#Fields: id timestamp timestamp_end time-taken c-ip cs-username c-port r-ip r-port cs-uri cs-bytes sc-bytes cs-bodylength sc-bodylength cs-headerlength sc-headerlength cs(User-Agent) rs(Content-Type) cs-method sc-status cs(Referer) N/A N/A N/A x-risk-score rs(Location) s-action label 1 1513615422.7188632 1513615422.7270267 8 192.168.1.116 - 49160 195.113.232.75 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 360 54424 0 53978 291 432 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 200 - - - - - - - CTU.322.1.Malicious 2 1514220330.0354931 1514220330.0794055 44 192.168.1.116 - 51609 195.113.232.73 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.322.1.Malicious 3 1514825178.4901688 1514825178.761356 271 192.168.1.116 - 54187 195.113.232.75 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.322.1.Malicious 4 1515430372.3849685 1515430372.5315146 147 192.168.1.116 - 56863 195.113.232.72 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.322.1.Malicious 5 1516035422.9614348 1516035422.9686646 7 192.168.1.116 - 59604 195.113.232.73 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.322.1.Malicious 6 1516640791.4929383 1516640792.3123267 819 192.168.1.116 - 62409 93.184.221.240 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 54904 0 54487 292 403 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 200 - - - - - - - CTU.322.1.Malicious 7 1517246488.8515217 1517246488.9122157 61 192.168.1.116 - 65198 195.113.232.73 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.322.1.Malicious