168.1.116 - 58867 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5gWtV30UmDPCN0gGZU9I858MSeP/ 230 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5749 1490618678.9 1490618679.42 522 192.168.1.116 - 58868 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nfCNWPQzVBYE7RrGlha8J3/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5750 1490618871.3 1490618871.84 545 192.168.1.116 - 58869 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i91y7ipzaAweC0q7YWpf6vP/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5751 1490619063.74 1490619064.26 520 192.168.1.116 - 58870 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GE57wQwPJv099lKurb39/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5752 1490619257.14 1490619257.67 520 192.168.1.116 - 58871 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lxkI83hyYAf0UA002sn7SQvocEcs/ 231 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5753 1490619449.47 1490619450.0 529 192.168.1.116 - 58872 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5W7oHu2NiICCpLOJbj47A5IvYFMe7/ 232 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5754 1490619641.85 1490619642.37 521 192.168.1.116 - 58873 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9jPs9ZLdnwukyNRXZduzGPa5c0sHxVb/ 234 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5755 1490619834.73 1490619835.33 606 192.168.1.116 - 58874 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/listed/0/ 218 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5756 1490619839.53 1490619840.11 578 192.168.1.116 - 58875 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XvX509O9hlLEi7kwenmw/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5757 1490620034.73 1490620035.25 518 192.168.1.116 - 58876 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fRvR34gcPhMx05jJs9/ 221 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5758 1490620228.18 1490620228.72 537 192.168.1.116 - 58877 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4lNF8XQTsL31VlpS0INUvO/ 225 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5759 1490620421.54 1490620422.07 536 192.168.1.116 - 58878 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tt8NKLLJtGlazqKNI2Nbw/ 224 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5760 1490620613.94 1490620614.46 520 192.168.1.116 - 58879 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TqHQX6n0q53yB1h7cKUmPae/ 226 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5761 1490620806.33 1490620806.85 525 192.168.1.116 - 58880 200.120.214.150 443 https://200.120.214.150/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Al6VlNBjH1pRsr85Yg5/ 223 144 0 3 133 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5762 1490621132.87 1490621133.4 532 192.168.1.116 - 58884 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5763 1490621133.81 1490621134.09 272 192.168.1.116 - 58885 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 5762 1490621134.29 1490621134.7 409 192.168.1.116 - 58884 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/va2iIiAfjvzBFn5c7SFxbQDvUlqogZ/ 331 520 0 377 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5762 1490621135.14 1490621135.53 389 192.168.1.116 - 58884 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/KUNNDWTXJFUK/1/ 218 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5764 1490621137.84 1490621138.38 540 192.168.1.116 - 58886 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5765 1490621140.39 1490621140.77 384 192.168.1.116 - 58887 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5766 1490621142.89 1490621143.3 414 192.168.1.116 - 58888 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5767 1490621145.3 1490621145.63 325 192.168.1.116 - 58889 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MOvI7Blvre1V4XC4QcsdJF9X3FvDv/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5768 1490621336.91 1490621337.3 398 192.168.1.116 - 58890 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dQgZsJEKlyYJrQyZ3IaZ4mFA/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5769 1490621528.84 1490621529.52 684 192.168.1.116 - 58891 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5769 1490621529.81 1490621530.25 440 192.168.1.116 - 58891 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8t3x7YpyTAlSgmFRV4OSeB/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5770 1490621721.92 1490621722.4 473 192.168.1.116 - 58892 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5ZgqDeciTfPDzMebOkZLNAVUcmEw1/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5771 1490621914.34 1490621914.86 511 192.168.1.116 - 58893 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ljmj177engNcSmPXzgf7zH/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5772 1490622106.29 1490622106.7 406 192.168.1.116 - 58894 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tVuoOMsScXTOhtzax9rivuoXG/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5773 1490622298.44 1490622298.88 441 192.168.1.116 - 58895 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iyG3HVJWM4nWht8zCx/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5774 1490622490.52 1490622490.89 368 192.168.1.116 - 58896 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5774 1490622496.85 1490622497.23 384 192.168.1.116 - 58896 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n7HQ1CDGIxwqaO4ANGqgINA4/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5775 1490622688.57 1490622688.95 374 192.168.1.116 - 58897 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c64rrEgnTGc0yqO3Srw/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5776 1490622880.31 1490622880.66 350 192.168.1.116 - 58898 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p9trJgSAEn1bKYZgtlwwmferg3f/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5777 1490623072.09 1490623072.51 414 192.168.1.116 - 58899 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dyHUb1ISWhsm2HF65qT3r5XZAoeH/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5778 1490623263.87 1490623264.24 373 192.168.1.116 - 58900 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jgg6zKoag8bfaJ18CEFV/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5779 1490623455.46 1490623455.8 342 192.168.1.116 - 58901 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FCjQKibLlPkjJOvUZopesQSzElY8E/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5780 1490623647.12 1490623647.49 372 192.168.1.116 - 58902 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2HOo4dw9TlfqaUfIzpTAy4/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5781 1490623838.72 1490623839.09 366 192.168.1.116 - 58903 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ISEWqvKHF3BtWg7GJZr38sIAp5/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5782 1490624030.4 1490624032.07 1670 192.168.1.116 - 58904 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5782 1490624039.26 1490624039.98 724 192.168.1.116 - 58904 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5782 1490624047.66 1490624048.06 399 192.168.1.116 - 58904 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dOX8IpxT1ABp6Bmdgp5JGf59t/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5783 1490624240.38 1490624240.75 373 192.168.1.116 - 58905 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5mGsXuEdtHYbgt5CF7PSD9HFMn5/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5784 1490624431.96 1490624432.29 338 192.168.1.116 - 58906 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MkAGMVBdJJtYRqPaFgYPV/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5785 1490624623.6 1490624623.97 372 192.168.1.116 - 58907 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7bMai6Q3B8ZtZkGKdP4M4/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5786 1490624816.02 1490624816.43 405 192.168.1.116 - 58908 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AYiukZv3lN7cLLYK6d6zujsalKTHk3yo/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5787 1490625007.72 1490625009.03 1311 192.168.1.116 - 58909 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jEPvXHoCWCAHW4kd4/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5788 1490625200.32 1490625200.66 339 192.168.1.116 - 58910 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bb7cMicTVF7wF4ef0YqYCopeV/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5789 1490625392.03 1490625392.46 433 192.168.1.116 - 58911 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TE2XPN2xC0ZJoPwdcYdJ9Em0VlA/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5790 1490625583.81 1490625584.2 382 192.168.1.116 - 58912 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vE7Atindk6PSrS4WZV4WH7knXYzjJC0/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5791 1490625775.51 1490625775.88 373 192.168.1.116 - 58913 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x52qgPzders0Hb9AV/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5792 1490625968.08 1490625968.42 339 192.168.1.116 - 58914 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z5hajeBByFJKxlaN0x1uXXhzaiuExPpB/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5793 1490626159.71 1490626160.08 367 192.168.1.116 - 58915 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bA9imQhFfKKcizBLZLT9A4kPEv/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5794 1490626351.45 1490626351.83 382 192.168.1.116 - 58916 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YCDTMwFgcQf5S8vYxIs25ordXC/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5795 1490626543.24 1490626543.61 371 192.168.1.116 - 58917 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KIjIoMPNFfUIKnglmtyT7OTwSrQ43B7j/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5796 1490626734.92 1490626735.31 388 192.168.1.116 - 58918 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r3HQh6zVoIQKVwfBUxamB2QsvfB7ZFr/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5797 1490626927.31 1490626927.7 392 192.168.1.116 - 58919 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q2JMpIqAdu1jrRH9/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5798 1490627118.95 1490627119.33 374 192.168.1.116 - 58920 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5798 1490627119.6 1490627120.01 417 192.168.1.116 - 58920 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F2UYhk5uC4JG8Wrf25unU1/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5799 1490627311.36 1490627311.75 386 192.168.1.116 - 58921 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Daf9sqOdUjPw5WNnL2GyIr1KEUcNw5/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5800 1490627502.9 1490627503.2 307 192.168.1.116 - 58922 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0MHi6jhHez9rEu9dHdFQTfBaaADC/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5801 1490627695.54 1490627695.92 383 192.168.1.116 - 58923 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vdeeZa3AZUF4YVN1enXp/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5802 1490627887.32 1490627887.69 373 192.168.1.116 - 58924 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Hr1JHH1rfbhDPOpUcVauhZuGCwv/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5803 1490628078.95 1490628079.29 334 192.168.1.116 - 58925 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HFScNsnrRtm574oqImPjn/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5804 1490628270.66 1490628271.03 367 192.168.1.116 - 58926 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xTM9M8w7XbzFrvAptbVbeWiP/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5805 1490628468.29 1490628468.67 375 192.168.1.116 - 58927 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5806 1490628484.7 1490628485.07 371 192.168.1.116 - 58928 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5807 1490628501.23 1490628501.65 424 192.168.1.116 - 58929 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5808 1490628517.8 1490628518.17 372 192.168.1.116 - 58930 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JZ1i9fXieTJLFdkXSUwCLe1GFc/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5809 1490628709.44 1490628709.83 382 192.168.1.116 - 58931 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4lcNV3xiOQVjwR9t/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5810 1490628901.23 1490628901.66 433 192.168.1.116 - 58932 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wbBZZLvPxFa3TVeqtNEoDI/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5811 1490629092.96 1490629093.34 379 192.168.1.116 - 58933 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fQpAUg4NyuQbTVzjGwUD9/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5812 1490629284.54 1490629284.88 341 192.168.1.116 - 58934 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xVAH3harWsDi2DFJKH1/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5813 1490629476.17 1490629477.22 1050 192.168.1.116 - 58935 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5813 1490629484.76 1490629485.49 738 192.168.1.116 - 58935 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5813 1490629492.56 1490629492.97 411 192.168.1.116 - 58935 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/daqeRfXEp7GGGjyt2r/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5814 1490629684.37 1490629684.8 432 192.168.1.116 - 58936 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9iRwqVB8mvfSTA0qFXr/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5815 1490629876.11 1490629876.48 373 192.168.1.116 - 58937 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MiRnt96jEl5lOMcrCrUwwGY6ywyA/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5816 1490630067.86 1490630068.23 367 192.168.1.116 - 58938 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kyx3w76d0KbDIHTH0cyD/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5817 1490630259.41 1490630259.73 320 192.168.1.116 - 58939 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pKn6n6QqcWRANFKetapIhOzCPHfbgUK/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5818 1490630451.07 1490630451.44 367 192.168.1.116 - 58940 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UVNyQAoajCo4ITfPdHgArD/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5819 1490630642.65 1490630642.97 319 192.168.1.116 - 58941 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xaVkGaScBvHx8kr4yjYBwOL7/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5820 1490630878.81 1490630879.18 366 192.168.1.116 - 58943 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/313hefVsUCNE8n0FFBFsw6OyQVS/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5821 1490631070.52 1490631070.93 404 192.168.1.116 - 58944 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ifXbrPRfGGbQ78wYZfQbIbr9wt5FkOi/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5822 1490631262.41 1490631262.77 368 192.168.1.116 - 58945 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YZUaTu7WvqQhw0CBPvFP4NsvMzm/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5823 1490631454.2 1490631454.57 367 192.168.1.116 - 58946 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EmKnowPtQwNFeP7JjWfBV9N6D7Yy/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5824 1490631645.89 1490631646.26 374 192.168.1.116 - 58947 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GfHZJxknRR8ULyRSZ/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5825 1490631837.52 1490631837.85 336 192.168.1.116 - 58948 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bXICB9ckS9KW7a61jc1dnHsOhenO5/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5826 1490632029.16 1490632029.53 376 192.168.1.116 - 58949 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/coE3nwm7cwzvthAG9GTvrg/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5827 1490632220.87 1490632221.24 371 192.168.1.116 - 58950 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VgYj4PVocvW6Bsu97h1SK6NwiaI/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5828 1490632412.53 1490632412.89 368 192.168.1.116 - 58951 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gdjn8Poe9dyCCX7sZLuwHzCSpAcIVnAb/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5829 1490632604.22 1490632604.63 412 192.168.1.116 - 58952 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5829 1490632604.89 1490632605.28 383 192.168.1.116 - 58952 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s5AlSLeFDXghhdnr/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5830 1490632796.69 1490632797.13 441 192.168.1.116 - 58953 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kz9C7ZwSwZVzy6PNCigsb/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5831 1490632988.45 1490632988.83 373 192.168.1.116 - 58954 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A5yDa1L9GorCQ6Hx2I/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5832 1490633180.19 1490633180.56 371 192.168.1.116 - 58955 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lhNPpQg13J9BzFuWvcqGD9aXebZf5T/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5833 1490633371.96 1490633372.38 412 192.168.1.116 - 58956 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5833 1490633378.34 1490633378.78 446 192.168.1.116 - 58956 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7NuYZVw1m7zI3AXDE2tFQFaG4h/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5834 1490633570.06 1490633570.39 334 192.168.1.116 - 58957 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sT9qIvkvqaJLOtrhgQf/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5835 1490633761.63 1490633761.95 319 192.168.1.116 - 58958 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N7BVHtkzzQNxdrwWiy7rwp9/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5836 1490633953.55 1490633953.98 432 192.168.1.116 - 58959 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C1sZ4k99hHU9joNgu80izOPmpHUM/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5837 1490634145.46 1490634145.83 369 192.168.1.116 - 58960 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Uy4bUP0OluCwO55pcK7eRlO4qMSf86O/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5838 1490634337.12 1490634337.49 368 192.168.1.116 - 58961 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oirkJupSoAbXsHX5KJzTitDJVyYT9/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5839 1490634528.77 1490634529.15 376 192.168.1.116 - 58962 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rEWIhuq0eoeeOwS33ORu/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5840 1490634721.25 1490634722.02 769 192.168.1.116 - 58963 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fEun0ivAzdKXMN1cwfa5RATFj699y/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5841 1490634913.29 1490634914.29 1004 192.168.1.116 - 58964 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5841 1490634921.97 1490634922.71 737 192.168.1.116 - 58964 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5841 1490634930.37 1490634930.75 389 192.168.1.116 - 58964 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bPsN3vnU1CWGDrKxNzgZqfk/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5842 1490635122.15 1490635122.58 434 192.168.1.116 - 58965 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OXaJSz1Gu9Lkgv23Ir0YcOAVgkUJUnu/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5843 1490635313.89 1490635314.26 368 192.168.1.116 - 58966 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yo7O972fmnrxhgYD3/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5844 1490635505.6 1490635505.97 368 192.168.1.116 - 58967 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qQDHMCVALIb9lDYIMcDjvmq/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5845 1490635697.33 1490635697.7 370 192.168.1.116 - 58968 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cs1hPOeK0BnSD89q4JsfYl011u/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5846 1490635889.92 1490635890.29 369 192.168.1.116 - 58969 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PuQ9YxhguVWz4yOGkwRRYTvj/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5847 1490636081.59 1490636081.97 378 192.168.1.116 - 58970 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q1AXPTWDaVhCmPT640OArOEr2j6gW/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5848 1490636274.23 1490636274.6 370 192.168.1.116 - 58971 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I3XwKcwG0VtMTm0gNx9p5P/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5849 1490636465.88 1490636466.28 399 192.168.1.116 - 58972 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H5to8KGCYuILUj9YWvb1Rt8F/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5850 1490636657.67 1490636658.05 385 192.168.1.116 - 58973 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/439QqnCsqovpGU6YbToca/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5851 1490636849.4 1490636849.78 380 192.168.1.116 - 58974 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oEQBa8MG59vtGooPjMl2rUWAP4cVp/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5852 1490637041.05 1490637041.42 373 192.168.1.116 - 58975 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YGo9MpxP9KFc2H4T8zL/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5853 1490637232.7 1490637233.08 382 192.168.1.116 - 58976 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nKwmeGLVOC5eDLlJG0r8ab/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5854 1490637424.44 1490637424.81 368 192.168.1.116 - 58977 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eiWPttP4hbKIwAsiW/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5855 1490637616.02 1490637616.34 322 192.168.1.116 - 58978 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dc4eoTzO4MMsTCqwiyAbBwA/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5856 1490637807.62 1490637807.95 335 192.168.1.116 - 58979 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bOB1lSYyCK8rIGFjkq1/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5857 1490637999.26 1490637999.63 370 192.168.1.116 - 58980 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XoyvwJlkT7e861E7H1GC6rPoT5/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5858 1490638191.06 1490638191.46 406 192.168.1.116 - 58981 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5858 1490638191.72 1490638192.09 375 192.168.1.116 - 58981 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wYnTuAcgMeOyWrfT/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5859 1490638383.45 1490638383.82 371 192.168.1.116 - 58982 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jfwkm10UQiVLMZ5RXyyOf/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5860 1490638575.18 1490638575.54 369 192.168.1.116 - 58983 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b5doI4UfC2Zid4LvBC4/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5861 1490638766.82 1490638767.19 372 192.168.1.116 - 58984 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/woE4gDUEz9DILEyHgIK5UvJ/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5862 1490638958.5 1490638958.87 373 192.168.1.116 - 58985 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ksLkPxLZ7AeCq4l0jjKaC8H35KzhD1/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5863 1490639150.15 1490639151.46 1307 192.168.1.116 - 58986 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I8e3DK5k6SinCTGXUIy45Y/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5864 1490639342.78 1490639343.15 371 192.168.1.116 - 58987 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SzPB6jruvfbcpu746UmemF9kE5AY/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5865 1490639534.42 1490639534.8 377 192.168.1.116 - 58988 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8TRCmNfLnapdKpt1yfuQBnwITa0zqEyO/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5866 1490639726.06 1490639726.43 371 192.168.1.116 - 58989 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/etvBhwNXAVQTrsyu0iZ/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5867 1490639917.77 1490639918.14 371 192.168.1.116 - 58990 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eQzze3H4iZBbthKkO/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5868 1490640109.49 1490640109.86 371 192.168.1.116 - 58991 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tWXoNVBL5iFf4yHC3oKZJFoVXzA4NB/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5869 1490640301.1 1490640301.47 369 192.168.1.116 - 58992 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a4HGgKy8qkLgXoU6GFwjk4ZWmg/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5870 1490640492.82 1490640492.97 145 192.168.1.116 - 58993 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5870 1490640493.2 1490640493.31 113 192.168.1.116 - 58993 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/BtHSKhhUQrch8vLO/ 318 506 0 363 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5870 1490640493.77 1490640493.9 135 192.168.1.116 - 58993 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5870 1490640496.66 1490640496.81 152 192.168.1.116 - 58993 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5870 1490640499.04 1490640499.11 71 192.168.1.116 - 58993 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/XRRWWUDMBJWY/1/ 219 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5871 1490640499.29 1490640499.4 113 192.168.1.116 - 58994 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5872 1490640499.67 1490640499.78 108 192.168.1.116 - 58995 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5873 1490640499.95 1490640500.02 69 192.168.1.116 - 58996 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5874 1490640500.2 1490640500.27 74 192.168.1.116 - 58997 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EAOnfOm1amT1iK8pGHaY/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5875 1490640690.68 1490640690.75 72 192.168.1.116 - 58998 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sxa0irLQGErh2Dfr9xlza0p4lgqM/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5876 1490640881.12 1490640881.2 74 192.168.1.116 - 58999 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uYptCwtQZPG5jGNxaq7EE/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5877 1490641071.61 1490641071.69 75 192.168.1.116 - 59000 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h9xit4FeBaSNadk0xwsR9V/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5878 1490641262.1 1490641262.17 76 192.168.1.116 - 59001 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SXrYvkXDBJyV9kxemBOK1/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5879 1490641452.61 1490641452.68 77 192.168.1.116 - 59002 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sr6DIq3I16GMjgnAlo5oexPzc/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5880 1490641643.07 1490641643.14 73 192.168.1.116 - 59003 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kpp5lCK79dhVgcRKVUEbdaYmp9/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5881 1490641833.54 1490641833.61 76 192.168.1.116 - 59004 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hXd4gLSvwdOYtWBxWUFUM23A4KptfHiF/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5882 1490642024.01 1490642024.08 75 192.168.1.116 - 59005 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oRj8wwHiRZUTdF27M1JThcS/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5883 1490642214.47 1490642214.54 73 192.168.1.116 - 59006 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6VEPsPapJJRAi3dgFeVtv7X73Uu/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5884 1490642404.93 1490642405.01 80 192.168.1.116 - 59007 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rCC0Mrqi31eKNtsIoYtLNmM4odhuysh9/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5885 1490642595.43 1490642595.51 74 192.168.1.116 - 59008 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GaJruRdlLkMa2AorcbAQlgCH/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5886 1490642785.89 1490642785.97 72 192.168.1.116 - 59009 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QwsdwKEj0tYJZZxaqdHHH/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5887 1490642982.42 1490642982.53 111 192.168.1.116 - 59010 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5888 1490642997.74 1490642997.82 72 192.168.1.116 - 59011 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5889 1490643013.0 1490643013.07 73 192.168.1.116 - 59012 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5890 1490643028.26 1490643028.34 76 192.168.1.116 - 59013 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/weEZUUERrjcNAf14t7zwj/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5891 1490643218.75 1490643218.82 77 192.168.1.116 - 59014 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rhHWeP25s7cDXsFfA4d/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5892 1490643409.19 1490643409.27 76 192.168.1.116 - 59015 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qJbSrTbkhsceZdD9LY0c5a/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5893 1490643599.68 1490643599.75 71 192.168.1.116 - 59016 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5893 1490643600.01 1490643600.1 88 192.168.1.116 - 59016 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tMDJ3A7FsRSPDMLZs/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5894 1490643790.66 1490643790.77 117 192.168.1.116 - 59017 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4c7jaLQ6MHvSyjaeqteOSshYb5/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5895 1490643981.25 1490643981.32 76 192.168.1.116 - 59018 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7EUhNJylexEx8Dsv4HMucIdhxN/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5896 1490644171.73 1490644171.8 72 192.168.1.116 - 59019 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MGn4saRnEveuVWIE6O0GQ/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5897 1490644362.2 1490644362.28 79 192.168.1.116 - 59020 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5897 1490644368.25 1490644368.33 84 192.168.1.116 - 59020 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OWYYF8EiDXBIgOJcxyM/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5898 1490644558.7 1490644558.79 82 192.168.1.116 - 59021 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vPwBoqZ6Bmxp2TUOdhsDgM8IXJTL/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5899 1490644749.22 1490644749.3 75 192.168.1.116 - 59022 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v50pzKpVW300o1SQ7LtIXDC8h/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5900 1490644939.67 1490644939.75 80 192.168.1.116 - 59023 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jd5VPrv1QuEeOherEdf2mhFRhPKUi5/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5901 1490645130.16 1490645130.23 74 192.168.1.116 - 59024 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xMacRLXh9oIqO32dTstU/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5902 1490645320.61 1490645320.69 81 192.168.1.116 - 59025 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FfVQ25KQ7iyp8vvtyXJooaBbHmGE3W7f/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5903 1490645511.1 1490645511.17 73 192.168.1.116 - 59026 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NwF1MzvwuwrMcc1sDm8hplxFPd/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5904 1490645701.54 1490645701.62 75 192.168.1.116 - 59027 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ql2hcW0mvHMN1GTgTAVaugz57VDcy/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5905 1490645892.02 1490645892.09 77 192.168.1.116 - 59028 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qh6mLMia1btJ9nVYHhNu0w/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5906 1490646082.52 1490646082.67 159 192.168.1.116 - 59029 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5906 1490646089.86 1490646090.0 137 192.168.1.116 - 59029 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5906 1490646097.34 1490646097.45 103 192.168.1.116 - 59029 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jTExIiD2Dw3xAQoJc2/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5907 1490646287.81 1490646287.88 73 192.168.1.116 - 59030 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2I1yPPiN4FbtcIE4nAhX/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5908 1490646478.3 1490646478.38 79 192.168.1.116 - 59031 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WE5RkdZOL8Ax4OnOpC/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5909 1490646668.75 1490646668.83 73 192.168.1.116 - 59032 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q6ULD0X1zF5EaqRTezvQ4xPI/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5910 1490646859.35 1490646859.43 76 192.168.1.116 - 59033 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rbIyh53sYZEnaUUgi8/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5911 1490647049.85 1490647049.93 79 192.168.1.116 - 59034 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EP1UmLzTmqL0TANlHCz5s5mkra/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5912 1490647240.32 1490647240.39 77 192.168.1.116 - 59035 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YXM6ftLDx1x516oh1K4bJhPqhT/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5913 1490647430.84 1490647430.92 79 192.168.1.116 - 59036 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BMd05hYXO7IedEU5XDsVa8/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5914 1490647621.33 1490647621.4 73 192.168.1.116 - 59037 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lBoIluhHvunWCRRJLymKEDekdmN7/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5915 1490647811.82 1490647811.91 87 192.168.1.116 - 59038 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UcAB7rGbHyr1e49wPrGSNAcrg4/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5916 1490648002.28 1490648002.36 81 192.168.1.116 - 59039 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Aq94ifK7oUrdBMMgqivMr9VL/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5917 1490648192.96 1490648193.04 75 192.168.1.116 - 59040 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FWSFeNEojSeXhX9oUS2cOmieS/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5918 1490648383.45 1490648383.52 75 192.168.1.116 - 59041 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gzgywcEvMxUUsxeSxg16ryHZMwx8OJK/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5919 1490648573.93 1490648574.03 94 192.168.1.116 - 59042 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KFqLsG985RymdVpYNkvPKE/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5920 1490648764.77 1490648764.95 176 192.168.1.116 - 59043 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5921 1490648766.12 1490648766.19 73 192.168.1.116 - 59044 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eCscXTQmRlYgjKkg7oX/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5922 1490648956.62 1490648956.69 74 192.168.1.116 - 59045 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZW2salvPj4n3viMVieoAWbVWj927125/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5923 1490649147.12 1490649147.18 68 192.168.1.116 - 59046 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5923 1490649147.44 1490649147.53 87 192.168.1.116 - 59046 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wW66UTgsCxi5xbvmaoo0Da6n/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5924 1490649337.9 1490649337.97 77 192.168.1.116 - 59047 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UW6oXKZGsRvuYeGn/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5925 1490649528.36 1490649528.43 75 192.168.1.116 - 59048 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4F5b7oeRQvgO6zmkeSkpWsCQiYn1hyFO/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5926 1490649718.82 1490649718.89 74 192.168.1.116 - 59049 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ccqjMBEJdWZarvAwDsYQNIYs7MZSi7I/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5927 1490649909.28 1490649909.35 75 192.168.1.116 - 59050 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rfXKvj9ltyTbqRCFPArm79kWYQlPB/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5928 1490650099.7 1490650099.78 75 192.168.1.116 - 59051 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/whP6ImYpmcl1sXR0/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5929 1490650290.16 1490650290.23 72 192.168.1.116 - 59052 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XpKGadCCn23VM8lDc/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5930 1490650480.85 1490650480.93 82 192.168.1.116 - 59053 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R4kIuLJ5mObenTI3nChyPCP2W8uIN7U/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5931 1490650671.32 1490650671.4 75 192.168.1.116 - 59054 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zDmERjsQ9ZLyNk9xcUpjfgeHlP1U/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5932 1490650861.81 1490650861.88 74 192.168.1.116 - 59055 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MxZ91iwiwt9gJ7QIikadLSVIEwFVvSS/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5933 1490651052.42 1490651052.49 71 192.168.1.116 - 59056 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gDt89D1d71sAQcZZzrrroPN/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5934 1490651242.88 1490651242.96 78 192.168.1.116 - 59057 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bifZBNzPZ4cE5HaSY2TY8swdLIOy/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5935 1490651433.41 1490651433.48 73 192.168.1.116 - 59058 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uUR5V435AwFcOHaImGsi/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5936 1490651623.89 1490651624.03 136 192.168.1.116 - 59059 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5936 1490651631.22 1490651631.34 120 192.168.1.116 - 59059 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5936 1490651638.63 1490651638.72 87 192.168.1.116 - 59059 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/29iBj6qJpKdJphEw5HZOr3/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5937 1490651829.12 1490651829.19 71 192.168.1.116 - 59060 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/omQi2x0l2GrHVqpxf1hW/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5938 1490652019.7 1490652019.77 69 192.168.1.116 - 59061 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/abkP4yptdQxNzIrAlT4nOYpofJ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5939 1490652210.22 1490652210.29 74 192.168.1.116 - 59062 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v0RnQz1gtrlQBf8HjSU2PUTIMblUyW9u/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5940 1490652400.72 1490652400.8 77 192.168.1.116 - 59063 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CUkqR2ss980wys4MKELdsvIncT/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5941 1490652591.18 1490652591.25 74 192.168.1.116 - 59064 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W27MN0nJ3WPA7AzqVHYHamdWARRk7ha/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5942 1490652781.64 1490652781.71 73 192.168.1.116 - 59065 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wbj9AMeYUbeeIgIMi5/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5943 1490652972.15 1490652972.22 72 192.168.1.116 - 59066 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GYzFTzRPl63VfeKgJehtB9qvwL/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5944 1490653162.91 1490653162.99 78 192.168.1.116 - 59067 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s6WClCFe9ictKNrSW6eeNGiSI2ce9x/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5945 1490653353.42 1490653353.5 74 192.168.1.116 - 59068 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f2Gz7dDTyovf5TTM/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5946 1490653543.87 1490653543.94 80 192.168.1.116 - 59069 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U3JiRJ682A1DQX0hZChe2IMD9vJampr/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5947 1490653734.33 1490653734.41 78 192.168.1.116 - 59070 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/awYT88oCn7bzWQAKdsJOuLM4/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5948 1490653924.83 1490653924.9 72 192.168.1.116 - 59071 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eLkO6TO2nr9Wpl9BFdcxioNwQ/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5949 1490654115.27 1490654115.36 96 192.168.1.116 - 59072 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BqdGLPic6ANeyxokfpqd2HO3dwv/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5950 1490654305.8 1490654305.88 78 192.168.1.116 - 59073 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g76z7BKCoUpV3A7c9/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5951 1490654496.26 1490654496.33 76 192.168.1.116 - 59074 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MtnP5RM6AHGrxk4Dpm3PVaEVt/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5952 1490654686.73 1490654686.82 91 192.168.1.116 - 59075 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5952 1490654687.09 1490654687.16 79 192.168.1.116 - 59075 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/maCwiOpQ4BepQwjc/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5953 1490654877.58 1490654877.67 87 192.168.1.116 - 59076 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3h4mRScD4U9FAJiEwgk/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5954 1490655068.12 1490655068.21 88 192.168.1.116 - 59077 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0yubOOZIsbdLzq5QlheUO1/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5955 1490655258.61 1490655258.68 69 192.168.1.116 - 59078 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5955 1490655264.64 1490655264.73 89 192.168.1.116 - 59078 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xIvuM22CiTbyYkC1jO/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5956 1490655455.1 1490655455.17 74 192.168.1.116 - 59079 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xgl9MxTzHXsNycKPRHOauvnfEmp4j/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5957 1490655645.56 1490655645.65 87 192.168.1.116 - 59080 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gxJ56nGPr6phrQafkAcN858X2M/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5958 1490655836.03 1490655836.11 74 192.168.1.116 - 59081 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LSTzDam5H2G9JUY4K3Lon6/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5959 1490656026.55 1490656026.76 207 192.168.1.116 - 59082 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VwyjLG36O8t9gc0QNy6xvuM5LRukJ92/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5960 1490656217.13 1490656217.21 74 192.168.1.116 - 59083 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SYs6VLsSyps9FIu2P/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5961 1490656407.56 1490656407.63 74 192.168.1.116 - 59084 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n4aq22GHqAlpuncRIXePAYLGQt75SKf/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5962 1490656598.01 1490656598.09 79 192.168.1.116 - 59085 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T89lGJHJbNruBLPV1/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5963 1490656788.51 1490656788.58 73 192.168.1.116 - 59086 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jYF5V0W5jGuayKsW8kutzBs/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5964 1490656978.99 1490656979.09 102 192.168.1.116 - 59087 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/prvTSwFrpM4LFpYI/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5965 1490657169.52 1490657169.66 140 192.168.1.116 - 59088 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5965 1490657177.21 1490657177.34 132 192.168.1.116 - 59088 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5965 1490657184.65 1490657184.73 75 192.168.1.116 - 59088 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4oRRFavRVw8j6GoDXI7PpN/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5966 1490657375.15 1490657375.23 75 192.168.1.116 - 59089 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M81v706xAZHJmnuaYMKf/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5967 1490657571.63 1490657571.7 71 192.168.1.116 - 59090 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5968 1490657586.91 1490657586.98 68 192.168.1.116 - 59091 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5969 1490657602.19 1490657602.26 67 192.168.1.116 - 59092 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 5970 1490657617.45 1490657617.52 71 192.168.1.116 - 59093 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/InJLeogVQNwInwyudHoq5lafKOR6/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5971 1490657807.9 1490657807.98 75 192.168.1.116 - 59094 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PxapbuQbwmEvsiuWNZn/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5972 1490657998.64 1490657998.71 73 192.168.1.116 - 59095 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qfypBJ2vjE0r3fLSS0XaS/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5973 1490658189.12 1490658189.19 73 192.168.1.116 - 59096 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MT8rws7naerPqY2r9zuHR/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5974 1490658379.61 1490658379.69 74 192.168.1.116 - 59097 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iS1p1nOerCxvFEys/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5975 1490658570.07 1490658570.14 71 192.168.1.116 - 59098 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pn9SkytNd28CoR4DUH5NVk7LHve/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5976 1490658760.52 1490658760.6 79 192.168.1.116 - 59099 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p4N4RiiBYNo0r1zN68zY/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5977 1490658950.99 1490658951.06 71 192.168.1.116 - 59100 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7T66TYEPYVdIuRrxUW8KFZQD/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5978 1490659141.6 1490659141.69 88 192.168.1.116 - 59101 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gf9mzzJn8F9TngSNPqRlv/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5979 1490659332.1 1490659332.2 94 192.168.1.116 - 59102 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nbpn9kaoDFMFa9JxsVJFplTSe/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5980 1490659522.62 1490659522.7 84 192.168.1.116 - 59103 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lngTvOlqIaNB74LJik89w5EfF2WR/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5981 1490659714.74 1490659715.46 726 192.168.1.116 - 59104 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5982 1490659716.59 1490659716.86 271 192.168.1.116 - 59105 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 5981 1490659717.06 1490659717.78 714 192.168.1.116 - 59104 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/CdCx5f0hdthOMWksBIr/ 322 509 0 366 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5981 1490659718.3 1490659718.9 606 192.168.1.116 - 59104 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/XDLCNEWTAMSV/1/ 220 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 5983 1490659721.71 1490659722.35 635 192.168.1.116 - 59106 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5984 1490659725.08 1490659725.68 608 192.168.1.116 - 59107 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5985 1490659728.5 1490659729.11 616 192.168.1.116 - 59108 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5986 1490659730.98 1490659731.59 605 192.168.1.116 - 59109 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y1ri0eKiT5jtYtiChXd8DvlO3xjJ/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5987 1490659923.6 1490659924.22 619 192.168.1.116 - 59110 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cXpelwrTzk0j3K5RF/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5988 1490660116.29 1490660116.91 622 192.168.1.116 - 59111 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 5988 1490660117.17 1490660117.78 607 192.168.1.116 - 59111 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/faVIP9aXHHKaHwOiYBEO02vJ/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5989 1490660311.76 1490660312.38 619 192.168.1.116 - 59112 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qKmMyMQVY1GZSMONboHdTO27x9kEgoX/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5990 1490660504.43 1490660505.04 614 192.168.1.116 - 59113 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dPBzeSPx7k6Ayd0ylhVWx2T8/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5991 1490660697.06 1490660697.67 611 192.168.1.116 - 59114 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nzaSE1XIfvgjDwO8H8qqbVmsmg/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5992 1490660889.72 1490660890.33 605 192.168.1.116 - 59115 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Ac8cBDxJrKlLWLOToiUJ4/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5993 1490661082.52 1490661083.13 607 192.168.1.116 - 59116 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iqwIby2h6wGhMT8VBPUFwHBuTuzc2/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5994 1490661275.18 1490661275.82 636 192.168.1.116 - 59117 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p5KPVZ3RSybLoKi8LUZTRrxTFUI51M6/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5995 1490661467.83 1490661468.44 609 192.168.1.116 - 59118 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hFF9CntbFx9ZPItpJmJPgxS7a/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5996 1490661660.49 1490661661.1 609 192.168.1.116 - 59119 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cHqwP1Y3slwAc8QZXvlFfAL1AF/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5997 1490661853.09 1490661853.7 608 192.168.1.116 - 59120 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CmtwaDMsYQ1esB7pBtcupUr6/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5998 1490662045.67 1490662046.28 608 192.168.1.116 - 59121 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/95csjh3uwHrXmNCglCZ9/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 5999 1490662238.24 1490662238.81 569 192.168.1.116 - 59122 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hR561vBASl9Yz61eXTigFgNRUu/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6000 1490662430.84 1490662431.45 618 192.168.1.116 - 59123 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ndAnjAXrphV8hUggKA79wl90x4A9/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6001 1490662623.45 1490662625.19 1742 192.168.1.116 - 59124 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6001 1490662632.32 1490662633.49 1178 192.168.1.116 - 59124 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6001 1490662640.9 1490662642.51 1615 192.168.1.116 - 59124 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gsCXLT13V9KBZfdcdmkiduuo/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6002 1490662834.56 1490662835.17 606 192.168.1.116 - 59125 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2b6zqq00OvOr6SmE6PeQF6QdxFWQfhxx/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6003 1490663027.19 1490663027.8 612 192.168.1.116 - 59126 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dAq6elyXDTAj768bgClKB1x/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6004 1490663219.86 1490663222.07 2207 192.168.1.116 - 59127 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/umjqBS71cztoxfsRe0k8Ob6/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6005 1490663414.13 1490663414.74 612 192.168.1.116 - 59128 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DffKFu9KP3MBrquPy5ne3WWS/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6006 1490663606.78 1490663607.39 610 192.168.1.116 - 59129 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UlPvOvQh9N3Uef8SmoGbmB/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6007 1490663799.42 1490663800.04 619 192.168.1.116 - 59130 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cfPYX7dyRBYdjbufsZtDwm/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6008 1490663992.02 1490663992.65 632 192.168.1.116 - 59131 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1v2oZ1s9cbIpSNmOdy6DidJFLY3Nuvt3/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6009 1490664184.67 1490664185.28 607 192.168.1.116 - 59132 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hmGVAFWmYhq9nKueS2y0njAWeWE79Z9D/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6010 1490664377.28 1490664377.92 640 192.168.1.116 - 59133 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8JoK4zVdTPJu8HrSWKi/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6011 1490664569.88 1490664570.52 638 192.168.1.116 - 59134 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/znQe91gbu9lB2jeB0dVdPiy7V4/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6012 1490664762.6 1490664763.21 605 192.168.1.116 - 59135 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YNSuDGCN5s2v8XIq7D7ZBF/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6013 1490664955.22 1490664955.83 603 192.168.1.116 - 59136 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mQa98isEbRCi8PERv9RIQOaJPkd8/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6014 1490665147.92 1490665148.62 702 192.168.1.116 - 59137 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9VDLOMp7jdj4tqhEl8Vf0Iw/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6015 1490665340.65 1490665341.26 616 192.168.1.116 - 59138 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NCNaQzkIiydQYKXB59x7COgU7CNtTB/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6016 1490665533.35 1490665533.97 622 192.168.1.116 - 59139 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6016 1490665534.23 1490665534.84 610 192.168.1.116 - 59139 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HopGf559uUu7nB7L2tsMSDLW/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6017 1490665726.92 1490665727.53 604 192.168.1.116 - 59140 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dO8CwcDUNkZpY7ky4mNsF0kmwf7/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6018 1490665919.54 1490665920.15 609 192.168.1.116 - 59141 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RpcuOy0HajCLA1jZrzGO/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6019 1490666112.26 1490666112.87 617 192.168.1.116 - 59142 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6019 1490666118.84 1490666119.48 639 192.168.1.116 - 59142 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eaiY9KwxLKUuXzouepnTA/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6020 1490666311.59 1490666312.2 611 192.168.1.116 - 59143 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rwvpLEZWZwLEoHVq7pi3ikjdKUtqPF/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6021 1490666504.18 1490666504.79 613 192.168.1.116 - 59144 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IDVdF6wQrvMGXTgwQzA6yHaXHRWhDayt/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6022 1490666696.74 1490666697.31 567 192.168.1.116 - 59145 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZNvO1PBcfZrjCFQwWB19zXBHF/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6023 1490666889.36 1490666889.97 610 192.168.1.116 - 59146 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mYauDvIbHXzhgRXxWo34zqRnr1jf/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6024 1490667082.04 1490667082.65 607 192.168.1.116 - 59147 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2YwgoFKu2VS1IotsV/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6025 1490667274.7 1490667275.31 608 192.168.1.116 - 59148 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A0937pgk5QKrWoaZ3LlLv4SbNPXuU/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6026 1490667467.29 1490667467.9 614 192.168.1.116 - 59149 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/702QwnInZlttgE30TecdzCrI/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6027 1490667659.98 1490667660.59 607 192.168.1.116 - 59150 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D2YX8Qwdt3qBKzKDxDowlj1qUmlvf/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6028 1490667852.61 1490667853.22 612 192.168.1.116 - 59151 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tOmoUMQ8y10VBjHXasfIAu/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6029 1490668045.23 1490668047.02 1793 192.168.1.116 - 59152 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6029 1490668054.19 1490668055.96 1771 192.168.1.116 - 59152 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6029 1490668063.6 1490668064.25 649 192.168.1.116 - 59152 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4IjLMsj96UPXdFAY/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6030 1490668256.27 1490668256.87 608 192.168.1.116 - 59153 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pkn05js2wyMFtsC9s1iYMOqmKb/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6031 1490668448.94 1490668449.55 612 192.168.1.116 - 59154 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iXcoOZtMKzxk1wOif/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6032 1490668641.59 1490668642.2 605 192.168.1.116 - 59155 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/93cTH3xuwP8qfpsMWc/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6033 1490668834.19 1490668834.81 620 192.168.1.116 - 59156 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZKTSNDd0BRrEBAahV/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6034 1490669027.1 1490669027.72 620 192.168.1.116 - 59157 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WiMYzMyX1IPyjl1vYCrDa6zdKVdpFL/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6035 1490669219.86 1490669222.1 2240 192.168.1.116 - 59158 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tmsgUSx1tbZSfAhOS2rGFL3es7cF79DH/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6036 1490669414.08 1490669414.7 615 192.168.1.116 - 59159 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4QTYTVfG4kTvFZVvN9SfSt/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6037 1490669606.79 1490669607.36 570 192.168.1.116 - 59160 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/plaX7FfktZLxdzPWWTM24zp8iak2OEoQ/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6038 1490669799.41 1490669800.01 606 192.168.1.116 - 59161 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nQ9UhGZj4X1F9AWrrLN1EAQ59phUH/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6039 1490670262.96 1490670263.43 474 192.168.1.116 - 59168 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6039 1490670263.66 1490670264.18 518 192.168.1.116 - 59168 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/yTXTu5cGsxVOqk7UeGZruEgd8RU4j/ 331 519 0 376 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6039 1490670264.6 1490670265.09 484 192.168.1.116 - 59168 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QPHBPNHQKETU/1/ 219 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6040 1490670268.37 1490670269.81 1439 192.168.1.116 - 59169 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6041 1490670271.19 1490670271.73 538 192.168.1.116 - 59170 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6042 1490670274.02 1490670274.49 475 192.168.1.116 - 59171 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6043 1490670276.87 1490670277.35 483 192.168.1.116 - 59172 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rYqQwEYS4cerbsRe8/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6044 1490670471.33 1490670473.05 1719 192.168.1.116 - 59173 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bkSFNUOKqLT4aqM7TgZvYg7ATDKr9r/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6045 1490670665.51 1490670665.99 477 192.168.1.116 - 59174 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zj9tnwWzfiavjfcsCaZ4D3N56UR/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6046 1490670857.65 1490670858.12 479 192.168.1.116 - 59175 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jzuI7CsfoRTCfeuh2iXb/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6047 1490671050.59 1490671052.3 1714 192.168.1.116 - 59176 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6047 1490671052.56 1490671053.04 478 192.168.1.116 - 59176 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Vhkqem8qrMVNtDO3w03tv/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6048 1490671245.5 1490671245.99 484 192.168.1.116 - 59177 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/boSH4fWhXkBAeS62Le1iK9KzxMFpmP0c/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6049 1490671439.86 1490671440.34 479 192.168.1.116 - 59178 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nTwwUpFCy8zL1oFVYbKSOo9r8Hh2l0WB/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6050 1490671634.64 1490671635.11 470 192.168.1.116 - 59179 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GoYSWB0HAPK93knerXSQ6/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6051 1490671827.6 1490671829.32 1714 192.168.1.116 - 59180 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wRNjeVLorfPq82I22bANJqOtKE7wh/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6052 1490672026.96 1490672027.47 516 192.168.1.116 - 59181 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6053 1490672043.92 1490672044.39 468 192.168.1.116 - 59182 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6054 1490672061.71 1490672062.23 518 192.168.1.116 - 59183 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6055 1490672078.66 1490672079.13 467 192.168.1.116 - 59184 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FkdWeGBk97Vohyhv58SPvT/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6056 1490672270.75 1490672271.23 470 192.168.1.116 - 59185 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GsV4MW3qQvIwrsC4twhRyH0SchrvYHE/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6057 1490672463.84 1490672464.31 471 192.168.1.116 - 59186 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pnLpcOqrG80xsD53EKC7/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6058 1490672656.83 1490672657.3 467 192.168.1.116 - 59187 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AoCue7e4p3eRBD71/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6059 1490672848.91 1490672850.63 1723 192.168.1.116 - 59188 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1aSVCWB7GIKBWy5wOWEG4ijJmk2R9Nu/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6060 1490673042.32 1490673043.68 1369 192.168.1.116 - 59189 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ng20OyF9dmxpOwDELkFFhGI9r8mF4X/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6061 1490673235.36 1490673235.83 472 192.168.1.116 - 59190 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QKelbXDZ1dD5wOzwNtwGhOPwtHRvHC2l/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6062 1490673429.34 1490673429.82 483 192.168.1.116 - 59191 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KfYWrB47q4OcO3zpiWL/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6063 1490673624.44 1490673625.82 1378 192.168.1.116 - 59192 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6063 1490673633.52 1490673636.05 2523 192.168.1.116 - 59192 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6063 1490673644.2 1490673644.69 493 192.168.1.116 - 59192 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qVZuIoN3FBBkUsFiHDPuhSMQYid/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6064 1490673837.21 1490673838.92 1706 192.168.1.116 - 59193 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ytFHSarmTob8s2DKuQtnfktNPHudQX/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6065 1490674032.51 1490674032.98 474 192.168.1.116 - 59194 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/POTroV2in9G5X48l/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6066 1490674246.86 1490674247.34 485 192.168.1.116 - 59195 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oHty6daPyEh5ftNO1QAAUaAR9KsHLy1/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6067 1490674442.0 1490674443.38 1380 192.168.1.116 - 59196 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KRd1rJKUdODRrGFreqI2vKQC1Tv/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6068 1490674635.91 1490674637.64 1737 192.168.1.116 - 59197 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pwHTwCzZf8AgoUolZYsqO/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6069 1490674829.26 1490674830.6 1345 192.168.1.116 - 59198 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HyHONfck0aV0zhr2f4JvnbDU/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6070 1490675022.24 1490675023.57 1329 192.168.1.116 - 59199 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rtAlPat1K7KR24xLLY/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6071 1490675215.22 1490675216.6 1381 192.168.1.116 - 59200 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i65bnnZxyRN2jQOPajrLMJw6o/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6072 1490675410.47 1490675412.17 1706 192.168.1.116 - 59201 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EfXo2fg8LlsOESeY21jSj3845z/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6073 1490675603.75 1490675605.45 1707 192.168.1.116 - 59202 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vLChYjXXhZnlpA7Hj6bR/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6074 1490675797.07 1490675799.66 2587 192.168.1.116 - 59203 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hyCnzLLEvT0Yt11QzzHUKcx/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6075 1490675991.28 1490675992.67 1388 192.168.1.116 - 59204 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pwqd3XYVeBz5rSH8HCML9Qqe9A/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6076 1490676187.48 1490676187.96 480 192.168.1.116 - 59205 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/URluDtDCAsoKpz7GJy0eGLlxJlip/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6077 1490676380.46 1490676380.93 477 192.168.1.116 - 59206 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9NqN5rsN96RGU1ppyReoX/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6078 1490676572.58 1490676574.33 1748 192.168.1.116 - 59207 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6078 1490676574.59 1490676575.06 472 192.168.1.116 - 59207 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eCV1eF6AghYeCEpIT7iH/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6079 1490676767.7 1490676769.07 1373 192.168.1.116 - 59208 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RynaoB1VE6KusXmw12dAX08Tk7BQVmi/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6080 1490676961.6 1490676962.08 475 192.168.1.116 - 59209 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6080 1490676968.05 1490676969.39 1343 192.168.1.116 - 59209 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IdbtDGDbuevKLaJoh5LUJOC/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6081 1490677160.99 1490677161.46 471 192.168.1.116 - 59210 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZBii1yZbI5SfoFmQTfpiEkalVlE9/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6082 1490677353.09 1490677353.57 478 192.168.1.116 - 59211 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZaMFgfmRszGUAbF9COyKK/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6083 1490677545.2 1490677545.69 486 192.168.1.116 - 59212 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kpQ2ipPOx2A66pESRj5KVx/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6084 1490677740.9 1490677741.44 536 192.168.1.116 - 59213 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6085 1490677744.72 1490677745.19 479 192.168.1.116 - 59214 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PrR8DxryF9MZhhb8/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6086 1490677938.05 1490677938.52 470 192.168.1.116 - 59215 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xgzLqzKJaLnVpuscLYnalh4xngq6lxm/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6087 1490678130.1 1490678130.58 482 192.168.1.116 - 59216 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kEWT2fngxrFdWGFux814RGwVH7zSbWr/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6088 1490678322.19 1490678323.9 1707 192.168.1.116 - 59217 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O4UnBRmCapLpWLKDZB5B5v/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6089 1490678516.45 1490678516.92 470 192.168.1.116 - 59218 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8RklPNbf4oYxH18Ndbx/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6090 1490678708.54 1490678709.03 489 192.168.1.116 - 59219 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vNhfZdOqp7VKEAUEX/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6091 1490678901.57 1490678902.03 469 192.168.1.116 - 59220 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TTSVq9Gd970fmvBQthhjnSJmMys/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6092 1490679093.62 1490679096.67 3045 192.168.1.116 - 59221 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6092 1490679103.8 1490679105.16 1359 192.168.1.116 - 59221 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6092 1490679112.44 1490679112.93 485 192.168.1.116 - 59221 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JndhW8Aw2aIg33bILwwq36H1ZtU2/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6093 1490679305.58 1490679306.05 474 192.168.1.116 - 59222 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2X7JZKH9Ec3hNMZ9o0fuOgtM/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6094 1490679498.59 1490679499.06 471 192.168.1.116 - 59223 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HSVFjGqRefB46IRUWcjSoufAzNshGxel/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6095 1490679690.74 1490679691.21 470 192.168.1.116 - 59224 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LnB3cl3AUDQfE3dk2/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6096 1490679888.0 1490679889.67 1676 192.168.1.116 - 59225 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TO32wpqiXYQK6bABieiv8/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6097 1490680082.19 1490680082.67 480 192.168.1.116 - 59226 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Izzdu7NMrzFkkjsu0/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6098 1490680276.95 1490680278.33 1383 192.168.1.116 - 59227 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QuYHNVS9y6OLPnpvoUTmM/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6099 1490680469.96 1490680470.43 471 192.168.1.116 - 59228 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dAptXi8FwAxSuQxLsQONNV3xu477vE/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6100 1490680663.09 1490680664.52 1437 192.168.1.116 - 59229 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4Z8REoyuWk11oOCfnaX1pDMDd/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6101 1490680856.14 1490680856.61 469 192.168.1.116 - 59230 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MtmaeRSNnW5n2nX7G/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6102 1490681048.22 1490681048.71 482 192.168.1.116 - 59231 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vi2lbukBFlSwhxxH/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6103 1490681242.19 1490681242.68 482 192.168.1.116 - 59232 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3G5GNmDfyPMkre59Rv2igbLDlK/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6104 1490681434.34 1490681434.81 470 192.168.1.116 - 59233 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f0HcFMl5GVYMWEc6DoHokxK7Ap/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6105 1490681628.62 1490681629.11 483 192.168.1.116 - 59234 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DIB0FBCVU4juNpgI1A/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6106 1490681821.73 1490681822.2 469 192.168.1.116 - 59235 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FTivQzJyFggPICvu3kaIZdPL/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6107 1490682014.74 1490682015.28 535 192.168.1.116 - 59236 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6107 1490682015.6 1490682017.18 1584 192.168.1.116 - 59236 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8Ygm6E3W8cjsak572UnKhSJ1xfXtF/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6108 1490682208.79 1490682209.26 471 192.168.1.116 - 59237 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cvLbQqxSsUsGtofAcMnoQ8dnJMUkOCQ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6109 1490682400.83 1490682401.31 479 192.168.1.116 - 59238 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mbsmk2NUWogdXH0VrgNsalkdReexon/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6110 1490682594.78 1490682595.26 481 192.168.1.116 - 59239 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qMtRGuhqrWwz4noUEQXcr2Bq5rzlPhXS/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6111 1490682787.89 1490682788.36 472 192.168.1.116 - 59240 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0jUd8pVKhb4Or8YeXkd/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6112 1490682980.83 1490682981.31 481 192.168.1.116 - 59241 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vuKZysW9vWjnQKqa4aYy01US/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6113 1490683173.95 1490683174.43 473 192.168.1.116 - 59242 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fiohVy8tEinrfxpnvhIxMAGoE/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6114 1490683366.94 1490683367.41 471 192.168.1.116 - 59243 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a7ECb9sc3ZPPHXvVen7MW44/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6115 1490683560.06 1490683560.53 472 192.168.1.116 - 59244 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z6tSsyjvFxBRitPuQ1V5zu3PvGPQtzvu/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6116 1490683752.15 1490683752.62 474 192.168.1.116 - 59245 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cL0b2c1paHmCy4qmAc0VUDa1U3/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6117 1490683944.24 1490683944.71 475 192.168.1.116 - 59246 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Zh6BbQ2SgybZtpD8yIH/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6118 1490684136.33 1490684136.81 482 192.168.1.116 - 59247 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lF3v3GDLFL1mFqpDk8iGKj27qfcFwE6a/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6119 1490684374.08 1490684374.55 471 192.168.1.116 - 59249 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QDfpwCl2YQHehPztKQ/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6120 1490684570.09 1490684571.46 1364 192.168.1.116 - 59250 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 32029 0 31888 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6120 1490684578.48 1490684581.22 2742 192.168.1.116 - 59250 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6120 1490684588.19 1490684588.66 469 192.168.1.116 - 59250 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lINkdmQAWs4O1jovj8LmWrFK/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6121 1490684780.23 1490684780.71 472 192.168.1.116 - 59251 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xVKcvQXRTDsDxgn17CEzlq/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6122 1490684974.34 1490684974.82 480 192.168.1.116 - 59252 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HRwaQo4hNNJiltAoVZXfZlDGE/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6123 1490685167.5 1490685167.97 472 192.168.1.116 - 59253 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/00RHvOiEBaADue9GfQWYD63NDA1qcJ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6124 1490685359.57 1490685361.27 1709 192.168.1.116 - 59254 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OM5xlnvdLi2hyLigiVjomWmBlcI6n/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6125 1490685556.64 1490685562.03 5388 192.168.1.116 - 59255 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jM2oamYXS4lER6nARutO7FOmEPomf/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6126 1490685755.0 1490685756.68 1683 192.168.1.116 - 59256 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2BrjJNONr4M34WZjsdsn/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6127 1490685948.27 1490685948.75 482 192.168.1.116 - 59257 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wre28nDAlejuiziP/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6128 1490686155.22 1490686155.69 469 192.168.1.116 - 59258 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AuKBWW1SSdii7Ezp0WJTOXBERo9Pytb/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6129 1490686348.27 1490686348.76 482 192.168.1.116 - 59259 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pmUust3yqyFGGXzMp5gWRHnPyeuSeMJ/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6130 1490686553.39 1490686553.86 468 192.168.1.116 - 59260 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6131 1490686570.28 1490686570.79 507 192.168.1.116 - 59261 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6132 1490686587.22 1490686587.74 513 192.168.1.116 - 59262 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6133 1490686605.54 1490686607.27 1726 192.168.1.116 - 59263 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yFjFZ1behyhzhndLznQ/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6134 1490686801.12 1490686801.59 473 192.168.1.116 - 59264 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cRQSDXbVJXQTONs6KH82mAykY19/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6135 1490686993.19 1490686993.67 481 192.168.1.116 - 59265 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9qPnRp2l7vhXR5xT0LlloBDShJi568VH/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6136 1490687188.35 1490687188.83 474 192.168.1.116 - 59266 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iN8g7WwvQmUt4JPgbixYoebWxslK/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6137 1490687380.41 1490687382.14 1734 192.168.1.116 - 59267 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TBed5ntqEUIkzULRZ4b/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6138 1490687573.73 1490687574.24 511 192.168.1.116 - 59268 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6138 1490687574.5 1490687574.98 474 192.168.1.116 - 59268 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QsyWKlWLcbMYc6wAD/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6139 1490687768.87 1490687769.41 537 192.168.1.116 - 59269 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6139 1490687775.38 1490687775.85 473 192.168.1.116 - 59269 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LQ7YOVq0umPs4Kf4Patux/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6140 1490687967.51 1490687968.92 1410 192.168.1.116 - 59270 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C9gUMUouAl9xu19yY/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6141 1490688161.45 1490688161.92 474 192.168.1.116 - 59271 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MattCSMw4tmirU9kSkxQPQoXK5Bdzpq/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6142 1490688353.52 1490688355.22 1708 192.168.1.116 - 59272 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/08qFvOkZyFAYy7kT797T5N2SNyeD/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6143 1490688548.82 1490688549.29 469 192.168.1.116 - 59273 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7adaBGf9dOIratAcP0wvU81L/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6144 1490688740.94 1490688743.54 2607 192.168.1.116 - 59274 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LdFMfSepQ9uX9iSYIPuymaNGlk9imD/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6145 1490688935.16 1490688935.65 482 192.168.1.116 - 59275 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HacKBdE7NLmAk874TAj/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6146 1490689127.24 1490689127.72 482 192.168.1.116 - 59276 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BI531e4wtUxwJSy1yXCvUhAUQPTX/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6147 1490689319.33 1490689320.71 1380 192.168.1.116 - 59277 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/77R4wk2sC3wlkxlu/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6148 1490689512.33 1490689512.81 480 192.168.1.116 - 59278 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pbPvoOqcW2tj30MYwX/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6149 1490689706.96 1490689707.45 488 192.168.1.116 - 59279 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qKaxiuG95cbNtIKKTl3za0M1yyuqHZ/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6150 1490689898.79 1490689899.21 418 192.168.1.116 - 59280 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6151 1490689899.49 1490689899.76 271 192.168.1.116 - 59281 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 6150 1490689899.97 1490689900.48 511 192.168.1.116 - 59280 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/uKSQYYmNINQxB0T7yRvai9spAd86/ 331 518 0 375 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6150 1490689900.99 1490689901.42 435 192.168.1.116 - 59280 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/RNXZRVPLWPU/1/ 219 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6152 1490689903.6 1490689904.05 452 192.168.1.116 - 59282 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6153 1490689905.26 1490689905.67 412 192.168.1.116 - 59283 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6154 1490689906.83 1490689907.24 407 192.168.1.116 - 59284 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6155 1490689909.42 1490689909.83 415 192.168.1.116 - 59285 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/A0G5gdXFHNIFh2vY5Mt/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6156 1490690101.17 1490690102.27 1094 192.168.1.116 - 59286 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 32029 0 31888 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6156 1490690109.77 1490690110.52 747 192.168.1.116 - 59286 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6156 1490690118.25 1490690118.63 374 192.168.1.116 - 59286 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a5z3U4HsWGG6aLwzV5D/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6157 1490690310.03 1490690310.43 403 192.168.1.116 - 59287 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7BkwduYd5Bx7SfWt8i5X6Dr/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6158 1490690501.76 1490690502.13 371 192.168.1.116 - 59288 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M9hDtug4nFb0TXg8og9d/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6159 1490690693.5 1490690693.94 437 192.168.1.116 - 59289 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yxzFQ8cvowUSxCxE5pGSBr/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6160 1490690885.39 1490690885.8 407 192.168.1.116 - 59290 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5YA1ENXck5qKvg93/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6161 1490691077.14 1490691077.51 373 192.168.1.116 - 59291 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UMCleKI6ZwS0SDlI3LmHReBIrisI08/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6162 1490691268.86 1490691269.23 373 192.168.1.116 - 59292 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FVUepmjtRcnLPC0ApSbT6DkeV/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6163 1490691460.65 1490691461.06 411 192.168.1.116 - 59293 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d6GVsdDRhIKtGj6MHZ/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6164 1490691652.46 1490691653.83 1370 192.168.1.116 - 59294 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VR5K0L2S1M4tODrGvPcqhuaac7sJggG/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6165 1490691845.18 1490691845.59 405 192.168.1.116 - 59295 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/esMKlxNDLJAP2zzPUWadX0Q5jjiBO/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6166 1490692036.94 1490692037.35 409 192.168.1.116 - 59296 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VjR1chdsMRf7MrXenTZIVOzw6t/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6167 1490692367.38 1490692367.86 478 192.168.1.116 - 59300 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6167 1490692368.09 1490692368.72 632 192.168.1.116 - 59300 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/Ip1FftqyrsGiaAavG1o3fYuYk0sjXHG/ 332 521 0 378 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6167 1490692369.07 1490692369.56 491 192.168.1.116 - 59300 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/KUBXVYDRWUO/1/ 217 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6168 1490692370.98 1490692371.53 546 192.168.1.116 - 59301 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6169 1490692373.94 1490692375.41 1470 192.168.1.116 - 59302 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6170 1490692380.89 1490692381.4 513 192.168.1.116 - 59303 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6171 1490692383.81 1490692384.29 473 192.168.1.116 - 59304 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3PIZqAqL5f2BwsIp2j2ZNVoiVrfSteO/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6172 1490692578.06 1490692579.55 1493 192.168.1.116 - 59305 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kgv2yuTg0nse2QaKT1HjuLdd/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6173 1490692772.08 1490692773.46 1380 192.168.1.116 - 59306 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NiABVBUhGQhi1sIZ3s4gblwj3/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6174 1490692966.07 1490692966.55 485 192.168.1.116 - 59307 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0CE0zb2lvycDNBxRd4clYJ5/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6175 1490693158.21 1490693159.58 1369 192.168.1.116 - 59308 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6175 1490693159.84 1490693160.32 478 192.168.1.116 - 59308 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bx1r0ST5vLgjGHEjrfc6OTdlt/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6176 1490693351.94 1490693352.42 480 192.168.1.116 - 59309 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DAgz4psM1UwxPIJD7EAgfC5/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6177 1490693544.11 1490693544.6 484 192.168.1.116 - 59310 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QYcAhTCo7uVFcR6f7agA6M8UZj/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6178 1490693736.23 1490693736.7 473 192.168.1.116 - 59311 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RIsKK1uh1xDCtVlfGsqWinF/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6179 1490693929.34 1490693929.81 472 192.168.1.116 - 59312 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lYDBmCrUnO4nrr1i2zoWGCwHwNwLn/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6180 1490694122.43 1490694122.91 481 192.168.1.116 - 59313 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cv3vYUfyL6EJLLz9merV/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6181 1490694314.55 1490694315.02 469 192.168.1.116 - 59314 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aNqdMkHSbY8pOYxpHZCMMnTZ5aVZPm/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6182 1490694506.64 1490694507.15 513 192.168.1.116 - 59315 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9R8PVuJINy1RVALQIzqVdmfNp/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6183 1490694698.8 1490694699.27 468 192.168.1.116 - 59316 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OJHRDWsOnBoNvDRNefLNBEwFgNu/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6184 1490694890.9 1490694892.27 1369 192.168.1.116 - 59317 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/idWz1oMZGlrPYnKg1Qdt/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6185 1490695083.87 1490695084.34 472 192.168.1.116 - 59318 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v1bSnWQiauCRNlMV4F6b0/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6186 1490695276.82 1490695277.29 473 192.168.1.116 - 59319 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BSFEA7qFK5ihrBg40QG/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6187 1490695468.91 1490695469.42 510 192.168.1.116 - 59320 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QSLzpHSup6lVdRFNexXoCCMe/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6188 1490695661.91 1490695667.0 5096 192.168.1.116 - 59321 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6188 1490695674.75 1490695676.15 1397 192.168.1.116 - 59321 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6188 1490695684.04 1490695684.53 498 192.168.1.116 - 59321 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b7nq5ELLdizobnhKiCnKDaRur5hvIj/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6189 1490695886.51 1490695888.22 1717 192.168.1.116 - 59322 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rK7JeO2JYR5UjqDkLgOlOoLQ/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6190 1490696080.74 1490696086.23 5486 192.168.1.116 - 59323 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OfKc2I9Bmju9jqqUkYwHHd5/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6191 1490696277.86 1490696278.33 475 192.168.1.116 - 59324 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fAcb73CPEmaIS8YFpVjZ/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6192 1490696469.98 1490696471.7 1720 192.168.1.116 - 59325 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jJE5otc9xFdtXq5MQ/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6193 1490696663.4 1490696663.87 468 192.168.1.116 - 59326 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hw09D1XKGVU9uO6YlZgb/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6194 1490696855.49 1490696855.97 483 192.168.1.116 - 59327 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5JHmf9ifGadnDLMn55FOxMJp2/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6195 1490697052.54 1490697055.48 2942 192.168.1.116 - 59328 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U2Q059fEmzwgHrtO4BLUv9MiCkzLAhy9/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6196 1490697249.37 1490697249.83 470 192.168.1.116 - 59329 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TYkA5Iar5OPIsi8MjKfFd1f0r/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6197 1490697441.53 1490697442.01 474 192.168.1.116 - 59330 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ksZbn1QzuupI1bLkgs9ZqQl/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6198 1490697634.59 1490697635.07 480 192.168.1.116 - 59331 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fYl03ZHcTsFDNTiv56Vr2/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6199 1490697826.71 1490697827.2 488 192.168.1.116 - 59332 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0uRqoivDbrulIHGES2zvC0/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6200 1490698018.82 1490698020.2 1382 192.168.1.116 - 59333 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K8fTsy7T8muBHglbjyYK9fa/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6201 1490698212.85 1490698213.34 485 192.168.1.116 - 59334 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vpcqwaYxXNeIZFWyFnQWYIGPNb/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6202 1490698405.85 1490698406.33 483 192.168.1.116 - 59335 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UgW9y4lseEJpYb70v/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6203 1490698598.91 1490698599.43 519 192.168.1.116 - 59336 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6203 1490698605.42 1490698607.99 2570 192.168.1.116 - 59336 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6203 1490698608.24 1490698608.78 538 192.168.1.116 - 59336 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z4rrtXk6skM50q0i1Va/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6204 1490698801.34 1490698801.81 475 192.168.1.116 - 59337 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WeJeE1YY1F2UDoWR/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6205 1490698994.39 1490698994.87 479 192.168.1.116 - 59338 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UPSI1ChHFvIDZCTr6fG18POiVv/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6206 1490699186.54 1490699187.97 1436 192.168.1.116 - 59339 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vnavHgyXMBju2OUhxKSu7rovANMVSf4C/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6207 1490699379.61 1490699382.19 2573 192.168.1.116 - 59340 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/27ktz3KtTyzbwQkkKJ4ASoW1G0kFn/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6208 1490699574.78 1490699575.25 472 192.168.1.116 - 59341 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kW9Sxn3CgJhZsCLWnkhVsmiES6NAC1Fg/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6209 1490699766.83 1490699767.31 480 192.168.1.116 - 59342 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DIiO7QVxhC3mvq35He1/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6210 1490699963.03 1490699963.52 484 192.168.1.116 - 59343 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5Lf1aNzb4CDUdjkY1Q5UH0f/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6211 1490700155.17 1490700155.64 471 192.168.1.116 - 59344 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/K5LqFy5sdpFVjYrTdgecYmDAwCYy/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6212 1490700349.52 1490700350.01 483 192.168.1.116 - 59345 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5umm0fmm3lxtWc9zCPykZYTrK/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6213 1490700541.67 1490700543.38 1707 192.168.1.116 - 59346 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8HH3Ae6Zi2qN0bJI272N8uiX/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6214 1490700734.97 1490700735.45 483 192.168.1.116 - 59347 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wU0wcOnYoTkg5DhtKjp8Yn/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6215 1490700928.01 1490700929.35 1340 192.168.1.116 - 59348 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8YOlakaS440cny2VJAQogVi7xh3qe9/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6216 1490701126.99 1490701127.62 631 192.168.1.116 - 59349 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6217 1490701148.62 1490701149.14 520 192.168.1.116 - 59350 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6218 1490701165.6 1490701166.14 539 192.168.1.116 - 59351 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6219 1490701184.3 1490701187.3 2993 192.168.1.116 - 59352 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6219 1490701194.7 1490701196.03 1333 192.168.1.116 - 59352 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6219 1490701203.54 1490701204.02 480 192.168.1.116 - 59352 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HSQI7qqt4tEcByWihd7lS5Fk9x/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6220 1490701395.65 1490701397.37 1714 192.168.1.116 - 59353 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AhYbKJPfTmWSQWGpIUPUaej/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6221 1490701589.17 1490701589.65 476 192.168.1.116 - 59354 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vSNJjozmgRo2Hwe7EYD2VgHY8YcdIj/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6222 1490701783.52 1490701784.0 484 192.168.1.116 - 59355 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1Agc098fi7gyxXOBwDFeV8LFjPWEH/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6223 1490701975.63 1490701976.11 481 192.168.1.116 - 59356 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L7gdJRAcuioZiBLkOwR3ule1/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6224 1490702167.79 1490702168.27 482 192.168.1.116 - 59357 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tjYLV721I8Xm7W4SqZ/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6225 1490702360.07 1490702360.53 467 192.168.1.116 - 59358 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6tcMinbapjbJKPc1iVDTl8bD/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6226 1490702553.03 1490702554.37 1342 192.168.1.116 - 59359 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gCG3FbNBhW8ZdU69tUQIw/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6227 1490702746.92 1490702747.41 484 192.168.1.116 - 59360 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O6SZ7YE31rJEq32fpYSFkm/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6228 1490702939.05 1490702939.54 486 192.168.1.116 - 59361 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qYiJDe1awlli20wZ0xgvUgKmf0/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6229 1490703132.16 1490703132.63 470 192.168.1.116 - 59362 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cLackXP8keWsQCLgxLx0dA/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6230 1490703324.2 1490703324.68 475 192.168.1.116 - 59363 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FcF3h1AQvyGxsXbnH9W0iPvv/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6231 1490703517.32 1490703518.99 1672 192.168.1.116 - 59364 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UCDmNsKrEDW4EodwvN/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6232 1490703710.7 1490703711.25 551 192.168.1.116 - 59365 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tgfKqgwoS1ut6q4kr/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6233 1490703902.84 1490703903.33 481 192.168.1.116 - 59366 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/584HSXrKxoJbMTWH2l/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6234 1490704096.83 1490704097.3 474 192.168.1.116 - 59367 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6234 1490704097.57 1490704098.89 1330 192.168.1.116 - 59367 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sI5QAQaOT5jkqnjA5vIfDk9DWPKkg1/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6235 1490704292.79 1490704294.6 1803 192.168.1.116 - 59368 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fw2TccBQsl980zLjDkF/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6236 1490704486.29 1490704488.0 1710 192.168.1.116 - 59369 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QlMRAviLg9mFqQZYKc0vi2LcmJ05DUfn/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6237 1490704680.64 1490704681.12 483 192.168.1.116 - 59370 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dV6eIR0nHs1nAfGz0S/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6238 1490704872.73 1490704873.21 481 192.168.1.116 - 59371 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZM1gFl18lLO8Q1l0gfCJme/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6239 1490705064.8 1490705065.28 474 192.168.1.116 - 59372 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UgJsyxoe6KDOo7vE0Y9O5PjnmWx/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6240 1490705257.86 1490705258.34 476 192.168.1.116 - 59373 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DGtsrqS5fYeJ2ay0Tz3Z64iTpJjLJaR/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6241 1490705449.92 1490705450.4 478 192.168.1.116 - 59374 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jtKbAqZXFbpgfbrihx1T/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6242 1490705642.05 1490705642.56 512 192.168.1.116 - 59375 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SAnZcdFG3LHOBPLEQzIgnj/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6243 1490705834.15 1490705834.63 478 192.168.1.116 - 59376 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1PVG14paK46nYpAt4EkXjBEQ5Y/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6244 1490706026.29 1490706026.76 470 192.168.1.116 - 59377 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ETKRCvCV8znfy4TumVL/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6245 1490706219.29 1490706219.76 471 192.168.1.116 - 59378 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kuC8xoqVHYtgXcrAFQMDh8aJQlwyOf0J/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6246 1490706411.43 1490706411.9 470 192.168.1.116 - 59379 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FgrZg56SEo7G6TkStzz95KDC/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6247 1490706606.54 1490706607.95 1405 192.168.1.116 - 59380 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6248 1490706610.39 1490706611.81 1415 192.168.1.116 - 59381 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6248 1490706620.04 1490706620.98 945 192.168.1.116 - 59381 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6248 1490706628.79 1490706629.27 478 192.168.1.116 - 59381 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UcALLAYVkE6JiSpUXe4MscU/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6249 1490706826.11 1490706826.58 473 192.168.1.116 - 59382 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y0ElhqQ6ZPW4WmdZ2CAT8wCmUtNL/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6250 1490707026.09 1490707026.57 482 192.168.1.116 - 59383 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XpCdBRE0FxhRS642/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6251 1490707220.1 1490707221.81 1717 192.168.1.116 - 59384 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/O1Jvmj1ebEHnxTjS/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6252 1490707413.48 1490707413.95 471 192.168.1.116 - 59385 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ESPAwC5DqCdQOLrr1fh/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6253 1490707606.58 1490707607.07 488 192.168.1.116 - 59386 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oQx4uj4PgIWmp60BiUQfwNRcr/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6254 1490707799.6 1490707800.91 1311 192.168.1.116 - 59387 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AoEipb89APx63q9Fl1AfMpb/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6255 1490707993.48 1490707995.2 1720 192.168.1.116 - 59388 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E2JS2qYIJuqVI1uhNHUdC0qpdQyA/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6256 1490708191.7 1490708192.16 468 192.168.1.116 - 59389 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xz5LttwDMoMC7a2msdFgCAS/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6257 1490708383.83 1490708384.32 485 192.168.1.116 - 59390 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gXwS7RYsJRH19ZeOVlf/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6258 1490708579.47 1490708589.26 9784 192.168.1.116 - 59391 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ECj2x1BTxgG2FfGS3Jl3/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6259 1490708780.87 1490708782.25 1372 192.168.1.116 - 59392 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mqs2HU9gGBitNWU8b86E/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6260 1490708974.06 1490708974.54 480 192.168.1.116 - 59393 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YNe37GWLgcVNSQ8SjhvTaYYuk/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6261 1490709167.51 1490709168.01 493 192.168.1.116 - 59394 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MdNIxquBvhWq9mdDpP3cp29MGKmZ/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6262 1490709359.66 1490709360.13 471 192.168.1.116 - 59395 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YEKfAwdTwn4hrFbuwva/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6263 1490709554.9 1490709555.37 474 192.168.1.116 - 59396 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6263 1490709561.35 1490709562.67 1323 192.168.1.116 - 59396 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6263 1490709562.93 1490709563.41 479 192.168.1.116 - 59396 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vS1iVghItb2O6Df1LUc5iKhAqoJA/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6264 1490709755.04 1490709755.52 478 192.168.1.116 - 59397 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6nAW2V932gXKmi8k/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6265 1490709956.36 1490709956.83 470 192.168.1.116 - 59398 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iaqF51nPBpcMrOtf/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6266 1490710149.39 1490710149.86 474 192.168.1.116 - 59399 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pdmTsytPimA6Hi1SeonU0tW8v9t3/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6267 1490710342.49 1490710343.81 1323 192.168.1.116 - 59400 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WzthL5oIHnNay7CulGS1qYW/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6268 1490710536.47 1490710536.94 474 192.168.1.116 - 59401 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AQtVPdQr4ur9Ax4XgCK/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6269 1490710729.93 1490710730.4 470 192.168.1.116 - 59402 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dh5wMEAbvBSnQHA9rO6rKYJY58HU/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6270 1490710926.05 1490710928.94 2884 192.168.1.116 - 59403 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wsjPUR09YIHVRgPB4xuqAFJK/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6271 1490711120.61 1490711122.05 1440 192.168.1.116 - 59404 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8p1O6Jjmw8vMSX0mxxVg8ehn/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6272 1490711315.62 1490711316.11 481 192.168.1.116 - 59405 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Pi4g3JK3rOjHRron5iCTD2n/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6273 1490711508.66 1490711509.15 487 192.168.1.116 - 59406 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YIyKatjlFGMjdAjdb1Db6V/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6274 1490711700.74 1490711701.21 479 192.168.1.116 - 59407 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WRIcOzythVAys2Qa/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6275 1490712162.9 1490712163.27 370 192.168.1.116 - 59414 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6275 1490712163.5 1490712163.91 413 192.168.1.116 - 59414 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/zIHXZmtIzWHnTupS7oBE4HjRR/ 326 515 0 372 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6275 1490712164.35 1490712165.42 1070 192.168.1.116 - 59414 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6275 1490712167.89 1490712168.62 731 192.168.1.116 - 59414 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6275 1490712170.75 1490712171.12 373 192.168.1.116 - 59414 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/IKFRHGDZTDWJNUJ/1/ 221 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6276 1490712173.21 1490712173.69 480 192.168.1.116 - 59415 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6277 1490712174.78 1490712175.21 435 192.168.1.116 - 59416 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6278 1490712176.33 1490712176.75 423 192.168.1.116 - 59417 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6279 1490712177.8 1490712178.14 336 192.168.1.116 - 59418 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1n0y9F8vPQFq4heZa3q7yVs/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6280 1490712369.31 1490712369.64 333 192.168.1.116 - 59419 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RCSW1JXVlh7DABP4j/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6281 1490712562.0 1490712562.38 377 192.168.1.116 - 59420 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NlanBHDJ1JIXllTkCjl/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6282 1490712753.65 1490712753.99 342 192.168.1.116 - 59421 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cwHfqOdbG3W0OHO5/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6283 1490712945.23 1490712945.56 336 192.168.1.116 - 59422 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oO2QcIOcPz8MYdicolvmGILPUhFrwaQJ/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6284 1490713136.83 1490713137.16 337 192.168.1.116 - 59423 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PxduXWj5MRBJnR6fh9VnUUio2/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6285 1490713328.42 1490713328.76 336 192.168.1.116 - 59424 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jrMOR6vkiAf6bzGqwSxZF/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6286 1490713520.17 1490713520.58 407 192.168.1.116 - 59425 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rW2YAsmN52yMRoKlOcBXMfP7fSk7uH10/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6287 1490713712.0 1490713712.4 407 192.168.1.116 - 59426 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HMCKcuwmsSLCIFz7HQnxPZxs/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6288 1490713904.09 1490713904.6 514 192.168.1.116 - 59427 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F2Xc33LANd2a5bJaasY/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6289 1490714096.07 1490714096.48 405 192.168.1.116 - 59428 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gRkVtrKrAI5Z1bopgAN/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6290 1490714287.92 1490714288.33 416 192.168.1.116 - 59429 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xoUw1Nk5dhTpqBD1vnsnVLEwbqj/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6291 1490714479.64 1490714479.98 338 192.168.1.116 - 59430 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QMBjTNuY7CVMM91P6/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6292 1490714671.41 1490714671.82 407 192.168.1.116 - 59431 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J8LHBE6E8JUSwG33BUC6bcytIqxCsg/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6293 1490714863.22 1490714863.64 419 192.168.1.116 - 59432 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ee6NfpWdSvtbDaJV0hxrNS5Qaf2dVkZ/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6294 1490715054.98 1490715055.39 410 192.168.1.116 - 59433 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6294 1490715055.65 1490715056.06 407 192.168.1.116 - 59433 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GT8wRyxTLSJTteKDDT5TLJ/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6295 1490715247.39 1490715247.77 380 192.168.1.116 - 59434 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zCxkgoOjiSCkmMv63asr/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6296 1490715439.1 1490715439.48 376 192.168.1.116 - 59435 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6flIGZogwoSSjP5L9lieHl/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6297 1490715636.77 1490715637.18 412 192.168.1.116 - 59436 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6298 1490715653.28 1490715653.65 370 192.168.1.116 - 59437 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6299 1490715669.83 1490715670.23 403 192.168.1.116 - 59438 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6300 1490715686.32 1490715686.7 373 192.168.1.116 - 59439 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eynQ4MfFWtKvk6S9n/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6301 1490715878.07 1490715878.48 412 192.168.1.116 - 59440 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tfwTzN0ehnT2h5V49BRmBM/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6302 1490716069.83 1490716070.25 416 192.168.1.116 - 59441 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Z795cQs6VQMNxz7lOOXcllY2TLsX/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6303 1490716261.6 1490716262.01 406 192.168.1.116 - 59442 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sTdhm91BcthXZYxas1z0kWQ8hBIYi6H/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6304 1490716453.29 1490716453.63 342 192.168.1.116 - 59443 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rtOnJTxnc4XZbV5gqBzdRFYR/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6305 1490716645.01 1490716645.38 369 192.168.1.116 - 59444 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N6TXj9cr2d8AYlx8Pq3CE/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6306 1490716836.62 1490716836.96 343 192.168.1.116 - 59445 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2iGrc54crPC53QVYZIq5d5bq1WR/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6307 1490717028.24 1490717028.61 375 192.168.1.116 - 59446 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CyeOrvXyVA7HZPgbpPyUe/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6308 1490717219.86 1490717220.2 343 192.168.1.116 - 59447 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sGwmEbSIIzNsxTp5oy2ath7hW/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6309 1490717411.62 1490717411.99 368 192.168.1.116 - 59448 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1PzTzekNuJJTVae5hGD2/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6310 1490717603.35 1490717604.93 1581 192.168.1.116 - 59449 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6310 1490717612.24 1490717613.34 1101 192.168.1.116 - 59449 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6310 1490717620.62 1490717621.06 443 192.168.1.116 - 59449 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ddLIq4vHeKFSV8S8BX3GbL9EO/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6311 1490717812.33 1490717812.71 380 192.168.1.116 - 59450 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5biHpSEV52qFFpFw/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6312 1490718004.12 1490718004.52 407 192.168.1.116 - 59451 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ttzSlTaylUV9hsife225RygseLM9/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6313 1490718195.9 1490718196.48 576 192.168.1.116 - 59452 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kjKgaVPkzyRO69E3OKavc/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6314 1490718387.81 1490718388.18 367 192.168.1.116 - 59453 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VzMa8uWOrYsWZRHdZTn4UFooKbw/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6315 1490718579.48 1490718579.86 374 192.168.1.116 - 59454 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IaXAH7ZXyDuTVxR4HuT2aaUBGx/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6316 1490718771.61 1490718771.98 369 192.168.1.116 - 59455 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Gj63wxtgO1h9sa1CVamEbwrwY/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6317 1490718963.27 1490718963.64 369 192.168.1.116 - 59456 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6C8XokU9YKuK9BDCpkorqQ3Tv5Kb/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6318 1490719155.04 1490719155.47 434 192.168.1.116 - 59457 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fokq5bHc1AhIpNIoQ8gYV/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6319 1490719346.73 1490719347.11 378 192.168.1.116 - 59458 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HJQQUfJqzjTV8UFIWmRBJ2bCRocikCaq/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6320 1490719538.46 1490719538.83 371 192.168.1.116 - 59459 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8A5mcHlUdr9tUqr0I/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6321 1490719730.07 1490719730.41 342 192.168.1.116 - 59460 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cOGmCuken4tcgoZ0CRgob7TCt8hbM5B/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6322 1490719921.79 1490719922.2 405 192.168.1.116 - 59461 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jDJz73kmufdqhdR1fPaJN/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6323 1490720113.58 1490720113.99 410 192.168.1.116 - 59462 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vXdJFfrFdmZOLsBq1tGVhvuWh3b2SBWv/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6324 1490720305.28 1490720305.65 368 192.168.1.116 - 59463 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FwqcIL9KnH1MYbNPnoOGamhrDH/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6325 1490720497.02 1490720497.43 410 192.168.1.116 - 59464 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6325 1490720503.41 1490720503.83 415 192.168.1.116 - 59464 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6325 1490720504.1 1490720504.55 450 192.168.1.116 - 59464 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iy8dwXLpTcC8V87ul95oP6wW4U/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6326 1490720695.83 1490720696.21 380 192.168.1.116 - 59465 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/igfWcEvhh7iHegqvabWJ5/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6327 1490720887.44 1490720887.78 337 192.168.1.116 - 59466 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yoPr94szQZH4M04f/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6328 1490721079.09 1490721079.47 382 192.168.1.116 - 59467 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wm1TGZQOaJz16GE3TH5l6JDxYTWpE/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6329 1490721270.81 1490721271.17 367 192.168.1.116 - 59468 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5k6qm1EvvL9cyQhs9Gv7bPh/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6330 1490721462.55 1490721462.98 433 192.168.1.116 - 59469 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W1K2WxS1DU3JM646v1FffYJx/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6331 1490721654.38 1490721654.75 369 192.168.1.116 - 59470 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LfVI6xgAIvYpWqbHVSx2Wdk/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6332 1490721846.07 1490721846.44 377 192.168.1.116 - 59471 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VFWRiaCDFtvqNzH4n2/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6333 1490722037.8 1490722038.24 433 192.168.1.116 - 59472 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0qz39q6wRUh3RgB7blaRYE2hIkG/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6334 1490722229.48 1490722229.82 337 192.168.1.116 - 59473 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gk6RWJzniuVK2rXvN7qKk4QfK/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6335 1490722421.14 1490722421.51 373 192.168.1.116 - 59474 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j9WGIcXdB0bGqM0KuZ/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6336 1490722612.86 1490722613.23 369 192.168.1.116 - 59475 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OqMAlBOHVXwq9IsCz0OHmdQr6ZQZV/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6337 1490722804.5 1490722804.87 368 192.168.1.116 - 59476 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VawGYUDqPvvvZytj/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6338 1490722996.07 1490722996.39 323 192.168.1.116 - 59477 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pXHe4eyG9g5pa7bN7pPk3QEOIGVR8/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6339 1490723187.72 1490723188.8 1080 192.168.1.116 - 59478 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6339 1490723195.95 1490723196.73 779 192.168.1.116 - 59478 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6339 1490723203.56 1490723203.94 378 192.168.1.116 - 59478 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NZO48mcMFZwXfzgRwUKTJwXsD/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6340 1490723395.25 1490723395.62 370 192.168.1.116 - 59479 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dganksqGYeSVwlHmlwR3lU/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6341 1490723587.0 1490723587.44 439 192.168.1.116 - 59480 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/in2ZmHLvRaRAIyrGku50KHG/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6342 1490723778.73 1490723779.11 376 192.168.1.116 - 59481 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vWbfMG4kSGqsWD2ZhJl/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6343 1490723970.47 1490723970.85 374 192.168.1.116 - 59482 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OVw8DSXM5lbL1Pei2oP28C4vkAM/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6344 1490724162.19 1490724162.56 376 192.168.1.116 - 59483 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vDyooOhmj98GgFj0sZ60qJPhQ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6345 1490724353.84 1490724354.17 336 192.168.1.116 - 59484 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oUfcKQHnPIotxxeXza6wJMbEz86QkOrZ/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6346 1490724545.43 1490724545.78 343 192.168.1.116 - 59485 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X5MCwMTjkGYBJ9d5MRDiRieIsB4lHJ/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6347 1490724737.15 1490724737.52 371 192.168.1.116 - 59486 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UAKxx32khDbg6PnVTEnnwC/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6348 1490724928.81 1490724929.21 401 192.168.1.116 - 59487 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UO77QVHyfv5pEEP06NPKN4dQg/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6349 1490725120.48 1490725120.86 376 192.168.1.116 - 59488 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0v8pT15fpQTjmpvJgcGv0KZvg6wjpElC/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6350 1490725311.44 1490725311.72 276 192.168.1.116 - 59489 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 6351 1490725315.86 1490725315.88 16 192.168.1.116 - 59492 195.113.232.73 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 299 259 0 0 230 235 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.238.1.Malicious 6352 1490725711.31 1490725711.68 374 192.168.1.116 - 59495 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8c02GmblCCAKYGAXOMR51H6KA54z1ho/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6353 1490725903.08 1490725903.52 432 192.168.1.116 - 59496 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZkRJnLFHN643P8xSIf9eFUellDCidBQ/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6354 1490726094.71 1490726095.08 368 192.168.1.116 - 59497 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6354 1490726095.34 1490726095.66 321 192.168.1.116 - 59497 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J9slidtr3KCUFbsJg/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6355 1490726287.03 1490726287.4 369 192.168.1.116 - 59498 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hFoElrAE9UhswR31rPQ/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6356 1490726478.69 1490726479.06 371 192.168.1.116 - 59499 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wYRQb63avMEOsFvem2/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6357 1490726670.43 1490726670.81 375 192.168.1.116 - 59500 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/24JUp7wg8DRnbaakXppnw3td4K76/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6358 1490726862.02 1490726862.36 340 192.168.1.116 - 59501 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nLRiRTsN3P37k97JKEFMl/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6359 1490727054.18 1490727054.61 433 192.168.1.116 - 59502 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pssemfe3K5neaAD6/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6360 1490727245.98 1490727246.36 380 192.168.1.116 - 59503 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w7u5qwB1SXuKwYfl4yX/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6361 1490727437.66 1490727438.04 378 192.168.1.116 - 59504 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uDgt5dRI2eibzcfkyxdyL3Ax/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6362 1490727629.32 1490727629.69 367 192.168.1.116 - 59505 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xr7AOaEM20P99KIh7DtwJWcuDukD/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6363 1490727820.96 1490727821.33 373 192.168.1.116 - 59506 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E7CUD9R7xfmrQJ0cbtOEQfIOyrpJsT/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6364 1490728012.64 1490728013.13 493 192.168.1.116 - 59507 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HuRislV5Zz7G8CuyneyzKVxWX9heYjZb/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6365 1490728204.38 1490728204.76 372 192.168.1.116 - 59508 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CdA0Ofrf6sb2VmNKXXis48dsovcP/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6366 1490728395.99 1490728396.33 339 192.168.1.116 - 59509 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JEtivt0MtWitmtOwNWwy82c5/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6367 1490728587.66 1490728588.03 368 192.168.1.116 - 59510 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8RuRAc2n4kiByCLpq27k0GQxmeG/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6368 1490728779.24 1490728780.24 994 192.168.1.116 - 59511 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 32029 0 31888 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6368 1490728787.73 1490728788.46 728 192.168.1.116 - 59511 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6368 1490728796.01 1490728796.4 388 192.168.1.116 - 59511 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sBRyxvnKjV9QDKjuGTArCDrRcdiuj/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6369 1490728987.78 1490728988.15 376 192.168.1.116 - 59512 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8zLoNGwmbd5FNCUYTG14V3GE1P66wIG/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6370 1490729179.33 1490729179.64 308 192.168.1.116 - 59513 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JYmrnKx1ADk7f3BjWnntFIBDcnjhT/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6371 1490729370.92 1490729371.26 336 192.168.1.116 - 59514 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dhprPBmaqqaT6Ws3NOrpG3BQqDX/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6372 1490729562.48 1490729562.81 322 192.168.1.116 - 59515 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6qePdYiOpgo7TC8FO/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6373 1490729754.08 1490729754.45 373 192.168.1.116 - 59516 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oLdOZ4wfYm83QDZ2GyAv/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6374 1490729946.75 1490729947.15 399 192.168.1.116 - 59517 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZQBN9onnggDFkeJ2c8O2Q7M6d/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6375 1490730144.66 1490730145.04 373 192.168.1.116 - 59518 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6376 1490730161.07 1490730161.42 344 192.168.1.116 - 59519 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6377 1490730177.51 1490730177.88 373 192.168.1.116 - 59520 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6378 1490730193.91 1490730194.25 334 192.168.1.116 - 59521 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WTgCMzxay7yIuasU3HSlYtKm9Y/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6379 1490730385.52 1490730385.86 339 192.168.1.116 - 59522 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cT4ql2QjcjNKJKxJCTEm01ZsyI/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6380 1490730577.16 1490730577.53 370 192.168.1.116 - 59523 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lL6lwqbLLtkc546T6f0c/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6381 1490730768.74 1490730769.08 338 192.168.1.116 - 59524 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bCwjO5FhBEYE7FyXN0BW/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6382 1490730960.36 1490730960.7 336 192.168.1.116 - 59525 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jU3GxnqfeiIXWXUcbmARMM/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6383 1490731151.91 1490731152.25 342 192.168.1.116 - 59526 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YJbKOooNtfXhblC7jYU/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6384 1490731343.51 1490731343.88 375 192.168.1.116 - 59527 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6384 1490731349.85 1490731350.2 349 192.168.1.116 - 59527 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kcMDiORoi2H1YkanJa09/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6385 1490731540.58 1490731540.65 71 192.168.1.116 - 59528 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6385 1490731540.89 1490731540.99 104 192.168.1.116 - 59528 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/8XSuocdtg3VxOSA1naht/ 322 510 0 367 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6385 1490731541.5 1490731541.57 71 192.168.1.116 - 59528 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/PMEENABGKEUVYAGVVW/1/ 225 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6386 1490731542.74 1490731542.84 105 192.168.1.116 - 59529 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6387 1490731544.01 1490731544.08 70 192.168.1.116 - 59530 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6388 1490731544.26 1490731544.37 110 192.168.1.116 - 59531 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6389 1490731545.55 1490731545.62 72 192.168.1.116 - 59532 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6389 1490731545.88 1490731545.96 79 192.168.1.116 - 59532 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fb82pnsCEocOP5vabY/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6390 1490731736.36 1490731736.44 80 192.168.1.116 - 59533 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cqyaT2UbBXibaznABCShtqyfYQ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6391 1490731926.82 1490731926.9 74 192.168.1.116 - 59534 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/trcNZ2Tf48c6Z9y5R92dKbMYK2hs/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6392 1490732117.32 1490732117.4 80 192.168.1.116 - 59535 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wjj3t1QcCKyzlDFTz2g7aLV6O3zX/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6393 1490732307.79 1490732307.86 76 192.168.1.116 - 59536 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EwfiyIoZAGuM58SlojBoXGVL7/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6394 1490732498.33 1490732498.41 73 192.168.1.116 - 59537 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D7pECcTHpwb3WRzdHICJTeP/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6395 1490732688.79 1490732688.86 71 192.168.1.116 - 59538 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i8a5xabi486jZ7wp13PjTD1aEbUDY/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6396 1490732879.25 1490732879.32 73 192.168.1.116 - 59539 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dRpq9wkZadFmXRpDokNt0fUDtuyF5ZdQ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6397 1490733069.72 1490733069.8 79 192.168.1.116 - 59540 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Yziy77iTkbGjNA0pTfCKcixl/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6398 1490733260.21 1490733260.29 72 192.168.1.116 - 59541 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oewf46oCmvgPEXkFbc2XAHl/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6399 1490733450.63 1490733450.72 89 192.168.1.116 - 59542 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q48Rs1vl84LiFBsQ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6400 1490733641.12 1490733641.2 77 192.168.1.116 - 59543 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YDBlHx7zMAuQx10p1YS2iBiUBQVSRm63/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6401 1490733831.57 1490733831.65 74 192.168.1.116 - 59544 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/plKEEcgK92Ta3zJxy/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6402 1490734022.02 1490734022.1 78 192.168.1.116 - 59545 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LuzwV36LvEYsJE5TwNGhJo/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6403 1490734212.52 1490734212.72 204 192.168.1.116 - 59546 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6403 1490734220.94 1490734221.08 132 192.168.1.116 - 59546 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6403 1490734228.95 1490734229.03 88 192.168.1.116 - 59546 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6XyRZ7uJMt1KDObmrdlFYzeL7QpjA/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6404 1490734419.41 1490734419.49 73 192.168.1.116 - 59547 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DGe8rLLCQxqkaUbcSE/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6405 1490734609.91 1490734610.0 87 192.168.1.116 - 59548 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SucEmgqAb57SKwN7tz98ZBOnWv6PGS/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6406 1490734800.41 1490734800.49 85 192.168.1.116 - 59549 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JZS9mekcpZQqCjsJ7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6407 1490734990.9 1490734990.98 82 192.168.1.116 - 59550 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n9BU8QRmLIMMmwhMHSOxm/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6408 1490735181.38 1490735181.45 72 192.168.1.116 - 59551 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LknaiIv3LQTJFTCLZhSR2g18Lqw/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6409 1490735371.89 1490735371.98 95 192.168.1.116 - 59552 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kxjceYxpslVUflXKrysscW72wPM/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6410 1490735563.76 1490735563.87 109 192.168.1.116 - 59553 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6411 1490735564.04 1490735564.12 74 192.168.1.116 - 59554 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xsw1zznrzsa1MckuI4eXsvkdVf21Uu/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6412 1490735754.49 1490735754.56 77 192.168.1.116 - 59555 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KLNnqZHtnw9Jf1DXGIyp/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6413 1490735944.97 1490735945.04 75 192.168.1.116 - 59556 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/44ufiqDVx7ciyEh0JWqFlLh/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6414 1490736135.42 1490736135.49 73 192.168.1.116 - 59557 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/78WPcAhY1cWjrfgJ1LoJjEhSSf/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6415 1490736325.86 1490736325.93 74 192.168.1.116 - 59558 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6vtpMAuJiLd0CEn6EHHxRm6qHpVh1D7/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6416 1490736516.32 1490736516.39 74 192.168.1.116 - 59559 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s5GDxEz8bG0uZDEvDY6UEm/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6417 1490736706.8 1490736706.87 75 192.168.1.116 - 59560 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1piI5KrGl5EGgzslL609PER0lnTjZ/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6418 1490736897.28 1490736897.35 71 192.168.1.116 - 59561 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4NllbXXI9vLsaKWlif/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6419 1490737087.75 1490737087.82 68 192.168.1.116 - 59562 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6419 1490737088.07 1490737088.16 89 192.168.1.116 - 59562 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AMXGKEImAO3pbCVPPu5MZjK/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6420 1490737278.55 1490737278.63 76 192.168.1.116 - 59563 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I9YTGAmShWKUGG1i71i3eKMwwbxP3Eo/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6421 1490737469.14 1490737469.21 72 192.168.1.116 - 59564 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DITydbGOXcQzJ0htOr32uqzPg/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6422 1490737659.59 1490737659.66 71 192.168.1.116 - 59565 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nnu0BrKKdQJyQRiYld0g/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6423 1490737850.06 1490737850.14 74 192.168.1.116 - 59566 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iWRlsfY4VLJMYq9GC1IbE1HPDUoyXf/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6424 1490738041.72 1490738041.82 105 192.168.1.116 - 59567 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pSDnmv36EL9IlrPZSUmmAcpoOLB/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6425 1490738232.25 1490738232.33 79 192.168.1.116 - 59568 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Yw6XUNoZHC80gzaS87ZVb/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6426 1490738422.73 1490738422.8 70 192.168.1.116 - 59569 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GUvQlE5MJbAsPF3jFzFQMW7R/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6427 1490738613.18 1490738613.26 74 192.168.1.116 - 59570 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EpNg45plfFlBVBEVyJVCMffeqt21q/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6428 1490738803.67 1490738803.75 78 192.168.1.116 - 59571 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h89yxSfLij8iONQuwXtEGrB1olV/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6429 1490738994.13 1490738994.21 80 192.168.1.116 - 59572 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ANsMAIkOr3UnkCqjJWd2No/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6430 1490739184.61 1490739184.68 75 192.168.1.116 - 59573 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wiksGlySX8WwelfiIIz7Mht/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6431 1490739375.1 1490739375.18 82 192.168.1.116 - 59574 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vi9YktQNhBYP71qhJ1SAslOo1/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6432 1490739565.99 1490739566.06 75 192.168.1.116 - 59575 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fS0LARhyiWPI2P4ftZHaz/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6433 1490739756.71 1490739756.86 149 192.168.1.116 - 59576 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6433 1490739765.25 1490739765.36 114 192.168.1.116 - 59576 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6433 1490739774.02 1490739774.11 87 192.168.1.116 - 59576 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mwy2XsVDvGYnp74iZ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6434 1490739964.55 1490739964.63 82 192.168.1.116 - 59577 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1qclm1wMAUSDSqfzmqYfhUPHhH/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6435 1490740155.07 1490740155.14 73 192.168.1.116 - 59578 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F7oZual7b4TsRgb7A0Uka9QSHlj/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6436 1490740345.54 1490740345.61 74 192.168.1.116 - 59579 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EUP39YzRFTx15xZ0gBcMbv/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6437 1490740536.04 1490740536.11 73 192.168.1.116 - 59580 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VFbHnCSqg2ml9FIjFfTB/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6438 1490740726.51 1490740726.6 86 192.168.1.116 - 59581 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g4a6DY3AhEuBrhtnUoSfT/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6439 1490740917.0 1490740917.1 95 192.168.1.116 - 59582 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tQ2woQSP8AWITSuBwdlA7vZ1hFFY/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6440 1490741107.5 1490741107.58 75 192.168.1.116 - 59583 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ebpFWZt8Kiay4jnOh2vF2gmJlu848h/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6441 1490741297.99 1490741298.06 75 192.168.1.116 - 59584 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dDqMnn2LqCKroD3TEJ9gq/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6442 1490741488.45 1490741488.53 82 192.168.1.116 - 59585 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rrheEdqc4gPJPSPBfBk8cagXI1XiB/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6443 1490741678.9 1490741678.98 78 192.168.1.116 - 59586 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7qpyjsh7KuFQApPWtKj8O96c/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6444 1490741869.39 1490741869.47 77 192.168.1.116 - 59587 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7qNciqYORDSX9oFjQ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6445 1490742059.84 1490742059.92 81 192.168.1.116 - 59588 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IWxC1bxAd3gFqefBmQ/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6446 1490742250.31 1490742250.38 67 192.168.1.116 - 59589 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6446 1490742256.34 1490742256.43 91 192.168.1.116 - 59589 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/czHfd3rh995IwfPA3A6y6uEfX/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6447 1490742446.85 1490742446.92 73 192.168.1.116 - 59590 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vB1qU1lmF0RH0Ngcms6pKM5GQOJOAdU/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6448 1490742637.3 1490742637.37 72 192.168.1.116 - 59591 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6448 1490742637.62 1490742637.7 85 192.168.1.116 - 59591 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qDYSmFYcoMuTzypu1ohtXtP/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6449 1490742828.08 1490742828.15 73 192.168.1.116 - 59592 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rvr2SqYaa7tcz6zH1/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6450 1490743018.52 1490743018.6 74 192.168.1.116 - 59593 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DCWVvWZQT6eP9nYMdPnHZBm/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6451 1490743208.99 1490743209.07 78 192.168.1.116 - 59594 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/s5FrsK2NhX4svsrQ8PDnmL0OMkwgth/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6452 1490743399.42 1490743399.5 71 192.168.1.116 - 59595 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jWKGciXJ4Y9K5uBuOYm2cFNwVHr2/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6453 1490743589.87 1490743589.94 70 192.168.1.116 - 59596 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PCU66jXOOkMa7YMd0FJBrz/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6454 1490743780.35 1490743780.44 93 192.168.1.116 - 59597 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TxrCMMU3OvoDZYYwnIUF/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6455 1490743970.85 1490743970.93 74 192.168.1.116 - 59598 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zA0ZF6kvrm4SFLbzIjEkjNG72/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6456 1490744161.3 1490744161.37 74 192.168.1.116 - 59599 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7xFtAFuHTOeoTRWDe7t6B8Q8DfZJxU/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6457 1490744351.78 1490744351.85 75 192.168.1.116 - 59600 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N5v1mqOs8nhdDnOcIg9BwuIMYQSZi7jm/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6458 1490744542.26 1490744542.34 76 192.168.1.116 - 59601 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fsrYcM3no1fA8CWuh/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6459 1490744738.78 1490744738.86 79 192.168.1.116 - 59602 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6460 1490744754.05 1490744754.12 72 192.168.1.116 - 59603 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6461 1490744769.33 1490744769.4 74 192.168.1.116 - 59604 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6462 1490744784.61 1490744784.69 76 192.168.1.116 - 59605 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PEpGv8mFRgituG8Y07PSUj921L/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6463 1490744975.08 1490744975.16 85 192.168.1.116 - 59606 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5jkx9nNGWN6Dmvkc1GJpdX7KCQs/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6464 1490745165.54 1490745165.76 219 192.168.1.116 - 59607 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6464 1490745174.37 1490745174.69 318 192.168.1.116 - 59607 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6464 1490745182.27 1490745182.37 97 192.168.1.116 - 59607 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7tSBs1eLkE5PTMdg6AD/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6465 1490745372.75 1490745372.82 70 192.168.1.116 - 59608 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dynnp0aKKCMNCM5x9Fg/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6466 1490745563.23 1490745563.31 80 192.168.1.116 - 59609 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/STI9wOC7LZocFrQbANMSLZy6M/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6467 1490745753.72 1490745753.8 75 192.168.1.116 - 59610 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EL0i8bFd5i70d8jP08/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6468 1490745944.16 1490745944.23 71 192.168.1.116 - 59611 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3jPcqJUIed906tZifEFen6sgBdK/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6469 1490746134.6 1490746134.67 70 192.168.1.116 - 59612 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ygKiqWYtYkgcdM9JqNI4wm3y6qJssSRJ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6470 1490746325.06 1490746325.13 71 192.168.1.116 - 59613 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cWeSBPOHpYKgmsEBQvOgmBIUfRvvcBs/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6471 1490746515.51 1490746515.58 69 192.168.1.116 - 59614 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Wm9cGyJZfTPR96SZ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6472 1490746705.94 1490746706.01 72 192.168.1.116 - 59615 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GTbqvR4NZcifRruu3VvTnf8FBOwOizH/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6473 1490746896.42 1490746896.49 74 192.168.1.116 - 59616 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Nfok50fcIj3K7Zoma4W90/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6474 1490747086.92 1490747087.0 75 192.168.1.116 - 59617 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mu9mj4AWAXhnst7sHy7Xe2DfgwzjvE/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6475 1490747277.42 1490747277.49 78 192.168.1.116 - 59618 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nPPJBIOW5suUHqnygBNjrjGJVVeeJeL/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6476 1490747467.86 1490747467.94 71 192.168.1.116 - 59619 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/L4uH6X9rxCLKwAAlJkCn1x94lRXqFfl/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6477 1490747658.31 1490747658.38 72 192.168.1.116 - 59620 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pQwc9MrQAAOchII8x8diqvXDqqb9v/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6478 1490747848.76 1490747848.83 72 192.168.1.116 - 59621 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qUYAveQ77xVz2cU8hJVgpjgiL/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6479 1490748039.2 1490748039.27 68 192.168.1.116 - 59622 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6479 1490748039.53 1490748039.61 79 192.168.1.116 - 59622 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X0YKShksuFHQIaPTTA7QFJAmux/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6480 1490748229.99 1490748230.07 76 192.168.1.116 - 59623 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vowkd3E9xlBzHze7klGvVNtt21/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6481 1490748420.48 1490748420.56 75 192.168.1.116 - 59624 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PbCX61WdMhi8hljBcr/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6482 1490748611.09 1490748612.16 1071 192.168.1.116 - 59625 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7rd4hjxe6RyDXQwUP9m8Q5L6vd/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6483 1490748802.53 1490748802.61 77 192.168.1.116 - 59626 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ahmDDJATi3P9QSzC/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6484 1490748993.02 1490748993.4 372 192.168.1.116 - 59627 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7MwQMZF6kiBweWcMCc/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6485 1490749183.77 1490749183.85 79 192.168.1.116 - 59628 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/abY2VXXZUL0VDVpRi/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6486 1490749374.26 1490749374.34 76 192.168.1.116 - 59629 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ou6Y310ZeHxChHQA8y/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6487 1490749564.71 1490749564.79 72 192.168.1.116 - 59630 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r7H8O73GkOMbIv8hILIAi2qWGZPJtm/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6488 1490749755.19 1490749755.27 80 192.168.1.116 - 59631 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tEc4F4eyir1pSdZ9HxEWr/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6489 1490749945.66 1490749945.74 73 192.168.1.116 - 59632 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qp6uCbNV58GtwGr2/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6490 1490750136.1 1490750136.18 74 192.168.1.116 - 59633 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EHuE3FE2b3XPQalV/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6491 1490750326.56 1490750326.64 74 192.168.1.116 - 59634 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6h3dLwGcIcRQyHxf/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6492 1490750517.2 1490750517.28 74 192.168.1.116 - 59635 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wRswe90Z1RryY6d7E1z1vn2T8yDF/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6493 1490750709.25 1490750709.87 610 192.168.1.116 - 59636 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6493 1490750710.1 1490750710.81 713 192.168.1.116 - 59636 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/gG6oMC64hNnaQDqPiZlEqdY6Cr37/ 331 518 0 375 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6493 1490750711.23 1490750713.45 2227 192.168.1.116 - 59636 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6493 1490750716.71 1490750718.44 1731 192.168.1.116 - 59636 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6493 1490750720.55 1490750721.12 571 192.168.1.116 - 59636 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QHHOMZEFCRUALNN/1/ 223 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6494 1490750722.95 1490750723.59 635 192.168.1.116 - 59637 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6495 1490750726.4 1490750727.01 605 192.168.1.116 - 59638 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6496 1490750728.77 1490750729.38 609 192.168.1.116 - 59639 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6497 1490750731.18 1490750731.8 618 192.168.1.116 - 59640 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eUSbIuuOjs9E8LGC/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6498 1490750923.77 1490750924.39 617 192.168.1.116 - 59641 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5PwnhTpJ8rsewz0ManaVylqb8QXk7F7/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6499 1490751116.51 1490751117.12 608 192.168.1.116 - 59642 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZWTO1N7HTIybBBW8FDt00qyrbtEr31/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6500 1490751309.11 1490751309.72 612 192.168.1.116 - 59643 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0WZXI2wabRjLOqu0BQ7wq9/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6501 1490751501.72 1490751502.32 605 192.168.1.116 - 59644 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ugsQlgxgYYLYGhSCoCMM08cDvmR3fH/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6502 1490751694.36 1490751694.97 606 192.168.1.116 - 59645 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R8HxZAIuEUTLbQVB4gZyYWmuaZg6F/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6503 1490751887.01 1490751887.61 603 192.168.1.116 - 59646 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q7Gwst13Sd6C3oypOLoQd/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6504 1490752079.58 1490752080.22 636 192.168.1.116 - 59647 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H3Smq2CBVlM8ySAX27l50/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6505 1490752272.27 1490752272.89 619 192.168.1.116 - 59648 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/305MHCA4v7gJe2hm7NpTsCRAtr/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6506 1490752464.87 1490752465.44 568 192.168.1.116 - 59649 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8VOgxJ6UVMogVuPY/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6507 1490752657.41 1490752657.98 570 192.168.1.116 - 59650 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YDH3GMpvFsTLrepuHwe/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6508 1490752850.04 1490752850.64 605 192.168.1.116 - 59651 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fFOKctMv7zlK8U6yzHIzYX/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6509 1490753042.69 1490753043.3 605 192.168.1.116 - 59652 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6JiuuwGOUR15RJp2M6MPvdIYQ7B43/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6510 1490753235.27 1490753235.88 616 192.168.1.116 - 59653 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6510 1490753241.84 1490753242.46 618 192.168.1.116 - 59653 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vD1bk8mT1zrfM5DWuAgiySgYtX3I/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6511 1490753434.44 1490753435.08 634 192.168.1.116 - 59654 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2hYQta11HDury7PN0LZZYQZV0e/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6512 1490753627.07 1490753628.84 1774 192.168.1.116 - 59655 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6512 1490753629.1 1490753629.74 636 192.168.1.116 - 59655 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NvqLVgBvrPtn3A3ZQ/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6513 1490753821.7 1490753822.31 607 192.168.1.116 - 59656 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iCRVjEtGpBpGPi7LJgWesvSjVHr9B/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6514 1490754014.31 1490754014.88 571 192.168.1.116 - 59657 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q7oGpdD6z0pYvCtCWArozKMplH879J0/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6515 1490754206.81 1490754207.44 632 192.168.1.116 - 59658 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9TzilDYJR7jg3CkfvUJN5/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6516 1490754399.46 1490754400.07 607 192.168.1.116 - 59659 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fm9hTG86SjGzzPg5IoyhN2/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6517 1490754592.07 1490754592.68 607 192.168.1.116 - 59660 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DlUsJqWzYrcd2af1VaXpJumQH/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6518 1490754784.71 1490754785.33 616 192.168.1.116 - 59661 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sviW5CNkod1wxmcbUv/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6519 1490754977.33 1490754977.96 630 192.168.1.116 - 59662 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sLRC0uj3bGLPbyPWgqWtd/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6520 1490755169.94 1490755170.56 618 192.168.1.116 - 59663 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dNtLWsfGzQUn2zwuTAJoEH7RgOE/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6521 1490755362.61 1490755363.21 604 192.168.1.116 - 59664 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zfthXXrshQL7yWV2KKdILU6Ooo0/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6522 1490755555.26 1490755555.86 606 192.168.1.116 - 59665 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IQOZbh6MhYnoo03ziVl7Mny/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6523 1490755747.85 1490755748.46 612 192.168.1.116 - 59666 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HmMxm2EpPBAbMdOAgP0MkXk4F/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6524 1490755940.43 1490755941.04 607 192.168.1.116 - 59667 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xZZ8tESCH1kgH7P6PUjJWZF/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6525 1490756133.01 1490756134.69 1677 192.168.1.116 - 59668 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6525 1490756142.85 1490756144.02 1165 192.168.1.116 - 59668 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6525 1490756151.8 1490756152.43 638 192.168.1.116 - 59668 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E0dMS2JMGv44pI4N9rXPyGksRIRdbIBp/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6526 1490756625.64 1490756626.11 471 192.168.1.116 - 59675 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6527 1490756627.2 1490756627.44 238 192.168.1.116 - 59676 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 6526 1490756627.64 1490756628.15 507 192.168.1.116 - 59675 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/yWMrt6tEoHDvp4Gm2ARw5T/ 324 512 0 369 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6526 1490756628.52 1490756629.02 491 192.168.1.116 - 59675 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/QLIVHCSUFTHB/1/ 219 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6528 1490756631.42 1490756631.93 506 192.168.1.116 - 59677 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6529 1490756634.31 1490756634.78 468 192.168.1.116 - 59678 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6530 1490756637.04 1490756637.56 522 192.168.1.116 - 59679 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6531 1490756639.85 1490756640.33 478 192.168.1.116 - 59680 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oPaTLnWIZ6L87JDMee1fWqapuacJsdyG/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6532 1490756831.98 1490756833.68 1705 192.168.1.116 - 59681 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GEgTRN6aC5RU7ysQ0g6Jq72mlxC0qWk/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6533 1490757027.57 1490757028.04 475 192.168.1.116 - 59682 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nBlKEplMTTIqsrQ67Y/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6534 1490757222.24 1490757222.71 471 192.168.1.116 - 59683 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3QPiSdK34B5lIlfT/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6535 1490757414.33 1490757414.8 471 192.168.1.116 - 59684 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/If63XH0GMEH1dUq5aQA3olrm4Lq3a/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6536 1490757606.48 1490757606.96 475 192.168.1.116 - 59685 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kM9VTIfrCbFdBxkQ4xKOFfBuM3/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6537 1490757799.46 1490757799.93 469 192.168.1.116 - 59686 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M16oVLfhFDejbEq5XUhM/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6538 1490757991.53 1490757992.01 472 192.168.1.116 - 59687 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/USTQorDSX1SxLvdr/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6539 1490758184.53 1490758185.9 1370 192.168.1.116 - 59688 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vj8B9K0iDLiwQxMv1kQl8UDB1LqNwPGE/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6540 1490758377.53 1490758379.27 1735 192.168.1.116 - 59689 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PlGma95epmtID5aKJe/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6541 1490758570.94 1490758571.64 699 192.168.1.116 - 59690 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SH1H2b1gX5xrEoYNyrCzoo8gwRm/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6542 1490758763.31 1490758763.84 533 192.168.1.116 - 59691 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jf9miVKgMgrt3JCu0vjt7bNrUP4ft3/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6543 1490758956.35 1490758956.83 482 192.168.1.116 - 59692 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/upirCn9APsszZnIL/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6544 1490759149.4 1490759149.92 519 192.168.1.116 - 59693 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6544 1490759150.18 1490759150.67 485 192.168.1.116 - 59693 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tyUKpxWKx45SXJpHAkPA1Mz51b8PUqN/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6545 1490759349.37 1490759349.88 513 192.168.1.116 - 59694 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6546 1490759366.32 1490759367.77 1448 192.168.1.116 - 59695 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6547 1490759384.18 1490759384.65 468 192.168.1.116 - 59696 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6548 1490759401.95 1490759403.33 1377 192.168.1.116 - 59697 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pX4rpdjpl0GjIAS1ihpUszP/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6549 1490759594.99 1490759595.46 471 192.168.1.116 - 59698 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1F5a9EWObh8HO9LRLgQnEakW4/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6550 1490759787.11 1490759787.59 481 192.168.1.116 - 59699 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JOozlJ0zgypb9sRlFIO37bH/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6551 1490759980.09 1490759980.57 484 192.168.1.116 - 59700 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mqFevjMVzV81eV3AN8rE/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6552 1490760175.88 1490760176.36 481 192.168.1.116 - 59701 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KoyHtVQybnVqNGU5LfVf4oUaHFIM/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6553 1490760367.95 1490760368.42 473 192.168.1.116 - 59702 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ipFaqUyaQwR0I8zyluTpkbx/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6554 1490760561.07 1490760561.55 472 192.168.1.116 - 59703 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CMb6nDg5JmehwnpMgx9fN/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6555 1490760755.05 1490760755.53 478 192.168.1.116 - 59704 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NjdMtPZTJaaLMDBh81Uct4drEkNREBK/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6556 1490760947.12 1490760947.6 480 192.168.1.116 - 59705 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YiCQC2pl16mD3ZXOv2/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6557 1490761140.25 1490761141.62 1370 192.168.1.116 - 59706 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ReljSNny2wvgGn2JpuUrSCf/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6558 1490761334.19 1490761336.03 1838 192.168.1.116 - 59707 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SxSGqXGU48CBIHYw07/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6559 1490761527.64 1490761528.11 469 192.168.1.116 - 59708 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8CqJBPVnFRlbu6yNPTqrmSC0fU/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6560 1490761721.18 1490761723.04 1860 192.168.1.116 - 59709 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6560 1490761731.39 1490761732.37 984 192.168.1.116 - 59709 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6560 1490761739.69 1490761740.16 474 192.168.1.116 - 59709 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sArNGiVBBQrPtSo3fvF5kpu5c2/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6561 1490761931.84 1490761932.31 471 192.168.1.116 - 59710 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dwYU9vjtzniiqQvPqnFNM17INswZ5gR2/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6562 1490762124.87 1490762129.12 4251 192.168.1.116 - 59711 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/adzfFJJyzqibw9rZT2AUtcBI/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6563 1490762320.75 1490762321.26 508 192.168.1.116 - 59712 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RXilW1DpplsKd8U2bgWlmvii96n/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6564 1490762515.34 1490762515.84 508 192.168.1.116 - 59713 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ft3vx5kkCI8XmcXvvHmlC2/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6565 1490762707.57 1490762708.09 512 192.168.1.116 - 59714 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hRi1vzKTdTKyPMEHNND1a/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6566 1490762900.77 1490762901.31 537 192.168.1.116 - 59715 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1MiQgI2erSNLosYNBe/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6567 1490763093.83 1490763096.84 3010 192.168.1.116 - 59716 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JNZuH9sg1aaV8fs7Ng4JlwWmgkp7/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6568 1490763288.5 1490763290.27 1768 192.168.1.116 - 59717 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BLLvMQe9GtbZBBpdxWR36K52JJi/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6569 1490763481.94 1490763484.97 3023 192.168.1.116 - 59718 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V2kb6uUa6rx8ffoVB/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6570 1490763676.56 1490763677.04 472 192.168.1.116 - 59719 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kxxAmlBsTHBLpWWK6oOe/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6571 1490763871.66 1490763872.19 532 192.168.1.116 - 59720 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7Iki8BPPJmay5W1an9iBaw0Z0B/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6572 1490764063.82 1490764064.33 518 192.168.1.116 - 59721 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6572 1490764070.29 1490764070.78 486 192.168.1.116 - 59721 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ASTGj4Drq2hWJECVLm6OnPSaepdnuEza/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6573 1490764262.37 1490764262.85 482 192.168.1.116 - 59722 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sBSLhssnKDTsaKWPRtL2184VHOary/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6574 1490764457.03 1490764457.54 511 192.168.1.116 - 59723 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6575 1490764463.4 1490764464.74 1340 192.168.1.116 - 59724 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HA2dIAc5mki0TaWtoRY13ceTARXwQkq/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6576 1490764657.41 1490764657.89 483 192.168.1.116 - 59725 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6576 1490764658.15 1490764659.53 1378 192.168.1.116 - 59725 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/flcHK6wCXcjBPclcF3hA9ug/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6577 1490764851.12 1490764851.59 475 192.168.1.116 - 59726 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g2hYJ1BTWRBt43Xb5/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6578 1490765050.47 1490765050.94 469 192.168.1.116 - 59727 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/92Gz2ywaels1nrMkHX2zeTc/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6579 1490765242.58 1490765243.06 476 192.168.1.116 - 59728 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0mVJ5c2G6CJdlCNhuf3JV04GxfK84/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6580 1490765440.98 1490765441.45 469 192.168.1.116 - 59729 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k6NPvZBaW7ZqqTp8eAroPYEH1SAIiEPs/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6581 1490765633.11 1490765633.59 472 192.168.1.116 - 59730 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3oB96ybPLQ30VoP8/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6582 1490765829.53 1490765830.0 468 192.168.1.116 - 59731 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jBE7ORgAes36jxBZibMujUiuHYyRE/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6583 1490766021.63 1490766022.1 468 192.168.1.116 - 59732 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/q2akD2YRf2ymlHAtZcofE4/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6584 1490766218.33 1490766219.71 1378 192.168.1.116 - 59733 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uhjdTL5md0tFU1SKarg2z8/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6585 1490766411.31 1490766411.79 481 192.168.1.116 - 59734 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OB64bKPo3EJWo19ui55yzQihw/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6586 1490766607.17 1490766607.64 470 192.168.1.116 - 59735 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nX4PzfC6ag0cU21djURtQ0q/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6587 1490766799.25 1490766799.72 470 192.168.1.116 - 59736 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CyI3sE7ajTdU1ZRB0/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6588 1490766991.54 1490766992.01 468 192.168.1.116 - 59737 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/f4UEG0mAUod644hT4w2dmmeE5lSC/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6589 1490767188.92 1490767192.41 3486 192.168.1.116 - 59738 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6589 1490767200.38 1490767202.81 2432 192.168.1.116 - 59738 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6589 1490767209.8 1490767210.32 529 192.168.1.116 - 59738 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JLFu3kFGoWh84Ghg9NIzQfPuFLU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6590 1490767403.97 1490767404.45 481 192.168.1.116 - 59739 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aQqvMkJB3vz2mbiLVDs/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6591 1490767596.09 1490767597.5 1408 192.168.1.116 - 59740 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lbaktsRb2DiGlxjgkhxlyaN7VqHc/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6592 1490767792.32 1490767794.02 1707 192.168.1.116 - 59741 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ktd6Y7fBVLlgnUl7nhQwMUqDVfs1GWF2/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6593 1490767985.62 1490767986.09 473 192.168.1.116 - 59742 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ALsEwh6NG5AFSPXQIis7i9rXvrmD4/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6594 1490768178.58 1490768181.52 2942 192.168.1.116 - 59743 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/raqV9V8GXQcVsYDOWTFL/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6595 1490768373.26 1490768373.74 482 192.168.1.116 - 59744 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HVnAAMK7oYrdyLYQWID26275YRvCA/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6596 1490768566.21 1490768566.7 482 192.168.1.116 - 59745 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IzOeMzO4mC4AiWUK3Zo/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6597 1490768758.31 1490768758.79 478 192.168.1.116 - 59746 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NGUSmRtoZNFKFuQYsKoNMfKZ1Qf/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6598 1490768950.39 1490768950.86 468 192.168.1.116 - 59747 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HpEPU5E7TU3zuyXnbYa5Mp7rSUCRMKB/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6599 1490769142.48 1490769144.19 1706 192.168.1.116 - 59748 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iPN8mw1TzApDT21wulU7jI5LB58VF/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6600 1490769335.81 1490769336.29 473 192.168.1.116 - 59749 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E3aIoowxhDhJsgDngM1H0ZQ9WxGg/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6601 1490769527.96 1490769528.5 542 192.168.1.116 - 59750 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V4l58GRq85s6Olde6a6axtkttG/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6602 1490769722.31 1490769722.79 480 192.168.1.116 - 59751 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LajzqeH1A6rC4lI6hjVGRkQvtK/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6603 1490769915.36 1490769915.84 474 192.168.1.116 - 59752 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AhU3v4sFXCDh9tDgGVua92HUhNucONu/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6604 1490770107.45 1490770108.83 1375 192.168.1.116 - 59753 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6604 1490770109.07 1490770109.56 490 192.168.1.116 - 59753 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MCSTNzP3JF3lhRVTpB626p1PvoOlH/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6605 1490770302.19 1490770303.89 1708 192.168.1.116 - 59754 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0ddEJh80ZCaba2ik37EzH/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6606 1490770500.85 1490770501.4 551 192.168.1.116 - 59755 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/87dtOm8b8kbmR4cs6E8UG/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6607 1490770696.08 1490770696.55 469 192.168.1.116 - 59756 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0Pqhb10lXIdeaXKe4Mf7n/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6608 1490770891.46 1490770891.93 472 192.168.1.116 - 59757 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DwLinkWIn5JwsySzonYssiej/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6609 1490771084.51 1490771084.98 469 192.168.1.116 - 59758 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0gFHlMQElsij3n6wpQ4CcyRUet/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6610 1490771277.52 1490771277.99 468 192.168.1.116 - 59759 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8afzL7JQmlJixASmT7/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6611 1490771471.81 1490771472.3 488 192.168.1.116 - 59760 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wf8bZgfEOA1y9Exfts/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6612 1490771664.92 1490771665.4 479 192.168.1.116 - 59761 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Aj2al3fxi4bvvPnLXVB6PtlLeCTzn6R/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6613 1490771858.35 1490771859.96 1612 192.168.1.116 - 59762 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vTyiwlPBibgI4EqRIHcMn8RkfVE/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6614 1490772051.6 1490772052.08 472 192.168.1.116 - 59763 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rpOX3CU2mmS4Njn6kf5AN9OpuJb4/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6615 1490772244.58 1490772245.08 504 192.168.1.116 - 59764 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KrNmuvHUoTRlAtZ1c58Aa7x4fQqJFUL5/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6616 1490772436.7 1490772437.17 472 192.168.1.116 - 59765 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BqeFVb03Oj7UXHqG96/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6617 1490772628.9 1490772630.83 1932 192.168.1.116 - 59766 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6617 1490772639.28 1490772640.29 1004 192.168.1.116 - 59766 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6617 1490772647.84 1490772648.37 523 192.168.1.116 - 59766 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4v8VuqUEkbVpvkAEsaOVACqVuFKEHRE/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6618 1490772840.12 1490772840.63 514 192.168.1.116 - 59767 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kzP09JMaH1Jr76V6mEAe/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6619 1490773034.41 1490773054.51 20101 192.168.1.116 - 59768 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uzUYCL0zfmbWXPiDcPs/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6620 1490773247.03 1490773250.0 2972 192.168.1.116 - 59769 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bQoquJeazAZEmhPgoZAbh2nA/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6621 1490773442.67 1490773444.04 1372 192.168.1.116 - 59770 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uOSlE0C20Njs4xc0XT/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6622 1490773635.66 1490773637.39 1728 192.168.1.116 - 59771 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nzEZsjaE0kL2Ww85HM/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6623 1490773852.32 1490773852.79 469 192.168.1.116 - 59772 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6624 1490773869.22 1490773870.94 1721 192.168.1.116 - 59773 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6625 1490773888.76 1490773889.26 507 192.168.1.116 - 59774 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6626 1490773906.54 1490773907.03 482 192.168.1.116 - 59775 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0OG2oo2iC5hrrYOrq/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6627 1490774110.45 1490774110.92 472 192.168.1.116 - 59776 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nihC4NV4EEzmXaCEibHx6YP/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6628 1490774304.84 1490774305.36 516 192.168.1.116 - 59777 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QFkKHwCQNHwkykLJHea/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6629 1490774497.94 1490774498.48 534 192.168.1.116 - 59778 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rnZNYjRABYR3xhKwrn/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6630 1490774691.03 1490774691.5 471 192.168.1.116 - 59779 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3zdSbNyhgo5k0vcfOIie/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6631 1490774883.12 1490774883.64 515 192.168.1.116 - 59780 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6631 1490774889.61 1490774890.1 495 192.168.1.116 - 59780 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7oNoxIQTOM4Gsk6YFjkRLTYacdq/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6632 1490775081.74 1490775082.22 480 192.168.1.116 - 59781 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wefiHBsSTMYkr60R/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6633 1490775278.94 1490775280.38 1433 192.168.1.116 - 59782 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vyPp8UWmvUd3rRFeIgP/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6634 1490775472.04 1490775472.51 471 192.168.1.116 - 59783 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/o240wr5HlmdTOrSaenZg/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6635 1490775665.15 1490775665.66 511 192.168.1.116 - 59784 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6635 1490775665.91 1490775666.39 479 192.168.1.116 - 59784 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UXa5HjuUDS5LNjoIVRIgSCVO2fdFp/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6636 1490775858.98 1490775859.53 548 192.168.1.116 - 59785 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/juPsCUo0IEov1N3s7gT/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6637 1490776051.17 1490776056.59 5415 192.168.1.116 - 59786 36.66.107.162 443 https://36.66.107.162/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eYTt4z9K8fiTBC3Y4CDKjBTdL1iV/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6638 1490776248.03 1490776248.45 413 192.168.1.116 - 59787 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6638 1490776248.81 1490776249.31 501 192.168.1.116 - 59787 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/LshmAq0sJbFD5pp6IxvPMB/ 325 512 0 369 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6638 1490776250.76 1490776251.21 446 192.168.1.116 - 59787 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/OFTTEOYAFSGA/1/ 220 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6639 1490776252.44 1490776252.85 405 192.168.1.116 - 59788 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6640 1490776254.45 1490776254.85 404 192.168.1.116 - 59789 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6641 1490776256.69 1490776257.1 408 192.168.1.116 - 59790 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6642 1490776258.48 1490776258.89 413 192.168.1.116 - 59791 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FNKM9K3LcKeCyR8pY4/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6643 1490776450.28 1490776450.71 432 192.168.1.116 - 59792 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JHEe6h0jATtiLL05tGUn5d/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6644 1490776642.08 1490776642.49 407 192.168.1.116 - 59793 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gtJUKDu80M9AExQpI9rFG/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6645 1490776833.88 1490776834.3 417 192.168.1.116 - 59794 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MbAEE0WNchTFQTXG/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6646 1490777025.63 1490777026.09 460 192.168.1.116 - 59795 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b1jsbpaz7673limMbq5NsLyvsMpI5i3/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6647 1490777217.49 1490777217.9 418 192.168.1.116 - 59796 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KBOC7R6g628auA5noSil9dL/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6648 1490777409.25 1490777409.62 375 192.168.1.116 - 59797 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nFcVe9wd1WFtpJKgsvf8HZHWJok1W3eH/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6649 1490777600.99 1490777601.42 434 192.168.1.116 - 59798 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V4KUOSRAfCTOzn3KidX2Z0j/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6650 1490777792.76 1490777793.12 366 192.168.1.116 - 59799 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FoQE2Fzk18e4Doqcga3dnfIEIwF/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6651 1490777984.46 1490777984.89 432 192.168.1.116 - 59800 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Za5jbxSZGFIGkd0tg/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6652 1490778176.29 1490778177.41 1123 192.168.1.116 - 59801 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6652 1490778185.33 1490778186.1 768 192.168.1.116 - 59801 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6652 1490778193.69 1490778194.12 436 192.168.1.116 - 59801 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y3h9IBt9gkz3BKl3nDY1g3MXi4Fe/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6653 1490778385.53 1490778385.94 407 192.168.1.116 - 59802 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/enlcXkjJ8YyN3X5pNh6LvcwsHIyT1t/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6654 1490778577.34 1490778577.75 406 192.168.1.116 - 59803 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jy6qd4Etw9IMVxxphXjgxkGb0AHzu/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6655 1490778769.15 1490778769.57 418 192.168.1.116 - 59804 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FofuBx5dHrb81bugrh/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6656 1490778961.0 1490778961.41 410 192.168.1.116 - 59805 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Co4n96Kmkt6khY3l/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6657 1490779152.8 1490779153.2 404 192.168.1.116 - 59806 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rIoky0ljwrCrjpZ13UuheXT/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6658 1490779344.56 1490779344.99 436 192.168.1.116 - 59807 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/P83p4rMcbWVwqP2KshqG2SJvo1g/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6659 1490779536.57 1490779536.98 410 192.168.1.116 - 59808 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wqwqGLjITLwi7CjFOf2APX9dgSgb/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6660 1490779728.39 1490779729.5 1107 192.168.1.116 - 59809 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dmIRT7m7rS4QiTBogoF3bUAIjlCXrF0K/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6661 1490779920.94 1490779921.33 399 192.168.1.116 - 59810 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E03IWdMElg0m4KHMwVD9i3Tx6EwJe/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6662 1490780112.69 1490780113.12 431 192.168.1.116 - 59811 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GUs4BKjm1MXAF3vGoO7/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6663 1490780305.46 1490780305.89 432 192.168.1.116 - 59812 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/it3pftSV8e5C8dPbchwL/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6664 1490780499.27 1490780499.68 405 192.168.1.116 - 59814 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sgT14uEouluLrrR26mBDUZ/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6665 1490780691.08 1490780691.49 418 192.168.1.116 - 59815 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JqvqbQ4WqMSuMjnJznM4a4kcHvF/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6666 1490780882.86 1490780883.27 406 192.168.1.116 - 59816 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/msTbyzfV9uGP5Ib435Ho/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6667 1490781074.69 1490781075.11 422 192.168.1.116 - 59817 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6667 1490781075.37 1490781075.79 424 192.168.1.116 - 59817 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G5S900cldGZHLRqhQ3/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6668 1490781267.18 1490781267.59 410 192.168.1.116 - 59818 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/II1Fr8pTjQD5ZQDrGZfbZQ7/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6669 1490781458.93 1490781459.3 373 192.168.1.116 - 59819 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uPEsj17RXRB2Om1K3kGe/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6670 1490781650.68 1490781651.09 413 192.168.1.116 - 59820 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GQsac1cUCOcNuV7m/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6671 1490781842.45 1490781842.83 383 192.168.1.116 - 59821 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XAQlkl8iy3ehaaUHSbdI/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6672 1490782034.21 1490782034.62 411 192.168.1.116 - 59822 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FMAWpI3imIQ7YOBdqRYPOqSe/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6673 1490782225.97 1490782226.41 435 192.168.1.116 - 59823 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VghugmwGXL8J85KhOFr/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6674 1490782417.78 1490782418.18 404 192.168.1.116 - 59824 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B7frCDMXknLG4WDBvjj3yyZjBlesDOS/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6675 1490782609.62 1490782610.03 409 192.168.1.116 - 59825 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p0AXvJ0XJy1U5Zq7Is/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6676 1490782801.39 1490782801.82 434 192.168.1.116 - 59826 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ej6r1Yrav1IpzknOCglkKL/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6677 1490782993.23 1490782993.64 412 192.168.1.116 - 59827 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UWbKZo8PZis1G6jcNcc6Yj7x2/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6678 1490783185.05 1490783185.48 437 192.168.1.116 - 59828 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dkekwu1CDd7m3ZYZc/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6679 1490783376.88 1490783377.31 430 192.168.1.116 - 59829 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ElSrIrPlUC1VnbTh3WYmJ0dY/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6680 1490783568.72 1490783569.13 413 192.168.1.116 - 59830 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t04SeEhtAqtziMz6VLulGXLPIu9/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6681 1490783760.55 1490783761.69 1136 192.168.1.116 - 59831 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6681 1490783769.86 1490783770.7 832 192.168.1.116 - 59831 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6681 1490783777.83 1490783778.25 422 192.168.1.116 - 59831 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pe2kzllQ4XvocCEIIb9eEsAVJzcDATx3/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6682 1490783969.61 1490783969.97 368 192.168.1.116 - 59832 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Y61oNm6uvFOUXplt18W5nT/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6683 1490784161.39 1490784161.8 406 192.168.1.116 - 59833 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JNQNDv7g09Vov1zJUgm8sD2/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6684 1490784353.16 1490784353.57 408 192.168.1.116 - 59834 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/85VLnfXoUq5KmLNMQ/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6685 1490784544.91 1490784545.34 432 192.168.1.116 - 59835 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7BLls9dojbmqpxScQnxjnXvGMxiFo/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6686 1490784736.71 1490784737.13 421 192.168.1.116 - 59836 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KArOJWIhjwsYTNsUj57lv51/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6687 1490784928.55 1490784928.96 408 192.168.1.116 - 59837 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/i0Zy64q63WGXF6P42IZaq8HCK3NTDG/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6688 1490785120.3 1490785120.67 370 192.168.1.116 - 59838 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tqAaoCaA1PQSvnDEOpIk0VPu1/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6689 1490785312.06 1490785312.47 409 192.168.1.116 - 59839 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ocP6BSnIUNDVTsDhDZeKx4/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6690 1490785503.86 1490785504.27 414 192.168.1.116 - 59840 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lyPRpIzwXFmlV7LMzIzcB/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6691 1490785695.67 1490785696.11 437 192.168.1.116 - 59841 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6691 1490785702.06 1490785702.49 424 192.168.1.116 - 59841 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F0Xn63o8elPqxFq9iq/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6692 1490785893.9 1490785894.32 419 192.168.1.116 - 59842 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gE33DT5xroAy9fnh22nmwlD/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6693 1490786085.66 1490786086.03 370 192.168.1.116 - 59843 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Vj2L9O0Jo4zkyxg3QxE8nq0r1uTp/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6694 1490786277.36 1490786277.73 370 192.168.1.116 - 59844 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uXYCZkBVUKqPeDzj1tirCLm/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6695 1490786469.13 1490786469.49 369 192.168.1.116 - 59845 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5dxxdRzUkxYwTTr3ZiwSj8CokbV9/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6696 1490786660.9 1490786661.31 409 192.168.1.116 - 59846 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6696 1490786661.57 1490786662.0 428 192.168.1.116 - 59846 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bHcTUm3pXlKZqvTe5b2w5/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6697 1490786853.37 1490786853.74 367 192.168.1.116 - 59847 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J3bJtIDRT5ctzZgAke3Ix/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6698 1490787045.11 1490787045.54 433 192.168.1.116 - 59848 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fBeTzci4mCTxMCgWva/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6699 1490787236.92 1490787237.35 434 192.168.1.116 - 59849 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Izb7hDAlxOi1bQNkoIlYLW6/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6700 1490787428.72 1490787429.15 437 192.168.1.116 - 59850 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OGmZWi24Zh4AYAdEO9lrigz/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6701 1490787621.56 1490787621.99 434 192.168.1.116 - 59851 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wRbAcQ3EMYuaNt1bD09/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6702 1490787813.33 1490787813.76 431 192.168.1.116 - 59852 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8fJyiiR7UTzQfVnX3elOrHA6UmkW6/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6703 1490788005.77 1490788006.81 1038 192.168.1.116 - 59853 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ualLTPkESQkNm8PRl0eHyD0AKvACIWAl/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6704 1490788198.16 1490788198.59 434 192.168.1.116 - 59854 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g6pkbuddkCzDd9t9tiWLJ1/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6705 1490788397.04 1490788397.48 438 192.168.1.116 - 59855 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6706 1490788414.64 1490788415.05 412 192.168.1.116 - 59856 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6707 1490788431.22 1490788431.63 411 192.168.1.116 - 59857 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6708 1490788447.88 1490788448.3 417 192.168.1.116 - 59858 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wbApg94L8pOP0VOSVkxFB/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6709 1490788639.7 1490788640.1 405 192.168.1.116 - 59859 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WfLXAR3MoLULTYXxcsk0lYWHpGS/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6710 1490788831.45 1490788831.88 433 192.168.1.116 - 59860 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0d5II3Rh3ryvx8qTXbotyuGSmntbL4/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6711 1490789023.24 1490789023.67 436 192.168.1.116 - 59861 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/If1SeISM1MmZoyzDq/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6712 1490789215.09 1490789216.24 1145 192.168.1.116 - 59862 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6712 1490789224.43 1490789225.25 819 192.168.1.116 - 59862 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6712 1490789232.38 1490789232.82 444 192.168.1.116 - 59862 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8oqzTSTEqoTSvwtSW/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6713 1490789424.31 1490789424.75 434 192.168.1.116 - 59863 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FfCz7Y6D7h8YzZRl/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6714 1490789616.09 1490789616.53 436 192.168.1.116 - 59864 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4VlyBjX0Z5sEegm8/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6715 1490789807.86 1490789808.23 367 192.168.1.116 - 59865 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JI39goFzNZBqRTt3/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6716 1490789999.59 1490790000.0 414 192.168.1.116 - 59866 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CNGHmxmOBhaYL90Jsubuo7EjFC8trA9s/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6717 1490790191.44 1490790191.86 416 192.168.1.116 - 59867 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I6qfsZWNPdbcXPqlmfbsrf4joi2G0/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6718 1490790383.22 1490790383.62 406 192.168.1.116 - 59868 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ckL9DsyywgpVOfivTe/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6719 1490790574.96 1490790575.39 432 192.168.1.116 - 59869 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SbcEfUoDDASdn7GS9lX39sUKjvYG2MS/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6720 1490790766.75 1490790767.16 405 192.168.1.116 - 59870 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PF9c9JUR55ExFUDzBq96lMTdf/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6721 1490790962.94 1490790966.38 3442 192.168.1.116 - 59871 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ipIXlejvSYaEYTc5FTAeafgIkEed/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6722 1490791158.02 1490791158.43 406 192.168.1.116 - 59872 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QVT6Hoove3UXH5bN7sUBKli1btYGBekM/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6723 1490791349.84 1490791350.26 417 192.168.1.116 - 59873 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k85bH8SeGrpXm7b8nd9qld/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6724 1490791541.67 1490791542.09 414 192.168.1.116 - 59874 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LOU8NCzYxkpVtSO3abSCMthZd/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6725 1490791733.47 1490791733.88 409 192.168.1.116 - 59875 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OCwS5nIXXDonuuRBBfPjbep7g/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6726 1490791925.39 1490791925.8 407 192.168.1.116 - 59876 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pGVpcU6MgEzxEcenCbM5s2J/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6727 1490792117.14 1490792117.56 418 192.168.1.116 - 59877 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6727 1490792117.83 1490792118.19 367 192.168.1.116 - 59877 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4KIX3ZeK4oqZp6DzI/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6728 1490792309.59 1490792310.01 413 192.168.1.116 - 59878 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3NIl4o5fVSRxA1fVgCikRDkjYVA5/ 230 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6729 1490792501.38 1490792501.78 406 192.168.1.116 - 59879 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TOImY1OXJgpCZOR4wgJ/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6730 1490792693.23 1490792693.64 407 192.168.1.116 - 59880 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k72w5k8Yey0h4CmQBB96mb/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6731 1490792885.02 1490792885.44 424 192.168.1.116 - 59881 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FiG8BoelWbfkOzBp0Vl/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6732 1490793077.87 1490793078.25 376 192.168.1.116 - 59882 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/riSQoWWEfDuddSgC/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6733 1490793271.46 1490793271.87 409 192.168.1.116 - 59883 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6734 1490793274.05 1490793274.45 408 192.168.1.116 - 59884 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8l5aIPdAhQoUgtDW3I4Zd5v2/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6735 1490793465.83 1490793466.2 368 192.168.1.116 - 59885 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SKeeo2K1ljZuLbqrmunWGEGYFIJrO/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6736 1490793657.57 1490793658.64 1069 192.168.1.116 - 59886 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/viI9LyABljIWLSqeOv/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6737 1490793850.02 1490793850.42 405 192.168.1.116 - 59887 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iKYM6GQy3VADthP8xIz/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6738 1490794041.8 1490794042.17 370 192.168.1.116 - 59888 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pp8Tl2maNCqcR309cGpb37Gy1DW/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6739 1490794234.17 1490794234.59 417 192.168.1.116 - 59889 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6aduVaiS7wY4Ncglb9UsYa/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6740 1490794426.36 1490794426.77 405 192.168.1.116 - 59890 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qnHLHWKEQgwgpE15zt3u/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6741 1490794618.18 1490794618.59 413 192.168.1.116 - 59891 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lwervV1DhyczVOv91mJmasMr551vm7J0/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6742 1490794809.93 1490794811.13 1192 192.168.1.116 - 59892 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6742 1490794819.12 1490794819.92 795 192.168.1.116 - 59892 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6742 1490794827.29 1490794827.73 438 192.168.1.116 - 59892 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rFH39SUlNs3ziLgB/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6743 1490795019.09 1490795019.5 406 192.168.1.116 - 59893 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9HSDKMNGFbBN0QewUfuNoGcOXt/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6744 1490795210.84 1490795211.27 432 192.168.1.116 - 59894 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wy2KdVCEkwlfOIr0GxeBwpRNb7/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6745 1490795402.65 1490795403.08 433 192.168.1.116 - 59895 200.116.206.58 443 https://200.116.206.58/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TPYjSAdOlemKA0v1s9GdH6WtzFEDeMN/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6746 1490795595.53 1490795596.01 481 192.168.1.116 - 59896 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6747 1490795597.14 1490795597.41 273 192.168.1.116 - 59897 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 6746 1490795597.62 1490795598.13 506 192.168.1.116 - 59896 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/SAD6t7aLXMX19F9jmgtWeFHT/ 325 514 0 371 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6746 1490795598.71 1490795599.2 485 192.168.1.116 - 59896 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/MKLAZLXZYHEMEL/1/ 220 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6748 1490795603.58 1490795604.09 505 192.168.1.116 - 59898 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6749 1490795606.5 1490795607.02 516 192.168.1.116 - 59899 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6750 1490795609.45 1490795609.95 505 192.168.1.116 - 59900 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6751 1490795611.36 1490795611.83 469 192.168.1.116 - 59901 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XFUCcHJY2URwS1BVQxh0/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6752 1490795806.39 1490795809.03 2645 192.168.1.116 - 59902 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EnGpLpdTj77pf1RiITLn3/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6753 1490796000.64 1490796001.12 481 192.168.1.116 - 59903 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/42pAsy6cXLvbLWH3gDFcA32P080hTY/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6754 1490796195.12 1490796195.6 473 192.168.1.116 - 59904 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eoTBM8KC99k4dt3i1/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6755 1490796387.21 1490796387.68 471 192.168.1.116 - 59905 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j2NYZST1rkc6pvLiRasfKkUM/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6756 1490796580.22 1490796580.75 532 192.168.1.116 - 59906 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6756 1490796586.71 1490796587.2 486 192.168.1.116 - 59906 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bmvF6UYBXyT3Y9Tf5jD5Z/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6757 1490796778.85 1490796779.33 471 192.168.1.116 - 59907 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bLJDecx3CQuaFUkTgnQItTX/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6758 1490796971.86 1490796972.34 479 192.168.1.116 - 59908 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TpCGIwokz04RuuzW9LC5cQnZ06/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6759 1490797164.97 1490797165.45 478 192.168.1.116 - 59909 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tHXTOorAzLVMnqLQ4lMaI5/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6760 1490797357.11 1490797358.82 1714 192.168.1.116 - 59910 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9571GI53KUeHTfvjpa3RyWXwAt4nlxv3/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6761 1490797553.46 1490797553.97 506 192.168.1.116 - 59911 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6761 1490797554.22 1490797555.65 1432 192.168.1.116 - 59911 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6tUpx7NWXfIprGg3VCMtreh/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6762 1490797750.78 1490797751.26 479 192.168.1.116 - 59912 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BCPfByqz3M2xMWt68ZJX/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6763 1490797943.75 1490797944.22 469 192.168.1.116 - 59913 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DtT1lEDeegBpmS6uxLbAypy7QN/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6764 1490798140.9 1490798142.64 1738 192.168.1.116 - 59914 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sds2QMls9DMzL2otCKOrdVntB8ejk/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6765 1490798335.15 1490798335.62 470 192.168.1.116 - 59915 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UgSX4iOHpkZaID4SdqCMM/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6766 1490798527.25 1490798527.73 474 192.168.1.116 - 59916 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G7QKlyJq1WiXQZaAu/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6767 1490798720.36 1490798720.85 486 192.168.1.116 - 59917 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zbRXeAiW4U90YZNbGR3DkjNNNfPk8mv/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6768 1490798914.41 1490798914.88 471 192.168.1.116 - 59918 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vQsOcroBKkqYGKlkBic/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6769 1490799106.47 1490799108.18 1715 192.168.1.116 - 59919 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u1z1anq84GY9Ckv5z6/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6770 1490799299.96 1490799300.43 467 192.168.1.116 - 59920 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Jxb0uqyvgMgU6vfBWLcFS/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6771 1490799493.04 1490799493.54 499 192.168.1.116 - 59921 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z9eebaC6u48NYJfjKZSrtfONLYJQtz/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6772 1490799686.5 1490799686.98 484 192.168.1.116 - 59922 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hCHszXsTwdNHGZQzTwaS0v/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6773 1490799878.57 1490799880.24 1668 192.168.1.116 - 59923 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S1TrCyrwBwJejideISLso99QG/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6774 1490800074.86 1490800075.33 476 192.168.1.116 - 59924 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CZYUKgEfK2RPnTk7YnRhTKelQ8fvrrQL/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6775 1490800267.95 1490800270.99 3039 192.168.1.116 - 59925 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 41773 0 41632 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6775 1490800279.01 1490800280.01 996 192.168.1.116 - 59925 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6775 1490800287.63 1490800288.11 474 192.168.1.116 - 59925 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3EYKkoElW7gYSfEp/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6776 1490800480.56 1490800482.24 1683 192.168.1.116 - 59926 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/phFALcKHLHO7EQzdC4CEvd5ZqW0QxTq/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6777 1490800673.85 1490800674.33 479 192.168.1.116 - 59927 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Asu9WH9FSbjGouR6d2/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6778 1490800869.51 1490800869.98 475 192.168.1.116 - 59928 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nQenIJQGxjNNg0jquWVy/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6779 1490801061.62 1490801062.09 471 192.168.1.116 - 59929 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XDqSwGm6JwsWfJTUiykpfc3GfWM/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6780 1490801255.93 1490801256.4 471 192.168.1.116 - 59930 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ulEWahVsALhkXoHfPwEvt/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6781 1490801451.05 1490801451.55 499 192.168.1.116 - 59931 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B7Ig7wX6ZgemlOjFou1Hu3on/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6782 1490801645.55 1490801646.08 533 192.168.1.116 - 59932 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lpCjnn6X04KiiEPn/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6783 1490801848.02 1490801850.63 2610 192.168.1.116 - 59933 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/c7Tfm667O241IcqzxZbnYh1wJ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6784 1490802045.27 1490802045.75 477 192.168.1.116 - 59934 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bavv9QUhlm98UI2wR7kZEDjOVYQy84G/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6785 1490802237.41 1490802237.88 471 192.168.1.116 - 59935 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zxyF0PxGZYQjsPca/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6786 1490802430.42 1490802430.93 508 192.168.1.116 - 59936 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h6W44yJe9FsACz09ELWzJzMonnONBiS/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6787 1490802628.29 1490802628.76 471 192.168.1.116 - 59937 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CORerumDb6u5P1Gpi/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6788 1490802835.4 1490802835.88 474 192.168.1.116 - 59938 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/W3Z2twH8gPzloILKJX4c8PO9jkQkaohH/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6789 1490803036.69 1490803037.2 511 192.168.1.116 - 59939 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6790 1490803053.66 1490803054.14 480 192.168.1.116 - 59940 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6791 1490803075.62 1490803076.17 547 192.168.1.116 - 59941 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6792 1490803094.5 1490803095.01 513 192.168.1.116 - 59942 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6792 1490803095.28 1490803095.76 478 192.168.1.116 - 59942 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xnNwbqGaC8C3l4YwUzXuVKSxbQkmP334/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6793 1490803290.54 1490803291.01 476 192.168.1.116 - 59943 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Yc8unnROld2JxNEBxhUzs3PLziWX/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6794 1490803482.82 1490803483.3 484 192.168.1.116 - 59944 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X6BMN39wXZgtiBp7jDwbgBuUv8Cmq/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6795 1490803678.13 1490803678.6 475 192.168.1.116 - 59945 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v6gBhDN8ip4mHP9gtXR35hC3AclF3DQr/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6796 1490803870.22 1490803871.54 1323 192.168.1.116 - 59946 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wAVPmG6SQAQmIvXYYT/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6797 1490804064.38 1490804065.75 1370 192.168.1.116 - 59947 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5HIV7iwM4TDTFoGIGQ13J5DQu/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6798 1490804257.43 1490804258.81 1381 192.168.1.116 - 59948 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/05v0SXm4wHhgrFDpMSsGQLQC6thEF/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6799 1490804451.42 1490804451.89 468 192.168.1.116 - 59949 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Isgz7ieKEVzRpo9gdLLO8rh3Mum/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6800 1490804645.71 1490804646.19 478 192.168.1.116 - 59950 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XfxFE9fnlMwhHggsSQYYp/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6801 1490804838.93 1490804841.56 2636 192.168.1.116 - 59951 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ahQ0rQk0FvI88oowZlVjsdWyAK4/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6802 1490805033.24 1490805033.75 510 192.168.1.116 - 59952 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TMU3rd7BDT8B53vtkJQJs6Useln/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6803 1490805228.36 1490805228.83 473 192.168.1.116 - 59953 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wo44tc9oOkeDnJBqHy/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6804 1490805420.46 1490805421.84 1380 192.168.1.116 - 59954 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5O49WSmsT2kF8SkWw/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6805 1490805613.42 1490805613.9 480 192.168.1.116 - 59955 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SYQiPwTkBUY9gINK1w0/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6806 1490805805.52 1490805807.36 1837 192.168.1.116 - 59956 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 41773 0 41632 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6806 1490805815.54 1490805817.43 1884 192.168.1.116 - 59956 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6806 1490805824.55 1490805825.03 473 192.168.1.116 - 59956 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mlt42i99wA6UOKhw8wS8/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6807 1490806016.61 1490806017.1 482 192.168.1.116 - 59957 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b75v1zVJJYpvqip9IU1gamQwUmFC8/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6808 1490806210.61 1490806211.09 481 192.168.1.116 - 59958 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hRWIxtYHcfIvdLoxLHp/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6809 1490806402.73 1490806403.2 470 192.168.1.116 - 59959 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vl7tn2PtgOQuspcy3kRsqg1t/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6810 1490806594.83 1490806595.3 472 192.168.1.116 - 59960 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u6DXSKfzzqkCWl6eec/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6811 1490806786.88 1490806788.59 1710 192.168.1.116 - 59961 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9zLyBaIWccLYT7NpO6hXFs/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6812 1490806980.23 1490806980.71 473 192.168.1.116 - 59962 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UR3azU55XfXzYdlpg57w2k8mwkV6cB2/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6813 1490807173.75 1490807174.22 467 192.168.1.116 - 59963 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yZkgfyNJHJydV8CM6bkIucG2QYPZz/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6814 1490807366.73 1490807369.34 2611 192.168.1.116 - 59964 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jQLEbikOPIkfBFAtyCpH/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6815 1490807561.98 1490807563.7 1721 192.168.1.116 - 59965 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6815 1490807569.66 1490807573.56 3895 192.168.1.116 - 59965 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tSgfhUU5qzLrfKPTSb/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6816 1490807765.23 1490807765.71 485 192.168.1.116 - 59966 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YKvtyQx1R4BAzkmK8Dn2/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6817 1490807958.27 1490807958.74 471 192.168.1.116 - 59967 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/u2eJbGVvQ1GCsSo49jpnZOHgyWfRb/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6818 1490808150.38 1490808151.7 1322 192.168.1.116 - 59968 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tZhZtBWElwRh2UxNR74Ueh83uHmka/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6819 1490808345.18 1490808345.65 471 192.168.1.116 - 59969 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QDXw65k8x6DA9gyXKB/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6820 1490808537.22 1490808538.56 1341 192.168.1.116 - 59970 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6820 1490808538.82 1490808539.3 474 192.168.1.116 - 59970 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zhZpwDaQXlWxpKeANKFs/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6821 1490808730.93 1490808732.32 1387 192.168.1.116 - 59971 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7MYNwEqm2zcAXx9R3RWrRfH/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6822 1490808924.81 1490808925.28 477 192.168.1.116 - 59972 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XNL5ej89mqpM3IWiz6J5LRs6twck/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6823 1490809116.92 1490809117.39 474 192.168.1.116 - 59973 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Os6zU4NZoMy9BWxi8T/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6824 1490809309.03 1490809309.5 480 192.168.1.116 - 59974 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WpXyjyHHnZyzv9VAg3MobbKuqf2/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6825 1490809501.11 1490809501.6 482 192.168.1.116 - 59975 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n7AIVEhi6M5ExJ9c/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6826 1490809693.21 1490809693.69 479 192.168.1.116 - 59976 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lMJng0bdanh94YpbSYNQxSPKDdHDJ/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6827 1490809885.32 1490809885.8 483 192.168.1.116 - 59977 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ogqeVeW5ivza7SKz3Lje6Q/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6828 1490810077.42 1490810079.09 1668 192.168.1.116 - 59978 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HLbxhb3GRV9L77Csvog/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6829 1490810270.72 1490810271.19 470 192.168.1.116 - 59979 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yrprZD5Iv3lLLWZr6O5NwolaY0/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6830 1490810462.83 1490810463.3 469 192.168.1.116 - 59980 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aZExwo4xFlZJJwIND99i3/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6831 1490810654.93 1490810655.4 473 192.168.1.116 - 59981 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F63Z2A9jSt4wWhevLA8lWNOhrmHQ9yP/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6832 1490810847.04 1490810847.51 471 192.168.1.116 - 59982 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lyfhDwVPE8KbTFggCvC9h3KFki5C6/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6833 1490811040.1 1490811040.58 481 192.168.1.116 - 59983 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iGxkEyY1QRXIwT0r0yfrl/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6834 1490811234.06 1490811235.88 1818 192.168.1.116 - 59984 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 41773 0 41632 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6834 1490811244.26 1490811245.21 953 192.168.1.116 - 59984 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6834 1490811252.56 1490811253.06 504 192.168.1.116 - 59984 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eml6uiHcfAFsLFpcvui5Wq/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6835 1490811444.69 1490811446.06 1371 192.168.1.116 - 59985 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5DzBYnpvXAmsxLgQg1tctKnCa2w8/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6836 1490811637.74 1490811639.11 1368 192.168.1.116 - 59986 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lM2zO1PhijHDaUMDi2bA3I8REfQ/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6837 1490811830.71 1490811831.18 473 192.168.1.116 - 59987 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Dm17cqeZBUlZEvyJLKfZ1X/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6838 1490812022.8 1490812023.28 478 192.168.1.116 - 59988 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FNK6LhRPJp2ZZbvfzoty/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6839 1490812214.87 1490812215.35 482 192.168.1.116 - 59989 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ocRdgdErH8y0pwDW0XehXNSJHx7/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6840 1490812407.04 1490812407.51 474 192.168.1.116 - 59990 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rgFhWpMLhsQ7daHNec9/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6841 1490812599.24 1490812599.71 468 192.168.1.116 - 59991 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z0tlnxHhL3GJgqjeUmYZES6TnOglsN3/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6842 1490812792.3 1490812792.78 481 192.168.1.116 - 59992 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4mdKPWZf1b0wzuWh/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6843 1490812984.8 1490812985.28 482 192.168.1.116 - 59993 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VaEZqVC3LWOqhUYC1zWX/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6844 1490813177.95 1490813178.43 481 192.168.1.116 - 59994 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rMdJ1MorCKzJCCE0NiFVGRK9UKT9qQ/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6845 1490813370.06 1490813370.54 482 192.168.1.116 - 59995 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G6waY86WmG7gktj5tQaId/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6846 1490813562.19 1490813563.9 1711 192.168.1.116 - 59996 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oml3mXpEw3RCMsZu/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6847 1490813756.42 1490813756.9 477 192.168.1.116 - 59997 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IhfIOdmxsVl1mpxCba8Eb1vR/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6848 1490813948.54 1490813949.06 518 192.168.1.116 - 59998 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6848 1490813949.31 1490813949.79 483 192.168.1.116 - 59998 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eQNgP6JyogQxLqygVCaM/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6849 1490814141.42 1490814142.86 1435 192.168.1.116 - 59999 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IXMDp12coAjj8S3TejthTYaesVHS/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6850 1490814335.4 1490814335.93 534 192.168.1.116 - 60000 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KOaZqdj69GG2UkWtGvC5nvSz/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6851 1490814527.54 1490814528.03 484 192.168.1.116 - 60001 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kMIBPHNLB7V7yNAOftAWvrtvC7ywu/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6852 1490814719.62 1490814720.08 468 192.168.1.116 - 60002 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VMkaIcv2iY7bzDrGkEMITZ3XFem0/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6853 1490814911.68 1490814912.17 487 192.168.1.116 - 60003 36.66.209.21 443 https://36.66.209.21/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0T8A4WGFH1qDyhfeub4/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6854 1490815104.18 1490815104.78 607 192.168.1.116 - 60004 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6854 1490815105.01 1490815105.63 621 192.168.1.116 - 60004 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/TWR0MjkKuNtaDT8FYSdsT2fmwQubaU/ 332 520 0 377 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6854 1490815106.17 1490815106.81 634 192.168.1.116 - 60004 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/PSRLKYGTVPIZIDCVJ/1/ 224 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6855 1490815109.55 1490815110.27 713 192.168.1.116 - 60005 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6856 1490815112.07 1490815112.68 610 192.168.1.116 - 60006 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6857 1490815115.4 1490815116.04 637 192.168.1.116 - 60007 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6858 1490815117.8 1490815118.36 566 192.168.1.116 - 60008 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7yWjsn6rcDaQx0s3LWocpnluXm/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6859 1490815310.36 1490815310.97 609 192.168.1.116 - 60009 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F8zhsJkmNpe42ipDeVroIyucxN/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6860 1490815502.96 1490815503.58 619 192.168.1.116 - 60010 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BuHNqwc6KhMX0p4kJfdhA2fFiTwJ/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6861 1490815695.54 1490815696.13 596 192.168.1.116 - 60011 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BiVI8Rb2H3klURO5rrq3gJmGlxfj/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6862 1490815888.18 1490815888.79 606 192.168.1.116 - 60012 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Uep2ouo3CXeet9NiH7jcnGV8gG0w/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6863 1490816080.77 1490816081.38 611 192.168.1.116 - 60013 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6zIxeW6udPHnWoKvbWTHql/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6864 1490816273.35 1490816273.99 637 192.168.1.116 - 60014 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oKmBocc1mb38BHzvdUE5b9K0/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6865 1490816466.15 1490816466.82 675 192.168.1.116 - 60015 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rSTpOjbguyAL4XsWgw/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6866 1490816658.79 1490816661.05 2263 192.168.1.116 - 60016 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6866 1490816669.11 1490816670.34 1231 192.168.1.116 - 60016 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6866 1490816678.12 1490816678.71 595 192.168.1.116 - 60016 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VmugmkP8xNXW5voWHYKW7aJ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6867 1490816870.69 1490816871.33 633 192.168.1.116 - 60017 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PuAlvMPF1XUEeSishVGoSla/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6868 1490817063.25 1490817063.83 578 192.168.1.116 - 60018 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xb6FIEWXSKhoSb0a6/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6869 1490817255.81 1490817256.41 607 192.168.1.116 - 60019 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fnvL2nzVCm0azZV5Iqxj/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6870 1490817448.41 1490817449.02 605 192.168.1.116 - 60020 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k2LDR9LHD6Btio1F/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6871 1490817646.99 1490817647.6 612 192.168.1.116 - 60021 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6872 1490817664.56 1490817665.2 636 192.168.1.116 - 60022 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6873 1490817681.98 1490817682.58 606 192.168.1.116 - 60023 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6874 1490817699.35 1490817699.98 633 192.168.1.116 - 60024 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/x0SihYZUsUga5RgEnXK/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6875 1490817891.94 1490817892.51 575 192.168.1.116 - 60025 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NDVkqXoUTOlMuzE7P9xjYDjFOBYaAfiU/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6876 1490818084.46 1490818085.03 568 192.168.1.116 - 60026 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6S2DjN02sJqM4RSO/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6877 1490818278.17 1490818278.77 607 192.168.1.116 - 60027 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b4tBvhJM2N2nwp4KpEM8/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6878 1490818470.87 1490818471.47 605 192.168.1.116 - 60028 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6878 1490818477.45 1490818478.08 639 192.168.1.116 - 60028 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SMQGis4Z2Wi9GBSC/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6879 1490818670.03 1490818670.6 570 192.168.1.116 - 60029 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/V89MC0VT29fDhp2HxegE/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6880 1490818862.61 1490818863.17 568 192.168.1.116 - 60030 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9HJKaAgYknS0WkXUiY3omrm6/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6881 1490819055.13 1490819055.85 725 192.168.1.116 - 60031 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/lqjh2Mtr9IiK7f6sdJTKiVb2a1VMWpC/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6882 1490819247.8 1490819248.37 571 192.168.1.116 - 60032 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8mt3QnQIcx3zSzYm/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6883 1490819440.41 1490819441.03 612 192.168.1.116 - 60033 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6883 1490819441.3 1490819441.94 646 192.168.1.116 - 60033 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hmvkJgcjkGWXiQazTUFPHkYyvq/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6884 1490819633.86 1490819634.44 576 192.168.1.116 - 60034 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8wn71dhWlWGD4KWyudMvU6KWI/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6885 1490819826.39 1490819826.96 569 192.168.1.116 - 60035 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CUR5SujuSENH9rGHPXRzzckuAa/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6886 1490820018.9 1490820019.52 620 192.168.1.116 - 60036 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eU9i8IxvwGDThomo/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6887 1490820211.58 1490820212.2 619 192.168.1.116 - 60037 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CrdQICjiitNc42MkBAz2xpMLg9NyX/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6888 1490820404.14 1490820404.71 569 192.168.1.116 - 60038 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xfaFBEYPOKxdSSlnyoFaI4YgCVLU/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6889 1490820596.68 1490820598.86 2183 192.168.1.116 - 60039 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NoT0jpl06l1QMDZzXN7U2IIBn/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6890 1490820790.84 1490820791.41 572 192.168.1.116 - 60040 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B2q3sD3GWjB6wULyaSddlGaV/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6891 1490820983.36 1490820983.99 630 192.168.1.116 - 60041 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yL82wtfg0XtrnDvsTcokPO9D7EbFwl/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6892 1490821175.91 1490821176.49 576 192.168.1.116 - 60042 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w3yhykRC7Ja0tHYqdAO2XKb/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6893 1490821368.44 1490821369.15 705 192.168.1.116 - 60043 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iF0iNznQ6wMD8a7bcnDOmoJUyI6YX/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6894 1490821561.09 1490821561.65 566 192.168.1.116 - 60044 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tjVcZFRCO94Ro6yI/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6895 1490821753.56 1490821754.33 773 192.168.1.116 - 60045 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XRmu8mrglly7st7grefIecjK/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6896 1490821946.32 1490821946.95 623 192.168.1.116 - 60046 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mQmuJW33wjPcTBw4ULaD7nPUOOKgv0/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6897 1490822140.49 1490822141.11 613 192.168.1.116 - 60047 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6898 1490822143.83 1490822146.09 2261 192.168.1.116 - 60048 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6898 1490822154.02 1490822155.17 1144 192.168.1.116 - 60048 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6898 1490822162.74 1490822163.39 641 192.168.1.116 - 60048 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hjhwbr4bQdDiECjM2J/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6899 1490822355.48 1490822356.11 634 192.168.1.116 - 60049 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MViKuESjBKbfNlzK/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6900 1490822548.03 1490822548.6 569 192.168.1.116 - 60050 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bJmG9K9cmXXnhMg3aM/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6901 1490822740.67 1490822741.28 609 192.168.1.116 - 60051 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Mpx1ZENh4hyvHlJqsGJKKqSegylud/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6902 1490822933.28 1490822933.85 569 192.168.1.116 - 60052 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oF6nXIJ7ApDKGq6HobxH8IofsSwe/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6903 1490823125.79 1490823127.36 1573 192.168.1.116 - 60053 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jTbbVayxyP6CLO1QYQgPoMlGkclu/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6904 1490823319.35 1490823319.96 607 192.168.1.116 - 60054 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LeIfaYwQ38O0vazXVeRd3EwdGHeVLtqC/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6905 1490823511.96 1490823512.57 611 192.168.1.116 - 60055 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LxRXZmrcb050CA0pantrSw5hOdZ/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6906 1490823704.56 1490823705.31 753 192.168.1.116 - 60056 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aitk6xqUIh2jEwVPteGQFtAFf86/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6907 1490823897.24 1490823897.81 567 192.168.1.116 - 60057 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j53x9FHLsCNBC5YcNDhSpSjgZa2Gvw0/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6908 1490824089.75 1490824090.38 633 192.168.1.116 - 60058 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rnhSfsFtY15QTyystrF1/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6909 1490824282.33 1490824282.9 569 192.168.1.116 - 60059 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/shLxCeWXWzkRUvfRhz/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6910 1490824474.84 1490824475.48 633 192.168.1.116 - 60060 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8DG42YevAqN40OMwu0pB5/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6911 1490824667.42 1490824668.0 575 192.168.1.116 - 60061 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/fUcMFYaZBg10n8ApQ/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6912 1490824859.99 1490824860.6 612 192.168.1.116 - 60062 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6912 1490824860.86 1490824861.48 620 192.168.1.116 - 60062 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VJhhdBcpvxg8Vtu1gTPFVNnKoS1/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6913 1490825053.49 1490825054.09 605 192.168.1.116 - 60063 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CZKEFpgCj6gIeorBNR/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6914 1490825246.06 1490825246.63 569 192.168.1.116 - 60064 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/FQFVe1Z00PhcKKr8ik2qTON0Z/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6915 1490825439.98 1490825442.16 2176 192.168.1.116 - 60065 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TjBTpKQBM62JVbf1RAaSJSd86D5gSrx/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6916 1490825634.15 1490825634.72 568 192.168.1.116 - 60066 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nu6aWcY0VpTRh9H0F8t2CfPG/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6917 1490825826.66 1490825827.23 574 192.168.1.116 - 60067 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B4cPc0xWERr0ryYemyPJJTvXpyUqnEB/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6918 1490826019.18 1490826019.81 633 192.168.1.116 - 60068 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uwBzi3QIvAwYZkFHlc8dnDW9r4CoqWd/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6919 1490826211.85 1490826212.48 632 192.168.1.116 - 60069 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/PoG28frd0oQTqDAeT/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6920 1490826404.47 1490826405.11 637 192.168.1.116 - 60070 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0dvkHngywHTYZm4GjZVhoTMOr/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6921 1490826597.07 1490826597.67 605 192.168.1.116 - 60071 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rVdVvbNs32r76S2VOmgrVrQGUmacBRG/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6922 1490826789.67 1490826790.24 568 192.168.1.116 - 60072 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LxAuTf448q8bgJCUOSmhHFduIIcGzW4/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6923 1490826982.24 1490826982.81 571 192.168.1.116 - 60073 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AEStFGoajhh9uLaHLeTEfYYPIOdVeCB/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6924 1490827174.99 1490827175.63 637 192.168.1.116 - 60074 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CExnm1JRSqJYWvM5BZVmNQPNsSRK/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6925 1490827367.82 1490827368.4 574 192.168.1.116 - 60075 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6xew6FOM8GlzMyUbN5/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6926 1490827560.33 1490827562.59 2265 192.168.1.116 - 60076 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6926 1490827570.97 1490827572.17 1201 192.168.1.116 - 60076 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6926 1490827579.33 1490827579.92 583 192.168.1.116 - 60076 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/p2gDMP6I6amJFJR9XF9yDDthB2/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6927 1490827771.94 1490827772.58 641 192.168.1.116 - 60077 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3VZ4Y8BFe24Er0V3okLCEQ/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6928 1490827964.61 1490827965.22 611 192.168.1.116 - 60078 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eT7yGMyq8pFlCYKfauOTMxwWH5I/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6929 1490828157.19 1490828157.8 610 192.168.1.116 - 60079 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J99mhnkhWcafvX4x5PrLH/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6930 1490828350.91 1490828351.48 569 192.168.1.116 - 60080 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J4dfdbrUOO6YxWgML/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6931 1490828543.43 1490828544.0 570 192.168.1.116 - 60081 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HHmP0qbMHhh02WxZ61s3pVoJmv0/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6932 1490828735.91 1490828736.48 570 192.168.1.116 - 60082 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dix23xqNV0HNhojviTh/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6933 1490828928.49 1490828929.1 609 192.168.1.116 - 60083 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jFuDt77uxX07FzMxj5XsCpF/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6934 1490829121.09 1490829121.71 619 192.168.1.116 - 60084 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bRzIHpE5ry2qPy5u7Y/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6935 1490829313.69 1490829314.33 634 192.168.1.116 - 60085 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6935 1490829320.29 1490829320.87 583 192.168.1.116 - 60085 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C74cpkJkgPsNFa2yHDUrQeb67KZYKqjb/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6936 1490829512.81 1490829513.38 571 192.168.1.116 - 60086 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0JFngcUOQDsD0l6tD/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6937 1490829705.31 1490829705.88 570 192.168.1.116 - 60087 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eDeC8GAQ6xAM6tfZqa7bUvB2DO/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6938 1490829897.95 1490829898.56 611 192.168.1.116 - 60088 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5ItljeBNuLZB0Vto9P95GyYV9l/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6939 1490830090.63 1490830091.25 614 192.168.1.116 - 60089 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d8cCGBL5SKOmVlqjkOhmHa9Syhf/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6940 1490830284.34 1490830284.94 607 192.168.1.116 - 60090 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6940 1490830285.2 1490830285.77 580 192.168.1.116 - 60090 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/e8Ujy7zwHQR9hk66r/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6941 1490830477.73 1490830478.35 612 192.168.1.116 - 60091 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JRPVUBJZ1IHFB6phUqJMIst8L8k0U/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6942 1490830670.28 1490830670.91 631 192.168.1.116 - 60092 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AdbI8eq4UtnkkPQk/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6943 1490830862.86 1490830863.43 569 192.168.1.116 - 60093 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kstu2qWyjy1UeONZwt5jEBi1gWD2/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6944 1490831055.38 1490831055.95 567 192.168.1.116 - 60094 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/U8Q1QEMd2SwWR67ir0PMHABzpNMmM/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6945 1490831247.95 1490831248.52 569 192.168.1.116 - 60095 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SJ3o4o1HTl23DKRG4xmt/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6946 1490831440.66 1490831441.28 617 192.168.1.116 - 60096 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sxWgPy4Qw8m6YFYdGj3pkYXmrQU/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6947 1490831633.28 1490831633.89 608 192.168.1.116 - 60097 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/oyGYupjjAgCiNHlL9/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6948 1490831825.9 1490831826.5 609 192.168.1.116 - 60098 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3m4E9L6YT7qtoBv4DfrLrZfRzCHvA/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6949 1490832018.56 1490832019.17 615 192.168.1.116 - 60099 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LKlBoIkb7UjhP0Mac/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6950 1490832217.17 1490832217.79 617 192.168.1.116 - 60100 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6951 1490832234.6 1490832235.22 616 192.168.1.116 - 60101 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6952 1490832252.04 1490832252.65 617 192.168.1.116 - 60102 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 6953 1490832269.45 1490832271.62 2177 192.168.1.116 - 60103 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XrpLrmiTlYszOBhFs8bZ1/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6954 1490832463.68 1490832464.29 617 192.168.1.116 - 60104 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ExjZbs2CynyxDRFg5ac5L3NObBy/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6955 1490832656.29 1490832656.89 604 192.168.1.116 - 60105 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q8iwHAxuKloDjpBiQAho/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6956 1490832849.03 1490832849.64 616 192.168.1.116 - 60106 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZDBfsd5OTRWgrVfRlSb2JjaK/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6957 1490833041.61 1490833044.46 2849 192.168.1.116 - 60107 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6957 1490833052.66 1490833055.0 2337 192.168.1.116 - 60107 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6957 1490833062.12 1490833062.72 606 192.168.1.116 - 60107 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1HbsfqBa4gAkRZXS8EjsLVug3x/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6958 1490833254.7 1490833255.31 610 192.168.1.116 - 60108 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/C2YGdme0YzzQJeIC4Hy/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6959 1490833447.32 1490833447.93 611 192.168.1.116 - 60109 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AOZ9dH1gnwqEwienA0NHx/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6960 1490833639.9 1490833640.53 636 192.168.1.116 - 60110 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Vz0a0d9vYqnBkpd4Q55rngTU7hi/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6961 1490833832.59 1490833833.21 620 192.168.1.116 - 60111 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HiwkXcmkCMTZQxMRSsc/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6962 1490834025.22 1490834025.83 611 192.168.1.116 - 60112 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qoE0tNQTG4BHtIhKlRqebvxhCJ3/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6963 1490834217.8 1490834218.41 610 192.168.1.116 - 60113 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9dGnzSUdvUv5UQYx2gprq0VKd8JgR/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6964 1490834410.46 1490834411.07 611 192.168.1.116 - 60114 203.76.105.82 443 https://203.76.105.82/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/inUa7q0ZnbyutXfIxqnlLzyPJvV0De/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6965 1490834736.86 1490834737.27 404 192.168.1.116 - 60118 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 203 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6966 1490834738.01 1490834738.29 281 192.168.1.116 - 60119 50.19.227.215 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 6965 1490834738.5 1490834738.93 439 192.168.1.116 - 60118 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/KQSIGBdL7w7IVSdKRVhO1BLyq6zYDzi/ 332 521 0 378 130 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6965 1490834739.44 1490834739.82 373 192.168.1.116 - 60118 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/SQIZTJQSCWMMARVDSDN/1/ 225 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 6967 1490834740.87 1490834741.29 417 192.168.1.116 - 60120 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6968 1490834742.26 1490834742.65 382 192.168.1.116 - 60121 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 214 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6969 1490834743.74 1490834744.18 435 192.168.1.116 - 60122 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 242 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6970 1490834746.26 1490834746.64 382 192.168.1.116 - 60123 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k1ZvuHFSK2vvap6Zu2Bp/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6971 1490834937.93 1490834938.3 371 192.168.1.116 - 60124 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ecLz5ZzNWyaSEYKBHp6efgRcGhLzY5/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6972 1490835129.65 1490835130.02 375 192.168.1.116 - 60125 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/F0IdZLdPlGYE0oUdpIdD/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6973 1490835321.36 1490835321.73 375 192.168.1.116 - 60126 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IkO9VZlt1t8pRJdqUmYb/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6974 1490835513.05 1490835513.43 383 192.168.1.116 - 60127 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5W5juDMX5fBYT2yCNNXHAsRAjk/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6975 1490835704.65 1490835704.99 334 192.168.1.116 - 60128 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6975 1490835705.24 1490835705.59 348 192.168.1.116 - 60128 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AOAkop9ydDTLNBkI0LDuQRu6PE/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6976 1490835896.83 1490835897.17 337 192.168.1.116 - 60129 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hV5HFwVGV2kdG83GLQ3R0WmV/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6977 1490836088.51 1490836088.88 371 192.168.1.116 - 60130 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rx3Wr5uaWnKhCLrj2KPGpZDhpMU7uvb/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6978 1490836280.16 1490836280.51 344 192.168.1.116 - 60131 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Cnou3XeTiyw3dcQZWSwoszALrL/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6979 1490836471.74 1490836472.08 338 192.168.1.116 - 60132 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4viwjrB710I4JMSHtXSJfDAlXaRLEk/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6980 1490836663.28 1490836663.64 351 192.168.1.116 - 60133 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ocUPkooT1IquWZfCa6/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6981 1490836854.9 1490836855.24 339 192.168.1.116 - 60134 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JeAE8PmWwKpiYaljEa7uf/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6982 1490837046.46 1490837046.8 342 192.168.1.116 - 60135 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/00NjiJmhoEZSkhCZBsv/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6983 1490837238.09 1490837238.46 369 192.168.1.116 - 60136 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dQTkiXjNbTvleXXDlQvYsiW/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6984 1490837429.75 1490837430.13 381 192.168.1.116 - 60137 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6fJV7dg09SSUXwOqjIz51FfNkbZ7z/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6985 1490837621.38 1490837621.72 338 192.168.1.116 - 60138 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pSwc3VGuQRusx5VD41QcJz8dtPerBRYC/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6986 1490837813.01 1490837813.39 379 192.168.1.116 - 60139 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mTZBUYXj9RCavgHVnicwOqNEJ2Dyhkd/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6987 1490838004.64 1490838004.98 339 192.168.1.116 - 60140 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ISNawAa5JntXONqpNYQaMhu9ST4/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6988 1490838196.3 1490838196.68 381 192.168.1.116 - 60141 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bZ8m4cwmP3KMT3rCXBF/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6989 1490838387.93 1490838388.3 372 192.168.1.116 - 60142 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JSAax2JQ22qmxCfsbkZQWTgIRn/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6990 1490838579.63 1490838584.13 4504 192.168.1.116 - 60143 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 41773 0 41632 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6990 1490838592.31 1490838593.39 1078 192.168.1.116 - 60143 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6990 1490838600.51 1490838600.88 376 192.168.1.116 - 60143 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zIiej1Wy4mdNKT50uPv9FiYKNMExd4Fz/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6991 1490838792.26 1490838792.64 376 192.168.1.116 - 60144 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qiaD5IbyxlPoBG9LIAYCT8m3nKQ67YJ/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6992 1490838983.98 1490838984.36 380 192.168.1.116 - 60145 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/X6YwZ252KC5EgC1yqXq27/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6993 1490839175.6 1490839175.94 338 192.168.1.116 - 60146 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mg6Q02yrmE9sjxqkW63SNve3puPKMWiz/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6994 1490839367.28 1490839367.66 380 192.168.1.116 - 60147 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pJ61aGy3Tya3YDl3PTByO7mjhNq9Tiv/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6995 1490839559.0 1490839559.38 375 192.168.1.116 - 60148 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TYY38UWMeYNlkGFIi4dqO1j/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6996 1490839750.66 1490839751.03 367 192.168.1.116 - 60149 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/so3b1x3A47XRl0zsmWSIC7CuARaiq/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6997 1490839942.35 1490839942.73 380 192.168.1.116 - 60150 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0ftxRHxhF4UwtHGceqI/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6998 1490840135.69 1490840136.2 510 192.168.1.116 - 60151 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 6998 1490840142.17 1490840142.69 522 192.168.1.116 - 60151 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ajh4RxA5km9F8BnA9Ab8LFIRAVf/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 6999 1490840334.01 1490840334.4 389 192.168.1.116 - 60152 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/a3cpGCV7EvP5ghYcrf/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7000 1490840525.72 1490840526.1 382 192.168.1.116 - 60153 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QNXgG68NiGpZOOSkJlFer9km6DIR/ 228 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7001 1490840717.42 1490840717.76 340 192.168.1.116 - 60154 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eur9RXcOCTLSxf5zCZY/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7002 1490840909.11 1490840909.47 367 192.168.1.116 - 60155 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z4eSRs6Hs3benBwlIuc2/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7003 1490841100.8 1490841101.17 373 192.168.1.116 - 60156 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SKxepQjJdU8z6NMoCHrV7jgZeNEdiE5V/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7004 1490841292.53 1490841292.91 376 192.168.1.116 - 60157 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7004 1490841293.16 1490841293.54 379 192.168.1.116 - 60157 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E3tjNv1HAwzxRYVwHKJKlzP/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7005 1490841484.85 1490841485.22 371 192.168.1.116 - 60158 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GnVO9C1pdGhKNz5nqd/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7006 1490841676.48 1490841676.83 342 192.168.1.116 - 60159 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Paiqk5I5TAQxfYb9/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7007 1490841868.13 1490841868.51 379 192.168.1.116 - 60160 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KentMwQLOhKzpHSabZ4oAL831PHUL/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7008 1490842059.8 1490842060.14 342 192.168.1.116 - 60161 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qBWTFyJugbJjpE8ZtNuTqwCf8iSa3kbO/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7009 1490842251.6 1490842251.97 374 192.168.1.116 - 60162 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/HjiOfQcf6b8WRAsoSg9Z/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7010 1490842443.27 1490842443.65 375 192.168.1.116 - 60163 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IXHrsSuMj1KADna4UhAf0vb/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7011 1490842635.05 1490842635.37 318 192.168.1.116 - 60164 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JbRkihyj1sQgqRhj6L5u/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7012 1490842826.69 1490842827.07 379 192.168.1.116 - 60165 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3znoRXLRO9NwN6TYfg7rIxecpinWU/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7013 1490843019.28 1490843019.62 337 192.168.1.116 - 60166 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/owA4w9hgzWoaVKSAY/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7014 1490843210.89 1490843211.27 379 192.168.1.116 - 60167 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vbXI0Jxgox2GoAUfkDgfXcg6/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7015 1490843402.64 1490843403.01 369 192.168.1.116 - 60168 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6ohj6GqnxMHMaaFSMO2kvn/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7016 1490843594.38 1490843594.75 369 192.168.1.116 - 60169 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/H292dSIiTlmHBS3NRpVfMsoAF5LZO/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7017 1490843786.02 1490843786.37 348 192.168.1.116 - 60170 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r1g2XLnLS46Qxj2Mi/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7018 1490843977.65 1490843978.03 378 192.168.1.116 - 60171 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xdPH9s6Y3DuQUzZNf1Yfz13cb/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7019 1490844169.32 1490844170.33 1008 192.168.1.116 - 60172 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 41773 0 41632 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7019 1490844178.52 1490844179.92 1401 192.168.1.116 - 60172 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7019 1490844187.24 1490844187.62 374 192.168.1.116 - 60172 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cJf0JCHWcU7kjXV7DMvJMk3/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7020 1490844378.96 1490844379.33 372 192.168.1.116 - 60173 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/z7KSHwDyMTYrOJUyvwQyoZSSYJyrKKwM/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7021 1490844570.68 1490844571.06 374 192.168.1.116 - 60174 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CwDSEpYAUBoUyPjH/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7022 1490844762.5 1490844762.91 412 192.168.1.116 - 60175 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EfExo8jvn08YyavPVcAKFOqbYb3uQP/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7023 1490844954.14 1490844954.46 322 192.168.1.116 - 60176 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6UZonSdJzTAcyjPS/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7024 1490845145.77 1490845146.14 374 192.168.1.116 - 60177 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LPtNJZknqprPGqEWLqFADc0g/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7025 1490845337.71 1490845338.25 538 192.168.1.116 - 60178 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/9T7CPpvufUxonLnOTVmByLb9YXBru0/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7026 1490845529.55 1490845529.92 371 192.168.1.116 - 60179 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hfl2qOsESN8A0vg7mTSr/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7027 1490845721.2 1490845721.57 374 192.168.1.116 - 60180 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NVKU5WzdNAANoIJ3l0/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7028 1490845912.8 1490845913.14 335 192.168.1.116 - 60181 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tvKhb0N5pcSRPIgW8opjCf/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7029 1490846104.34 1490846104.68 336 192.168.1.116 - 60182 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0i5FXi2gxJ4sAGc6D/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7030 1490846296.15 1490846296.49 338 192.168.1.116 - 60183 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YbPx5siXtU4CQg5noAI5/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7031 1490846487.8 1490846489.12 1321 192.168.1.116 - 60184 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UUayQG6b9pPrpazGCjNxHBEY/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7032 1490846686.46 1490846686.83 367 192.168.1.116 - 60185 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7033 1490846702.93 1490846703.3 375 192.168.1.116 - 60186 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7034 1490846719.45 1490846719.82 367 192.168.1.116 - 60187 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 208 131 0 9 130 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7035 1490846735.87 1490846736.23 367 192.168.1.116 - 60188 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7035 1490846736.49 1490846736.84 353 192.168.1.116 - 60188 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2bxUGILc68zrIPuIV6FoEUofUq/ 226 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7036 1490846928.12 1490846928.49 373 192.168.1.116 - 60189 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1X1RuBDnDc67XzAJjeiStEF0WTDCpVw/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7037 1490847119.75 1490847120.12 366 192.168.1.116 - 60190 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pdcEFylAMIOHSTcK4UlkMLEWW96/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7038 1490847311.46 1490847311.83 371 192.168.1.116 - 60191 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R7zRdtvfwX1JHjv6fqA8jYz2DUeMAsv/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7039 1490847503.31 1490847503.75 440 192.168.1.116 - 60192 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JwHMTxBgJXaAnC0J4WH2qqPRZOW/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7040 1490847695.02 1490847695.36 336 192.168.1.116 - 60193 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/B5XqxerwEn67JFGu5oQ6hR821HWbgM0/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7041 1490847886.75 1490847887.13 380 192.168.1.116 - 60194 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hYESzWamgh0M028MfzYdmfisE1pb0/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7042 1490848078.35 1490848078.68 327 192.168.1.116 - 60195 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/aViLLOAN3hzH6hAn5aXUh0cM/ 224 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7043 1490848269.98 1490848270.32 340 192.168.1.116 - 60196 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xr8OQ36VGcRDHsfdCiTjMd3Cr2R/ 227 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7044 1490848461.62 1490848461.99 369 192.168.1.116 - 60197 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kBCGt9Rka3OHOi2i6AMy1JYe5xNOerC/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7045 1490848653.24 1490848653.61 374 192.168.1.116 - 60198 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/NbzU3jfR0pF9CgGkNjXRa7/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7046 1490848844.86 1490848845.2 339 192.168.1.116 - 60199 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kWlOI5C5zLcZSQ9Jb/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7047 1490849036.44 1490849036.78 339 192.168.1.116 - 60200 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KMfj51gVtMCYM8JFMtrY/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7048 1490849228.05 1490849228.42 374 192.168.1.116 - 60201 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/5yZ8PzGqCl5i299u0Rsc/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7049 1490849419.67 1490849420.0 336 192.168.1.116 - 60202 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iiBJhMgeFeFfRuB09U81aMEa8wToxrU/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7050 1490849611.23 1490849612.5 1274 192.168.1.116 - 60203 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 204 41773 0 41632 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7050 1490849620.83 1490849621.83 996 192.168.1.116 - 60203 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 204 22989 0 22848 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7050 1490849629.04 1490849629.39 352 192.168.1.116 - 60203 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iyeYzWF49DTrOfnB9MgmllJ/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7051 1490849820.67 1490849821.01 338 192.168.1.116 - 60204 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iOqUOauirWsfsKBeY/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7052 1490850012.22 1490850012.54 321 192.168.1.116 - 60205 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mOxWiGzgKNf8G2Wnu5pDRJdwQ/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7053 1490850203.82 1490850204.2 380 192.168.1.116 - 60206 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/h5aYZIjSg82bI42PAZZeKCg/ 223 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7054 1490850396.49 1490850396.84 341 192.168.1.116 - 60207 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BrqlusyZ29yFIwiu2HZra/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7055 1490850588.03 1490850588.39 362 192.168.1.116 - 60208 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6IeuxujPqPX1Mzx9Keg/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7056 1490850779.76 1490850780.13 370 192.168.1.116 - 60209 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DHLmjxeeRGtXoBnowJmMBx7XXzz7qH/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7057 1490850973.09 1490850973.51 420 192.168.1.116 - 60210 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7058 1490850975.5 1490850975.84 335 192.168.1.116 - 60211 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 205 379 0 240 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7058 1490850981.8 1490850982.15 348 192.168.1.116 - 60211 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/b2Ymfl8dCTLigxK15G/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7059 1490851173.42 1490851173.79 368 192.168.1.116 - 60212 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wflUCOgMotBHH7Qh3LFi2tK0ATd37I/ 230 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7060 1490851366.04 1490851366.37 336 192.168.1.116 - 60213 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Qf1mKngSMdQT0Bd53zmh7pzVN/ 225 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7061 1490851557.62 1490851557.96 340 192.168.1.116 - 60214 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uLxNMVLrm8voG8ney0/ 218 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7062 1490851750.94 1490851751.95 1008 192.168.1.116 - 60215 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MGJuIYbxjp1VmXslEWte7l3B3MbhMc2/ 231 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7063 1490851943.23 1490851943.6 374 192.168.1.116 - 60216 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0ubzyfRW64ZrSZysjGJE/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7064 1490852134.91 1490852135.29 377 192.168.1.116 - 60217 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GkirXuU61q8yC5MNDaB/ 219 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7065 1490852326.55 1490852326.96 410 192.168.1.116 - 60218 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 208 363 0 224 130 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7065 1490852327.22 1490852327.59 372 192.168.1.116 - 60218 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/g0hnxzv5cI3HAZh0/ 216 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7066 1490852518.82 1490852519.17 344 192.168.1.116 - 60219 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Cser8dTLSAeLg4fTovUJA/ 221 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7067 1490852710.64 1490852711.02 375 192.168.1.116 - 60220 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/y5Gwn1Zeqgr5lwsD6bRmDnDETiWuw/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7068 1490852902.43 1490852902.8 369 192.168.1.116 - 60221 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1SxSLQJ1keVbHqIz9d2zQ2hwjnBwnIGX/ 232 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7069 1490853094.08 1490853094.46 377 192.168.1.116 - 60222 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I1TxmY9bfrVIDBXEe/ 217 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7070 1490853285.74 1490853286.15 405 192.168.1.116 - 60223 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6rOpmrSmoib8mFBr5SBj/ 220 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7071 1490853477.48 1490853478.79 1311 192.168.1.116 - 60224 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/OfTfebJtXcwhwApmK30EAcCJUX0tY/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7072 1490853670.08 1490853670.42 335 192.168.1.116 - 60225 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3CuHF6Vk4TBRPIPyuJcQLJ/ 222 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7073 1490853861.65 1490853861.97 320 192.168.1.116 - 60226 203.92.62.46 443 https://203.92.62.46/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1AEdIBmLGJvB7LzMExYI6BYHmNlG1/ 229 144 0 3 130 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7074 1490854052.38 1490854052.46 81 192.168.1.116 - 60227 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 204 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7074 1490854052.71 1490854052.83 124 192.168.1.116 - 60227 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/uOnB7sUMRuyNpp38Vhqh6XxIeOdZJz3/ 333 521 0 378 131 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7074 1490854053.34 1490854053.41 74 192.168.1.116 - 60227 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/LRGGNQWHJAMLBYQH/1/ 223 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 7075 1490854053.6 1490854053.67 66 192.168.1.116 - 60228 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7076 1490854054.85 1490854054.91 68 192.168.1.116 - 60229 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 215 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7077 1490854055.09 1490854055.16 69 192.168.1.116 - 60230 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 243 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7078 1490854056.39 1490854056.5 104 192.168.1.116 - 60231 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/S7sNOItaXtfXQVrVVLaMnOIVTM/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7079 1490854246.87 1490854246.94 74 192.168.1.116 - 60232 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eSBtCV3rZ5EEtuHkjQx6y8na3N08/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7080 1490854437.36 1490854437.44 86 192.168.1.116 - 60233 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XHX6VTq3XEnVJ3n0yXZs8RFCN0DVkBU/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7081 1490854627.98 1490854628.05 75 192.168.1.116 - 60234 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/R4NHMYc0RTnSG8TuHZ0O/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7082 1490854818.45 1490854818.53 76 192.168.1.116 - 60235 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/E3c75JnhCbXz97bFQ2gU8QslBp1lGx/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7083 1490855008.94 1490855009.01 73 192.168.1.116 - 60236 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZQRYz7BD48MKfR3iyjeeJ4/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7084 1490855199.38 1490855199.57 193 192.168.1.116 - 60237 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7084 1490855207.48 1490855207.6 123 192.168.1.116 - 60237 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7084 1490855214.92 1490855214.99 73 192.168.1.116 - 60237 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XdgWlBXgebvJbgyPlt4Keo5tUQRz/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7085 1490855405.38 1490855405.46 74 192.168.1.116 - 60238 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/23tgLBP4zhz5J0XRR/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7086 1490855596.0 1490855596.09 87 192.168.1.116 - 60239 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YRsSL51OZoOr5ZNEKIzi5DTSsy3g59I/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7087 1490855786.55 1490855786.63 74 192.168.1.116 - 60240 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mFxijvQXgOc5XVJUnWI/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7088 1490855977.04 1490855977.12 79 192.168.1.116 - 60241 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Rhu92sJksibQakS2Zf1HASOtAJd/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7089 1490856167.56 1490856167.64 76 192.168.1.116 - 60242 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IRAe8dSvgofT3FXNz/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7090 1490856358.24 1490856358.31 72 192.168.1.116 - 60243 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JB5bfeTI98UVvaM5ca5uCjVgOn26g9Y9/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7091 1490856548.73 1490856548.82 86 192.168.1.116 - 60244 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3OgaY64PGoFH82wJA/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7092 1490856739.19 1490856739.26 75 192.168.1.116 - 60245 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2YNmyqgZJ2woUb2l2QB3RulCy3/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7093 1490856929.66 1490856929.74 80 192.168.1.116 - 60246 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rxXeqpsTE2YC29RjLU8fJ6j4/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7094 1490857120.16 1490857120.26 94 192.168.1.116 - 60247 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TSG2ld3S1jonFqxeeBxhZBtE/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7095 1490857310.72 1490857310.8 77 192.168.1.116 - 60248 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/k1NNt7vE4vNQfaMVz/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7096 1490857501.46 1490857501.54 81 192.168.1.116 - 60249 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qQc9o8YB3iOd3x3oafkyuDNW8UHiE/ 230 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7097 1490857691.94 1490857692.02 80 192.168.1.116 - 60250 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WlHmgezC4AKTcsS1MEJ/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7098 1490857882.6 1490857882.7 94 192.168.1.116 - 60251 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7098 1490857882.95 1490857883.03 88 192.168.1.116 - 60251 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N10rGZsI14T8cDrB/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7099 1490858073.48 1490858073.56 81 192.168.1.116 - 60252 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/n6ineKXdpZXVXxhbF/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7100 1490858263.97 1490858264.05 76 192.168.1.116 - 60253 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8R3hEDWytuiqMsLmDPU8qlL99/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7101 1490858454.43 1490858454.52 88 192.168.1.116 - 60254 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DYbQ1vEDJv9vTAPYTRL2/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7102 1490858644.92 1490858645.0 75 192.168.1.116 - 60255 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iIhqv06NhqntpEGB/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7103 1490858835.41 1490858835.49 79 192.168.1.116 - 60256 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DBCjAycAy8xTwRifnLUgZ79F2DgB/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7104 1490859025.86 1490859025.93 69 192.168.1.116 - 60257 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/M5Mg0lTFWfTelrsljGMA2nAzern/ 228 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7105 1490859216.36 1490859216.44 77 192.168.1.116 - 60258 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4QgNngXxUNGI1n72AAuuOx/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7106 1490859406.81 1490859406.89 76 192.168.1.116 - 60259 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Xc3IanBLKKCfzUq3wR8rZHFXu/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7107 1490859597.26 1490859597.34 76 192.168.1.116 - 60260 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/buFGub8PGC4XOozauZ09z/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7108 1490859787.71 1490859787.78 72 192.168.1.116 - 60261 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jmRGGvE7C4D1eSqrNOAi4AE/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7109 1490859978.19 1490859978.26 73 192.168.1.116 - 60262 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/G0CAwq5Y1Vueuu3kw/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7110 1490860168.7 1490860168.78 80 192.168.1.116 - 60263 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GWKTRlG5IP4IRzlJRnEz3ZACS/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7111 1490860359.16 1490860359.23 71 192.168.1.116 - 60264 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T0xDMblvt7tI08Q0TsoomKM/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7112 1490860549.64 1490860549.71 71 192.168.1.116 - 60265 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/eGQ49znekrjmmsXRIWxPNg9R4/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7113 1490860740.3 1490860740.48 186 192.168.1.116 - 60266 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7113 1490860748.92 1490860749.03 109 192.168.1.116 - 60266 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7113 1490860756.95 1490860757.03 79 192.168.1.116 - 60266 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IfcqpmTNsdYiIS9hGQJ0Vt/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7114 1490860947.45 1490860947.53 80 192.168.1.116 - 60267 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sGzP9XCAbcaMDbdkqtQW63/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7115 1490861143.95 1490861144.03 79 192.168.1.116 - 60268 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7116 1490861159.24 1490861159.3 68 192.168.1.116 - 60269 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7117 1490861174.51 1490861174.59 78 192.168.1.116 - 60270 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 209 131 0 9 131 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7118 1490861189.78 1490861189.85 73 192.168.1.116 - 60271 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wBKbJWOk0ld6dg80Y6Yibmc/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7119 1490861380.49 1490861380.57 74 192.168.1.116 - 60272 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/8hpyem2OWqpPc0GwnBbCDq7tN6o8wXq/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7120 1490861570.97 1490861571.05 74 192.168.1.116 - 60273 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KUKWs3yvuIMeccVcaoft6dJ0C/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7121 1490861761.47 1490861761.55 81 192.168.1.116 - 60274 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BKpo2c2Z1qgGYyBwj0MjzfFCm/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7122 1490861951.92 1490861952.02 105 192.168.1.116 - 60275 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7122 1490861957.98 1490861958.07 91 192.168.1.116 - 60275 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sqQcfxYc1c5PEJksKEwBgL6G/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7123 1490862148.45 1490862148.52 73 192.168.1.116 - 60276 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/osRMj2tIfcMaTCv5nzGKyf/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7124 1490862338.93 1490862339.01 75 192.168.1.116 - 60277 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Irnbd5xLlkmaxVrDajan/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7125 1490862529.39 1490862529.46 74 192.168.1.116 - 60278 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/v6Qr6KvBTKqUTkzszM2v6/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7126 1490862719.88 1490862719.95 76 192.168.1.116 - 60279 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CshkiEfXI70Dmxrk9dJPwi/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7127 1490862910.33 1490862910.4 74 192.168.1.116 - 60280 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/w5ITISoyHbgjeBMB2wam4cZ/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7128 1490863100.8 1490863100.87 70 192.168.1.116 - 60281 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cMVo54wRlJgjlDDYhNLJ0wIZp1/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7129 1490863291.32 1490863291.4 77 192.168.1.116 - 60282 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7129 1490863291.65 1490863291.74 90 192.168.1.116 - 60282 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bw3bg135L6dO8arRqC17yUx3bkmXCQdJ/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7130 1490863482.16 1490863482.23 74 192.168.1.116 - 60283 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iEr2DAfJqbRjNtJyuND2/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7131 1490863672.63 1490863672.71 82 192.168.1.116 - 60284 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RIqlVTazwfujQL1Gpd3l/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7132 1490863863.09 1490863863.17 80 192.168.1.116 - 60285 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MVfgRFVfQyoDitTqWiReq7IlRplPRt4W/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7133 1490864053.6 1490864053.67 72 192.168.1.116 - 60286 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ql3UoBL0cAfnpDr8SLLII23HyJ/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7134 1490864244.08 1490864244.16 74 192.168.1.116 - 60287 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gDFbcFvnENvZ7fv6iqcpbzg/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7135 1490864434.56 1490864434.63 71 192.168.1.116 - 60288 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BfoIVl1hYwaX56S69EzEnbi/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7136 1490864625.03 1490864625.11 80 192.168.1.116 - 60289 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/keZj8LZck3HC6uUxwd2QBPAhK/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7137 1490864815.5 1490864815.57 75 192.168.1.116 - 60290 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uLzme2pcDEJOX3ONKgPNtHLQSy/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7138 1490865005.99 1490865006.07 80 192.168.1.116 - 60291 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vPfwqyDTqOR3cyC7lDCBe8tEzsHtzKjj/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7139 1490865196.47 1490865196.6 129 192.168.1.116 - 60292 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/08PaiIUmbfa81FRV/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7140 1490865386.99 1490865387.07 74 192.168.1.116 - 60293 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qIs7cCuabsaUMwMK/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7141 1490865577.44 1490865577.52 73 192.168.1.116 - 60294 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/iYTGftSpqknf1TYFZjUttbEpF41GmuF6/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7142 1490865767.87 1490865767.94 72 192.168.1.116 - 60295 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SJVwL9wIZVOXGT9SRETjuzP1tl0ZYf3c/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7143 1490865958.29 1490865958.37 75 192.168.1.116 - 60296 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/45l6tU3KegVP5jZm/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7144 1490866148.79 1490866148.97 183 192.168.1.116 - 60297 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7144 1490866157.11 1490866157.22 112 192.168.1.116 - 60297 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7144 1490866165.04 1490866165.12 81 192.168.1.116 - 60297 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Ua88t4SiLQRfUNap7ze9/ 221 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7145 1490866355.54 1490866355.62 78 192.168.1.116 - 60298 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kr7EfDpX14x3zylRrkfpZsG1IrSy/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7146 1490866546.03 1490866546.1 70 192.168.1.116 - 60299 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GgU7y5DaYySDClTuG5S774/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7147 1490866736.57 1490866736.64 79 192.168.1.116 - 60300 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nnh8K5UuIWBJyxqY7/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7148 1490866927.06 1490866927.13 75 192.168.1.116 - 60301 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TSJ3ZiQjDGynhTEVhm5VoDZV6898/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7149 1490867117.5 1490867117.57 74 192.168.1.116 - 60302 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BBy9Cp50vLIwbMcHRWZ9NXrsMP3a5lm/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7150 1490867307.97 1490867308.04 77 192.168.1.116 - 60303 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ek9VIcmitvAlZWNy9wqBfROzS9D0IkE1/ 233 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7151 1490867498.41 1490867498.49 77 192.168.1.116 - 60304 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KNlCuhGU3oMC6SvqLv7MTPRBFOO9qps/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7152 1490867688.86 1490867688.94 74 192.168.1.116 - 60305 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7sMniLfoDVBMyefu9fyU1BVTh/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7153 1490867879.36 1490867879.44 76 192.168.1.116 - 60306 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1YAwFcm7tIQHPVuDpNvLluKDT1r1sI2/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7154 1490868070.02 1490868070.12 96 192.168.1.116 - 60307 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MCcv8EcPgPgZvTIDbPW/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7155 1490868260.52 1490868260.6 74 192.168.1.116 - 60308 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/91zS3odEiqyQ3iwB1VylI7/ 223 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7156 1490868451.41 1490868451.49 76 192.168.1.116 - 60309 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ma93YYWhoJ3GaKXkhbO/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7157 1490868641.88 1490868641.96 74 192.168.1.116 - 60310 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RyAjcGtKyQOJXi9S1qjes7UP/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7158 1490868832.37 1490868832.44 73 192.168.1.116 - 60311 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 209 363 0 224 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7158 1490868832.7 1490868832.78 80 192.168.1.116 - 60311 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QCPXpLEqOzCYlZirgbzEDA54oC/ 227 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7159 1490869023.22 1490869023.31 85 192.168.1.116 - 60312 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/T53pR72GFlK4AerbxuvlHaoEt5Yf/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7160 1490869213.68 1490869213.76 73 192.168.1.116 - 60313 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uyikc7d0Suoi1ed1UmQ6wJkm3/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7161 1490869404.14 1490869404.21 74 192.168.1.116 - 60314 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/BYc1oiiHYoTEvnRK26mMM/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7162 1490869594.63 1490869594.71 79 192.168.1.116 - 60315 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/QqOrJQgUhAxSCZgBZl0O3Dhx/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7163 1490869785.11 1490869785.18 74 192.168.1.116 - 60316 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/wBD5OAocmWquK3ajXxXZU0f/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7164 1490869975.6 1490869975.66 69 192.168.1.116 - 60317 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hyxfqzajQJ9QwWrosbM/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7165 1490870166.08 1490870166.15 75 192.168.1.116 - 60318 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/srdZgqTvPSAHsec1b/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7166 1490870356.54 1490870356.62 86 192.168.1.116 - 60319 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kGZf9A5rfwTfMbme9heX8pKH/ 225 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7167 1490870547.03 1490870547.11 75 192.168.1.116 - 60320 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/1itjCMfyzFKgXBhvb11YtYx8HaD3BV/ 231 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7168 1490870737.64 1490870737.71 68 192.168.1.116 - 60321 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZyByrALAhcsbPhxzlRW/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7169 1490870928.12 1490870928.2 80 192.168.1.116 - 60322 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rjZq3dEq0rbzierninXKs/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7170 1490871118.6 1490871118.67 74 192.168.1.116 - 60323 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xbAexlHq5gsRVPlCOdRXYMTjqanrnFK/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7171 1490871309.04 1490871309.11 68 192.168.1.116 - 60324 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/59Xo133GOwtjMi82Q43NeA5VM/ 226 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7172 1490871499.52 1490871499.59 69 192.168.1.116 - 60325 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/jUIZPMyOJ1MOXrBtxhTOTsHvgMSf/ 229 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7173 1490871690.0 1490871690.18 182 192.168.1.116 - 60326 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 205 41773 0 41632 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7173 1490871698.41 1490871698.54 132 192.168.1.116 - 60326 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 205 22989 0 22848 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7173 1490871705.94 1490871706.03 89 192.168.1.116 - 60326 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/69fTzozBF97EvY7hwLO/ 220 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7174 1490871896.45 1490871896.53 75 192.168.1.116 - 60327 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/utSWmqkpuOBPc3sQ/ 217 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7175 1490872086.88 1490872086.95 72 192.168.1.116 - 60328 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r1IAqA6ucyemCSTBzMFoHr4/ 224 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7176 1490872277.33 1490872277.4 78 192.168.1.116 - 60329 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ffgulBMprlCX7HXMjrvOx/ 222 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7177 1490872467.78 1490872467.86 76 192.168.1.116 - 60330 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Q0gInaznnyQAL6WaH/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7178 1490872658.23 1490872658.31 75 192.168.1.116 - 60331 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/VkLhWL1XmlgRgYXUe/ 218 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7179 1490872848.76 1490872848.85 82 192.168.1.116 - 60332 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 206 379 0 240 131 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7179 1490872854.81 1490872854.9 88 192.168.1.116 - 60332 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cDDEZE9evRykAXAV5LhktoZ13CEOtM6/ 232 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7180 1490873045.73 1490873045.81 76 192.168.1.116 - 60333 84.42.159.138 443 https://84.42.159.138/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/qw2iWGEsYQbXjYadIY/ 219 144 0 3 131 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7181 1490873237.78 1490873238.41 620 192.168.1.116 - 60334 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/spk/ 205 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7182 1490873240.08 1490873240.35 270 192.168.1.116 - 60335 107.22.214.64 80 http://checkip.amazonaws.com/ 153 133 0 13 139 106 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 200 - - - - - - - CTU.238.1.Malicious 7181 1490873240.55 1490873241.17 615 192.168.1.116 - 60334 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/0/Windows%207%20x86/1016/147.32.83.56/CC4518AF6F10BAB442C9739546548B52885FED5C8DC342AE81163589B5BD7749/O8r5eYEFB16cO0bD/ 319 506 0 363 132 129 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7181 1490873241.7 1490873242.27 575 192.168.1.116 - 60334 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/10/62/IGETZDXDJFVQEZRDDN/1/ 226 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 403 - - - - - - - CTU.238.1.Malicious 7183 1490873245.09 1490873245.73 633 192.168.1.116 - 60336 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/63/injectDll/start/U3VjY2Vzcw==// 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7184 1490873248.5 1490873249.18 681 192.168.1.116 - 60337 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/user/SYSTEM/0/ 216 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7185 1490873250.97 1490873251.59 622 192.168.1.116 - 60338 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/NAT%20status/client%20is%20behind%20NAT/0/ 244 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7186 1490873253.39 1490873254.0 617 192.168.1.116 - 60339 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Kq1ylDkYr48V9LJwEHRFY6Ww/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7187 1490873446.0 1490873446.62 617 192.168.1.116 - 60340 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/uu6nde1qUPsIChAyd3EbMv5P/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7188 1490873638.66 1490873639.27 615 192.168.1.116 - 60341 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0engXEAbVUS3tatftVPXLq/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7189 1490873831.34 1490873831.94 607 192.168.1.116 - 60342 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j3cfo1JnMC4r8pdwbSgLtK/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7190 1490874023.89 1490874024.53 635 192.168.1.116 - 60343 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UyFk7EscuTSRBjgaVfxH5dulqMybJcaN/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7191 1490874216.61 1490874217.22 609 192.168.1.116 - 60344 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/j6H0Be539Ql262zQV7qH/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7192 1490874409.27 1490874409.88 606 192.168.1.116 - 60345 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7192 1490874410.13 1490874410.75 622 192.168.1.116 - 60345 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nYU9MTAkyxFmPEJTZ2T5Y71xz/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7193 1490874602.82 1490874603.43 609 192.168.1.116 - 60346 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/6COPYmemruNtrsRXiwqCoJxXMi3qg0/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7194 1490874795.36 1490874795.93 570 192.168.1.116 - 60347 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/WuhGHfkbTRk0wO1tuK/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7195 1490874987.99 1490874988.6 609 192.168.1.116 - 60348 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gQbzTRRbzEs4ZB2If7DfIscb2Kc/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7196 1490875180.56 1490875181.17 608 192.168.1.116 - 60349 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cT1mtbgjdSk996jHeRo8/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7197 1490875373.24 1490875373.85 607 192.168.1.116 - 60350 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Tm64b8SDzWS31VDu/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7198 1490875565.82 1490875566.39 568 192.168.1.116 - 60351 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/YX68hNku2wvmNtkXsv/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7199 1490875764.55 1490875765.19 639 192.168.1.116 - 60352 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7200 1490875781.99 1490875782.63 638 192.168.1.116 - 60353 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7201 1490875799.47 1490875800.08 610 192.168.1.116 - 60354 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/23/1000015/ 210 131 0 9 132 101 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' - GET 404 - - - - - - - CTU.238.1.Malicious 7202 1490875816.88 1490875817.49 613 192.168.1.116 - 60355 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/I9e0Wd2mFPQ8tVqBiFSIWHv2Og/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7203 1490876009.55 1490876010.16 605 192.168.1.116 - 60356 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JtrauL9k6LYINQBlTbE4OmjE09/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7204 1490876202.2 1490876202.81 613 192.168.1.116 - 60357 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/vtELxTsNzo77gOBjPL9fsz8Q/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7205 1490876394.86 1490876395.48 612 192.168.1.116 - 60358 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/2NulxhFNEoqCX8sIDHVJLDENqwGVcJj/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7206 1490876587.47 1490876588.1 636 192.168.1.116 - 60359 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/pXRD9ImBtfdYhb5JFAffWOI4vMx2NDYX/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7207 1490876780.18 1490876780.79 610 192.168.1.116 - 60360 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ltxCDbf3O7yH0yIqUPt3ROEQV2y/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7208 1490876974.59 1490876975.19 605 192.168.1.116 - 60361 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/hQPK5qUF7UVF4829JELK11KA/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7209 1490877167.26 1490877169.11 1859 192.168.1.116 - 60362 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7209 1490877178.63 1490877179.85 1222 192.168.1.116 - 60362 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7209 1490877187.19 1490877187.79 604 192.168.1.116 - 60362 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4aZDfpZRXGrwOc98S/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7210 1490877380.04 1490877380.65 607 192.168.1.116 - 60363 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/cqcQbEkU3A3y8Ov6B5uhBkVvZXrQoVQm/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7211 1490877572.6 1490877573.17 568 192.168.1.116 - 60364 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/GNLD4ySJNMNnrhrpTxHFu6ff/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7212 1490877765.17 1490877765.74 569 192.168.1.116 - 60365 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/t4Hom25CwpI3SPE9J8I4T/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7213 1490877958.75 1490877959.36 614 192.168.1.116 - 60366 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/MNo9caxJoZq81riRsQ6yZEFLz/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7214 1490878151.46 1490878152.06 608 192.168.1.116 - 60367 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/r6BQjBfn9VreWTC7iDF9w9N8t4TKnZJ/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7215 1490878344.06 1490878344.67 610 192.168.1.116 - 60368 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/4jKWmY7gk6pDj7Yue4wLUAFWsrFmQCr/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7216 1490878536.66 1490878537.28 612 192.168.1.116 - 60369 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dTrePM9xXI82J56LuTLrmHdhKFOCrEQa/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7217 1490878729.31 1490878729.93 619 192.168.1.116 - 60370 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xbIgJBQ4T9bRT5qQIRHfAEmbgfQgREH/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7218 1490878921.95 1490878922.56 611 192.168.1.116 - 60371 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/LjBAx8vZ8X6BFkmkzYwLHFjGBb1/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7219 1490879114.54 1490879115.15 615 192.168.1.116 - 60372 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xXiCK8ilETCOrhw0hMwa5fqPxO/ 228 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7220 1490879307.12 1490879309.36 2237 192.168.1.116 - 60373 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TNTiTh9kbm1UInBU2HI/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7221 1490879501.33 1490879501.91 575 192.168.1.116 - 60374 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/CQE5kCd9NmOnWwsx6zJ2WZInPDj/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7222 1490879693.9 1490879694.54 637 192.168.1.116 - 60375 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7enhXr9vk0zpeFxCQecP/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7223 1490879887.66 1490879888.43 770 192.168.1.116 - 60376 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/14/DNSBL/not%20listed/0/ 223 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7224 1490879891.25 1490879891.87 621 192.168.1.116 - 60377 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7224 1490879892.13 1490879892.74 614 192.168.1.116 - 60377 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XZQpvrqJ1s3ZTWdSjX/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7225 1490880084.76 1490880085.37 611 192.168.1.116 - 60378 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/d3rT5qEk544RoWZOrT975f4vTyx/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7226 1490880277.29 1490880277.85 567 192.168.1.116 - 60379 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ya2KqqHpGtRXUCoRlK/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7227 1490880470.92 1490880471.52 604 192.168.1.116 - 60380 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/JAvWXYdJ3ehi2TEroruyqQ/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7228 1490880663.54 1490880664.15 605 192.168.1.116 - 60381 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ImPJq9xCiLKgznps1/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7229 1490880856.14 1490880856.76 622 192.168.1.116 - 60382 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/gzTCdogHxAOmQjqUM3W26hj5E9xi2WJ/ 233 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7230 1490881048.76 1490881049.37 613 192.168.1.116 - 60383 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yAGKglsEC2yVkMI5gTDkxcET8/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7231 1490881241.39 1490881242.0 610 192.168.1.116 - 60384 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/KkvU1lq4jNPlV70t3b/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7232 1490881433.99 1490881434.61 616 192.168.1.116 - 60385 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/RcP3iAWO2fs6Jv1IzBgocL/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7233 1490881626.63 1490881627.25 615 192.168.1.116 - 60386 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ElsDZCTCvpveSs9kJGe3VPZm2UYzp/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7234 1490881819.41 1490881820.02 605 192.168.1.116 - 60387 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/bh6UQCyOzeY6XuEbr/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7235 1490882012.11 1490882012.72 619 192.168.1.116 - 60388 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Fv26bwyt6iZwcbOXbtrA6yKuX/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7236 1490882204.7 1490882205.31 614 192.168.1.116 - 60389 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ZhYaRuIrpZPtNNY8MjlM/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7237 1490882397.33 1490882397.94 608 192.168.1.116 - 60390 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xJFYafNe2iVCrMTyKaDINpF/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7238 1490882589.96 1490882591.76 1793 192.168.1.116 - 60391 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7238 1490882600.15 1490882601.46 1308 192.168.1.116 - 60391 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7238 1490882608.61 1490882609.24 629 192.168.1.116 - 60391 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/EMr4id9V1dZcigap9Ur/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7239 1490882801.23 1490882801.8 567 192.168.1.116 - 60392 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/yMGJOb51HfOKdOOa2EPN20G/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7240 1490882993.86 1490882994.46 603 192.168.1.116 - 60393 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/tWjpgyCjz5mGmmp2F/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7241 1490883186.49 1490883187.1 611 192.168.1.116 - 60394 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Oc5Zkq7EpQfWM3b9U/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7242 1490883379.15 1490883379.76 615 192.168.1.116 - 60395 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/N1eAAQzlKAhxgbswWAmwhVUGJ/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7243 1490883571.72 1490883572.35 631 192.168.1.116 - 60396 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/D8PSm7JUFFSwDuNtZUDxm499/ 226 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7244 1490883764.4 1490883765.01 613 192.168.1.116 - 60397 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dpost/ 207 379 0 240 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7244 1490883770.97 1490883771.59 613 192.168.1.116 - 60397 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/XHb9PkDQyBYI0cDHx/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7245 1490883963.56 1490883964.13 567 192.168.1.116 - 60398 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/AGeYWUcj0hdCoqfov/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7246 1490884156.16 1490884156.77 605 192.168.1.116 - 60399 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/rFNPEdxxJxXUAVxU/ 218 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7247 1490884348.78 1490884349.39 608 192.168.1.116 - 60400 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/TSkTGeH6ObDQi01ED76x5Eko4/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7248 1490884541.49 1490884542.12 623 192.168.1.116 - 60401 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ztWOy1GFc5gUvuBANCOEO7Myb/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7249 1490884734.08 1490884734.72 633 192.168.1.116 - 60402 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ohQI6XfwkIut9XWsRUNeQb/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7250 1490884926.75 1490884927.36 610 192.168.1.116 - 60403 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/ezKiEL46eIX5A7o5N7O/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7251 1490885119.41 1490885120.02 610 192.168.1.116 - 60404 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/akUQV4V5vw35ioW7gHht/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7252 1490885312.03 1490885312.67 644 192.168.1.116 - 60405 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/mailconf/ 210 363 0 224 132 125 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7252 1490885312.94 1490885313.55 613 192.168.1.116 - 60405 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/7CEInW1wNQjvcNIPFGM/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7253 1490885505.57 1490885506.18 614 192.168.1.116 - 60406 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/3Lr50bn3pHu9zRDsk3jJpbmigNWEY6Rh/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7254 1490885698.23 1490885698.84 612 192.168.1.116 - 60407 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/kDMNH1emTsMsgDDkE9fvfhgrbp00boLv/ 234 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7255 1490885890.89 1490885891.49 603 192.168.1.116 - 60408 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/J4LZoxbCshk7ecOuocsYLtY/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7256 1490886083.55 1490886084.16 606 192.168.1.116 - 60409 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/DMiVrrIjm0XfjLGflitzs5qjsDF/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7257 1490886276.25 1490886276.86 606 192.168.1.116 - 60410 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/0YHYqOf1THD6PQwEJqnxaSx/ 225 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7258 1490886469.07 1490886469.69 620 192.168.1.116 - 60411 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/mkJ7Hqy6S16ocXeyRpB1CRq02/ 227 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7259 1490886661.83 1490886662.47 644 192.168.1.116 - 60412 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/IMZnLfbr9E7oDAumfv/ 220 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7260 1490886854.44 1490886855.01 571 192.168.1.116 - 60413 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/dkc2LKHr1viK0wtA2qY6qE1goYQ/ 229 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7261 1490887047.01 1490887047.62 613 192.168.1.116 - 60414 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/UhKhOQHSHKTpY56cwXuYJa/ 224 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7262 1490887239.62 1490887241.83 2207 192.168.1.116 - 60415 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/SF3eWQrMttVioSRkrnQ/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7263 1490887433.99 1490887434.61 619 192.168.1.116 - 60416 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/Bq9RD1N12EzwJG88LeJU7vT5fJstu/ 231 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7264 1490887626.63 1490887627.26 631 192.168.1.116 - 60417 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/zDmXiyvTRXCjJbHEch3/ 221 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7265 1490887819.33 1490887819.93 605 192.168.1.116 - 60418 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/xricZegNgXegRF7DkWVgA7Je8uPbjq/ 232 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7266 1490888011.92 1490888013.62 1708 192.168.1.116 - 60419 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/dinj/ 206 41773 0 41632 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7266 1490888021.63 1490888022.8 1171 192.168.1.116 - 60419 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/5/sinj/ 206 22989 0 22848 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' binary GET 200 - - - - - - - CTU.238.1.Malicious 7266 1490888030.15 1490888030.78 628 192.168.1.116 - 60419 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/nv4C1AJ5mQntuwI8vn6J/ 222 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious 7267 1490888222.89 1490888223.5 610 192.168.1.116 - 60420 190.138.249.45 443 https://190.138.249.45/tt0002/WIN1_W617600.27936EF028525AEE8B04ED9CFE0E5AD1/1/sL2RqEfGKuGyu04VB/ 219 144 0 3 132 127 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0' text/plain GET 200 - - - - - - - CTU.238.1.Malicious