#Fields: id timestamp timestamp_end time-taken c-ip cs-username c-port r-ip r-port cs-uri cs-bytes sc-bytes cs-bodylength sc-bodylength cs-headerlength sc-headerlength cs(User-Agent) rs(Content-Type) cs-method sc-status cs(Referer) N/A N/A N/A x-risk-score rs(Location) s-action label 1 1518232297.910873 1518232297.926464 16 192.168.1.119 - 49158 195.113.232.73 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 360 54424 0 53978 291 432 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 200 - - - - - - - CTU.339.1.Malicious 2 1518232298.2103038 1518232298.4239984 214 192.168.1.119 - 49159 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubStart 452 460 228 29 168 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 3 1518232298.636355 1518232299.0551035 419 192.168.1.119 - 49160 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat?ProductID=IS&Type=StubBundleStart 381 460 151 29 168 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 4 1518232302.1676486 1518232302.184618 17 192.168.1.119 - 49161 104.31.75.124 80 http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkfDD%2F78IrsoD5b%2Bp1JR 279 2169 0 1521 140 634 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 5 1518232302.4398816 1518232302.4554276 16 192.168.1.119 - 49162 104.31.75.124 80 http://ocsp2.globalsign.com/gscodesigng3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTHTu2Y6Nr%2FMkfa3PrlxnwonnIpxQQUs9Pm1XFWfTlYs3jSK7j3oR%2F9S5sCDG3kH4ic%2BEZD8ySz1Q%3D%3D 286 2175 0 1527 141 634 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232314.7771258 1518232315.371271 594 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallStart 931 460 710 29 155 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232315.8453197 1518232316.0554643 210 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 365 460 185 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232319.9571242 1518232320.3670874 410 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 366 460 186 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 7 1518232314.7841213 1518232323.0887895 8305 192.168.1.119 - 49168 104.16.235.150 80 http://sos.adaware.com/v1/bundle/list/?bundleId=UT005 391 6519 193 6129 153 376 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 7 1518232324.0115316 1518232324.6196382 608 192.168.1.119 - 49168 104.16.235.150 80 http://sos.adaware.com/v1/offer/detail/?_id=5a7b57be2559230007342eb5 97 63622 0 63108 38 500 'None' application/json GET 200 - - - - - - - CTU.339.1.Malicious 8 1518232324.441536 1518232325.0656025 624 192.168.1.119 - 49181 104.16.235.150 80 http://sos.adaware.com/v1/offer/detail/?_id=5a7b57be2559230007342f21 97 60478 0 59964 38 500 'None' application/json GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232324.5963533 1518232325.1041322 508 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleProposedOffers 3456 460 3264 29 124 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232326.5561502 1518232326.7660482 210 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOfferRejected 437 460 247 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 7 1518232327.6769896 1518232328.2798004 603 192.168.1.119 - 49168 104.16.235.150 80 http://sos.adaware.com/v1/offer/detail/?_id=5a7b57be2559230007342f5b 97 46958 0 46444 38 500 'None' application/json GET 200 - - - - - - - CTU.339.1.Malicious 8 1518232329.3418279 1518232329.7415268 400 192.168.1.119 - 49181 104.16.235.150 80 http://sos.adaware.com/v1/offer/detail/?_id=5a7b57be2559230007342ea9 97 85502 0 84988 38 500 'None' application/json GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232337.1619415 1518232337.3754244 213 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleOffersApproved 508 460 317 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232348.407693 1518232348.6192153 212 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 369 460 189 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232349.5832677 1518232349.7930264 210 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown 419 460 238 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232351.02854 1518232351.4293666 401 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 364 460 184 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232353.9401002 1518232354.4535623 513 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferShown 399 460 218 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232355.7018185 1518232356.2172866 515 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 364 460 184 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232359.7040634 1518232359.9131157 209 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 375 460 195 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232362.6484892 1518232363.2742546 626 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 375 460 195 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232379.0619876 1518232379.5676181 506 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 369 460 189 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 9 1518232378.946938 1518232380.2493787 1302 192.168.1.119 - 49204 104.17.116.51 80 http://webcompanion.com/nano_download.php?partner=BT170602 119 354989 0 354288 71 687 'None' application/download GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232380.3231876 1518232380.431285 108 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferAccepted 394 460 210 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 10 1518232380.4750402 1518232380.7481437 273 192.168.1.119 - 49207 185.26.182.112 80 http://net.geo.opera.com/opera/stable/windows?utm_source=lavasoft&utm_medium=pb&utm_campaign=lavasoft 162 1393040 0 1392712 72 314 'None' application/octet-stream GET 200 - - - - - - - CTU.339.1.Malicious 11 1518232382.1291397 1518232382.1657777 37 192.168.1.119 - 49211 52.222.173.209 80 http://now.bt.co/inclient 157 628 0 183 135 416 'BTWebClient/351S(44332)' text/html GET 301 - - - - - https://now.bt.co/inclient - CTU.339.1.Malicious 6 1518232381.9869287 1518232382.1951787 208 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferAccepted 374 460 190 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232382.646804 1518232382.7586355 112 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=CarrierInstallStart 593 460 403 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 12 1518232381.7112963 1518232382.963375 1252 192.168.1.119 - 49209 178.79.227.15 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp 199 28841 0 28315 145 512 'BTWebClient/351S(44332)' binary/octet-stream GET 200 - - - - - - - CTU.339.1.Malicious 13 1518232383.3053968 1518232383.5670724 262 192.168.1.119 - 49217 52.222.171.158 80 http://utclient.utorrent.com/pro/utorrent/index.html 184 968 0 264 147 690 'BTWebClient/351S(44332)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232383.63478 1518232384.209151 574 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferInstallStart 426 460 238 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 14 1518232383.302261 1518232384.3747833 1073 192.168.1.119 - 49216 178.79.242.147 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp 191 3610 0 3097 145 499 'BTWebClient/351S(44332)' binary/octet-stream GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232385.5745664 1518232386.0143595 440 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferInstallStart 406 460 218 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 15 1518232386.9946973 1518232387.3432481 349 192.168.1.119 - 49222 67.215.246.203 80 http://update.utorrent.com/installstats.php?cl=uTorrent&v=111389996&h=FO0CO33h8rP5vbFH&w=1DB00106&bu=0&pr=0&cmp=290&ocmp=290&showinstall&pid=304&cau=0&au=0&view=win32 302 225 0 0 149 211 'uTorrent(44332)/3.5.1' text/html GET 200 - - - - - - - CTU.339.1.Malicious 16 1518232387.5388095 1518232387.8725169 334 192.168.1.119 - 49223 67.215.246.203 80 http://update.utorrent.com/installstats.php?cl=uTorrent&v=111389996&h=FO0CO33h8rP5vbFH&w=1DB00106&bu=0&pr=0&cmp=290&ocmp=290&installresult&pid=304&cau=0&installresult=0&exit=1&au=0&view=win32 327 225 0 0 149 211 'uTorrent(44332)/3.5.1' text/html GET 200 - - - - - - - CTU.339.1.Malicious 6 1518232411.9857876 1518232412.194579 209 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDownloadComplete 424 460 232 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232414.175157 1518232414.3854496 210 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferExeReturned 411 460 224 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232415.6043298 1518232416.22778 623 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferInstallError 492 460 304 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 6 1518232495.1193519 1518232495.541011 422 192.168.1.119 - 49167 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferDownloadComplete 405 460 213 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 17 1518232496.3515873 1518232496.535571 184 192.168.1.119 - 49234 185.26.182.117 443 https://autoupdate.geo.opera.com/v2/netinstaller/Stable 711 1559 512 1155 162 390 'Opera NetInstaller/51.0.2830.26' application/json; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 18 1518232496.3459196 1518232496.7381434 392 192.168.1.119 - 49233 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 1144 244 880 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 19 1518232496.8906403 1518232496.9359145 45 192.168.1.119 - 49235 82.145.215.54 80 http://dl.opera.com/download/get/?id=42892&autoupdate=1&ni=1&stream=stable&utm_campaign={{channel}}_{{hostbrowser}}&utm_medium=pb&utm_source=lavasoft&niuid=85a2ff92-b340-413c-afe8-567d96e4e827 307 668 0 344 121 307 'Opera NetInstaller/51.0.2830.26' text/html; charset=iso-8859-1 GET 302 - - - - - http://download1.operacdn.com/pub/opera/desktop/51.0.2830.26/win/Opera_51.0.2830.26_Autoupdate.exe - CTU.339.1.Malicious 20 1518232497.1340787 1518232497.2324247 98 192.168.1.119 - 49236 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 514 244 250 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 21 1518232497.4099617 1518232499.1652124 1755 192.168.1.119 - 49238 151.101.38.2 80 http://download1.operacdn.com/pub/opera/desktop/51.0.2830.26/win/Opera_51.0.2830.26_Autoupdate.exe 245 42122202 0 42121752 163 436 'Opera NetInstaller/51.0.2830.26' application/x-msdos-program GET 200 - - - - - - - CTU.339.1.Malicious 22 1518232500.2691274 1518232500.3714921 102 192.168.1.119 - 49237 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 508 244 244 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 23 1518232500.839428 1518232500.9467618 107 192.168.1.119 - 49239 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 737 244 473 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 24 1518232989.2966032 1518232990.6984003 1402 192.168.1.119 - 49244 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=CarrierExeReturned 401 460 180 29 155 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 24 1518232991.2152448 1518232991.4276166 212 192.168.1.119 - 49244 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=CarrierInstallComplete 469 460 276 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 24 1518232992.6663437 1518232993.3737705 707 192.168.1.119 - 49244 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=PageShown 366 460 186 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 25 1518235882.5215607 1518235882.7195818 198 192.168.1.119 - 49249 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 755 244 491 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 26 1518235882.9942198 1518235883.3007257 307 192.168.1.119 - 49250 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 508 244 244 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 27 1518235884.159384 1518235884.1921453 33 192.168.1.119 - 49251 93.184.220.29 80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D 266 870 0 471 138 385 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 27 1518235884.4106035 1518235884.4317765 21 192.168.1.119 - 49251 93.184.220.29 80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2FehPDVXY0zaDJdwM3EqXk%3D 274 870 0 471 138 385 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 28 1518235884.6730344 1518235884.7920446 119 192.168.1.119 - 49252 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 508 244 244 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 29 1518235885.1096241 1518235885.2295387 120 192.168.1.119 - 49254 185.26.182.117 443 https://autoupdate.geo.opera.com/api/prefs/?product=Opera&version=51.0.2830.26 734 460 512 56 162 390 'Opera NetInstaller/51.0.2830.26' application/json; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 30 1518235885.1140616 1518235885.2662525 152 192.168.1.119 - 49253 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 528 244 264 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 31 1518235886.3065398 1518235886.6079688 301 192.168.1.119 - 49255 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 508 244 244 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 32 1518235919.6016977 1518235919.6948552 93 192.168.1.119 - 49256 23.43.75.27 80 http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECECVRccvD8Qb29B4D63fPT%2Bk%3D 371 1866 0 1437 235 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235920.0189075 1518235920.0737245 55 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D 369 1864 0 1435 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235920.2858813 1518235920.3184536 33 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D 369 2183 0 1754 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235920.3343372 1518235920.3666239 32 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEEu74NglfNlxGhtX5rucZg8%3D 369 2089 0 1660 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 34 1518235920.4866643 1518235920.542538 56 192.168.1.119 - 49258 23.43.69.163 80 http://crl.thawte.com/ThawtePremiumServerCA.crl 302 756 0 446 263 296 'Microsoft-CryptoAPI/6.1' application/pkix-crl GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235920.7548716 1518235920.7891772 34 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEEpJadCTu3TYTlMgmC5DPCk%3D 369 2089 0 1660 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235920.8277974 1518235920.8597078 32 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEGgPYy3wnAp50Qz7w2YEzSs%3D 369 2089 0 1660 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235920.9200876 1518235920.9521294 32 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D 371 1864 0 1435 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235921.20376 1518235921.236182 32 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CECx7B6BbSDNsaZGEvt5wM50%3D 369 2089 0 1660 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235921.2500882 1518235921.2812452 31 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEAmsBk0FKBf%2FTXlC6ml2w9g%3D 371 2089 0 1660 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 33 1518235921.2956889 1518235921.3278852 32 192.168.1.119 - 49257 23.43.75.27 80 http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEHDeZMuFN%2FP3Ifo9MaMM5zY%3D 371 2089 0 1660 237 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 35 1518235938.3180766 1518235938.4140403 96 192.168.1.119 - 49259 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 538 244 274 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 36 1518235938.547101 1518235938.652238 105 192.168.1.119 - 49260 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 539 244 275 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 37 1518235938.9375868 1518235939.041018 103 192.168.1.119 - 49261 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 532 244 268 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 38 1518235939.2802455 1518235939.4036207 123 192.168.1.119 - 49262 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 533 244 269 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 39 1518235939.7328508 1518235939.8498638 117 192.168.1.119 - 49263 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 525 244 261 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 40 1518235940.0812356 1518235940.1775157 96 192.168.1.119 - 49264 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 526 244 262 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 41 1518235941.2390337 1518235941.3350031 96 192.168.1.119 - 49265 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 525 244 261 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 42 1518235942.3814197 1518235942.47944 98 192.168.1.119 - 49266 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 526 244 262 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 43 1518235943.5339465 1518235943.6347651 101 192.168.1.119 - 49267 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 530 244 266 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 44 1518235944.7480986 1518235944.8514726 103 192.168.1.119 - 49268 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 531 244 267 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 45 1518235945.1803083 1518235945.2792525 99 192.168.1.119 - 49269 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 523 244 259 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 46 1518235946.3178892 1518235946.416604 99 192.168.1.119 - 49270 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 524 244 260 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 47 1518235947.6390524 1518235947.770175 131 192.168.1.119 - 49271 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 523 244 259 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 48 1518235948.0046995 1518235948.0974646 93 192.168.1.119 - 49272 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 524 244 260 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 49 1518235949.1647413 1518235949.2619267 97 192.168.1.119 - 49273 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 526 244 262 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 50 1518235950.3348892 1518235950.4290333 94 192.168.1.119 - 49274 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 527 244 263 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 51 1518235951.4958658 1518235951.591839 96 192.168.1.119 - 49275 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 530 244 266 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 52 1518235951.9379861 1518235952.0594525 121 192.168.1.119 - 49276 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 531 244 267 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 53 1518235952.2608466 1518235952.3596318 99 192.168.1.119 - 49277 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 527 244 263 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 54 1518235952.5092704 1518235952.6083157 99 192.168.1.119 - 49278 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 528 244 264 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 55 1518235953.6453717 1518235953.7450664 100 192.168.1.119 - 49279 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 534 244 270 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 56 1518235954.7962675 1518235954.8883667 92 192.168.1.119 - 49280 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 535 244 271 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 57 1518235955.9530942 1518235956.0605943 108 192.168.1.119 - 49281 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 541 244 277 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 58 1518235956.3166301 1518235956.4631073 146 192.168.1.119 - 49282 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 542 244 278 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 59 1518235956.7846494 1518235957.1194582 335 192.168.1.119 - 49283 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 517 244 253 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 60 1518235957.4474723 1518235957.7631686 316 192.168.1.119 - 49284 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 518 244 254 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 61 1518235971.5095816 1518235971.6152117 106 192.168.1.119 - 49285 82.145.213.68 443 https://desktop-netinstaller-sub.osp.opera.software/v1/binary 509 244 245 36 240 189 'Opera installer' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 62 1518235979.0066078 1518235979.3427486 336 192.168.1.119 - 49288 104.17.60.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferExeReturned 424 460 205 29 155 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 62 1518235979.7666762 1518235979.8790803 112 192.168.1.119 - 49288 104.17.60.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=OfferInstallComplete 383 460 192 29 123 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 63 1518235989.3628554 1518235989.4216366 59 192.168.1.119 - 49291 185.26.182.122 80 http://autoupdate.geo.opera.com/geolocation/ 286 444 0 46 260 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 64 1518235993.4385908 1518235993.4857042 47 192.168.1.119 - 49292 82.145.215.91 80 http://redir.opera.com/www.opera.com/firstrun/?utm_campaign=%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D&utm_medium=pb&utm_source=lavasoft&http_referrer=&query=/opera/stable/windows?utm_source=lavasoft%26utm_medium=pb%26utm_campaign=lavasoft 664 388 0 0 433 371 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/octet-stream GET 302 - - - - - https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - CTU.339.1.Malicious 65 1518235995.243795 1518235995.267782 24 192.168.1.119 - 49294 185.26.182.104 443 https://sitecheck2.opera.com/api/v2/check 411 311 50 26 334 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-protobuf POST 200 - - - - - - - CTU.339.1.Malicious 66 1518235995.6307592 1518235995.6592593 29 192.168.1.119 - 49295 185.26.182.104 443 https://sitecheck2.opera.com/api/v2/check 409 309 48 24 334 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-protobuf POST 200 - - - - - - - CTU.339.1.Malicious 67 1518235996.7770195 1518235996.7895875 13 192.168.1.119 - 49301 216.58.201.68 80 http://www.google.com/favicon.ico 316 5929 0 5430 291 485 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 68 1518235996.7679925 1518235996.812814 45 192.168.1.119 - 49296 54.217.238.114 443 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb 538 14320 0 13753 435 553 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 69 1518235996.9483004 1518235997.1655316 217 192.168.1.119 - 49303 204.79.197.200 80 http://www.bing.com/s/a/bing_p.ico 317 565 0 300 289 251 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 70 1518235997.2000477 1518235997.2708328 71 192.168.1.119 - 49307 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1349 621 984 230 350 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 71 1518235997.9178803 1518235997.9835267 66 192.168.1.119 - 49302 176.34.131.233 443 https://duckduckgo.com/favicon.ico 294 33705 0 32988 269 705 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 72 1518235998.8630993 1518235998.9051337 42 192.168.1.119 - 49306 91.198.174.192 443 https://www.wikipedia.org/static/favicon/wikipedia.ico 314 4083 0 2734 272 1337 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/vnd.microsoft.icon GET 200 - - - - - - - CTU.339.1.Malicious 73 1518235998.857943 1518235998.9915152 134 192.168.1.119 - 49309 52.222.172.233 443 https://www.amazon.com/favicon.ico 320 18270 0 17542 295 714 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 74 1518235998.8612185 1518235999.1795545 318 192.168.1.119 - 49305 217.12.15.96 443 https://search.yahoo.com/favicon.ico 296 7372 0 5430 271 1930 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 75 1518236000.2591522 1518236000.2830067 24 192.168.1.119 - 49313 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 75 1518236000.493967 1518236000.519634 26 192.168.1.119 - 49313 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6429 0 6134 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 75 1518236000.9641514 1518236000.9850533 21 192.168.1.119 - 49313 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6936 0 6655 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 76 1518236003.3692522 1518236003.3958743 27 192.168.1.119 - 49298 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 77 1518236016.9155214 1518236016.9413233 26 192.168.1.119 - 49314 151.101.36.233 443 https://www-static.operacdn.com/extension/opera/design/opera/static/css/latin_latinext-634dce27.css 551 1831 0 1138 470 679 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 77 1518236017.2146204 1518236017.2381632 24 192.168.1.119 - 49314 151.101.36.233 443 https://www-static.operacdn.com/extension/opera/design/opera/static/css/client/welcome-370f5665.css 551 4759 0 4068 470 677 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 78 1518236017.421239 1518236017.444323 23 192.168.1.119 - 49316 151.101.36.233 443 https://www-static.operacdn.com/static-heap/01/015a0c56bdb1cfeaff8047e68fef5fc91aed5458/linkfeedback.js 540 11637 0 10929 455 694 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 77 1518236017.5699697 1518236017.595836 26 192.168.1.119 - 49314 151.101.36.233 443 https://www-static.operacdn.com/extension/opera/design/opera/static/client/welcome/opera-logo.svg 570 3490 0 2793 491 683 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/svg+xml GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 79 1518236022.3249283 1518236022.390322 65 192.168.1.119 - 49318 216.58.201.72 443 https://www.googletagmanager.com/gtm.js?id=GTM-Q5SW 462 81790 0 81057 430 721 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=UTF-8 GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 80 1518236023.6206195 1518236023.6563904 36 192.168.1.119 - 49320 151.101.36.233 443 https://www-static.operacdn.com/extension/opera/design/opera/static/css/fonts/latin_latinext/basis_grotesque_bold.woff2 583 17699 0 16964 482 721 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 https://www-static.operacdn.com/extension/opera/design/opera/static/css/latin_latinext-634dce27.css - - - - - - CTU.339.1.Malicious 81 1518236023.736201 1518236023.7709217 35 192.168.1.119 - 49321 151.101.36.233 443 https://www-static.operacdn.com/extension/opera/design/opera/static/css/fonts/latin_latinext/basis_grotesque_light.woff2 584 17560 0 16828 482 718 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 https://www-static.operacdn.com/extension/opera/design/opera/static/css/latin_latinext-634dce27.css - - - - - - CTU.339.1.Malicious 81 1518236030.8811166 1518236030.9072187 26 192.168.1.119 - 49321 151.101.36.233 443 https://www-static.operacdn.com/extension/opera/design/opera/static/css/fonts/latin_latinext/basis_grotesque_regular.woff2 586 17691 0 16956 482 721 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 https://www-static.operacdn.com/extension/opera/design/opera/static/css/latin_latinext-634dce27.css - - - - - - CTU.339.1.Malicious 82 1518236033.1396692 1518236033.37158 232 192.168.1.119 - 49323 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 665 447 0 16 568 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 83 1518236033.6054096 1518236033.618664 13 192.168.1.119 - 49322 216.58.201.78 443 https://www.google-analytics.com/analytics.js 456 36643 0 35943 430 688 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 84 1518236034.617737 1518236034.6749554 57 192.168.1.119 - 49325 31.13.91.6 443 https://connect.facebook.net/en_US/fbevents.js 457 39994 0 38750 426 1232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript; charset=utf-8 GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 83 1518236034.926466 1518236034.9546726 28 192.168.1.119 - 49322 216.58.201.78 443 https://www.google-analytics.com/gtm/js?id=GTM-5FW7N78&cid=1976856982.1518236035&aip=true 500 42016 0 41283 430 721 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=UTF-8 GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 85 1518236035.236974 1518236035.7934809 557 192.168.1.119 - 49326 52.222.172.233 443 https://www.amazon.com/ 309 451011 0 449974 295 1023 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 84 1518236036.2604055 1518236036.3086114 48 192.168.1.119 - 49325 31.13.91.6 443 https://connect.facebook.net/signals/config/1123357797681867?v=2.8.11&r=stable 489 58024 0 57142 426 870 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript; charset=utf-8 GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 86 1518236037.116828 1518236037.164562 48 192.168.1.119 - 49327 54.217.238.114 443 https://www.opera.com/favicon.ico 839 5933 0 5430 814 489 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 83 1518236037.5425797 1518236037.551876 9 192.168.1.119 - 49322 216.58.201.78 443 https://www.google-analytics.com/collect?v=1&_v=j66&aip=1&a=1834317409&t=pageview&_s=1&dl=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&ul=en-us&de=UTF-8&dt=Welcome%20to%20Opera&sd=24-bit&sr=819x583&vp=779x454&je=0&_u=aGBAgAADQ~&jid=661759882&gjid=501534029&cid=1976856982.1518236035&tid=UA-4118503-1&_gid=377578170.1518236035&z=488992419 889 633 0 35 466 586 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 87 1518236038.438138 1518236038.4502168 12 192.168.1.119 - 49329 23.4.249.240 443 https://scdn.cxense.com/cx.js 466 88935 0 88462 447 459 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 87 1518236039.8998024 1518236039.9138043 14 192.168.1.119 - 49329 23.4.249.240 443 https://scdn.cxense.com/sp1.html 589 786 0 328 567 444 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 88 1518236039.9580123 1518236039.995351 37 192.168.1.119 - 49330 31.13.91.36 443 https://www.facebook.com/tr/?id=1123357797681867&ev=PageView&dl=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&rl=&if=false&ts=1518236037751&sw=819&sh=583&v=2.8.11&r=stable&ec=0&o=28&it=1518236036254 749 512 0 44 458 456 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 88 1518236039.9615915 1518236039.9956877 34 192.168.1.119 - 49330 31.13.91.36 443 https://www.facebook.com/tr/?id=1123357797681867&ev=Microdata&dl=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&rl=&if=false&ts=1518236039870&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%7D&cd[Meta]=%7B%22title%22%3A%22Welcome%20to%20Opera%22%7D&cd[DataLayer]=%5B%5D&sw=819&sh=583&v=2.8.11&r=stable&o=28 848 512 0 44 458 456 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 89 1518236040.3810143 1518236040.6396477 259 192.168.1.119 - 49336 74.125.206.155 443 https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j66&tid=UA-4118503-1&cid=1976856982.1518236035&jid=661759882&gjid=501534029&_gid=377578170.1518236035&_u=aGBAgAADQ~&z=668650272 639 1152 0 364 465 776 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=UTF-8 GET 302 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4118503-1&cid=1976856982.1518236035&jid=661759882&_v=j66&z=668650272 - CTU.339.1.Malicious 90 1518236040.8646271 1518236040.885738 21 192.168.1.119 - 49339 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/9c71425368eb92a8da3223db67553d0c865b83c4.png 445 6459 0 6036 373 409 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 91 1518236040.83149 1518236040.897853 66 192.168.1.119 - 49343 216.58.201.68 443 https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4118503-1&cid=1976856982.1518236035&jid=661759882&_v=j66&z=668650272 582 863 0 0 456 851 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=UTF-8 GET 302 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - https://www.google.cz/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4118503-1&cid=1976856982.1518236035&jid=661759882&_v=j66&z=668650272&slf_rd=1&random=3756459761 - CTU.339.1.Malicious 92 1518236041.364709 1518236041.5908968 226 192.168.1.119 - 49334 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 90 1518236041.702713 1518236041.7224872 20 192.168.1.119 - 49339 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/e2653358daac1327db358b2baff1ec56c8700ec3.png 445 6015 0 5552 373 449 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 93 1518236041.9256315 1518236042.0285494 103 192.168.1.119 - 49335 87.250.251.119 443 https://mc.yandex.ru/metrika/tag.js 472 230069 0 229639 444 416 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 94 1518236042.1124637 1518236042.143422 31 192.168.1.119 - 49344 178.63.12.208 443 https://sp1cluster.cxense.com/p1.js 393 668 0 46 374 608 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=UTF-8 GET 200 https://scdn.cxense.com/sp1.html - - - - - - CTU.339.1.Malicious 95 1518236042.5005352 1518236042.529212 29 192.168.1.119 - 49346 216.58.201.67 443 https://www.google.cz/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-4118503-1&cid=1976856982.1518236035&jid=661759882&_v=j66&z=668650272&slf_rd=1&random=3756459761 608 710 0 42 455 656 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 96 1518236042.7398813 1518236042.786324 46 192.168.1.119 - 49347 178.63.12.208 443 https://scomcluster.cxense.com/Repo/rep.gif?ver=1&typ=pgv&rnd=jdgujdmsnpzfkbb7&acc=0&sid=1135049000694313682&loc=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&ref=&gol=&pgn=<m=1518236039620&new=1&arf=0&tzo=480&res=819x583&dpr=1&col=24&jav=0&bln=en-US&cks=jdgujdo7cgkcl4wu&ckp=jdgujdoaubik664o&glb=&chs=UTF-8&wsz=779x456&fls=0&flv=&cst=3p25cfa33pcjwrcs5t57z1tkw 908 516 0 43 459 459 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 https://scdn.cxense.com/sp1.html - - - - - - CTU.339.1.Malicious 90 1518236042.7922716 1518236043.0292523 237 192.168.1.119 - 49339 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/dfb8e26cece0bc9b48746878a1da78dee32fc104.png 445 8367 0 7944 373 409 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 97 1518236043.2805743 1518236043.299479 19 192.168.1.119 - 49341 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/baf46901cd94c248197d5511d704897014775bce.png 445 15621 0 15197 373 410 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 98 1518236043.826477 1518236043.8636758 37 192.168.1.119 - 49348 178.63.12.208 443 https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22jdgujdoaubik664o%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%223p25cfa33pcjwrcs5t57z1tkw%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%223p25cfa33pcjwrcs5t57z1tkw%22%7D%5D%2C%22siteId%22%3A%221135049000694313682%22%2C%22location%22%3A%22https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb%22%7D&callback=cXJsonpCBjdgujftxwg2zenjt 1027 735 0 130 493 591 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=UTF-8 GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 97 1518236043.944099 1518236043.96335 19 192.168.1.119 - 49341 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/d3930bf47ebcffc69f8266ddacbe3fcd7c9445dc.png 445 7760 0 7337 373 409 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 90 1518236044.1558907 1518236044.174162 18 192.168.1.119 - 49339 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/65b8077d6e7d4748c2bdbb3c16f9926b48198aa0.png 445 6845 0 6422 373 409 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 99 1518236044.3066988 1518236044.325234 19 192.168.1.119 - 49340 104.103.108.143 443 https://sd-images.operacdn.com/api/v1/images/a3412c068bd0a369534907ebcca4ee118095826f.png 445 8533 0 8110 373 409 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 85 1518236046.4690921 1518236047.0820649 613 192.168.1.119 - 49326 52.222.172.233 443 https://www.amazon.com/ 309 468525 0 467488 295 1023 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 100 1518236048.8396387 1518236048.9418554 102 192.168.1.119 - 49350 5.57.16.220 80 http://www.booking.com/ 306 225 0 0 292 196 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 301 - - - - - https://www.booking.com/ - CTU.339.1.Malicious 101 1518236048.9318748 1518236049.366783 435 192.168.1.119 - 49354 23.38.84.66 80 http://www.walmart.com/ 306 808 0 54 292 725 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 301 - - - - - https://www.walmart.com/ - CTU.339.1.Malicious 102 1518236049.4606903 1518236049.7860575 325 192.168.1.119 - 49357 23.38.84.66 443 https://www.walmart.com/ 284 283490 0 280924 270 2554 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 103 1518236049.1151793 1518236050.0563402 941 192.168.1.119 - 49355 198.11.132.250 80 http://aliexpress.com/ 305 708 0 278 291 401 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 301 - - - - - https://www.aliexpress.com/ - CTU.339.1.Malicious 104 1518236050.2016652 1518236050.22625 25 192.168.1.119 - 49352 23.4.250.142 443 https://ak1.ostkcdn.com/css/os-master.7.0.4.min.css 322 147412 0 146746 281 654 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 - - - - - - - CTU.339.1.Malicious 104 1518236050.1995175 1518236050.2150784 16 192.168.1.119 - 49352 23.4.250.142 443 https://ak1.ostkcdn.com/css/os-master-resp.7.0.1.min.css 327 15829 0 15165 281 652 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 - - - - - - - CTU.339.1.Malicious 104 1518236050.2065842 1518236050.2480643 41 192.168.1.119 - 49352 23.4.250.142 443 https://ak1.ostkcdn.com/js/VisitorAPI.js 311 44113 0 43406 281 695 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 - - - - - - - CTU.339.1.Malicious 105 1518236048.8399105 1518236050.2693996 1429 192.168.1.119 - 49351 104.127.53.230 80 http://www.ebay.com/ 303 825 0 0 289 796 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 301 - - - - - https://www.ebay.com/ - CTU.339.1.Malicious 106 1518236050.3992732 1518236050.517911 119 192.168.1.119 - 49358 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1837 2125 1471 1734 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 107 1518236049.6374283 1518236050.601762 964 192.168.1.119 - 49353 104.127.55.134 443 https://www.tripadvisor.com/ 288 362174 0 358477 274 3685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 108 1518236049.564445 1518236051.1476057 1583 192.168.1.119 - 49356 5.57.16.220 443 https://www.booking.com/ 310 443116 0 442294 296 808 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 104 1518236050.188136 1518236051.3696263 1181 192.168.1.119 - 49352 23.4.250.142 443 https://www.overstock.com/ 286 423485 0 420523 272 2950 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 109 1518236051.163905 1518236051.4211104 257 192.168.1.119 - 49363 151.101.38.2 80 http://download1.operacdn.com/res/servicefiles/browserjsfiles/json/desktop/browserjs-OPRDesktop-2830.0-20180109_developer.js 366 19715 0 19179 258 522 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 110 1518236051.237463 1518236051.5011468 264 192.168.1.119 - 49364 185.26.182.72 80 http://get.geo.opera.com/res/servicefiles/ca-revocation-lists/desktop/20151126-6.json 327 784 0 501 253 269 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 111 1518236051.232973 1518236051.5028043 270 192.168.1.119 - 49365 151.101.36.249 80 http://get.geo.opera.com.global.prod.fastly.net/res/servicefiles/prefs_override/desktop/prefs_override-20180112-1-stable.json 367 984 0 472 276 498 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 111 1518236051.8924427 1518236051.916699 24 192.168.1.119 - 49365 151.101.36.249 80 http://get.geo.opera.com.global.prod.fastly.net/res/servicefiles/sitepreference/siteprefs-desktop-1513940506-stable.json 362 7067 0 6555 276 498 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 112 1518236052.3854918 1518236052.4312453 46 192.168.1.119 - 49368 87.250.251.119 443 https://mc.yandex.ru/watch/43507159?wmode=7&page-url=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&charset=utf-8&browser-info=ti%3A10%3As%3A819x583x24%3Ask%3A1%3Afpr%3A101035043601%3Acn%3A1%3Aw%3A779x456%3Az%3A-480%3Ai%3A20180209201410%3Aet%3A1518236051%3Aen%3Autf-8%3Av%3A964%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1356572549429%3Arqn%3A1%3Arn%3A762523607%3Ahid%3A602501275%3Ads%3A621%2C745%2C49%2C14108%2C20896%2C0%2C0%2C11057%2C318%2C37625%2C37625%2C0%2C32208%3Afp%3A45908%3Awn%3A64566%3Ahl%3A1%3Awv%3A2%3Arqnl%3A1%3Ast%3A1518236052%3Au%3A1518236050840223099%3At%3AWelcome%20to%20Opera 1251 1758 0 0 567 1741 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - POST 302 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - https://mc.yandex.ru/watch/43507159/1?wmode=7&page-url=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&charset=utf-8&browser-info=ti%3A10%3As%3A819x583x24%3Ask%3A1%3Afpr%3A101035043601%3Acn%3A1%3Aw%3A779x456%3Az%3A-480%3Ai%3A20180209201410%3Aet%3A1518236051%3Aen%3Autf-8%3Av%3A964%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1356572549429%3Arqn%3A1%3Arn%3A762523607%3Ahid%3A602501275%3Ads%3A621%2C745%2C49%2C14108%2C20896%2C0%2C0%2C11057%2C318%2C37625%2C37625%2C0%2C32208%3Afp%3A45908%3Awn%3A64566%3Ahl%3A1%3Awv%3A2%3Arqnl%3A1%3Ast%3A1518236052%3Au%3A1518236050840223099%3At%3AWelcome%20to%20Opera - CTU.339.1.Malicious 112 1518236052.4500687 1518236052.4917035 42 192.168.1.119 - 49368 87.250.251.119 443 https://mc.yandex.ru/watch/43507159/1?wmode=7&page-url=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&charset=utf-8&browser-info=ti%3A10%3As%3A819x583x24%3Ask%3A1%3Afpr%3A101035043601%3Acn%3A1%3Aw%3A779x456%3Az%3A-480%3Ai%3A20180209201410%3Aet%3A1518236051%3Aen%3Autf-8%3Av%3A964%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A1356572549429%3Arqn%3A1%3Arn%3A762523607%3Ahid%3A602501275%3Ads%3A621%2C745%2C49%2C14108%2C20896%2C0%2C0%2C11057%2C318%2C37625%2C37625%2C0%2C32208%3Afp%3A45908%3Awn%3A64566%3Ahl%3A1%3Awv%3A2%3Arqnl%3A1%3Ast%3A1518236052%3Au%3A1518236050840223099%3At%3AWelcome%20to%20Opera 1428 803 0 145 743 644 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 113 1518236052.361492 1518236053.0320501 671 192.168.1.119 - 49359 104.127.53.230 443 https://www.ebay.com/ 281 139996 0 138824 267 1160 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html;charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 114 1518236052.5062032 1518236053.2162824 710 192.168.1.119 - 49369 87.250.251.119 443 https://mc.yandex.ru/metrika/advert.gif 512 423 0 43 480 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 115 1518236053.2797687 1518236053.6963725 417 192.168.1.119 - 49367 23.38.91.94 443 https://www.aliexpress.com/ 287 40499 0 38308 273 2179 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 113 1518236055.518002 1518236055.5293646 11 192.168.1.119 - 49359 104.127.53.230 443 https://www.ebay.com/favicon.ico 292 1459 0 1150 267 297 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 116 1518236055.4667711 1518236055.679691 213 192.168.1.119 - 49372 23.38.80.103 443 https://ae01.alicdn.com/images/eng/wholesale/icon/aliexpress.ico 324 4777 0 4286 270 479 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 102 1518236058.7180984 1518236058.7286348 11 192.168.1.119 - 49357 23.38.84.66 443 https://www.walmart.com/favicon.ico 295 1745 0 1150 270 583 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/vnd.microsoft.icon GET 200 - - - - - - - CTU.339.1.Malicious 117 1518236059.3368022 1518236059.3707771 34 192.168.1.119 - 49373 68.232.35.198 443 https://static.tacdn.com/favicon.ico 296 6874 0 6518 271 344 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 118 1518236060.1602824 1518236060.1857271 25 192.168.1.119 - 49374 192.229.133.51 443 https://s-ec.bstatic.com/static/img/b25logo/favicon/ebc77706da3aae4aee7b05dadf182390f0d26d11.ico 356 2081 0 1582 271 487 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 104 1518236063.203971 1518236063.2135477 10 192.168.1.119 - 49352 23.4.250.142 443 https://ak1.ostkcdn.com/images/mxc/overstock-favicon.ico 316 690 0 368 270 310 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 - - - - - - - CTU.339.1.Malicious 119 1518236067.1838462 1518236067.220185 36 192.168.1.119 - 49375 87.250.251.119 443 https://mc.yandex.ru/watch/43507159?page-url=https%3A%2F%2Fwww.opera.com%2Fclient%2Fwelcome%3Futm_campaign%3D%7B%7Bchannel%7D%7D_%7B%7Bhostbrowser%7D%7D%26utm_source%3Dlavasoft%26utm_medium%3Dpb&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3As%3A819x583x24%3Ask%3A1%3Aadb%3A2%3Afpr%3A101035043601%3Acn%3A1%3Aw%3A779x456%3Az%3A-480%3Ai%3A20180209201427%3Aet%3A1518236067%3Aen%3Autf-8%3Av%3A964%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A1416%3Als%3A1356572549429%3Arqn%3A2%3Arn%3A754632053%3Ahid%3A602501275%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Arqnl%3A1%3Ast%3A1518236067%3Au%3A1518236050840223099 1414 637 0 43 795 580 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif POST 200 https://www.opera.com/client/welcome?utm_campaign={{channel}}_{{hostbrowser}}&utm_source=lavasoft&utm_medium=pb - - - - - - CTU.339.1.Malicious 120 1518236355.3100164 1518236355.5583332 248 192.168.1.119 - 49380 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:859601218&cup2hreq=34c2f2b380f519be3803d71ec8a520e310e17c09e5187d3524aca7a37389d9c3 1091 3413 664 2282 303 1119 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 121 1518236359.048373 1518236359.0811362 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 321 878 0 0 170 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=851411674C4BFC68FA2A83E4E9164E1874917135.55A323490E92B7BAB1F3D55B05D165D445AD7DA3&key=cms1 - CTU.339.1.Malicious 122 1518236359.2632263 1518236359.279086 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=851411674C4BFC68FA2A83E4E9164E1874917135.55A323490E92B7BAB1F3D55B05D165D445AD7DA3&key=cms1 635 615 0 0 179 601 'Microsoft BITS/7.5' application/x-chrome-extension HEAD 200 - - - - - - - CTU.339.1.Malicious 121 1518236359.3541598 1518236359.3853767 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 409 1608 0 730 259 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1475C1CBCBAFE5A56617E4E96FA95973437BE8BB.0B908056072A65A55AF6367FFF6E16D7AA5CAE8A&key=cms1 - CTU.339.1.Malicious 122 1518236359.5848694 1518236359.6215882 37 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1475C1CBCBAFE5A56617E4E96FA95973437BE8BB.0B908056072A65A55AF6367FFF6E16D7AA5CAE8A&key=cms1 723 3322 0 2652 268 643 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236362.7700667 1518236362.802381 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 412 1608 0 730 262 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0FA71389E56570A118EE2146E2364978F263E808.6399EC98F72EF0CE205068181C0C9ACF98FC990E&key=cms1 - CTU.339.1.Malicious 122 1518236363.005449 1518236363.0219836 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0FA71389E56570A118EE2146E2364978F263E808.6399EC98F72EF0CE205068181C0C9ACF98FC990E&key=cms1 726 3325 0 2652 271 646 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236364.986076 1518236365.017659 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 413 1608 0 730 263 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0F525DA3B8F779CAF0096FA1871E50128A420574.3C98A223AAAEDC9E456250F70215FDB713FF93C6&key=cms1 - CTU.339.1.Malicious 122 1518236365.2215369 1518236365.2381094 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0F525DA3B8F779CAF0096FA1871E50128A420574.3C98A223AAAEDC9E456250F70215FDB713FF93C6&key=cms1 727 5981 0 5307 272 647 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236367.1781263 1518236367.2109826 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 414 1608 0 730 264 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=07F895609D4245C1EF0C919588F1523567B12D29.03A9ACDFB4F0EE64085ED3C15452188C768E4C0F&key=cms1 - CTU.339.1.Malicious 122 1518236367.4141636 1518236367.4321651 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=07F895609D4245C1EF0C919588F1523567B12D29.03A9ACDFB4F0EE64085ED3C15452188C768E4C0F&key=cms1 728 5763 0 5088 273 648 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236368.2710297 1518236368.3020816 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 414 1564 0 706 264 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=431F047CBDA475A2CC76C002E1DD28B1041A822D.68429286F495E7803FC43A5A4622112E338E1E19&key=cms1 - CTU.339.1.Malicious 122 1518236368.5078871 1518236368.5239453 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=431F047CBDA475A2CC76C002E1DD28B1041A822D.68429286F495E7803FC43A5A4622112E338E1E19&key=cms1 708 9981 0 9306 273 648 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236370.3257377 1518236370.3568747 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 414 1564 0 706 264 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1CD5905B8AB488CBE5DDBE2247662D00A2E16B00.1EC7102EAB12C320F0AF87A5DD8D44180ED5FFA9&key=cms1 - CTU.339.1.Malicious 122 1518236370.5610566 1518236370.5781898 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1CD5905B8AB488CBE5DDBE2247662D00A2E16B00.1EC7102EAB12C320F0AF87A5DD8D44180ED5FFA9&key=cms1 708 19952 0 19276 273 649 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236373.3431993 1518236373.375018 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 414 1608 0 730 264 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=676EF7A339DD74D3F153442D88A841FCDA9E24A0.520BBFD4536B7514437B32C57624662D3D1DFD38&key=cms1 - CTU.339.1.Malicious 122 1518236373.5785232 1518236373.5969067 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=676EF7A339DD74D3F153442D88A841FCDA9E24A0.520BBFD4536B7514437B32C57624662D3D1DFD38&key=cms1 728 17110 0 16434 273 649 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236376.0865939 1518236376.121103 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 414 1608 0 730 264 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=547474907693C7C3D82CA29E820B2DC81C9366C5.199CC0F467548A1B8CC8645BCFC90A9778AA5DCE&key=cms1 - CTU.339.1.Malicious 122 1518236376.3256075 1518236376.3440099 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=547474907693C7C3D82CA29E820B2DC81C9366C5.199CC0F467548A1B8CC8645BCFC90A9778AA5DCE&key=cms1 728 15339 0 14663 273 649 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236378.306872 1518236378.3385394 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 414 1608 0 730 264 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B9A34F6C762DFFF34518DEC5F4087D33F834145.08BBDC559090581358D174C0C4A865BD8923B665&key=cms1 - CTU.339.1.Malicious 122 1518236378.5415752 1518236378.5581675 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B9A34F6C762DFFF34518DEC5F4087D33F834145.08BBDC559090581358D174C0C4A865BD8923B665&key=cms1 728 21907 0 21231 273 649 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236381.846789 1518236381.8791654 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 415 1564 0 706 265 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8285E205301EAB1B135244B199E1DD60133ED70F.22651ED26FA2A1CAEDBE33C88B1F685EE7219A7A&key=cms1 - CTU.339.1.Malicious 122 1518236382.0829666 1518236382.100262 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8285E205301EAB1B135244B199E1DD60133ED70F.22651ED26FA2A1CAEDBE33C88B1F685EE7219A7A&key=cms1 709 17746 0 17069 274 650 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236384.5703857 1518236384.603309 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=261EDE9B81E6C5B8FDC9C507CEEE022E48722050.47AE86ECC10F93B6F2866DAAEEDBBCB41CA2CCFE&key=cms1 - CTU.339.1.Malicious 122 1518236384.806616 1518236384.8234448 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=261EDE9B81E6C5B8FDC9C507CEEE022E48722050.47AE86ECC10F93B6F2866DAAEEDBBCB41CA2CCFE&key=cms1 730 16116 0 15438 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236386.7520876 1518236386.785399 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3644704B30801996351B3EF967A61BE618D45AEC.451EFE2781D9DC9F65A682B7DB85CAAC4628FAD0&key=cms1 - CTU.339.1.Malicious 122 1518236386.988579 1518236387.0050912 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3644704B30801996351B3EF967A61BE618D45AEC.451EFE2781D9DC9F65A682B7DB85CAAC4628FAD0&key=cms1 730 26365 0 25687 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236390.430551 1518236390.4617991 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=25C9A8E1C772D0C58590F23930491B72BCCDBF3B.3007A52685CA140C5AA198342EC9499DA30FBB2A&key=cms1 - CTU.339.1.Malicious 122 1518236390.6628811 1518236390.6789842 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=25C9A8E1C772D0C58590F23930491B72BCCDBF3B.3007A52685CA140C5AA198342EC9499DA30FBB2A&key=cms1 730 21212 0 20534 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236393.343139 1518236393.3751206 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=323BDBC987ED1392DFE7467E0F4A10991B9B2CC2.5FA53DE9B1ED69598959E6BB1FCA1CA5D6824F36&key=cms1 - CTU.339.1.Malicious 122 1518236393.5789416 1518236393.5962217 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=323BDBC987ED1392DFE7467E0F4A10991B9B2CC2.5FA53DE9B1ED69598959E6BB1FCA1CA5D6824F36&key=cms1 730 18750 0 18072 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236396.256982 1518236396.2889457 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B714E122446DF041DBF4845A4E5AAEA8535BECA.4BE8D31B3887E13CA72396A2B2BB8AF7B919A656&key=cms1 - CTU.339.1.Malicious 122 1518236396.4921448 1518236396.5085037 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B714E122446DF041DBF4845A4E5AAEA8535BECA.4BE8D31B3887E13CA72396A2B2BB8AF7B919A656&key=cms1 710 16273 0 15595 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236399.264529 1518236399.2958453 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=817F3195BA619B9E468104CF4945BDD9CBBA221C.25E83DCB0EF0292F9C96EFDE88D7D91C75749D0C&key=cms1 - CTU.339.1.Malicious 122 1518236399.4987261 1518236399.514753 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=817F3195BA619B9E468104CF4945BDD9CBBA221C.25E83DCB0EF0292F9C96EFDE88D7D91C75749D0C&key=cms1 730 13854 0 13176 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236401.4707665 1518236401.4973998 27 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=479B54EC377ECCDCB9207AA0EA1A3B856C4A357D.4E23A4C3D891E8FDBC87D5CA1FC5D2DA5797D6B6&key=cms1 - CTU.339.1.Malicious 122 1518236401.6942692 1518236401.7116287 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=479B54EC377ECCDCB9207AA0EA1A3B856C4A357D.4E23A4C3D891E8FDBC87D5CA1FC5D2DA5797D6B6&key=cms1 730 18237 0 17559 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236404.3833203 1518236404.4108284 28 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=06DCCC43F120581A5DF4C1C5FB1923865D07DA4E.818DE28A4A6C70CEA83CDEC93BF5A3D6EA92B33E&key=cms1 - CTU.339.1.Malicious 122 1518236404.614142 1518236404.6302404 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=06DCCC43F120581A5DF4C1C5FB1923865D07DA4E.818DE28A4A6C70CEA83CDEC93BF5A3D6EA92B33E&key=cms1 710 15701 0 15023 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236406.5594401 1518236406.5914733 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3D57168BA41199F01E190476EF5B8A5F38063D11.3A183140EA399FE0433F921AAD446ED9777E2F86&key=cms1 - CTU.339.1.Malicious 122 1518236406.795419 1518236406.8125083 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3D57168BA41199F01E190476EF5B8A5F38063D11.3A183140EA399FE0433F921AAD446ED9777E2F86&key=cms1 730 24679 0 24001 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236410.2831354 1518236410.3146038 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250810&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1BFD3118A00249DBBE8392BC4F77F8EA6359C8B7.34CDB2846B92FE3ABE53F8860FCC59EC80F5A78D&key=cms1 - CTU.339.1.Malicious 122 1518236410.5180693 1518236410.5350075 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250810&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1BFD3118A00249DBBE8392BC4F77F8EA6359C8B7.34CDB2846B92FE3ABE53F8860FCC59EC80F5A78D&key=cms1 730 19843 0 19165 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236413.2117407 1518236413.2436419 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250813&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7599026CF0A1B4041265E34B6682AF750C1ECB31.48938EE316611951B5A9065B4034EFD64CD0E6E5&key=cms1 - CTU.339.1.Malicious 122 1518236413.4468439 1518236413.4635496 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250813&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7599026CF0A1B4041265E34B6682AF750C1ECB31.48938EE316611951B5A9065B4034EFD64CD0E6E5&key=cms1 730 17307 0 16629 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236415.8951368 1518236415.927135 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250815&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82EFA32CC20EB9A089233EC24F2F730220BDAEA0.45E4AB8183796811869A8887CC73F0DACE6CB4DF&key=cms1 - CTU.339.1.Malicious 122 1518236416.1306152 1518236416.1464329 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250815&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82EFA32CC20EB9A089233EC24F2F730220BDAEA0.45E4AB8183796811869A8887CC73F0DACE6CB4DF&key=cms1 730 15833 0 15155 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236418.9115767 1518236418.9445362 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250818&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7A2D81F9689C26651D2E5268C7A480459C2D853B.4DCC93199F6B852E0C865B67FB94A7BC4F69B90E&key=cms1 - CTU.339.1.Malicious 122 1518236419.1483998 1518236419.1670485 19 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250818&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7A2D81F9689C26651D2E5268C7A480459C2D853B.4DCC93199F6B852E0C865B67FB94A7BC4F69B90E&key=cms1 730 13445 0 12767 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236421.121054 1518236421.1520162 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250821&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=349E1FD744263E4D15D544102EE019CA3450F9C1.0BA8CDDD66E5B5F29198B58B8BE1962DBBA14B36&key=cms1 - CTU.339.1.Malicious 122 1518236421.3551204 1518236421.37112 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250821&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=349E1FD744263E4D15D544102EE019CA3450F9C1.0BA8CDDD66E5B5F29198B58B8BE1962DBBA14B36&key=cms1 710 18184 0 17506 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236423.8625703 1518236423.8968203 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250823&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=14B14EC43EF20E5B86699E17CC6FECF9B176EE84.2CCEC5EBD377A4018089EE98CE1548C357CD21A0&key=cms1 - CTU.339.1.Malicious 122 1518236424.1004887 1518236424.1175494 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250823&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=14B14EC43EF20E5B86699E17CC6FECF9B176EE84.2CCEC5EBD377A4018089EE98CE1548C357CD21A0&key=cms1 730 16465 0 15787 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236426.8793201 1518236426.9112725 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250826&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=46AF63C5646B0D71EDC2DF363094D0FEA59B03C1.0CB23B196663D22899D6AFE59E86456711F1D886&key=cms1 - CTU.339.1.Malicious 122 1518236427.11434 1518236427.130663 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250826&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=46AF63C5646B0D71EDC2DF363094D0FEA59B03C1.0CB23B196663D22899D6AFE59E86456711F1D886&key=cms1 710 14009 0 13331 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236429.0667865 1518236429.0984833 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250829&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5CBEEE01B1BC42130DDA861F72F1692FF7DE364B.18CF10E1C59180591C229C655A17BD8CA94FF5D2&key=cms1 - CTU.339.1.Malicious 122 1518236429.3020835 1518236429.317807 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250829&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5CBEEE01B1BC42130DDA861F72F1692FF7DE364B.18CF10E1C59180591C229C655A17BD8CA94FF5D2&key=cms1 730 22391 0 21713 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236432.7994409 1518236432.8313084 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250832&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=62F1CF3DD9FF98954ED04973F99607820FD2B7B4.260FFC2263CB572C6669DE9E2E88EDE892CDB479&key=cms1 - CTU.339.1.Malicious 122 1518236433.0382802 1518236433.0545998 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250832&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=62F1CF3DD9FF98954ED04973F99607820FD2B7B4.260FFC2263CB572C6669DE9E2E88EDE892CDB479&key=cms1 730 17920 0 17242 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236436.0866134 1518236436.119627 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250836&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=72E73A8920FB4694FFCDE4181B0275CFDB38B7E3.42D82444DE22D5E19682C37F57E434F0708AE0D2&key=cms1 - CTU.339.1.Malicious 122 1518236436.3227 1518236436.3389344 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250836&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=72E73A8920FB4694FFCDE4181B0275CFDB38B7E3.42D82444DE22D5E19682C37F57E434F0708AE0D2&key=cms1 730 15652 0 14974 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236438.279937 1518236438.312093 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250838&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6AE1AD64F84B716A6414669D2894FFC520A1CF21.79F83827B8D31B1FFA41E985E887C5A14A181310&key=cms1 - CTU.339.1.Malicious 122 1518236438.516152 1518236438.531996 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250838&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6AE1AD64F84B716A6414669D2894FFC520A1CF21.79F83827B8D31B1FFA41E985E887C5A14A181310&key=cms1 730 24400 0 23722 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236441.985296 1518236442.015517 30 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250841&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21B49A616B946B40DD40CD3F39F5C4405698221C.44E86F8A883E34892787CB1319762DF3D47CDB58&key=cms1 - CTU.339.1.Malicious 122 1518236442.2143931 1518236442.2310297 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250841&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21B49A616B946B40DD40CD3F39F5C4405698221C.44E86F8A883E34892787CB1319762DF3D47CDB58&key=cms1 710 19696 0 19018 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236444.8980043 1518236444.9304037 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250844&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=76395D417B5B036960EE572367F2219755C35593.848A17098023B6710250BE981C210C4883A8290D&key=cms1 - CTU.339.1.Malicious 122 1518236445.1341543 1518236445.1504326 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250844&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=76395D417B5B036960EE572367F2219755C35593.848A17098023B6710250BE981C210C4883A8290D&key=cms1 730 17205 0 16527 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236447.871074 1518236447.9021392 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250847&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07341E0E927BB9B39A5120845FF97F2DBFA2FEA4.3C7F413BB8EF6C1341A956AC3F4987D9A6EFD36B&key=cms1 - CTU.339.1.Malicious 122 1518236448.102078 1518236448.1181936 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250847&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07341E0E927BB9B39A5120845FF97F2DBFA2FEA4.3C7F413BB8EF6C1341A956AC3F4987D9A6EFD36B&key=cms1 710 14634 0 13956 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236450.5917692 1518236450.6243424 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250850&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6E50675E2094268CFA442F8DFD052762DEA66982.7771C3DF42418EE8DCE22CB0AD9412D293147AE5&key=cms1 - CTU.339.1.Malicious 122 1518236450.8275046 1518236450.8435125 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250850&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6E50675E2094268CFA442F8DFD052762DEA66982.7771C3DF42418EE8DCE22CB0AD9412D293147AE5&key=cms1 730 14408 0 13730 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236452.7627866 1518236452.7943337 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250852&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7D87F8425B20A76BB9E3D9DDD7F50098E1486AB6.160C0771CB814572025D4B443CFBEC5378B72727&key=cms1 - CTU.339.1.Malicious 122 1518236452.9973137 1518236453.0142283 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250852&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7D87F8425B20A76BB9E3D9DDD7F50098E1486AB6.160C0771CB814572025D4B443CFBEC5378B72727&key=cms1 730 22424 0 21746 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236455.937038 1518236455.9699416 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250855&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=596040C05976711570D206D622F069DBBCD504C6.703A0FFCBF71F988E167BA5889E2989B3BF332B4&key=cms1 - CTU.339.1.Malicious 122 1518236456.173392 1518236456.1901212 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250855&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=596040C05976711570D206D622F069DBBCD504C6.703A0FFCBF71F988E167BA5889E2989B3BF332B4&key=cms1 730 19082 0 18404 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236458.8489764 1518236458.8814938 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1604 0 728 266 859 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250858&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=FBB079A5B8230D7F4D19EAFDFAE1F5EC0B89A5.72C5AEB0E560A1060B3148EC193FDBF0B5BF1002&key=cms1 - CTU.339.1.Malicious 122 1518236459.0873232 1518236459.1036563 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250858&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=FBB079A5B8230D7F4D19EAFDFAE1F5EC0B89A5.72C5AEB0E560A1060B3148EC193FDBF0B5BF1002&key=cms1 728 16612 0 15934 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236461.0554736 1518236461.0885656 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250861&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=44475AB6BD32EF6A425012421600016CFAD86C57.264947715819CA664D3ABF15476D198486028953&key=cms1 - CTU.339.1.Malicious 122 1518236461.2963789 1518236461.3129735 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250861&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=44475AB6BD32EF6A425012421600016CFAD86C57.264947715819CA664D3ABF15476D198486028953&key=cms1 730 26007 0 25329 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236464.7388875 1518236464.771365 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250864&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=840F3F3997403D47410623D4F3866F88ACAE8ACA.414CBC9531E40A3BF407A42AC3EEADA7F07054A3&key=cms1 - CTU.339.1.Malicious 122 1518236464.9751344 1518236464.9919474 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250864&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=840F3F3997403D47410623D4F3866F88ACAE8ACA.414CBC9531E40A3BF407A42AC3EEADA7F07054A3&key=cms1 710 20918 0 20240 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236467.6491551 1518236467.6833384 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250867&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6B129354B5B274845C29CF29482C2267CB988346.459B66C4951B74994684D0C9144D8ADCFF14906D&key=cms1 - CTU.339.1.Malicious 122 1518236467.8869581 1518236467.9053168 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250867&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6B129354B5B274845C29CF29482C2267CB988346.459B66C4951B74994684D0C9144D8ADCFF14906D&key=cms1 710 18487 0 17809 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236470.591084 1518236470.6224542 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250870&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6B53712C0267307853F86F0B148C1DF10F29CF1C.7990C77552F07DD3D96C9D864756FA29E78A0E93&key=cms1 - CTU.339.1.Malicious 122 1518236470.8255713 1518236470.8415885 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250870&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6B53712C0267307853F86F0B148C1DF10F29CF1C.7990C77552F07DD3D96C9D864756FA29E78A0E93&key=cms1 730 15898 0 15220 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236473.600165 1518236473.6336873 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250873&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1E4B7141B44F3D2225840DB723B81E940E0D2612.7C4C9A914010DC618D0152F5FE750199AB59C83E&key=cms1 - CTU.339.1.Malicious 122 1518236473.8373744 1518236473.8541248 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250873&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1E4B7141B44F3D2225840DB723B81E940E0D2612.7C4C9A914010DC618D0152F5FE750199AB59C83E&key=cms1 730 13512 0 12834 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236475.8114638 1518236475.8442397 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250875&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=25114EEB89A866D7B2A4CA20AE1711F1B346A81E.4DDCE2C61855458F3BFE97FE4C4ECF750A2BA5C7&key=cms1 - CTU.339.1.Malicious 122 1518236476.0478117 1518236476.0639374 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250875&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=25114EEB89A866D7B2A4CA20AE1711F1B346A81E.4DDCE2C61855458F3BFE97FE4C4ECF750A2BA5C7&key=cms1 730 17767 0 17089 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236478.2736726 1518236478.3065107 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250878&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C3CEDC81D05F9226876DC24963395AE607AD78B.09945E5D0A83B4382A977D007C3ADA46A412EBB0&key=cms1 - CTU.339.1.Malicious 122 1518236478.509941 1518236478.52571 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250878&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C3CEDC81D05F9226876DC24963395AE607AD78B.09945E5D0A83B4382A977D007C3ADA46A412EBB0&key=cms1 710 16960 0 16282 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236481.0268128 1518236481.0582108 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250881&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6B33E1041AA5619B6A4BE019FE56391F98E377A7.70C0B462CA0F164559A0F9F71FDDE0C1355680CF&key=cms1 - CTU.339.1.Malicious 122 1518236481.26797 1518236481.2842028 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250881&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6B33E1041AA5619B6A4BE019FE56391F98E377A7.70C0B462CA0F164559A0F9F71FDDE0C1355680CF&key=cms1 730 16781 0 16103 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236484.0026236 1518236484.034754 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250884&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=62966C7125241E817E4721B7D9E2161D0956AF90.13C611113FD7BCD26CC162C116123FD2068A48D0&key=cms1 - CTU.339.1.Malicious 122 1518236484.2320957 1518236484.2483237 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250884&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=62966C7125241E817E4721B7D9E2161D0956AF90.13C611113FD7BCD26CC162C116123FD2068A48D0&key=cms1 730 14468 0 13790 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236486.1770577 1518236486.2091205 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250886&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0E05608FD09E7E896F74097AD6380E38D9C62493.46D63A1D3DD812C63660C2B241F47514B211574B&key=cms1 - CTU.339.1.Malicious 122 1518236486.4121313 1518236486.428144 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250886&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0E05608FD09E7E896F74097AD6380E38D9C62493.46D63A1D3DD812C63660C2B241F47514B211574B&key=cms1 730 21887 0 21209 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236489.69033 1518236489.7216368 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250889&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=723FECE3B07FC5BD72907025DAF75C8CDCD175DE.0CDC0AEA303230C216EEFDE2578F0BE4A331713A&key=cms1 - CTU.339.1.Malicious 122 1518236489.9248211 1518236489.9404378 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250889&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=723FECE3B07FC5BD72907025DAF75C8CDCD175DE.0CDC0AEA303230C216EEFDE2578F0BE4A331713A&key=cms1 730 17680 0 17002 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236492.4387994 1518236492.4702957 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250892&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=836A45AF892FF3E03B9ADD4B527C2C9FD40DD201.6C7A575EDCAF679672F8C98540DA3537FFE4C6E0&key=cms1 - CTU.339.1.Malicious 122 1518236492.6725507 1518236492.6893885 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250892&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=836A45AF892FF3E03B9ADD4B527C2C9FD40DD201.6C7A575EDCAF679672F8C98540DA3537FFE4C6E0&key=cms1 730 15881 0 15203 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236495.4570737 1518236495.4882562 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250895&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69145C532794DF11D7C48FC975D50F75000FAF34.432FC3063880FA95A02E9B8CA5E47351EEE77C93&key=cms1 - CTU.339.1.Malicious 122 1518236495.6916823 1518236495.7086377 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250895&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69145C532794DF11D7C48FC975D50F75000FAF34.432FC3063880FA95A02E9B8CA5E47351EEE77C93&key=cms1 710 13352 0 12674 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236497.6631825 1518236497.6948829 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250897&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11516847D58608FE24AB5F2EFFD567CA75BF66C4.42CD77233FC88F1DCF34B493F41920B3A32D11C9&key=cms1 - CTU.339.1.Malicious 122 1518236497.8989015 1518236497.916198 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250897&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11516847D58608FE24AB5F2EFFD567CA75BF66C4.42CD77233FC88F1DCF34B493F41920B3A32D11C9&key=cms1 730 17492 0 16814 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236500.6717072 1518236500.7035716 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250900&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1DE96E2DB80A55A8E1497E89BE3FF5E9545C743C.2235CBE61DC1B228720E49C5F939DCBB43EF0457&key=cms1 - CTU.339.1.Malicious 122 1518236500.9073157 1518236500.923251 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250900&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1DE96E2DB80A55A8E1497E89BE3FF5E9545C743C.2235CBE61DC1B228720E49C5F939DCBB43EF0457&key=cms1 730 14812 0 14134 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236502.8838992 1518236502.9152567 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250902&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=34E013D48E96CCF6D2437D22D13157DDA5FAFFB2.2967892E1690DA076C5D966F6B54445BED79E7FD&key=cms1 - CTU.339.1.Malicious 122 1518236503.1195529 1518236503.1359272 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250902&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=34E013D48E96CCF6D2437D22D13157DDA5FAFFB2.2967892E1690DA076C5D966F6B54445BED79E7FD&key=cms1 730 20907 0 20229 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236505.792898 1518236505.8233845 30 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250905&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=17FDF81D6465398B01071F6C8611109977F818DB.844F44C9F41B0125D36950E98730472D19406F79&key=cms1 - CTU.339.1.Malicious 122 1518236506.0263524 1518236506.0419204 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250905&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=17FDF81D6465398B01071F6C8611109977F818DB.844F44C9F41B0125D36950E98730472D19406F79&key=cms1 730 18429 0 17751 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236508.7647073 1518236508.7972736 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250908&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=207D6F99CD2AD49A66754E29DBDA1BA85F196609.4038CF24D05C4A6CC4107D2509F09FB11C047D27&key=cms1 - CTU.339.1.Malicious 122 1518236509.001145 1518236509.0176697 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250908&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=207D6F99CD2AD49A66754E29DBDA1BA85F196609.4038CF24D05C4A6CC4107D2509F09FB11C047D27&key=cms1 730 15861 0 15183 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236510.9051144 1518236510.939684 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250910&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=30F0BFBF6F5166B2FCC1F58491FCE9BF61CE9AAD.3678831854E1ED66224FE6DCD8FA1696BD71B9DC&key=cms1 - CTU.339.1.Malicious 122 1518236511.1429248 1518236511.1591225 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250910&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=30F0BFBF6F5166B2FCC1F58491FCE9BF61CE9AAD.3678831854E1ED66224FE6DCD8FA1696BD71B9DC&key=cms1 730 25860 0 25182 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236514.3590388 1518236514.3908637 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1564 0 706 266 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250914&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=08A1437F93EC2BB93A5606A9AB3E7E22AD1015C7.273453DE99773D3B1B27E950829463983E6914DC&key=cms1 - CTU.339.1.Malicious 122 1518236514.5935063 1518236514.6095955 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250914&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=08A1437F93EC2BB93A5606A9AB3E7E22AD1015C7.273453DE99773D3B1B27E950829463983E6914DC&key=cms1 710 21236 0 20558 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236517.8783162 1518236517.9100096 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250917&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7A30B0ED60533DB7FB2A8313E04F73FB92CE4A51.6DC94D67D0B03C0ADADE708B54B1BB2D34C158F4&key=cms1 - CTU.339.1.Malicious 122 1518236518.1128907 1518236518.1298723 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250917&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7A30B0ED60533DB7FB2A8313E04F73FB92CE4A51.6DC94D67D0B03C0ADADE708B54B1BB2D34C158F4&key=cms1 730 17225 0 16547 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236520.2989452 1518236520.3310819 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250920&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=17DAE67F3C85E0FF5365D19F61C9BF7D945AB448.697361FEA321AFD4248111E87F6170176E0CDB8A&key=cms1 - CTU.339.1.Malicious 122 1518236520.5338235 1518236520.550233 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250920&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=17DAE67F3C85E0FF5365D19F61C9BF7D945AB448.697361FEA321AFD4248111E87F6170176E0CDB8A&key=cms1 730 18606 0 17928 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236523.331023 1518236523.3636382 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 416 1608 0 730 266 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250923&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=157D4764971E4BF7F9272351A1EF53082C80FA3A.15BB917919D530FCD0BC05FF159D89F6C9A9E6D3&key=cms1 - CTU.339.1.Malicious 122 1518236523.5679061 1518236523.583979 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250923&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=157D4764971E4BF7F9272351A1EF53082C80FA3A.15BB917919D530FCD0BC05FF159D89F6C9A9E6D3&key=cms1 730 15751 0 15073 275 651 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236525.5083406 1518236525.5394304 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 417 1564 0 706 267 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250925&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=80751E2A35D5C88B89CFAA87B4C4C2E496F194CF.14C26AC03C72972EE0E270E3A127778CC27C285F&key=cms1 - CTU.339.1.Malicious 122 1518236525.7421546 1518236525.7579608 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250925&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=80751E2A35D5C88B89CFAA87B4C4C2E496F194CF.14C26AC03C72972EE0E270E3A127778CC27C285F&key=cms1 711 25768 0 25089 276 652 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236529.215331 1518236529.2498982 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250929&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7EF23A4F1D45E5B428795E8A2A03997B5AF43E0F.1B4C01BBDF3534DB4DB9E86536CEB5F3B26A7E9D&key=cms1 - CTU.339.1.Malicious 122 1518236529.453059 1518236529.468972 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250929&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7EF23A4F1D45E5B428795E8A2A03997B5AF43E0F.1B4C01BBDF3534DB4DB9E86536CEB5F3B26A7E9D&key=cms1 732 20586 0 19906 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236532.1520896 1518236532.1836162 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250932&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=34A8CD1784CE612602FD1C46F8F6E443808102DB.3D7B74F7E35F6F2A94712E1FA25A561785F2AADC&key=cms1 - CTU.339.1.Malicious 122 1518236532.3867145 1518236532.4027693 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250932&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=34A8CD1784CE612602FD1C46F8F6E443808102DB.3D7B74F7E35F6F2A94712E1FA25A561785F2AADC&key=cms1 712 18037 0 17357 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236534.8718104 1518236534.9031188 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250934&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5C4EA6880012753C52567EDA28D7962026641630.45B77786F54805FDF283F0AA751DFDCE08246742&key=cms1 - CTU.339.1.Malicious 122 1518236535.1069396 1518236535.1239429 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250934&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5C4EA6880012753C52567EDA28D7962026641630.45B77786F54805FDF283F0AA751DFDCE08246742&key=cms1 732 15836 0 15156 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236536.0467002 1518236536.079647 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250936&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7532B9EB427508649EB257D76CA4C3C6765C7B92.14F0DA707D6935299058D82AAD7647EDB527609E&key=cms1 - CTU.339.1.Malicious 122 1518236536.2862642 1518236536.3020935 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250936&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7532B9EB427508649EB257D76CA4C3C6765C7B92.14F0DA707D6935299058D82AAD7647EDB527609E&key=cms1 732 15053 0 14373 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236539.081553 1518236539.1127677 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250939&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A0E1AB60E0BE5EC53BB86974DEE5775C12D77B4.62F605206DF7FBE849FEC3BBEC25433C8EEDCE56&key=cms1 - CTU.339.1.Malicious 122 1518236539.3125634 1518236539.330081 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250939&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A0E1AB60E0BE5EC53BB86974DEE5775C12D77B4.62F605206DF7FBE849FEC3BBEC25433C8EEDCE56&key=cms1 712 12595 0 11915 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236541.276813 1518236541.3082001 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250941&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59F03F6CB8F600C3079B613C510BBEAB0C75237D.037A01C83D5DEB20FED390E77974B17D3FB8F6BC&key=cms1 - CTU.339.1.Malicious 122 1518236541.5117087 1518236541.5282335 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250941&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59F03F6CB8F600C3079B613C510BBEAB0C75237D.037A01C83D5DEB20FED390E77974B17D3FB8F6BC&key=cms1 732 15866 0 15186 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236543.457165 1518236543.4891422 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250943&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4275A12BE299BBBFBF7910788C3BF98514057F48.17ACDD43446BC306F1E1CD284B56442EE0246DC0&key=cms1 - CTU.339.1.Malicious 122 1518236543.6933331 1518236543.7095783 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250943&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4275A12BE299BBBFBF7910788C3BF98514057F48.17ACDD43446BC306F1E1CD284B56442EE0246DC0&key=cms1 732 25690 0 25010 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236547.1368062 1518236547.1682386 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250947&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3A5B731A983DF20A6202913D2B2198A719AC1959.42D32EFB8E6528998F82901E333F5C76751E2D5D&key=cms1 - CTU.339.1.Malicious 122 1518236547.3709652 1518236547.3868945 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250947&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3A5B731A983DF20A6202913D2B2198A719AC1959.42D32EFB8E6528998F82901E333F5C76751E2D5D&key=cms1 732 20655 0 19975 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236550.0798275 1518236550.1107204 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250950&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7F859F992E5E0FB645D06F44E4ABF16B0C9F7BB8.1D0BEB2DC54A6453D22A219CE9FB73C7A4F7FA14&key=cms1 - CTU.339.1.Malicious 122 1518236550.3109386 1518236550.32708 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250950&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7F859F992E5E0FB645D06F44E4ABF16B0C9F7BB8.1D0BEB2DC54A6453D22A219CE9FB73C7A4F7FA14&key=cms1 732 18074 0 17394 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236552.7904718 1518236552.824158 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1604 0 728 268 859 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250952&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=828F1BBD99EE037E1BEE9C17B31F8D27F8AC136C.72FF2D2D1947E3B4F9D54ABD860D88730E6A15&key=cms1 - CTU.339.1.Malicious 122 1518236553.0272572 1518236553.043303 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250952&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=828F1BBD99EE037E1BEE9C17B31F8D27F8AC136C.72FF2D2D1947E3B4F9D54ABD860D88730E6A15&key=cms1 730 16500 0 15820 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236554.9763665 1518236555.0079172 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250954&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=25CF2653D86A40994B6277E48C8E25253632A081.28FD3A9E22CF17866A38FDCDB53108B992807F46&key=cms1 - CTU.339.1.Malicious 122 1518236555.2132883 1518236555.23007 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250954&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=25CF2653D86A40994B6277E48C8E25253632A081.28FD3A9E22CF17866A38FDCDB53108B992807F46&key=cms1 732 27149 0 26469 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236558.7198093 1518236558.7532852 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250958&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6080BFDDC8E0F951D091487B60CBCB62172EDD11.62A5F574C5A5D9AA3DA9091A1610C815238B18CD&key=cms1 - CTU.339.1.Malicious 122 1518236558.9564993 1518236558.97227 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250958&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6080BFDDC8E0F951D091487B60CBCB62172EDD11.62A5F574C5A5D9AA3DA9091A1610C815238B18CD&key=cms1 732 21835 0 21155 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236561.127503 1518236561.159318 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250961&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7EF16C3E0403565EB0021B333AE051CC1BB5FC3A.61D773E472E202BE5C7C1D2B62F97562DBCE7CE8&key=cms1 - CTU.339.1.Malicious 122 1518236561.3694034 1518236561.3847291 15 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250961&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7EF16C3E0403565EB0021B333AE051CC1BB5FC3A.61D773E472E202BE5C7C1D2B62F97562DBCE7CE8&key=cms1 732 26378 0 25698 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236564.8706858 1518236564.9018345 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250964&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0CE3EC92963C8A41A6E5C81B91F24C5D787D8BBF.3E65223794F141C83249F362D34CE209DCBD6FE9&key=cms1 - CTU.339.1.Malicious 122 1518236565.10463 1518236565.1218433 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250964&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0CE3EC92963C8A41A6E5C81B91F24C5D787D8BBF.3E65223794F141C83249F362D34CE209DCBD6FE9&key=cms1 732 21041 0 20361 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236567.8035889 1518236567.8355079 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250967&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6BDAA2E91017608BB843F50646C063E91E56B670.3D46E31ED70E5965AD357BFC418D216F17FC239A&key=cms1 - CTU.339.1.Malicious 122 1518236568.0393023 1518236568.056257 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250967&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6BDAA2E91017608BB843F50646C063E91E56B670.3D46E31ED70E5965AD357BFC418D216F17FC239A&key=cms1 732 18495 0 17815 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236570.7533607 1518236570.7847834 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250970&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0CEDA37BD396E64A97ACA9ADCBAC673710E0A59D.58107B4462D83C31B0111F7602E0F4CB6F728C87&key=cms1 - CTU.339.1.Malicious 122 1518236570.9873545 1518236571.0051205 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250970&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0CEDA37BD396E64A97ACA9ADCBAC673710E0A59D.58107B4462D83C31B0111F7602E0F4CB6F728C87&key=cms1 732 15825 0 15145 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236572.927441 1518236572.9587986 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250972&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3585D412BD1CB27E9DF68E96F77C2815BC17449E.3FDAD9F61BABE31C8F4938AA4D70AECB05EE1607&key=cms1 - CTU.339.1.Malicious 122 1518236573.1628866 1518236573.1796298 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250972&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3585D412BD1CB27E9DF68E96F77C2815BC17449E.3FDAD9F61BABE31C8F4938AA4D70AECB05EE1607&key=cms1 732 25247 0 24567 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236575.8364995 1518236575.8693025 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250975&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=13BC798F5CB982F1812E1032FA638C8C75A67401.06AB9EF42915003EFEDC7EEA43D627F8E3035FBB&key=cms1 - CTU.339.1.Malicious 122 1518236576.0727832 1518236576.089737 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250975&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=13BC798F5CB982F1812E1032FA638C8C75A67401.06AB9EF42915003EFEDC7EEA43D627F8E3035FBB&key=cms1 732 22889 0 22209 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236579.5201337 1518236579.552479 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250979&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=43BC510C9EC5AE00305668DC7575C7BD95AF81DD.7EB6F252A0200B7C157860CB71AC7EED58379FB7&key=cms1 - CTU.339.1.Malicious 122 1518236579.7560189 1518236579.7743685 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250979&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=43BC510C9EC5AE00305668DC7575C7BD95AF81DD.7EB6F252A0200B7C157860CB71AC7EED58379FB7&key=cms1 712 18348 0 17668 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236582.4436371 1518236582.4752607 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250982&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7DD0612D3E9599DCAD65101A35C9BE16FE35C61B.5154B689CF3A44231AB5243E67313922C845AF29&key=cms1 - CTU.339.1.Malicious 122 1518236582.6780567 1518236582.6938946 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250982&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7DD0612D3E9599DCAD65101A35C9BE16FE35C61B.5154B689CF3A44231AB5243E67313922C845AF29&key=cms1 712 15817 0 15137 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236584.6398156 1518236584.6702566 30 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250984&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=46CF330D8D3B8632614CE7035DF54A6FAA1F0200.506464C65F0801FC7AF87E6E0D997D2F91481873&key=cms1 - CTU.339.1.Malicious 122 1518236584.8710313 1518236584.887881 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250984&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=46CF330D8D3B8632614CE7035DF54A6FAA1F0200.506464C65F0801FC7AF87E6E0D997D2F91481873&key=cms1 732 24338 0 23658 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236587.5205321 1518236587.5539193 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250987&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0E209C9FD2888A8AE757C6CA96F1AA7C467A160D.4A0F9FAA5185086EFB97986F3A263611E9E89A7C&key=cms1 - CTU.339.1.Malicious 122 1518236587.7577507 1518236587.7739475 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250987&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0E209C9FD2888A8AE757C6CA96F1AA7C467A160D.4A0F9FAA5185086EFB97986F3A263611E9E89A7C&key=cms1 732 22116 0 21436 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236591.1678166 1518236591.1995738 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250991&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6A96B00F08CD7DA48BA24F29B29F433F14E02CF6.7155F8235E21209169E5E539F8CF0DFFA45BA7CC&key=cms1 - CTU.339.1.Malicious 122 1518236591.4075599 1518236591.4242587 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250991&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6A96B00F08CD7DA48BA24F29B29F433F14E02CF6.7155F8235E21209169E5E539F8CF0DFFA45BA7CC&key=cms1 732 17856 0 17176 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236593.882791 1518236593.915547 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250993&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=69EBD809A378CECD2AE0FC5EE857EDEC7E87073F.0307AEEFB42F324839834A8C5698BB7CB180D9EE&key=cms1 - CTU.339.1.Malicious 122 1518236594.119361 1518236594.1316385 12 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250993&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=69EBD809A378CECD2AE0FC5EE857EDEC7E87073F.0307AEEFB42F324839834A8C5698BB7CB180D9EE&key=cms1 732 16288 0 15608 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236596.0644171 1518236596.0957837 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1604 0 728 268 859 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250996&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=858C818632F31ECDC5F1DFC99016B77F912E41.62767A465046E4B65E4D6F9040668C210A27CC36&key=cms1 - CTU.339.1.Malicious 122 1518236596.2995417 1518236596.3161151 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250996&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=858C818632F31ECDC5F1DFC99016B77F912E41.62767A465046E4B65E4D6F9040668C210A27CC36&key=cms1 730 26337 0 25657 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236599.4468424 1518236599.478734 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250999&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1598B7875B532DCFF7D3D0DAD8A3D325861BB198.5659A2B6AB95FBD84E3551189D9034A62611FE33&key=cms1 - CTU.339.1.Malicious 122 1518236599.6823967 1518236599.6984975 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518250999&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1598B7875B532DCFF7D3D0DAD8A3D325861BB198.5659A2B6AB95FBD84E3551189D9034A62611FE33&key=cms1 712 21606 0 20926 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 123 1518236602.1045544 1518236602.3600173 255 192.168.1.119 - 49383 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 121 1518236602.9671614 1518236602.9995446 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251002&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=43DAF9DA10DB8F112E832255E58E3B5BC00F3221.477E07D48C10C034D54B9D658A33686139CF6334&key=cms1 - CTU.339.1.Malicious 122 1518236603.2046669 1518236603.2206469 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251002&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=43DAF9DA10DB8F112E832255E58E3B5BC00F3221.477E07D48C10C034D54B9D658A33686139CF6334&key=cms1 732 17624 0 16944 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236605.6866016 1518236605.7200294 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251005&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=616AC00BBE27D62E024E5B18A4034366AC776647.09AB4B78E4F0315BA02E6B7874D44D6CFF8B2A33&key=cms1 - CTU.339.1.Malicious 122 1518236605.9246678 1518236605.9407113 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251005&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=616AC00BBE27D62E024E5B18A4034366AC776647.09AB4B78E4F0315BA02E6B7874D44D6CFF8B2A33&key=cms1 732 16009 0 15329 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236608.705432 1518236608.7375932 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251008&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=739396204030CAB1A253D19B957C1484A729AE24.09954753247A3AA578DF6AE8C7A29E71F7D5F7AE&key=cms1 - CTU.339.1.Malicious 122 1518236608.940479 1518236608.9601324 20 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251008&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=739396204030CAB1A253D19B957C1484A729AE24.09954753247A3AA578DF6AE8C7A29E71F7D5F7AE&key=cms1 732 13477 0 12797 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236610.8752282 1518236610.9078681 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251010&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2FAFB0E81F90C4AD21FCA5B184E1A01F38F0E3CF.3A4C98D586D88331C8F8A81A731BD957CE3D379A&key=cms1 - CTU.339.1.Malicious 122 1518236611.111836 1518236611.1278145 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251010&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2FAFB0E81F90C4AD21FCA5B184E1A01F38F0E3CF.3A4C98D586D88331C8F8A81A731BD957CE3D379A&key=cms1 732 19738 0 19058 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236613.8016791 1518236613.8389342 37 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251013&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=398F2097E9A34397AFBA6717870AC768A86B1416.414980665A4858280A34FBE025A441627F278E22&key=cms1 - CTU.339.1.Malicious 122 1518236614.0421329 1518236614.0597017 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251013&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=398F2097E9A34397AFBA6717870AC768A86B1416.414980665A4858280A34FBE025A441627F278E22&key=cms1 712 17218 0 16538 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236616.5349593 1518236616.5671802 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251016&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=48FE37557006726AB4005E397EE1B83443DB6286.312AE034170D0A4D573A25172A704E951AB63CC9&key=cms1 - CTU.339.1.Malicious 122 1518236616.7708743 1518236616.7874584 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251016&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=48FE37557006726AB4005E397EE1B83443DB6286.312AE034170D0A4D573A25172A704E951AB63CC9&key=cms1 732 15483 0 14803 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236618.7561615 1518236618.7897625 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251018&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=04EE1A9D4D2B0975523669B51AB15ED8369F3192.490F095C146B39F9D5F7D57A9B0AC10FB939A791&key=cms1 - CTU.339.1.Malicious 122 1518236618.993556 1518236619.0099833 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251018&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=04EE1A9D4D2B0975523669B51AB15ED8369F3192.490F095C146B39F9D5F7D57A9B0AC10FB939A791&key=cms1 732 22042 0 21362 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236622.4954927 1518236622.5260587 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251022&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=52CF97831D7A6989152B33B4686F7C59BE9A7E54.472BF0FDF7624006591318CF9971F1FB4E98E36F&key=cms1 - CTU.339.1.Malicious 122 1518236622.7295935 1518236622.7460797 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251022&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=52CF97831D7A6989152B33B4686F7C59BE9A7E54.472BF0FDF7624006591318CF9971F1FB4E98E36F&key=cms1 732 17751 0 17071 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236625.7828593 1518236625.814093 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251025&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=56E814AEBA212A92871AF66C27126C1E03218147.3FDA63ED70F3BC94674B0AB10A6DC69B1324A897&key=cms1 - CTU.339.1.Malicious 122 1518236626.017347 1518236626.033833 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251025&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=56E814AEBA212A92871AF66C27126C1E03218147.3FDA63ED70F3BC94674B0AB10A6DC69B1324A897&key=cms1 712 15503 0 14823 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236628.7358499 1518236628.7684412 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251028&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0D2694D46B6164EFBBAA6C45839723AC2C262C12.35299E59988AC7A7D0A0CA0C1DC916E15989FB03&key=cms1 - CTU.339.1.Malicious 122 1518236628.971439 1518236628.9876688 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251028&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0D2694D46B6164EFBBAA6C45839723AC2C262C12.35299E59988AC7A7D0A0CA0C1DC916E15989FB03&key=cms1 732 13348 0 12668 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236630.7767153 1518236630.808501 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251030&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=33492E8B33D11F0A637B90F43A5232ECA9D3AA17.69AA2AC6A848EEE5BCD47F2AD630DA1955A85070&key=cms1 - CTU.339.1.Malicious 122 1518236631.0117958 1518236631.0279136 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251030&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=33492E8B33D11F0A637B90F43A5232ECA9D3AA17.69AA2AC6A848EEE5BCD47F2AD630DA1955A85070&key=cms1 732 26680 0 26000 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236634.1986308 1518236634.2323222 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251034&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=56243B0DE4AF1E24B18B549994D17E49FBF8B804.57DF313EAFD8EC1D555B0D14332E898F39BEC5EF&key=cms1 - CTU.339.1.Malicious 122 1518236634.4381971 1518236634.4539187 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251034&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=56243B0DE4AF1E24B18B549994D17E49FBF8B804.57DF313EAFD8EC1D555B0D14332E898F39BEC5EF&key=cms1 732 22051 0 21371 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236637.8544497 1518236637.889655 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251037&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=58859321FBEE6494E918F221B85CFDD212C1BA60.133041E0B94DF6F907311731DD59E3DA941E4649&key=cms1 - CTU.339.1.Malicious 122 1518236638.092806 1518236638.1103604 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251037&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=58859321FBEE6494E918F221B85CFDD212C1BA60.133041E0B94DF6F907311731DD59E3DA941E4649&key=cms1 732 17704 0 17024 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236640.5987215 1518236640.6307085 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251040&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4DB7FA4839AB6C750ABC8148253F41E6424FB768.1EF62BDB3C5D327E496990A83FE75DEF82A0C59A&key=cms1 - CTU.339.1.Malicious 122 1518236640.8347707 1518236640.851421 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251040&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4DB7FA4839AB6C750ABC8148253F41E6424FB768.1EF62BDB3C5D327E496990A83FE75DEF82A0C59A&key=cms1 712 15953 0 15273 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236642.7873673 1518236642.8191082 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251042&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=034F6235EA557575A24BBBFCA2FFA32B4D545D0B.4D4BBE267836FE9AE15EC253944F89BB59E0CBBB&key=cms1 - CTU.339.1.Malicious 122 1518236643.020893 1518236643.0382237 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251042&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=034F6235EA557575A24BBBFCA2FFA32B4D545D0B.4D4BBE267836FE9AE15EC253944F89BB59E0CBBB&key=cms1 732 25320 0 24640 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236646.4636261 1518236646.4955432 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251046&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=608159D15B8DB2297CC52E3B2A5C7D3A17A60E54.5CB190F92780582150E227FFCAAEEC9FD98619B1&key=cms1 - CTU.339.1.Malicious 122 1518236646.6989503 1518236646.7147663 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251046&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=608159D15B8DB2297CC52E3B2A5C7D3A17A60E54.5CB190F92780582150E227FFCAAEEC9FD98619B1&key=cms1 732 20355 0 19675 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236649.3761988 1518236649.4077628 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251049&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=62285FCC91D87847153A5954B74FB5F8F74B5D3C.33670F467846E86C45E995D7698E838C63AF12DA&key=cms1 - CTU.339.1.Malicious 122 1518236649.611508 1518236649.6273792 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251049&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236034&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=62285FCC91D87847153A5954B74FB5F8F74B5D3C.33670F467846E86C45E995D7698E838C63AF12DA&key=cms1 732 17900 0 17220 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236652.0863914 1518236652.119001 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251052&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7F2F9F3F1176B185580D22EA558CC1F77B2F56F1.42D5DB99B76D787F70E4EC20923F96F991441D82&key=cms1 - CTU.339.1.Malicious 122 1518236652.3221626 1518236652.3385553 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251052&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7F2F9F3F1176B185580D22EA558CC1F77B2F56F1.42D5DB99B76D787F70E4EC20923F96F991441D82&key=cms1 732 16331 0 15651 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236655.1032887 1518236655.1351006 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251055&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6C63BE0AC4C743727134BC8E18BADCA07159FC5D.5C4A8F6E230B3AC646B0CB31091DD1B8F9E59D62&key=cms1 - CTU.339.1.Malicious 122 1518236655.3384445 1518236655.354751 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251055&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6C63BE0AC4C743727134BC8E18BADCA07159FC5D.5C4A8F6E230B3AC646B0CB31091DD1B8F9E59D62&key=cms1 732 13887 0 13207 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236657.8228579 1518236657.8538246 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251057&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4B71FB999747077EF7C9350DA4F5855FF44D82E4.4167BDCAC84AFBE1F44FB51049A6503F8A61FF7F&key=cms1 - CTU.339.1.Malicious 122 1518236658.0575578 1518236658.0737906 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251057&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4B71FB999747077EF7C9350DA4F5855FF44D82E4.4167BDCAC84AFBE1F44FB51049A6503F8A61FF7F&key=cms1 712 13669 0 12989 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236660.8009243 1518236660.8327394 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251060&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=47B6DE637C2D54FDC365A0FB9804FA4E977A0E68.48120C7D7C9F8CFD3925012359D166C6EBEEAE15&key=cms1 - CTU.339.1.Malicious 122 1518236661.0361645 1518236661.0514328 15 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251060&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=47B6DE637C2D54FDC365A0FB9804FA4E977A0E68.48120C7D7C9F8CFD3925012359D166C6EBEEAE15&key=cms1 732 11653 0 10973 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236662.975359 1518236663.0064325 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251062&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0640CFB055F4F9A529E8AFEDBAD9AD33CBCDE1CD.1F42DCC74B9EDAB8FDBE722C8C2408C56D7273BC&key=cms1 - CTU.339.1.Malicious 122 1518236663.20952 1518236663.2255135 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251062&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0640CFB055F4F9A529E8AFEDBAD9AD33CBCDE1CD.1F42DCC74B9EDAB8FDBE722C8C2408C56D7273BC&key=cms1 712 14339 0 13659 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236665.9169803 1518236665.948492 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251065&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2D188EB4F17449064032384C76DFE55C5ED27D59.2549BDAC65467CDC903209453CAB8342B2210A64&key=cms1 - CTU.339.1.Malicious 122 1518236666.1527345 1518236666.1693516 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251065&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2D188EB4F17449064032384C76DFE55C5ED27D59.2549BDAC65467CDC903209453CAB8342B2210A64&key=cms1 732 12110 0 11430 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236668.1273327 1518236668.1598508 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251068&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=01E8DEE580C8B28CFAB087547E6E733127782869.2CD4B720275AB186836BCD21A13DBE94600A8523&key=cms1 - CTU.339.1.Malicious 122 1518236668.3611012 1518236668.3803108 19 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251068&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=01E8DEE580C8B28CFAB087547E6E733127782869.2CD4B720275AB186836BCD21A13DBE94600A8523&key=cms1 732 14256 0 13576 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236671.1370037 1518236671.1700606 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251071&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59B6C888040365CE4274D472C1904079294A58C5.5A43BAB083081C62217893BB8B84634C6C565294&key=cms1 - CTU.339.1.Malicious 122 1518236671.3760295 1518236671.3922396 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251071&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59B6C888040365CE4274D472C1904079294A58C5.5A43BAB083081C62217893BB8B84634C6C565294&key=cms1 732 11920 0 11240 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236673.3436203 1518236673.376222 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251073&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3FF96AA0FC8B02EFA0B728983BEC275F678D820B.3B104FBFFB8869DB426E6A1C3E048F9C438E4075&key=cms1 - CTU.339.1.Malicious 122 1518236673.5710344 1518236673.587232 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251073&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3FF96AA0FC8B02EFA0B728983BEC275F678D820B.3B104FBFFB8869DB426E6A1C3E048F9C438E4075&key=cms1 732 14028 0 13348 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236675.5196455 1518236675.5516315 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251075&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7C5E68B22DCAB745915D78B977D9C4F6F0422C7C.0590BCA0580F6542166A7A078119FCD4A8C52140&key=cms1 - CTU.339.1.Malicious 122 1518236675.7548811 1518236675.7715352 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251075&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7C5E68B22DCAB745915D78B977D9C4F6F0422C7C.0590BCA0580F6542166A7A078119FCD4A8C52140&key=cms1 712 20536 0 19856 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236678.4628787 1518236678.4945743 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251078&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3CF9B0B23304141207C6ABEE6B82F962FEBF277D.59E4F06A010E5D78C34CB1058401D7B535A7367A&key=cms1 - CTU.339.1.Malicious 122 1518236678.698411 1518236678.714523 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251078&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3CF9B0B23304141207C6ABEE6B82F962FEBF277D.59E4F06A010E5D78C34CB1058401D7B535A7367A&key=cms1 732 17846 0 17166 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236681.1747894 1518236681.2050939 30 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251081&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=57BF96A75D4DAD9E852E8FDF3DA250583309EC92.0DD28E17211C2A076D45CD28F75B5747F8FFB336&key=cms1 - CTU.339.1.Malicious 122 1518236681.4060583 1518236681.4224153 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251081&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=57BF96A75D4DAD9E852E8FDF3DA250583309EC92.0DD28E17211C2A076D45CD28F75B5747F8FFB336&key=cms1 732 16209 0 15529 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236684.1597013 1518236684.192169 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251084&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=697AB5C63CB8D39B29ACADC42B1786A53C5A697D.09BCEE16A4F8CDC36BCA06024EFD5C9472BF300D&key=cms1 - CTU.339.1.Malicious 122 1518236684.3916047 1518236684.408131 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251084&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=697AB5C63CB8D39B29ACADC42B1786A53C5A697D.09BCEE16A4F8CDC36BCA06024EFD5C9472BF300D&key=cms1 732 13704 0 13024 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236686.3370261 1518236686.3683176 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251086&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=39AE10832C2B001CE7AE1F2AA7D4ADF0D75335FB.1F5AFD0ADEA9B7C7B17CE2DFAA922590016F5EEF&key=cms1 - CTU.339.1.Malicious 122 1518236686.571464 1518236686.5878053 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251086&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=39AE10832C2B001CE7AE1F2AA7D4ADF0D75335FB.1F5AFD0ADEA9B7C7B17CE2DFAA922590016F5EEF&key=cms1 732 19709 0 19029 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236689.2792912 1518236689.3130867 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251089&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72914389C6E0FC9B00156BB1B1095DFF72548655.067197E282AF85271CDC7AEE16E08A04C0646C42&key=cms1 - CTU.339.1.Malicious 122 1518236689.517308 1518236689.5339177 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251089&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72914389C6E0FC9B00156BB1B1095DFF72548655.067197E282AF85271CDC7AEE16E08A04C0646C42&key=cms1 712 16965 0 16285 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236691.9590385 1518236691.9930518 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251091&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=21700B345FE40AC567ABF3464EF7174612A20BA8.3CC89004EDE433C6B0D32698D5227069403D6CA4&key=cms1 - CTU.339.1.Malicious 122 1518236692.195987 1518236692.212148 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251091&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=21700B345FE40AC567ABF3464EF7174612A20BA8.3CC89004EDE433C6B0D32698D5227069403D6CA4&key=cms1 732 15446 0 14766 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236694.421636 1518236694.45396 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251094&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=15977B8E1FC2D95276F6A7479CF9AF3E1413FCE4.52FFA820436ECC5E07101040A9925264559EEBB2&key=cms1 - CTU.339.1.Malicious 122 1518236694.657345 1518236694.676049 19 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251094&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=15977B8E1FC2D95276F6A7479CF9AF3E1413FCE4.52FFA820436ECC5E07101040A9925264559EEBB2&key=cms1 712 14576 0 13896 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236696.6073666 1518236696.6404607 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251096&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=547047F7464628B1C166F75678DB1428D3B403A6.6F3F9F490C55BD4B4C3F3633604C0D533717A3D1&key=cms1 - CTU.339.1.Malicious 122 1518236696.8439562 1518236696.8606956 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251096&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=547047F7464628B1C166F75678DB1428D3B403A6.6F3F9F490C55BD4B4C3F3633604C0D533717A3D1&key=cms1 732 21795 0 21115 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236700.0862021 1518236700.1216238 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251100&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=077D7FAEAF9F30E0BAE1BB10E6FA86D19240CF68.3AF916FDAF56F32255920CBFB2241E022C3F1ADE&key=cms1 - CTU.339.1.Malicious 122 1518236700.3250425 1518236700.3660953 41 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251100&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=077D7FAEAF9F30E0BAE1BB10E6FA86D19240CF68.3AF916FDAF56F32255920CBFB2241E022C3F1ADE&key=cms1 732 17659 0 16979 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236703.3506093 1518236703.3815908 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251103&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=05EC6D640344CDE7EB83D5B8B7D1C55FF8DCDBA2.40A6BF3BE6F0CB89FB529C1B4E44B718FAADFB36&key=cms1 - CTU.339.1.Malicious 122 1518236703.5852923 1518236703.602863 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251103&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=05EC6D640344CDE7EB83D5B8B7D1C55FF8DCDBA2.40A6BF3BE6F0CB89FB529C1B4E44B718FAADFB36&key=cms1 732 15500 0 14820 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236705.5411966 1518236705.572155 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251105&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=225E42B1D36F5900CFE140B6DD6E7302E1F0E928.15AED7A653A4670B609A642E7BB1BB1C03EB556C&key=cms1 - CTU.339.1.Malicious 122 1518236705.7756796 1518236705.7942648 19 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251105&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=225E42B1D36F5900CFE140B6DD6E7302E1F0E928.15AED7A653A4670B609A642E7BB1BB1C03EB556C&key=cms1 732 23940 0 23260 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236709.2801552 1518236709.3123872 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251109&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=742A4263BD5BF7F9190989FB13D81685D129493E.06F946140A0DDFD4AF42164DD4A51EE48B5F3FF8&key=cms1 - CTU.339.1.Malicious 122 1518236709.5155892 1518236709.5317757 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251109&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=742A4263BD5BF7F9190989FB13D81685D129493E.06F946140A0DDFD4AF42164DD4A51EE48B5F3FF8&key=cms1 712 19263 0 18583 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236712.2230442 1518236712.2570357 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251112&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47DEB317F20E323796EF46B7527C902E675FBFBF.53DCD3282A4AA0EB2D02B391098287F69F275B84&key=cms1 - CTU.339.1.Malicious 122 1518236712.4641266 1518236712.480262 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251112&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236591&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47DEB317F20E323796EF46B7527C902E675FBFBF.53DCD3282A4AA0EB2D02B391098287F69F275B84&key=cms1 712 16666 0 15986 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236714.4303563 1518236714.461913 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251114&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7B5970356C00F0F25DEDB2676994784899EF3BB0.21F0D1DD40BF0E123829A37AD1593E4771CFDE85&key=cms1 - CTU.339.1.Malicious 122 1518236714.6652346 1518236714.6819162 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251114&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7B5970356C00F0F25DEDB2676994784899EF3BB0.21F0D1DD40BF0E123829A37AD1593E4771CFDE85&key=cms1 732 26256 0 25576 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236718.1485004 1518236718.180912 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251118&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=54EC4BBE952D25257DCA330F7BE1D0C263B441BD.0F9320C5E7CAECC97AF489B8CB8B110FAE7C4C86&key=cms1 - CTU.339.1.Malicious 122 1518236718.3859584 1518236718.4017544 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251118&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=54EC4BBE952D25257DCA330F7BE1D0C263B441BD.0F9320C5E7CAECC97AF489B8CB8B110FAE7C4C86&key=cms1 732 21057 0 20377 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236721.0560277 1518236721.0895283 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251121&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3B9027354781291B88C56175E728C690FCA400A1.33213AE6440AC10A07F834E33ECBC31880ED0B3B&key=cms1 - CTU.339.1.Malicious 122 1518236721.2925088 1518236721.3084474 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251121&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3B9027354781291B88C56175E728C690FCA400A1.33213AE6440AC10A07F834E33ECBC31880ED0B3B&key=cms1 732 19795 0 19115 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236724.0661685 1518236724.0974658 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251124&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82E4C8080F19F4F5E1590C4BE4DAA5BC9058E3A8.2CA9FE79A031810BC31A75444221561B1CC83933&key=cms1 - CTU.339.1.Malicious 122 1518236724.3011951 1518236724.3184376 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251124&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82E4C8080F19F4F5E1590C4BE4DAA5BC9058E3A8.2CA9FE79A031810BC31A75444221561B1CC83933&key=cms1 732 17073 0 16393 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236726.8069165 1518236726.8399553 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251126&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=424D4CEF8417D59A2A1F5C4F2F1CCCD053A7995F.4198367C3C8C285C61B7D8B017D44371E939E55F&key=cms1 - CTU.339.1.Malicious 122 1518236727.042896 1518236727.0599537 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251126&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=424D4CEF8417D59A2A1F5C4F2F1CCCD053A7995F.4198367C3C8C285C61B7D8B017D44371E939E55F&key=cms1 732 15257 0 14577 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236728.9977396 1518236729.0285788 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251129&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52EDC7B8F3F871FDC59064E5B6228C4573F5B861.7E4C381BAC4AE1DD2A22ACF25A7EA7DD81E2F32C&key=cms1 - CTU.339.1.Malicious 122 1518236729.2314792 1518236729.247317 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251129&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52EDC7B8F3F871FDC59064E5B6228C4573F5B861.7E4C381BAC4AE1DD2A22ACF25A7EA7DD81E2F32C&key=cms1 712 23347 0 22667 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236731.9320621 1518236731.9633236 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251131&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=24FFA684B499A06CB6687E00E512BC6CF8540422.3837D078A30CDC3F1B40D1471F0C5D7C3254F9A4&key=cms1 - CTU.339.1.Malicious 122 1518236732.166928 1518236732.1825686 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251131&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=24FFA684B499A06CB6687E00E512BC6CF8540422.3837D078A30CDC3F1B40D1471F0C5D7C3254F9A4&key=cms1 732 20814 0 20134 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236734.8797486 1518236734.9128547 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251134&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3862946956F8C254723A698901FC27AB31F1C5FC.1A7B871EA282E4D5040E62A471DDD6B41980EA59&key=cms1 - CTU.339.1.Malicious 122 1518236735.1161852 1518236735.1320865 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251134&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3862946956F8C254723A698901FC27AB31F1C5FC.1A7B871EA282E4D5040E62A471DDD6B41980EA59&key=cms1 712 18205 0 17525 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236737.8551965 1518236737.8861628 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251137&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2418055986A77ED56544C77C458A2DA57AB3A879.04F40459BDB37F05F44B2A5799BE026F27B058C5&key=cms1 - CTU.339.1.Malicious 122 1518236738.0898423 1518236738.1073852 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251137&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2418055986A77ED56544C77C458A2DA57AB3A879.04F40459BDB37F05F44B2A5799BE026F27B058C5&key=cms1 732 15921 0 15241 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236740.0422783 1518236740.0739667 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251140&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=18B6563A3C1AE6D4681EDE119C930CFC7394EC95.1879CDF56160D967280FAF0F5FD6AD573E4C5C21&key=cms1 - CTU.339.1.Malicious 122 1518236740.2780871 1518236740.2949057 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251140&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=18B6563A3C1AE6D4681EDE119C930CFC7394EC95.1879CDF56160D967280FAF0F5FD6AD573E4C5C21&key=cms1 732 25277 0 24597 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236742.9738107 1518236743.0040147 30 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251142&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7E6D811273670DAA29E2CE132E5C7F8E819C0A5B.3DF8961307611215CD3A9E1C957B6CFC4C1E6E3C&key=cms1 - CTU.339.1.Malicious 122 1518236743.20712 1518236743.2228816 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251142&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7E6D811273670DAA29E2CE132E5C7F8E819C0A5B.3DF8961307611215CD3A9E1C957B6CFC4C1E6E3C&key=cms1 712 22784 0 22104 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236745.37573 1518236745.4080203 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251145&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=66750153599B9A7943F92D8E38A44651C2D52A3A.43225DF5C4E8C5484064376C7E37B8CFEB0119C0&key=cms1 - CTU.339.1.Malicious 122 1518236745.6107357 1518236745.6276145 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251145&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=66750153599B9A7943F92D8E38A44651C2D52A3A.43225DF5C4E8C5484064376C7E37B8CFEB0119C0&key=cms1 732 21406 0 20726 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236747.744117 1518236747.7789373 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251147&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2DD32853254260FB223653E075F6BD3A89A9EEC8.405ACFEF4C8672CFD6F53F46BAAC6BC487C111A8&key=cms1 - CTU.339.1.Malicious 122 1518236747.9859946 1518236748.002237 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251147&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2DD32853254260FB223653E075F6BD3A89A9EEC8.405ACFEF4C8672CFD6F53F46BAAC6BC487C111A8&key=cms1 712 20155 0 19475 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236750.7218115 1518236750.7563875 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251150&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3F16AF785B867B39CF0271B334D1268FE0415CAC.5564C84945244C2300F363236B77B02A84406301&key=cms1 - CTU.339.1.Malicious 122 1518236750.9617012 1518236750.97734 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251150&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3F16AF785B867B39CF0271B334D1268FE0415CAC.5564C84945244C2300F363236B77B02A84406301&key=cms1 712 17683 0 17003 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236753.430717 1518236753.4629586 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251153&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59D4EB96BE560AA3043C76E95D91ED0B3C52708D.7EF99A085E4B45614C07AC12F960D7ACBE363A73&key=cms1 - CTU.339.1.Malicious 122 1518236753.666068 1518236753.6827753 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251153&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59D4EB96BE560AA3043C76E95D91ED0B3C52708D.7EF99A085E4B45614C07AC12F960D7ACBE363A73&key=cms1 732 16131 0 15451 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236755.615334 1518236755.64628 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251155&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B5B1BE95EA8F351E8CDAE2169F6152E7DECBE37.3B513D4304EF815C89837B729C4084FF3BE9DDB6&key=cms1 - CTU.339.1.Malicious 122 1518236755.849048 1518236755.8662362 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251155&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B5B1BE95EA8F351E8CDAE2169F6152E7DECBE37.3B513D4304EF815C89837B729C4084FF3BE9DDB6&key=cms1 732 16677 0 15997 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236758.6046 1518236758.6373496 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251158&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2E0EEE3C6D516DFF3246F033E72CDC7F82D59BD9.3BA66AC472CAE6D942E09F475473125374A4CA1F&key=cms1 - CTU.339.1.Malicious 122 1518236758.8408995 1518236758.857399 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251158&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2E0EEE3C6D516DFF3246F033E72CDC7F82D59BD9.3BA66AC472CAE6D942E09F475473125374A4CA1F&key=cms1 732 13980 0 13300 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236760.8034046 1518236760.8356845 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251160&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=352F218DC98FE2C470F4DDEBDD37233D0A489018.315B37A40E378F8D35BD6589F362548F5B5C5CC2&key=cms1 - CTU.339.1.Malicious 122 1518236761.038652 1518236761.054998 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251160&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=352F218DC98FE2C470F4DDEBDD37233D0A489018.315B37A40E378F8D35BD6589F362548F5B5C5CC2&key=cms1 732 19530 0 18850 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236762.202392 1518236762.2340152 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251162&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1876B44C1C039300D725C6407FD840BDC2B2391C.817DCCDF0573FAB0E96A87D3A201F6B5DFD0F792&key=cms1 - CTU.339.1.Malicious 122 1518236762.4328482 1518236762.4487145 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251162&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1876B44C1C039300D725C6407FD840BDC2B2391C.817DCCDF0573FAB0E96A87D3A201F6B5DFD0F792&key=cms1 732 17816 0 17136 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236765.1520777 1518236765.1840484 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251165&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=12246A7F12C419B55F5877AAAEED5871BA06CB28.476C8E3E8AC78028BD953B24E57F98905EEE73CC&key=cms1 - CTU.339.1.Malicious 122 1518236765.3863611 1518236765.404523 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251165&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=12246A7F12C419B55F5877AAAEED5871BA06CB28.476C8E3E8AC78028BD953B24E57F98905EEE73CC&key=cms1 732 15355 0 14675 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236767.327703 1518236767.3599524 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251167&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4137205140239A3116FF32164525FA5B7207CDD9.75470689134527E2F657C2765306AE394DDA73A6&key=cms1 - CTU.339.1.Malicious 122 1518236767.5635328 1518236767.5800622 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251167&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4137205140239A3116FF32164525FA5B7207CDD9.75470689134527E2F657C2765306AE394DDA73A6&key=cms1 732 24556 0 23876 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236770.2397137 1518236770.2724078 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251170&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=33F72DDF2AF8A1D4C0FCC8313FED5CFD7DE56BA4.29759728129EFE51448B008B81930CF66E6BD66C&key=cms1 - CTU.339.1.Malicious 122 1518236770.4710655 1518236770.4879746 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251170&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236651&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=33F72DDF2AF8A1D4C0FCC8313FED5CFD7DE56BA4.29759728129EFE51448B008B81930CF66E6BD66C&key=cms1 732 22175 0 21495 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236773.887787 1518236773.9193745 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251173&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C30C1600376C712205CB742988D41FA65301338.819FF9966ECFF81C93677A4F51405BF71ED38556&key=cms1 - CTU.339.1.Malicious 122 1518236774.122183 1518236774.1385543 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251173&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C30C1600376C712205CB742988D41FA65301338.819FF9966ECFF81C93677A4F51405BF71ED38556&key=cms1 712 17803 0 17123 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236777.1739993 1518236777.2058017 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251177&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=225AD1CE2379FB2D32AA0E5B8AD2EB409E1DE077.057E3E022EBB064E3BC38AA22FC8AB0B8A2B8997&key=cms1 - CTU.339.1.Malicious 122 1518236777.4089975 1518236777.4235337 15 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251177&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=225AD1CE2379FB2D32AA0E5B8AD2EB409E1DE077.057E3E022EBB064E3BC38AA22FC8AB0B8A2B8997&key=cms1 732 15551 0 14871 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236780.159255 1518236780.1919854 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251180&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=092630416443255A92AC39881EF5A3920F836641.43FAD10C7F181B014E1E21C72AF8FB9A9D7C5B93&key=cms1 - CTU.339.1.Malicious 122 1518236780.3957565 1518236780.4114027 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251180&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=092630416443255A92AC39881EF5A3920F836641.43FAD10C7F181B014E1E21C72AF8FB9A9D7C5B93&key=cms1 732 13327 0 12647 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236782.3673625 1518236782.398748 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251182&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A3BAE17B2BE265DFD05B1629AA793C080C7648B.3C32D2E2FE42F7C23A28CF3089B1CBEF6349E398&key=cms1 - CTU.339.1.Malicious 122 1518236782.6015687 1518236782.618038 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251182&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A3BAE17B2BE265DFD05B1629AA793C080C7648B.3C32D2E2FE42F7C23A28CF3089B1CBEF6349E398&key=cms1 712 17431 0 16751 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236785.1109362 1518236785.1420584 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251185&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7096F3ADEB3EB81735CD1FB4B2F935AB314209FC.20704BAC6ECC0E0A5AA5AA6B6DAFBB6A76BF3255&key=cms1 - CTU.339.1.Malicious 122 1518236785.3451843 1518236785.3610857 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251185&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7096F3ADEB3EB81735CD1FB4B2F935AB314209FC.20704BAC6ECC0E0A5AA5AA6B6DAFBB6A76BF3255&key=cms1 712 15622 0 14942 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236788.1596742 1518236788.1914928 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251188&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6C1524123EF9FB4248030B27E6B28E539EC381AF.0F48F6AD533BF8118450AB5E5B84451105AB640A&key=cms1 - CTU.339.1.Malicious 122 1518236788.395562 1518236788.411267 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251188&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6C1524123EF9FB4248030B27E6B28E539EC381AF.0F48F6AD533BF8118450AB5E5B84451105AB640A&key=cms1 732 13192 0 12512 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236790.371054 1518236790.4031706 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251190&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0AE78F049C25373B6B5E7E009CE6A3707035A0EE.2DAE4BF91B96E2E29B74CE1D6F8F287703F66707&key=cms1 - CTU.339.1.Malicious 122 1518236790.6063554 1518236790.6234534 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251190&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0AE78F049C25373B6B5E7E009CE6A3707035A0EE.2DAE4BF91B96E2E29B74CE1D6F8F287703F66707&key=cms1 712 16888 0 16208 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236793.1119769 1518236793.1439908 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251193&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=473D54A03826FCC1887F0906391421655FBE0BAA.2BB1165526446472449CC0458ADDE9EA8D78B6B4&key=cms1 - CTU.339.1.Malicious 122 1518236793.3470101 1518236793.3643413 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251193&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=473D54A03826FCC1887F0906391421655FBE0BAA.2BB1165526446472449CC0458ADDE9EA8D78B6B4&key=cms1 732 15062 0 14382 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236796.063791 1518236796.0976121 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251196&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1165CA6C6768C41950AE324A068584BBF95BF52F.3DC0C8FC32BD220377D673B1251BFADF0C195E9E&key=cms1 - CTU.339.1.Malicious 122 1518236796.3008242 1518236796.3174927 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251196&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1165CA6C6768C41950AE324A068584BBF95BF52F.3DC0C8FC32BD220377D673B1251BFADF0C195E9E&key=cms1 732 12877 0 12197 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236798.2719004 1518236798.3035097 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251198&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4846D6B50F3749A81DC2AD22400EE9580BD353A2.686A476B3CBEF58F3402876BEEB70C10A00D863B&key=cms1 - CTU.339.1.Malicious 122 1518236798.5039055 1518236798.5202482 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251198&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4846D6B50F3749A81DC2AD22400EE9580BD353A2.686A476B3CBEF58F3402876BEEB70C10A00D863B&key=cms1 712 16295 0 15615 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236801.2514796 1518236801.284371 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251201&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=58D6E0830E9505E023DBF18BA0501F5C046FEAB2.75CA1194511EB3622A9B6D0D1A6FAD484AAEAF2F&key=cms1 - CTU.339.1.Malicious 122 1518236801.4832563 1518236801.5003953 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251201&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=58D6E0830E9505E023DBF18BA0501F5C046FEAB2.75CA1194511EB3622A9B6D0D1A6FAD484AAEAF2F&key=cms1 732 13792 0 13112 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236803.4233925 1518236803.4556773 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251203&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=160552E9D753231F903B7BA6CEB3E3C9A7E8F9B5.606A71156C2F7B174CCAA88705EA24FA2C780279&key=cms1 - CTU.339.1.Malicious 122 1518236803.658381 1518236803.6758313 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251203&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=160552E9D753231F903B7BA6CEB3E3C9A7E8F9B5.606A71156C2F7B174CCAA88705EA24FA2C780279&key=cms1 712 20276 0 19596 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236806.336705 1518236806.3703506 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251206&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=37B33D80639D18A9AAC5EC510991F552D2DD88E5.31D0956E684C0FFBE1B3F5C1CEF341E330A09696&key=cms1 - CTU.339.1.Malicious 122 1518236806.5742981 1518236806.5903528 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251206&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=37B33D80639D18A9AAC5EC510991F552D2DD88E5.31D0956E684C0FFBE1B3F5C1CEF341E330A09696&key=cms1 732 17817 0 17137 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236808.810294 1518236808.8426688 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251208&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3D5BFF35E6082EBF38F2C245114F0727866C3BB3.34EF9F5A80F4C1A8567ABEF7E173CBCC48F121E0&key=cms1 - CTU.339.1.Malicious 122 1518236809.0412107 1518236809.0590005 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251208&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3D5BFF35E6082EBF38F2C245114F0727866C3BB3.34EF9F5A80F4C1A8567ABEF7E173CBCC48F121E0&key=cms1 732 17164 0 16484 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236811.5418017 1518236811.5721457 30 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251211&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0FEBA0E7359F710F0CA55A5D5F01567A1D1AF80A.37FBCDC57B2FF19C187F0997941A712C4C8AB923&key=cms1 - CTU.339.1.Malicious 122 1518236811.7736945 1518236811.7915814 18 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251211&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0FEBA0E7359F710F0CA55A5D5F01567A1D1AF80A.37FBCDC57B2FF19C187F0997941A712C4C8AB923&key=cms1 712 15384 0 14704 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236813.727591 1518236813.759909 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251213&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B6FEC9A81036C4B927743EE1674BFFFC0CD1EB9.47657AD28755DB46823A4A9F13665CA6B03DDCF5&key=cms1 - CTU.339.1.Malicious 122 1518236813.96388 1518236813.9798672 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251213&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B6FEC9A81036C4B927743EE1674BFFFC0CD1EB9.47657AD28755DB46823A4A9F13665CA6B03DDCF5&key=cms1 732 23738 0 23058 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236816.6781085 1518236816.711407 33 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251216&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=64F82DB75FADCE82AB86C0267D03058FE95EFE4F.20B060809E2DE722E447C5E03D96C1103E4DA2E3&key=cms1 - CTU.339.1.Malicious 122 1518236816.915536 1518236816.9315557 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251216&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=64F82DB75FADCE82AB86C0267D03058FE95EFE4F.20B060809E2DE722E447C5E03D96C1103E4DA2E3&key=cms1 732 21143 0 20463 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236819.6152217 1518236819.6499903 35 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251219&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E4E048D107F50365BDF43B517D5475950091427.40FA24DA717CE82684DC935AE8C266FAE14A434C&key=cms1 - CTU.339.1.Malicious 122 1518236819.853294 1518236819.8719468 19 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251219&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E4E048D107F50365BDF43B517D5475950091427.40FA24DA717CE82684DC935AE8C266FAE14A434C&key=cms1 712 18593 0 17913 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236822.5549436 1518236822.586581 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251222&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6838401B18A966B7393FC7B9A0586C78AAAD9281.59F4C6876E6F5E0CC1F772CB6106DFE6CED29370&key=cms1 - CTU.339.1.Malicious 122 1518236822.7913556 1518236822.8103762 19 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251222&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6838401B18A966B7393FC7B9A0586C78AAAD9281.59F4C6876E6F5E0CC1F772CB6106DFE6CED29370&key=cms1 732 16015 0 15335 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236825.5679464 1518236825.5997965 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251225&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3E4A657E723E9C0E9AC548323F7F33F1CD92D83F.47C323F3B84C59C879F50A53C961CD684D18E0EF&key=cms1 - CTU.339.1.Malicious 122 1518236825.8035307 1518236825.8191082 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251225&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3E4A657E723E9C0E9AC548323F7F33F1CD92D83F.47C323F3B84C59C879F50A53C961CD684D18E0EF&key=cms1 732 13998 0 13318 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236827.7442696 1518236827.7765338 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251227&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5359665A451BD9E495AAC9DA22D75795CD0171A1.1FBA64C5FFDA41E9C58F8591D3C8703B2E87576F&key=cms1 - CTU.339.1.Malicious 122 1518236827.9846764 1518236827.9996922 15 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251227&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5359665A451BD9E495AAC9DA22D75795CD0171A1.1FBA64C5FFDA41E9C58F8591D3C8703B2E87576F&key=cms1 732 20898 0 20218 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236830.6875484 1518236830.7212183 34 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251230&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=55DA2A7DCBD687BBD14E3E77FDD7E8778D2B183E.26ECD2A27E742D4E6A2F245609E377EA85D02624&key=cms1 - CTU.339.1.Malicious 122 1518236830.924842 1518236830.9415457 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251230&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236714&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=55DA2A7DCBD687BBD14E3E77FDD7E8778D2B183E.26ECD2A27E742D4E6A2F245609E377EA85D02624&key=cms1 732 18336 0 17656 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236833.1421828 1518236833.1741488 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251233&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=432CF0309E95A269D3D88FE465721896C98F39AB.54427CC28E6CFD0914A7E55291B41E63CAFFD92A&key=cms1 - CTU.339.1.Malicious 122 1518236833.3791494 1518236833.3961651 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251233&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=432CF0309E95A269D3D88FE465721896C98F39AB.54427CC28E6CFD0914A7E55291B41E63CAFFD92A&key=cms1 732 17805 0 17125 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236835.8630478 1518236835.8945317 31 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1564 0 706 268 841 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251235&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21DE240EB3B6C777E454668AC47EA2BA7CD5A1A0.66F92A2E254ADA713464B78B4F5498575F8324D8&key=cms1 - CTU.339.1.Malicious 122 1518236836.0974088 1518236836.11376 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251235&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21DE240EB3B6C777E454668AC47EA2BA7CD5A1A0.66F92A2E254ADA713464B78B4F5498575F8324D8&key=cms1 712 16125 0 15445 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236838.8794515 1518236838.9110897 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251238&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3691A7D213355BB5FFE118B8DC77F51C98FDB9D5.154F8DEE299E128B3CABDECFD7688F70CEA5B3E4&key=cms1 - CTU.339.1.Malicious 122 1518236839.113919 1518236839.1295302 16 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251238&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3691A7D213355BB5FFE118B8DC77F51C98FDB9D5.154F8DEE299E128B3CABDECFD7688F70CEA5B3E4&key=cms1 732 13574 0 12894 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 121 1518236841.601304 1518236841.6334925 32 192.168.1.119 - 49381 216.58.201.78 80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx 418 1608 0 730 268 861 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251241&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4178215AA9781BE4CAD5A1E64BFC0F05B36B0E9D.0A9E8E66366C03D1519FC4B830448A77854798AD&key=cms1 - CTU.339.1.Malicious 122 1518236841.8368309 1518236841.8537374 17 192.168.1.119 - 49382 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjQxQUFWZUl2YWEzRjhwSlNRWUREQ2twQQ/1.4.8.1029_oimompecagnajdejgnnjijobebaeigek.crx?cms_redirect=yes&expire=1518251241&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236772&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4178215AA9781BE4CAD5A1E64BFC0F05B36B0E9D.0A9E8E66366C03D1519FC4B830448A77854798AD&key=cms1 732 11630 0 10950 277 653 'Microsoft BITS/7.5' application/x-chrome-extension GET 206 - - - - - - - CTU.339.1.Malicious 124 1518236847.5209606 1518236847.7608004 240 192.168.1.119 - 49384 216.58.201.67 443 https://update.googleapis.com/service/update2 1223 944 890 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 125 1518237338.4526722 1518237338.4856853 33 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 282 839 0 0 170 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251738&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4D2EA9786A4238AC5A5F5510592356FEA47DE44E.03FF4AAF7C100B7D587A099A7F0C4FD86E5FF6F7&key=cms1 - CTU.339.1.Malicious 126 1518237338.5958753 1518237338.612198 16 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251738&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4D2EA9786A4238AC5A5F5510592356FEA47DE44E.03FF4AAF7C100B7D587A099A7F0C4FD86E5FF6F7&key=cms1 596 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 125 1518237339.6207426 1518237339.6529562 32 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 371 1486 0 667 260 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251739&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=508119FE44CD0BB1D52A1B19D3D7ED39836B27D5.0697412FB1178AC6F66E89EE2D41137069F32757&key=cms1 - CTU.339.1.Malicious 126 1518237339.8555984 1518237339.8721027 17 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251739&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=508119FE44CD0BB1D52A1B19D3D7ED39836B27D5.0697412FB1178AC6F66E89EE2D41137069F32757&key=cms1 665 12966 0 12301 269 638 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237341.659301 1518237341.6905518 31 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251741&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=078936118B75740C23AFEE93343F330170599C80.66D1C84BB5F2BF4661CE1C446024C0DECA011A15&key=cms1 - CTU.339.1.Malicious 126 1518237341.8946733 1518237341.9101794 16 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251741&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=078936118B75740C23AFEE93343F330170599C80.66D1C84BB5F2BF4661CE1C446024C0DECA011A15&key=cms1 689 25895 0 25226 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237344.7120836 1518237344.954105 242 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251744&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4594809BC010BB2C847C7DED6EBA6CF874CC7A15.852FC50391EA524AFC52CEB5709F4161E6A609EA&key=cms1 - CTU.339.1.Malicious 126 1518237345.1538775 1518237345.3779745 224 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251744&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4594809BC010BB2C847C7DED6EBA6CF874CC7A15.852FC50391EA524AFC52CEB5709F4161E6A609EA&key=cms1 689 22288 0 21619 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237348.002358 1518237348.0320778 30 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251748&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2BAF365CAD0569278125231AC8AF9021E32CF085.5F8119B5CBE138D2C6C7662F261FB1DC32F9F31D&key=cms1 - CTU.339.1.Malicious 126 1518237348.2356887 1518237348.2510233 15 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251748&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2BAF365CAD0569278125231AC8AF9021E32CF085.5F8119B5CBE138D2C6C7662F261FB1DC32F9F31D&key=cms1 689 20071 0 19402 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237350.911852 1518237350.942098 30 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251750&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B33DA2E1FA6D5F9122C9D0E05BA5425EF08CDD6.783E3C2EF213B735C40B619143CD8FED1142A587&key=cms1 - CTU.339.1.Malicious 126 1518237351.1430883 1518237351.1599786 17 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251750&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B33DA2E1FA6D5F9122C9D0E05BA5425EF08CDD6.783E3C2EF213B735C40B619143CD8FED1142A587&key=cms1 689 17630 0 16961 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237353.623185 1518237353.6543958 31 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 376 1530 0 691 265 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251753&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2BF80DA7D8D87AA3ABB9A163598E9122539219C6.3DE57B6ECD157E4D08D1E187EE2C48A18C962480&key=cms1 - CTU.339.1.Malicious 126 1518237353.8580997 1518237353.875258 17 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251753&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2BF80DA7D8D87AA3ABB9A163598E9122539219C6.3DE57B6ECD157E4D08D1E187EE2C48A18C962480&key=cms1 690 16023 0 15353 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237355.8396711 1518237355.8710463 31 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251755&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6C3147E19A152A6D20FE7FD685800B3CB734BDFE.3B98DA816C6D1FB08D36467BF0ACD3572D4FFC43&key=cms1 - CTU.339.1.Malicious 126 1518237356.0748565 1518237356.0909233 16 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251755&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6C3147E19A152A6D20FE7FD685800B3CB734BDFE.3B98DA816C6D1FB08D36467BF0ACD3572D4FFC43&key=cms1 691 23019 0 22348 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237358.7835078 1518237358.8138492 30 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0FD4BBA42141B4C7363FB59A36AF6F46EC4739BE.27539C719860BC9F18C4B3D9F75DA69AF9DA2245&key=cms1 - CTU.339.1.Malicious 126 1518237359.0168402 1518237359.0342243 17 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0FD4BBA42141B4C7363FB59A36AF6F46EC4739BE.27539C719860BC9F18C4B3D9F75DA69AF9DA2245&key=cms1 691 20449 0 19778 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237361.7530358 1518237361.7834597 30 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=53249299A20C7B6138C6038E6CDDC06C10B45FF0.6ED84A20698C18AD0584F7D8057AAE58B29C890B&key=cms1 - CTU.339.1.Malicious 126 1518237361.9881568 1518237362.0036433 15 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=53249299A20C7B6138C6038E6CDDC06C10B45FF0.6ED84A20698C18AD0584F7D8057AAE58B29C890B&key=cms1 691 18075 0 17404 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237363.1584854 1518237363.1894038 31 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4844DB6768162E9456396E7EF091E20BF278C746.469F9AFFAE793F65D78CB73B9C4F8CF37253E154&key=cms1 - CTU.339.1.Malicious 126 1518237363.398571 1518237363.4147809 16 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4844DB6768162E9456396E7EF091E20BF278C746.469F9AFFAE793F65D78CB73B9C4F8CF37253E154&key=cms1 691 16229 0 15558 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237366.1749332 1518237366.2082071 33 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6BAFA8BFC4C1368BE5F00EB4A0098BE80A2E17CC.71923D2DD79DB5022D9450BFF69EB2C3D82AE9A8&key=cms1 - CTU.339.1.Malicious 126 1518237366.412153 1518237366.4279268 16 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6BAFA8BFC4C1368BE5F00EB4A0098BE80A2E17CC.71923D2DD79DB5022D9450BFF69EB2C3D82AE9A8&key=cms1 691 13684 0 13013 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237368.383316 1518237368.4142451 31 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0A6DF8ACCCEEDD6E0B43EFC261257062177BEFB6.46B85F0F5AB53C2B24FBD0C0C7351B47C825C9EB&key=cms1 - CTU.339.1.Malicious 126 1518237368.6170542 1518237368.6338334 17 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0A6DF8ACCCEEDD6E0B43EFC261257062177BEFB6.46B85F0F5AB53C2B24FBD0C0C7351B47C825C9EB&key=cms1 691 18353 0 17682 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 125 1518237371.3916025 1518237371.4226768 31 192.168.1.119 - 49385 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=217BF1E6237547B45BB2B2FCDC56F2481B706E2F.074BD79C54FE0240CD803D6EF22B39C7AE4AFFA9&key=cms1 - CTU.339.1.Malicious 126 1518237371.6274774 1518237371.643561 16 192.168.1.119 - 49386 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APB-LKWHVnnP_4273/4273_all_crl-set-5760281525356374344.data.crx3?cms_redirect=yes&expire=1518251771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518236696&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=217BF1E6237547B45BB2B2FCDC56F2481B706E2F.074BD79C54FE0240CD803D6EF22B39C7AE4AFFA9&key=cms1 691 3181 0 2511 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 127 1518237375.072873 1518237375.3160233 243 192.168.1.119 - 49387 216.58.201.67 443 https://update.googleapis.com/service/update2 1175 944 842 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 128 1518239564.5751643 1518239564.6039903 29 192.168.1.119 - 49388 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D0%26uc 668 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 129 1518239568.2871304 1518239568.3134382 26 192.168.1.119 - 49389 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 130 1518239605.003582 1518239605.031464 28 192.168.1.119 - 49390 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 131 1518239635.3844357 1518239635.4171169 33 192.168.1.119 - 49391 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 132 1518239641.9042633 1518239641.9354043 31 192.168.1.119 - 49392 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 133 1518243206.3563526 1518243206.3848915 29 192.168.1.119 - 49393 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 134 1518243235.710855 1518243235.746786 36 192.168.1.119 - 49394 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 135 1518243242.2318447 1518243242.2678275 36 192.168.1.119 - 49395 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 136 1518246807.4151442 1518246807.447529 32 192.168.1.119 - 49396 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 137 1518246836.0480747 1518246836.081247 33 192.168.1.119 - 49397 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 138 1518246842.570877 1518246842.602902 32 192.168.1.119 - 49398 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 139 1518250408.89605 1518250408.9353688 39 192.168.1.119 - 49399 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 140 1518250436.3787327 1518250436.4138477 35 192.168.1.119 - 49400 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 141 1518250442.9096017 1518250442.9459615 36 192.168.1.119 - 49401 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 142 1518254010.2610178 1518254010.2950687 34 192.168.1.119 - 49402 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 143 1518254036.7187643 1518254036.7506225 32 192.168.1.119 - 49403 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 144 1518254043.247831 1518254043.2770617 29 192.168.1.119 - 49404 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 145 1518254355.697621 1518254355.7506194 53 192.168.1.119 - 49405 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:4174713512&cup2hreq=a13e592d02b74259311bb6cdc0d138e93ce697c5c7dafa883d28265fa85a79c2 1414 1586 986 430 303 1144 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 146 1518257611.6206207 1518257611.654159 34 192.168.1.119 - 49406 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 147 1518257637.0385997 1518257637.0697932 31 192.168.1.119 - 49407 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 148 1518257643.7824059 1518257643.8129685 31 192.168.1.119 - 49412 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 149 1518257691.6599722 1518257691.6913328 31 192.168.1.119 - 49417 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.10%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 150 1518258232.9127705 1518258232.94872 36 192.168.1.119 - 49418 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 151 1518261213.1746025 1518261213.2073627 33 192.168.1.119 - 49419 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 152 1518261237.3677292 1518261237.4012752 34 192.168.1.119 - 49420 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 153 1518261244.11044 1518261244.337464 227 192.168.1.119 - 49421 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 154 1518264814.7242799 1518264814.7555518 31 192.168.1.119 - 49422 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 155 1518264837.7050521 1518264837.7368996 32 192.168.1.119 - 49423 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 156 1518264844.656906 1518264844.6909447 34 192.168.1.119 - 49424 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 157 1518264852.9552288 1518264853.2186925 263 192.168.1.119 - 49425 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 158 1518268415.79364 1518268415.8209095 27 192.168.1.119 - 49426 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 159 1518268438.0448306 1518268438.087392 43 192.168.1.119 - 49427 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 160 1518268444.9997556 1518268445.032574 33 192.168.1.119 - 49428 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 161 1518272017.1292539 1518272017.1621647 33 192.168.1.119 - 49429 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 162 1518272038.3965766 1518272038.4284263 32 192.168.1.119 - 49430 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 163 1518272045.3466887 1518272045.3895216 43 192.168.1.119 - 49431 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 164 1518274974.6038818 1518274974.6355119 32 192.168.1.119 - 49432 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.10%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 165 1518275618.2852614 1518275618.3150413 30 192.168.1.119 - 49433 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 166 1518275638.7636652 1518275638.8024518 39 192.168.1.119 - 49434 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 167 1518275645.7082884 1518275645.743527 35 192.168.1.119 - 49435 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 168 1518279219.6597 1518279219.6892285 30 192.168.1.119 - 49436 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 169 1518279239.1028352 1518279239.1631985 60 192.168.1.119 - 49437 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 170 1518279246.047596 1518279246.2722278 225 192.168.1.119 - 49438 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 171 1518279856.2736168 1518279856.3191662 46 192.168.1.119 - 49447 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 172 1518282821.000259 1518282821.0325153 32 192.168.1.119 - 49448 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 173 1518282839.4535336 1518282839.4884074 35 192.168.1.119 - 49449 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 174 1518282846.5927258 1518282846.6226172 30 192.168.1.119 - 49450 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 175 1518286422.3690915 1518286422.4010959 32 192.168.1.119 - 49451 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 176 1518286439.7840793 1518286439.8193681 35 192.168.1.119 - 49452 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 177 1518286447.1267698 1518286447.161142 34 192.168.1.119 - 49453 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 178 1518290023.7174885 1518290023.7469168 29 192.168.1.119 - 49454 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 179 1518290040.1227467 1518290040.1600218 37 192.168.1.119 - 49455 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 180 1518290047.456832 1518290047.4891565 32 192.168.1.119 - 49456 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 181 1518293364.1827965 1518293364.215839 33 192.168.1.119 - 49457 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.10%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 182 1518293625.2137065 1518293625.248208 35 192.168.1.119 - 49458 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 183 1518293640.4947896 1518293640.5280867 33 192.168.1.119 - 49459 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 184 1518293647.7790666 1518293648.0107434 232 192.168.1.119 - 49460 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 185 1518293653.620336 1518293653.9422145 322 192.168.1.119 - 49461 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 186 1518297226.792315 1518297226.8262262 34 192.168.1.119 - 49462 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 187 1518297240.8577957 1518297240.895738 38 192.168.1.119 - 49463 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 188 1518297248.3318758 1518297248.5579236 226 192.168.1.119 - 49464 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 189 1518300827.8744395 1518300827.905063 31 192.168.1.119 - 49465 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 190 1518300841.1884687 1518300841.2244735 36 192.168.1.119 - 49466 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 191 1518300848.876647 1518300849.1258972 249 192.168.1.119 - 49467 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 192 1518301484.319143 1518301484.3490844 30 192.168.1.119 - 49476 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 193 1518304429.2081392 1518304429.236748 29 192.168.1.119 - 49477 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 194 1518304441.5171812 1518304441.5494983 32 192.168.1.119 - 49478 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 195 1518304449.2189496 1518304449.4448388 226 192.168.1.119 - 49479 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 196 1518308030.1050253 1518308030.1363802 31 192.168.1.119 - 49480 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 197 1518308041.8454628 1518308041.8766701 31 192.168.1.119 - 49481 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 818 447 0 16 721 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 198 1518308049.765556 1518308049.7958238 30 192.168.1.119 - 49482 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 199 1518308355.6975985 1518308355.7423108 45 192.168.1.119 - 49483 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:3420951&cup2hreq=089ae543dd8f540972b9d18e9d05025f52fba49b68543430d8dcadc3b38df6ef 1411 2479 986 1318 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 200 1518308356.6038353 1518308356.6356015 32 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 281 838 0 0 170 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322756&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518307919&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=30536F4DA2ED98DF179519E719A085D57CAD1AE2.613EBB13DB4F1575A4764E03AA9E907353902A56&key=cms1 - CTU.339.1.Malicious 201 1518308356.7423794 1518308356.7596185 17 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322756&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518307919&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=30536F4DA2ED98DF179519E719A085D57CAD1AE2.613EBB13DB4F1575A4764E03AA9E907353902A56&key=cms1 595 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 200 1518308358.0846958 1518308358.1152217 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 369 1484 0 666 259 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518307919&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E6DD62E5E1826368441DB90BBB85A894626BCF2.2ABD43F2205AEA0ECD528FB34A0C1318CD247701&key=cms1 - CTU.339.1.Malicious 201 1518308358.3180852 1518308358.3349383 17 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518307919&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E6DD62E5E1826368441DB90BBB85A894626BCF2.2ABD43F2205AEA0ECD528FB34A0C1318CD247701&key=cms1 663 3155 0 2492 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308361.3049161 1518308361.3355515 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 372 1484 0 666 262 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7DE3881501EC89A326F8339B6C1D5ACE154562C6.79CDD00C2A11CD7353B4A9A6AB1F85A41FD1CBE3&key=cms1 - CTU.339.1.Malicious 201 1518308361.538274 1518308361.5539079 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7DE3881501EC89A326F8339B6C1D5ACE154562C6.79CDD00C2A11CD7353B4A9A6AB1F85A41FD1CBE3&key=cms1 666 3158 0 2492 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308363.489054 1518308363.518941 30 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 372 1484 0 666 262 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63FBD562596823424F4981E47DAA8BDF0B48BCAC.7A36E478CA32D4A45500E78F488075FA5B757E5D&key=cms1 - CTU.339.1.Malicious 201 1518308363.7300577 1518308363.745873 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63FBD562596823424F4981E47DAA8BDF0B48BCAC.7A36E478CA32D4A45500E78F488075FA5B757E5D&key=cms1 666 5671 0 5005 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308365.6804597 1518308365.7118673 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 373 1484 0 666 263 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C6E92856834536462419599654DC238E6324E10.1ED33745ABCD5A049E5909ABE4BA9BE71A1C2C0D&key=cms1 - CTU.339.1.Malicious 201 1518308365.916819 1518308365.9335306 17 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C6E92856834536462419599654DC238E6324E10.1ED33745ABCD5A049E5909ABE4BA9BE71A1C2C0D&key=cms1 667 5428 0 4761 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308366.7696254 1518308366.8004925 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=60899487A8CC96F327FE66DD2FA8A583AC6F36C8.6E64506CCDB8AD5D5601E010F0EF93B4DF862139&key=cms1 - CTU.339.1.Malicious 201 1518308366.9998357 1518308367.0157793 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=60899487A8CC96F327FE66DD2FA8A583AC6F36C8.6E64506CCDB8AD5D5601E010F0EF93B4DF862139&key=cms1 668 9256 0 8588 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308368.8238125 1518308368.854974 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=70E7559F0FAD4099857B6D9D9B5D1AE77FA63F0A.385851B04829B7077B2385FC5CD6EAED93A4A326&key=cms1 - CTU.339.1.Malicious 201 1518308369.060017 1518308369.0773365 17 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=70E7559F0FAD4099857B6D9D9B5D1AE77FA63F0A.385851B04829B7077B2385FC5CD6EAED93A4A326&key=cms1 668 18469 0 17800 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308371.8089077 1518308371.8410254 32 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=355120E01E7CBF5686D1790184AC56F54C743F69.16E07A3A41A1A557B89302E8D85863039D923134&key=cms1 - CTU.339.1.Malicious 201 1518308372.0452392 1518308372.0616837 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=355120E01E7CBF5686D1790184AC56F54C743F69.16E07A3A41A1A557B89302E8D85863039D923134&key=cms1 688 15902 0 15233 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308373.9839375 1518308374.0173612 33 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B32BEB59C2A54690AB5814279435C8507BC9508.8428B32C0803665107F52CEEDCFF4EE320809FD7&key=cms1 - CTU.339.1.Malicious 201 1518308374.220492 1518308374.2361562 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B32BEB59C2A54690AB5814279435C8507BC9508.8428B32C0803665107F52CEEDCFF4EE320809FD7&key=cms1 668 26311 0 25642 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308377.4307206 1518308377.4610612 30 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 375 1484 0 666 265 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=29D7792EB7E1B77A62647DC23089A80F1A34C958.18046C57B612A4C798C5A6B6C1ACDA61CB69A423&key=cms1 - CTU.339.1.Malicious 201 1518308377.6639528 1518308377.6801023 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=29D7792EB7E1B77A62647DC23089A80F1A34C958.18046C57B612A4C798C5A6B6C1ACDA61CB69A423&key=cms1 669 21638 0 20968 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308380.3482602 1518308380.3795836 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4762C7163E698EFE9FCC42788EA72BD06EB37F20.3A9C6FB899FA9227EDCB40B1E51119FE6B414E93&key=cms1 - CTU.339.1.Malicious 201 1518308380.603691 1518308380.6213374 18 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4762C7163E698EFE9FCC42788EA72BD06EB37F20.3A9C6FB899FA9227EDCB40B1E51119FE6B414E93&key=cms1 670 19188 0 18517 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308383.295771 1518308383.3278027 32 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A88B611AD5E4AC62C3E865CAE8D7D18D45D5141.5E6F0527D08513B978A537E3B98C5ED050ADBBD0&key=cms1 - CTU.339.1.Malicious 201 1518308383.5315442 1518308383.5480084 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A88B611AD5E4AC62C3E865CAE8D7D18D45D5141.5E6F0527D08513B978A537E3B98C5ED050ADBBD0&key=cms1 670 16667 0 15996 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308385.5041945 1518308385.537188 33 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=32EE2AB89E5E32A6472C6596B43668600B15E058.2FCF61DF972052DC1E51807097E1539271219BF6&key=cms1 - CTU.339.1.Malicious 201 1518308385.74113 1518308385.7566907 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=32EE2AB89E5E32A6472C6596B43668600B15E058.2FCF61DF972052DC1E51807097E1539271219BF6&key=cms1 670 25787 0 25116 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308389.1514192 1518308389.1827044 31 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4277CDCCBD9C327DB1E00DBA8FBA7CCF84F23452.1153A4A24052F235D6E6E13572CE4F1C68E238AE&key=cms1 - CTU.339.1.Malicious 201 1518308389.3819866 1518308389.3979533 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4277CDCCBD9C327DB1E00DBA8FBA7CCF84F23452.1153A4A24052F235D6E6E13572CE4F1C68E238AE&key=cms1 690 21065 0 20394 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308392.6080263 1518308392.640055 32 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=35F5EDCE2D8D89123DF7F4EFEC6DD96AB95E0F9A.0DB4C6ACCC5C20947A18F695AA065B48D05A71B8&key=cms1 - CTU.339.1.Malicious 201 1518308392.8488312 1518308392.8639488 15 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=35F5EDCE2D8D89123DF7F4EFEC6DD96AB95E0F9A.0DB4C6ACCC5C20947A18F695AA065B48D05A71B8&key=cms1 670 17943 0 17272 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308395.5839472 1518308395.6157444 32 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=48368432B595203A8795E6F8C39B7974C1CC4D49.655486EF92BB1095C2EA9B6A0097BCE51B6F58CE&key=cms1 - CTU.339.1.Malicious 201 1518308395.818955 1518308395.8349862 16 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=48368432B595203A8795E6F8C39B7974C1CC4D49.655486EF92BB1095C2EA9B6A0097BCE51B6F58CE&key=cms1 690 15521 0 14850 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 200 1518308397.7920718 1518308397.825129 33 192.168.1.119 - 49484 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=71B25F26758892847672525F9C787F50BD9AD6A5.3E47AB63471FADBC5A7378EB2BADB7A53099F03A&key=cms1 - CTU.339.1.Malicious 201 1518308398.0281346 1518308398.043119 15 192.168.1.119 - 49485 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/XtthmstmbIg_4275/4275_all_crl-set-3120107119479151247.data.crx3?cms_redirect=yes&expire=1518322797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518308298&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=71B25F26758892847672525F9C787F50BD9AD6A5.3E47AB63471FADBC5A7378EB2BADB7A53099F03A&key=cms1 670 5103 0 4433 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 202 1518308401.0901222 1518308401.3202183 230 192.168.1.119 - 49486 216.58.201.67 443 https://update.googleapis.com/service/update2 1251 944 918 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 203 1518311631.6481662 1518311631.6766753 29 192.168.1.119 - 49487 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 204 1518311642.3018022 1518311642.3357766 34 192.168.1.119 - 49488 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 806 447 0 16 709 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 205 1518311650.0907025 1518311650.1336246 43 192.168.1.119 - 49489 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 206 1518312936.9543924 1518312936.9867542 32 192.168.1.119 - 49490 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.10%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 206 1518312940.9639409 1518312941.0026348 39 192.168.1.119 - 49490 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 207 1518315233.0828648 1518315233.1144252 32 192.168.1.119 - 49491 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 208 1518315242.6724887 1518315242.7053168 33 192.168.1.119 - 49492 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 806 447 0 16 709 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 209 1518315250.6354113 1518315250.8637984 228 192.168.1.119 - 49493 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 210 1518318834.6344585 1518318834.6623862 28 192.168.1.119 - 49494 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 211 1518318843.0059009 1518318843.040106 34 192.168.1.119 - 49495 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 806 447 0 16 709 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 212 1518318851.1818602 1518318851.4088662 227 192.168.1.119 - 49496 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 213 1518322402.7652292 1518322402.790206 25 192.168.1.119 - 49502 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 213 1518322402.7942429 1518322403.0373578 243 192.168.1.119 - 49502 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6429 0 6134 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 213 1518322403.4428458 1518322403.4708343 28 192.168.1.119 - 49502 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6959 0 6678 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 214 1518322405.9876175 1518322406.040331 53 192.168.1.119 - 49504 82.145.213.68 443 https://desktop-qualityclient-sub.osp.opera.software/v1/binary 824 244 330 36 470 189 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 215 1518322435.9273267 1518322435.9586577 31 192.168.1.119 - 49505 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 216 1518322443.3377635 1518322443.371374 34 192.168.1.119 - 49506 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 217 1518322451.726645 1518322451.9515424 225 192.168.1.119 - 49507 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 218 1518322454.6921053 1518322454.8022823 110 192.168.1.119 - 49508 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 219 1518323111.7282603 1518323111.7613263 33 192.168.1.119 - 49517 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 220 1518326037.4777758 1518326037.5086703 31 192.168.1.119 - 49518 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 221 1518326043.6733203 1518326043.7075834 34 192.168.1.119 - 49519 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 222 1518326052.268135 1518326052.4919555 224 192.168.1.119 - 49520 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 223 1518329638.8541873 1518329638.8840244 30 192.168.1.119 - 49521 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 224 1518329644.0035412 1518329644.0322926 29 192.168.1.119 - 49522 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 225 1518329652.8133347 1518329652.8426542 29 192.168.1.119 - 49523 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 226 1518331590.018779 1518331590.048649 30 192.168.1.119 - 49524 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.11%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 227 1518333239.7477217 1518333239.7783818 31 192.168.1.119 - 49525 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 228 1518333244.3749745 1518333244.4116747 37 192.168.1.119 - 49526 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 229 1518333253.1547642 1518333253.382055 227 192.168.1.119 - 49527 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 230 1518336840.7822227 1518336840.812615 30 192.168.1.119 - 49528 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 231 1518336844.7836463 1518336844.823461 40 192.168.1.119 - 49529 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 232 1518336853.6999214 1518336853.9497626 250 192.168.1.119 - 49530 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 233 1518340442.625518 1518340442.661668 36 192.168.1.119 - 49531 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 234 1518340445.1540995 1518340445.187796 34 192.168.1.119 - 49532 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 235 1518340454.1124313 1518340454.1445487 32 192.168.1.119 - 49533 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 236 1518344043.7383494 1518344043.7710574 33 192.168.1.119 - 49534 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 237 1518344045.505141 1518344045.5420532 37 192.168.1.119 - 49535 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 238 1518344054.661212 1518344054.690976 30 192.168.1.119 - 49536 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 239 1518344734.5250564 1518344734.749807 225 192.168.1.119 - 49545 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 240 1518347645.1043305 1518347645.136642 32 192.168.1.119 - 49546 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 241 1518347645.837244 1518347645.8733487 36 192.168.1.119 - 49547 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 242 1518347655.1921413 1518347655.438483 246 192.168.1.119 - 49548 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 243 1518350152.8783007 1518350152.918368 40 192.168.1.119 - 49549 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.11%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 244 1518351246.610419 1518351246.6535325 43 192.168.1.119 - 49550 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 245 1518351246.610674 1518351246.875045 264 192.168.1.119 - 49551 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 246 1518351255.2995415 1518351255.4633336 164 192.168.1.119 - 49552 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 247 1518351255.603664 1518351255.6380746 34 192.168.1.119 - 49553 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 248 1518354847.7574003 1518354847.7894838 32 192.168.1.119 - 49555 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 249 1518354847.9874332 1518354848.0240583 37 192.168.1.119 - 49554 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 250 1518354855.9351876 1518354856.1586635 223 192.168.1.119 - 49556 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 251 1518358449.1428158 1518358449.1814318 39 192.168.1.119 - 49557 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 252 1518358449.3100274 1518358449.3608923 51 192.168.1.119 - 49558 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 253 1518358456.4795034 1518358456.7399685 260 192.168.1.119 - 49559 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 254 1518362050.5108585 1518362050.5402482 29 192.168.1.119 - 49561 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 255 1518362051.5396478 1518362051.5792587 40 192.168.1.119 - 49560 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 256 1518362056.8286457 1518362056.865214 37 192.168.1.119 - 49562 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 257 1518362355.6020296 1518362355.6523228 50 192.168.1.119 - 49563 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2124761114&cup2hreq=341ed88f2575938f3fc73b2b3317b2dc7127cdb506b73910bc190e63be9a034b 1414 2480 986 1319 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 258 1518362357.408603 1518362357.4561489 48 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4A76156CC75DB271932AE1C6C8D22FECA69825A1.43E861E0E9068960141EEFBBE507482375F423C4&key=cms1 - CTU.339.1.Malicious 259 1518362357.6053958 1518362357.621193 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4A76156CC75DB271932AE1C6C8D22FECA69825A1.43E861E0E9068960141EEFBBE507482375F423C4&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 258 1518362359.222766 1518362359.2533674 31 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 370 1530 0 691 259 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=60D27A3BC6BF864CE8DBF5D08DEF25E7BE586525.1B9AF086B4F695DEF9A763F4F8F8ED02A5530430&key=cms1 - CTU.339.1.Malicious 259 1518362359.4567378 1518362359.4723806 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=60D27A3BC6BF864CE8DBF5D08DEF25E7BE586525.1B9AF086B4F695DEF9A763F4F8F8ED02A5530430&key=cms1 684 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362361.45271 1518362361.4844174 32 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 373 1530 0 691 262 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=143309123430A9FB8606B7F67B3F0578B36B3310.69C85245B4DE4E03B0D42E383E6379EEE86FC4FA&key=cms1 - CTU.339.1.Malicious 259 1518362361.6893945 1518362361.7066467 17 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=143309123430A9FB8606B7F67B3F0578B36B3310.69C85245B4DE4E03B0D42E383E6379EEE86FC4FA&key=cms1 687 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362362.6112914 1518362362.6442397 33 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 374 1530 0 691 263 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=258FAC6645E8F3C45EA774AAF4A47622877E1544.065C0A2971B08D2B035FBED439CB61FBFC2DEC7D&key=cms1 - CTU.339.1.Malicious 259 1518362362.848515 1518362362.8649962 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=258FAC6645E8F3C45EA774AAF4A47622877E1544.065C0A2971B08D2B035FBED439CB61FBFC2DEC7D&key=cms1 688 5904 0 5237 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362363.7724392 1518362363.8040006 32 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=30289D9A821F3556E2778D684CA4D6B559C82780.1BEB7B56DD02DEFE1587A51AFD97A754D7821743&key=cms1 - CTU.339.1.Malicious 259 1518362364.0019841 1518362364.0175545 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=30289D9A821F3556E2778D684CA4D6B559C82780.1BEB7B56DD02DEFE1587A51AFD97A754D7821743&key=cms1 689 5905 0 5237 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362364.862615 1518362364.8952112 33 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=50365471094F1433295A57536E676247FF1A73A4.683679306E426C9E256CD038172A7D7983C6D5BB&key=cms1 - CTU.339.1.Malicious 259 1518362365.0913546 1518362365.3068187 215 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=50365471094F1433295A57536E676247FF1A73A4.683679306E426C9E256CD038172A7D7983C6D5BB&key=cms1 669 61723 0 61054 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362370.9957347 1518362371.027142 31 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4D1379088274F9E0839ED57326B9CFBA182E7DD5.74E0F52BC1BAEC196CC3CD9013B1DD400410AE9C&key=cms1 - CTU.339.1.Malicious 259 1518362371.2548547 1518362371.2709727 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4D1379088274F9E0839ED57326B9CFBA182E7DD5.74E0F52BC1BAEC196CC3CD9013B1DD400410AE9C&key=cms1 670 64886 0 64216 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362376.6314564 1518362376.6611958 30 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F8165526C279220650B5413F35C123B2AA56C35.2F2817C5CF506532BD191CF38B4F6A05ED6AF1BB&key=cms1 - CTU.339.1.Malicious 259 1518362376.8612654 1518362376.8774693 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F8165526C279220650B5413F35C123B2AA56C35.2F2817C5CF506532BD191CF38B4F6A05ED6AF1BB&key=cms1 671 39673 0 39002 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 258 1518362379.9851952 1518362380.010427 25 192.168.1.119 - 49564 64.233.167.100 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11A91AF0D9BC046B7D09B253D30B30F477ADEBFD.16302361927DEB8CF31D2842CC6BCBEFD1DBC171&key=cms1 - CTU.339.1.Malicious 259 1518362380.2131116 1518362380.229344 16 192.168.1.119 - 49565 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RpWi-5rdPso_4276/4276_all_crl-set-13131155200554954246.data.crx3?cms_redirect=yes&expire=1518376779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518362022&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11A91AF0D9BC046B7D09B253D30B30F477ADEBFD.16302361927DEB8CF31D2842CC6BCBEFD1DBC171&key=cms1 691 40366 0 39695 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 260 1518362385.3247328 1518362385.4015515 77 192.168.1.119 - 49566 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 261 1518365651.567757 1518365651.5979688 30 192.168.1.119 - 49567 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 262 1518365652.1001153 1518365652.1340325 34 192.168.1.119 - 49568 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 263 1518365657.1639316 1518365657.1955602 32 192.168.1.119 - 49569 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 264 1518366357.5878499 1518366357.8135035 226 192.168.1.119 - 49578 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 265 1518367152.2004528 1518367152.2426898 42 192.168.1.119 - 49579 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.11%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 266 1518369252.9456515 1518369252.9798012 34 192.168.1.119 - 49581 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 267 1518369253.0050223 1518369253.0336654 29 192.168.1.119 - 49580 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 267 1518369257.4366233 1518369257.4670613 30 192.168.1.119 - 49580 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 268 1518372854.4542181 1518372854.500785 47 192.168.1.119 - 49582 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 269 1518372854.2319107 1518372854.5044453 273 192.168.1.119 - 49583 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 269 1518372857.6959727 1518372857.7346735 39 192.168.1.119 - 49583 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 270 1518376455.3805065 1518376455.4117796 31 192.168.1.119 - 49584 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 271 1518376455.6108987 1518376455.6435084 33 192.168.1.119 - 49585 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 271 1518376457.7395432 1518376457.7814555 42 192.168.1.119 - 49585 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 272 1518380056.5066104 1518380056.5446835 38 192.168.1.119 - 49586 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 273 1518380057.6151884 1518380057.6553917 40 192.168.1.119 - 49587 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 274 1518380057.4668205 1518380057.7141883 247 192.168.1.119 - 49588 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 273 1518380057.9865043 1518380058.024463 38 192.168.1.119 - 49587 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 275 1518383657.7491221 1518383657.7815385 32 192.168.1.119 - 49589 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 276 1518383657.956182 1518383657.991435 35 192.168.1.119 - 49590 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 276 1518383658.3519137 1518383658.3818433 30 192.168.1.119 - 49590 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 277 1518386400.5620894 1518386400.5910306 29 192.168.1.119 - 49591 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.11%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 278 1518387258.9392035 1518387258.9726427 33 192.168.1.119 - 49592 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 279 1518387259.0945644 1518387259.126013 31 192.168.1.119 - 49593 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 279 1518387259.3220487 1518387259.3557315 34 192.168.1.119 - 49593 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 280 1518387985.582739 1518387985.6118474 29 192.168.1.119 - 49603 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 281 1518390860.5288777 1518390860.5640051 35 192.168.1.119 - 49604 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 282 1518390861.375222 1518390861.4037135 28 192.168.1.119 - 49606 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 283 1518390861.5582104 1518390861.5910213 33 192.168.1.119 - 49605 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 284 1518394461.2665334 1518394461.299291 33 192.168.1.119 - 49607 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 285 1518394461.7477775 1518394461.7768836 29 192.168.1.119 - 49608 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 286 1518394461.94445 1518394461.9790268 35 192.168.1.119 - 49609 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 287 1518398062.8424566 1518398062.871226 29 192.168.1.119 - 49611 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 287 1518398063.0820384 1518398063.1138856 32 192.168.1.119 - 49611 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 288 1518398063.8670747 1518398063.9011312 34 192.168.1.119 - 49610 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 289 1518401664.6491036 1518401664.6911473 42 192.168.1.119 - 49613 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 290 1518401664.6497986 1518401664.6964052 47 192.168.1.119 - 49615 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 289 1518401665.1309884 1518401665.1611526 30 192.168.1.119 - 49613 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 291 1518403517.9330606 1518403517.9656339 33 192.168.1.119 - 49616 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.11%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 292 1518403522.2094953 1518403522.249058 40 192.168.1.119 - 49617 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 293 1518405266.3545685 1518405266.3847234 30 192.168.1.119 - 49618 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 294 1518405267.200689 1518405267.2313244 31 192.168.1.119 - 49620 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 295 1518405267.5900474 1518405267.6209745 31 192.168.1.119 - 49619 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 296 1518408792.7535005 1518408792.794356 41 192.168.1.119 - 49625 93.184.220.29 80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D 404 870 0 471 276 385 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 296 1518408793.0675008 1518408793.1293347 62 192.168.1.119 - 49625 93.184.220.29 80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2FehPDVXY0zaDJdwM3EqXk%3D 412 870 0 471 276 385 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 297 1518408802.932911 1518408802.95534 22 192.168.1.119 - 49626 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 298 1518408803.5522494 1518408803.768497 216 192.168.1.119 - 49627 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6428 0 6133 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 298 1518408804.00325 1518408804.2438462 241 192.168.1.119 - 49627 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6948 0 6667 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 299 1518408858.993723 1518408859.155224 162 192.168.1.119 - 49629 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 300 1518408867.086061 1518408867.1164927 30 192.168.1.119 - 49630 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 301 1518408867.7426496 1518408867.9669473 224 192.168.1.119 - 49631 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 302 1518408867.9433758 1518408867.9738946 31 192.168.1.119 - 49632 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 303 1518409615.975619 1518409616.032619 57 192.168.1.119 - 49641 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 304 1518412468.4989161 1518412468.5283532 29 192.168.1.119 - 49643 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 305 1518412468.7178535 1518412468.7517223 34 192.168.1.119 - 49642 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 304 1518412468.733153 1518412468.7676332 34 192.168.1.119 - 49643 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 306 1518416070.054762 1518416070.0893688 35 192.168.1.119 - 49646 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 307 1518416071.0670002 1518416071.1051133 38 192.168.1.119 - 49647 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 308 1518416071.0618696 1518416071.3099952 248 192.168.1.119 - 49645 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 309 1518416355.909268 1518416355.9619172 53 192.168.1.119 - 49648 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:4127682125&cup2hreq=72cef99ef0347d783518f1b11c5217e0397fbb8e447f7ca854f2969ab9d3508e 1414 2479 986 1318 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 310 1518416357.2103124 1518416357.2408173 31 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 281 818 0 0 170 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F20080F97144430C497727681B88860106FDA6E.75DB486B1872EFCE7D795CC8CEE7343663F4FCB4&key=cms1 - CTU.339.1.Malicious 311 1518416357.4350593 1518416357.4515548 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F20080F97144430C497727681B88860106FDA6E.75DB486B1872EFCE7D795CC8CEE7343663F4FCB4&key=cms1 575 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 310 1518416357.7952743 1518416357.8254101 30 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 369 1484 0 666 259 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A6AE2045E838BCFD695037108BBA24BA9CE6F12.27C8DCE2F8D3F6A4F36ADD94F245B8177238D9D4&key=cms1 - CTU.339.1.Malicious 311 1518416358.0287306 1518416358.0451567 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A6AE2045E838BCFD695037108BBA24BA9CE6F12.27C8DCE2F8D3F6A4F36ADD94F245B8177238D9D4&key=cms1 663 3155 0 2492 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416361.0473487 1518416361.078777 31 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 372 1484 0 666 262 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=20E760E9D9E893000DE245A32ABA5086BAEBCF38.096D309FD2516A469E1DDB2CC058D21185DA886B&key=cms1 - CTU.339.1.Malicious 311 1518416361.284993 1518416361.302192 17 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=20E760E9D9E893000DE245A32ABA5086BAEBCF38.096D309FD2516A469E1DDB2CC058D21185DA886B&key=cms1 666 3243 0 2577 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416362.2068448 1518416362.2386587 32 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 373 1484 0 666 263 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=83F292E5B8F69E922CA3AC9CE6EEF7495E23E403.5584B1BA8C8DF6866CBBA85D5432F51848507E64&key=cms1 - CTU.339.1.Malicious 311 1518416362.4414663 1518416362.4589274 17 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=83F292E5B8F69E922CA3AC9CE6EEF7495E23E403.5584B1BA8C8DF6866CBBA85D5432F51848507E64&key=cms1 667 5799 0 5132 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416363.2964175 1518416363.3300824 34 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E12CB6FF68EC02C154F460C456DED5CE8501F90.1F0F02B3121466AAFCD0AE9661A19529479CD69E&key=cms1 - CTU.339.1.Malicious 311 1518416363.5336351 1518416363.548954 15 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E12CB6FF68EC02C154F460C456DED5CE8501F90.1F0F02B3121466AAFCD0AE9661A19529479CD69E&key=cms1 668 9856 0 9188 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416364.5170188 1518416364.5469851 30 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=379193FFE86E8FDBC4FB57BA0EEADB737A05C79D.2B983ABEDFA84C8791578661C913A298A16D68E8&key=cms1 - CTU.339.1.Malicious 311 1518416364.7570946 1518416364.7733579 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=379193FFE86E8FDBC4FB57BA0EEADB737A05C79D.2B983ABEDFA84C8791578661C913A298A16D68E8&key=cms1 668 26925 0 26256 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416368.3466892 1518416368.3801713 33 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A68A142045D6AB2DB445D11D0785E1817A546C2.83B442CF932381FA1BD0B16B4FC2FC84506AA70A&key=cms1 - CTU.339.1.Malicious 311 1518416368.5844424 1518416368.600124 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A68A142045D6AB2DB445D11D0785E1817A546C2.83B442CF932381FA1BD0B16B4FC2FC84506AA70A&key=cms1 668 30187 0 29518 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416371.020281 1518416371.0506234 30 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 375 1528 0 690 265 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=22863CE51395C0C54B9A5157D97CD48BE65119F6.0F485BF561969C2E5DCD5CEFBFDBC954DA7B8230&key=cms1 - CTU.339.1.Malicious 311 1518416371.2601876 1518416371.2759624 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=22863CE51395C0C54B9A5157D97CD48BE65119F6.0F485BF561969C2E5DCD5CEFBFDBC954DA7B8230&key=cms1 689 36588 0 35918 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416373.9306972 1518416373.9623456 32 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C4427EE8E281982994753B043D823ABB4419CBE.10A4CB07BA7B3EA684C7392B3ADB88D5F8951972&key=cms1 - CTU.339.1.Malicious 311 1518416374.165055 1518416374.182767 18 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C4427EE8E281982994753B043D823ABB4419CBE.10A4CB07BA7B3EA684C7392B3ADB88D5F8951972&key=cms1 670 55799 0 55128 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416378.19969 1518416378.2308705 31 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D5E4E455D00AE2226707F068D8867ECDEDEAABA.71222B9E8ADB911F510F7A85685B30582B875F74&key=cms1 - CTU.339.1.Malicious 311 1518416378.4387553 1518416378.4544232 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D5E4E455D00AE2226707F068D8867ECDEDEAABA.71222B9E8ADB911F510F7A85685B30582B875F74&key=cms1 670 48917 0 48246 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 310 1518416383.064027 1518416383.0947652 31 192.168.1.119 - 49649 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B3DA37AB4CFF31093E06BE80A8332C55770D667.35A2D56C4D63C177591434F04EB53D94E6319978&key=cms1 - CTU.339.1.Malicious 311 1518416383.294103 1518416383.3098555 16 192.168.1.119 - 49650 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/RVU1USQe8pY_4277/4277_all_crl-set-1768629367857740100.data.crx3?cms_redirect=yes&expire=1518430783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518415895&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B3DA37AB4CFF31093E06BE80A8332C55770D667.35A2D56C4D63C177591434F04EB53D94E6319978&key=cms1 670 7436 0 6766 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 312 1518416385.3125958 1518416385.3893154 77 192.168.1.119 - 49651 216.58.201.67 443 https://update.googleapis.com/service/update2 1251 944 918 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 313 1518419671.3978693 1518419671.4277287 30 192.168.1.119 - 49652 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 314 1518419671.5258975 1518419671.5586877 33 192.168.1.119 - 49653 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 314 1518419671.736319 1518419671.7707891 34 192.168.1.119 - 49653 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 315 1518421110.7733376 1518421110.8087702 35 192.168.1.119 - 49654 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.12%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 316 1518423273.1218703 1518423273.1551533 33 192.168.1.119 - 49657 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 317 1518423273.2443924 1518423273.2830532 39 192.168.1.119 - 49656 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 316 1518423273.4497943 1518423273.4824002 33 192.168.1.119 - 49657 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 318 1518426874.792151 1518426874.8424716 50 192.168.1.119 - 49660 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 318 1518426874.8463922 1518426875.1016555 255 192.168.1.119 - 49660 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 319 1518426875.8191462 1518426875.8540614 35 192.168.1.119 - 49659 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 320 1518430476.1480105 1518430476.1846247 37 192.168.1.119 - 49663 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 321 1518430476.3699079 1518430476.4554362 86 192.168.1.119 - 49661 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 321 1518430476.6819162 1518430476.7105353 29 192.168.1.119 - 49661 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 322 1518431237.5031838 1518431237.5353892 32 192.168.1.119 - 49672 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 323 1518434076.8468978 1518434076.8814025 35 192.168.1.119 - 49673 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 324 1518434077.0333192 1518434077.064338 31 192.168.1.119 - 49675 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 324 1518434077.0678544 1518434077.3199348 252 192.168.1.119 - 49675 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 325 1518437659.6611607 1518437659.7466662 86 192.168.1.119 - 49676 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 326 1518437677.8200927 1518437677.865127 45 192.168.1.119 - 49678 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 327 1518437678.6435223 1518437678.6776202 34 192.168.1.119 - 49677 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 328 1518437678.8437722 1518437678.8737001 30 192.168.1.119 - 49679 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 329 1518438805.4161453 1518438805.4467797 31 192.168.1.119 - 49680 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.12%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 330 1518441278.942528 1518441279.2002175 258 192.168.1.119 - 49681 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 331 1518441279.4904308 1518441279.5247207 34 192.168.1.119 - 49684 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 331 1518441279.5369978 1518441279.5818832 45 192.168.1.119 - 49684 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 332 1518444880.9435225 1518444880.989009 45 192.168.1.119 - 49685 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 333 1518444880.730859 1518444880.9914463 261 192.168.1.119 - 49686 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 333 1518444881.4136865 1518444881.451267 38 192.168.1.119 - 49686 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 334 1518448482.3306842 1518448482.361919 31 192.168.1.119 - 49688 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 335 1518448483.3784606 1518448483.4086187 30 192.168.1.119 - 49690 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 335 1518448483.418017 1518448483.4479578 30 192.168.1.119 - 49690 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 336 1518452083.696018 1518452083.7330194 37 192.168.1.119 - 49691 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 337 1518452083.9549923 1518452083.9908488 36 192.168.1.119 - 49693 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 337 1518452084.000597 1518452084.0408711 40 192.168.1.119 - 49693 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 338 1518455685.0438566 1518455685.077628 34 192.168.1.119 - 49702 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 339 1518455686.085866 1518455686.1207008 35 192.168.1.119 - 49704 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 340 1518455686.2876923 1518455686.319094 31 192.168.1.119 - 49703 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 341 1518457543.7832232 1518457543.8161762 33 192.168.1.119 - 49705 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.12%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 342 1518459286.4784362 1518459286.5109615 33 192.168.1.119 - 49706 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 343 1518459286.628075 1518459286.6601896 32 192.168.1.119 - 49708 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 344 1518459286.6902852 1518459286.9573722 267 192.168.1.119 - 49707 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 345 1518462887.3559725 1518462887.398438 42 192.168.1.119 - 49709 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 346 1518462888.3746438 1518462888.4169595 42 192.168.1.119 - 49710 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 347 1518462888.4197347 1518462888.6740127 254 192.168.1.119 - 49711 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 348 1518466460.478888 1518466460.7555752 277 192.168.1.119 - 49712 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 349 1518466488.1770642 1518466488.208226 31 192.168.1.119 - 49713 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 350 1518466488.7747436 1518466488.8062758 32 192.168.1.119 - 49714 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 350 1518466488.8297684 1518466488.8613296 32 192.168.1.119 - 49714 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 351 1518470088.9921494 1518470089.0213428 29 192.168.1.119 - 49716 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 351 1518470089.2236094 1518470089.254765 31 192.168.1.119 - 49716 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 352 1518470090.4357712 1518470090.4650755 29 192.168.1.119 - 49715 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 353 1518470355.9842687 1518470356.041423 57 192.168.1.119 - 49718 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2769177034&cup2hreq=84f6119e089a204a67f6c8b1414d832cc272351061ec081bd152217652ad0831 1414 2485 986 1324 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 354 1518470357.6407793 1518470357.6734877 33 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 282 817 0 0 170 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3EA482A37A07F34295F1AA01546E9109FCD96A.6A88F26257725EDDB54B4D264C7F746E72BC7A3F&key=cms1 - CTU.339.1.Malicious 355 1518470358.095198 1518470358.1116931 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3EA482A37A07F34295F1AA01546E9109FCD96A.6A88F26257725EDDB54B4D264C7F746E72BC7A3F&key=cms1 574 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 354 1518470358.6300504 1518470358.663097 33 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=49B251D0D90F87CB7D7FA39052759DF6CE792A17.43D5586AB0D17AB630C72AC19BC1F070F3F9E158&key=cms1 - CTU.339.1.Malicious 355 1518470358.8661125 1518470358.8812482 15 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=49B251D0D90F87CB7D7FA39052759DF6CE792A17.43D5586AB0D17AB630C72AC19BC1F070F3F9E158&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470361.884058 1518470361.9163444 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59D8C88088260A224DF54A2B447205D100895CE2.03608F65C58F521C5784764F0DC413026856E2AC&key=cms1 - CTU.339.1.Malicious 355 1518470362.1189923 1518470362.1563077 37 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59D8C88088260A224DF54A2B447205D100895CE2.03608F65C58F521C5784764F0DC413026856E2AC&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470364.0485518 1518470364.080125 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2CD41FE816C074C25EC1619D05F3129618632F3B.2355BF96B38D2CBE08E1A9404A02A511EE90A9AC&key=cms1 - CTU.339.1.Malicious 355 1518470364.2833047 1518470364.298176 15 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2CD41FE816C074C25EC1619D05F3129618632F3B.2355BF96B38D2CBE08E1A9404A02A511EE90A9AC&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470366.1339993 1518470366.1657321 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=60F1FAB8813FD79D1BCA2D55FF2681EFD82ABBE3.257841D7318B22161F0E7C01B72D6B061DFC2530&key=cms1 - CTU.339.1.Malicious 355 1518470366.3690429 1518470366.3843255 15 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470240&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=60F1FAB8813FD79D1BCA2D55FF2681EFD82ABBE3.257841D7318B22161F0E7C01B72D6B061DFC2530&key=cms1 669 5853 0 5185 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470368.2920363 1518470368.3267057 35 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1482 0 665 264 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=565F219A54502FDB5E1A7AF14DEF2E4584A9EE.6157E6B23B27A51496E545695638729D3ABFC355&key=cms1 - CTU.339.1.Malicious 355 1518470368.5345788 1518470368.550185 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=565F219A54502FDB5E1A7AF14DEF2E4584A9EE.6157E6B23B27A51496E545695638729D3ABFC355&key=cms1 667 4983 0 4315 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470370.3249543 1518470370.358754 34 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=57CE6300FB2AEA0C3CF777871F10910472AFB9C9.3EB65AF77B23180346ED7F3912E818BC5D38CB64&key=cms1 - CTU.339.1.Malicious 355 1518470370.5620387 1518470370.5792065 17 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=57CE6300FB2AEA0C3CF777871F10910472AFB9C9.3EB65AF77B23180346ED7F3912E818BC5D38CB64&key=cms1 669 4184 0 3516 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470372.4456897 1518470372.475886 30 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A0D76C80507843DB468C1068D96C482BB2E7D0F.5ECBC97F6CDA38F128352FC686BE8DE0546AA086&key=cms1 - CTU.339.1.Malicious 355 1518470372.6791923 1518470372.696877 18 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A0D76C80507843DB468C1068D96C482BB2E7D0F.5ECBC97F6CDA38F128352FC686BE8DE0546AA086&key=cms1 669 8324 0 7656 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470374.506524 1518470374.5368466 30 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=229EB0D7894CAE0DBC5720F07AE9DC70E3DAD5FA.7329837E79B5FA22A7A5F7FDFC03A3471640BD1B&key=cms1 - CTU.339.1.Malicious 355 1518470374.7431939 1518470374.7591655 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=229EB0D7894CAE0DBC5720F07AE9DC70E3DAD5FA.7329837E79B5FA22A7A5F7FDFC03A3471640BD1B&key=cms1 669 15479 0 14810 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470377.24833 1518470377.2783246 30 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=25D178BFE8D72988F48C69EEF08EDE93E3331974.6C968DF56F17EE9E7F710523EBC7341A08B32166&key=cms1 - CTU.339.1.Malicious 355 1518470377.4810808 1518470377.496888 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=25D178BFE8D72988F48C69EEF08EDE93E3331974.6C968DF56F17EE9E7F710523EBC7341A08B32166&key=cms1 669 13003 0 12334 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470379.7672117 1518470379.8010628 34 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3AC71764BAF82EAD4AFDFAE5C982A8FC16BCA33C.248F78022291F50A74D0975C0435D06436748F87&key=cms1 - CTU.339.1.Malicious 355 1518470380.0033562 1518470380.0190682 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3AC71764BAF82EAD4AFDFAE5C982A8FC16BCA33C.248F78022291F50A74D0975C0435D06436748F87&key=cms1 669 11163 0 10494 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470380.8107553 1518470380.841964 31 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7437DB189F25F6A7EE01A963FDC67E6E18D29D30.0D40CD83CB45E9A4C8006C59CDA38A4FC5B1A827&key=cms1 - CTU.339.1.Malicious 355 1518470381.0458653 1518470381.0603504 14 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7437DB189F25F6A7EE01A963FDC67E6E18D29D30.0D40CD83CB45E9A4C8006C59CDA38A4FC5B1A827&key=cms1 669 10235 0 9567 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470381.860811 1518470381.8931122 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D608AEA0F8053A0601E0920E20DC4B742F82F88.258AAF57AA3C3A9765A500AAB62C52BAB2CC126C&key=cms1 - CTU.339.1.Malicious 355 1518470382.099399 1518470382.1143384 15 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D608AEA0F8053A0601E0920E20DC4B742F82F88.258AAF57AA3C3A9765A500AAB62C52BAB2CC126C&key=cms1 669 9886 0 9218 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470383.912351 1518470383.9442892 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5164E9E906E1C03B97AAF60412A2D9B1140084AC.7DED9CE84C949D143604BAEE73084942274C8F3B&key=cms1 - CTU.339.1.Malicious 355 1518470384.147375 1518470384.1638188 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5164E9E906E1C03B97AAF60412A2D9B1140084AC.7DED9CE84C949D143604BAEE73084942274C8F3B&key=cms1 669 10641 0 9973 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470384.961014 1518470384.9928272 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=53B60499765ACA9B63D63C7604DCBF08D77E8361.048DD9E4671E7051006368961F934B9E000B91FF&key=cms1 - CTU.339.1.Malicious 355 1518470385.19195 1518470385.2079444 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=53B60499765ACA9B63D63C7604DCBF08D77E8361.048DD9E4671E7051006368961F934B9E000B91FF&key=cms1 670 10165 0 9496 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470386.0110328 1518470386.042759 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=08377CF48B276D2BA2F611DDB29E75083A423C5C.4D19C6CE94A81274C43120C1BE0E564609D7B340&key=cms1 - CTU.339.1.Malicious 355 1518470386.249207 1518470386.265503 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=08377CF48B276D2BA2F611DDB29E75083A423C5C.4D19C6CE94A81274C43120C1BE0E564609D7B340&key=cms1 671 10073 0 9403 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470387.0612617 1518470387.09339 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44933D17C9A18A51D065A8EAC13C76A4C292E920.7D6703FD569E5A1DD20F7CF4C00E88122EB14FF7&key=cms1 - CTU.339.1.Malicious 355 1518470387.2958043 1518470387.310834 15 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44933D17C9A18A51D065A8EAC13C76A4C292E920.7D6703FD569E5A1DD20F7CF4C00E88122EB14FF7&key=cms1 671 9973 0 9303 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470388.1114976 1518470388.1430144 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=090DE68457776C3CD14F9E42436BA5F03238DD9E.1468FD8C4E661B476A558AF8E4A428FC4066C4D2&key=cms1 - CTU.339.1.Malicious 355 1518470388.3410285 1518470388.357429 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=090DE68457776C3CD14F9E42436BA5F03238DD9E.1468FD8C4E661B476A558AF8E4A428FC4066C4D2&key=cms1 671 9056 0 8386 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470389.1667824 1518470389.2006807 34 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1FF53F56C099F00E693E6B3008A459AF0FA29201.1745592E8E9702A6005A86886461F190253B4800&key=cms1 - CTU.339.1.Malicious 355 1518470389.4078722 1518470389.4241166 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1FF53F56C099F00E693E6B3008A459AF0FA29201.1745592E8E9702A6005A86886461F190253B4800&key=cms1 671 8708 0 8038 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470390.2241328 1518470390.2559702 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=690EEA38BE0E26F8883B4061AC6871D7048A2426.0F538D81CAA3654AAD1E192458999EECF1A2AB7E&key=cms1 - CTU.339.1.Malicious 355 1518470390.4536018 1518470390.4695063 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=690EEA38BE0E26F8883B4061AC6871D7048A2426.0F538D81CAA3654AAD1E192458999EECF1A2AB7E&key=cms1 671 8347 0 7677 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470392.285707 1518470392.3171098 31 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7C83110BCC1753286959C85589A91DE13A292330.5AFFA2B00BB67EFFC3C4FF957B492A1F59CF44BD&key=cms1 - CTU.339.1.Malicious 355 1518470392.5202003 1518470392.5362487 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7C83110BCC1753286959C85589A91DE13A292330.5AFFA2B00BB67EFFC3C4FF957B492A1F59CF44BD&key=cms1 671 16649 0 15978 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470394.9227102 1518470394.9531279 30 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1353DD26FFB111E3B27B239D4EBEEF33B01B7AD4.1FC319F619213A135F5FB524C1E806BA4FE17719&key=cms1 - CTU.339.1.Malicious 355 1518470395.155308 1518470395.1718495 17 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1353DD26FFB111E3B27B239D4EBEEF33B01B7AD4.1FC319F619213A135F5FB524C1E806BA4FE17719&key=cms1 671 14266 0 13595 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470396.5677395 1518470396.6009161 33 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33336239E547379D8C8AC633E2B79894AC7F522C.53E30295FE2A0973B499E703791FD9513EFAB63A&key=cms1 - CTU.339.1.Malicious 355 1518470396.8065822 1518470396.8224874 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33336239E547379D8C8AC633E2B79894AC7F522C.53E30295FE2A0973B499E703791FD9513EFAB63A&key=cms1 671 12432 0 11761 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470399.2400064 1518470399.2717695 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0BD5BB9A72551E572EB06102D2A4D976BE8E849B.30A5379B17F6EC81CAB4A8411DD4894D8259BD4B&key=cms1 - CTU.339.1.Malicious 355 1518470399.4744678 1518470399.4912426 17 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0BD5BB9A72551E572EB06102D2A4D976BE8E849B.30A5379B17F6EC81CAB4A8411DD4894D8259BD4B&key=cms1 671 10732 0 10061 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470400.2863562 1518470400.31791 32 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=48B0FF50E5246066DFD2BBBE9DF0EBD0BFBB4DEE.1C24011A108E5CEF6BC03D605D8720BC92370424&key=cms1 - CTU.339.1.Malicious 355 1518470400.5261664 1518470400.5419364 16 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=48B0FF50E5246066DFD2BBBE9DF0EBD0BFBB4DEE.1C24011A108E5CEF6BC03D605D8720BC92370424&key=cms1 671 10335 0 9665 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 354 1518470402.3351598 1518470402.369116 34 192.168.1.119 - 49719 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3F848B1792D3376968A462541058E556728CBEF3.66526ECDAE4C7C2B2B48DC3F72283C62BA605D9F&key=cms1 - CTU.339.1.Malicious 355 1518470402.5721395 1518470402.5874798 15 192.168.1.119 - 49720 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIW0EOxsMhMK_4278/4278_all_crl-set-5526184483436765531.data.crx3?cms_redirect=yes&expire=1518484802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518470065&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3F848B1792D3376968A462541058E556728CBEF3.66526ECDAE4C7C2B2B48DC3F72283C62BA605D9F&key=cms1 671 10656 0 9986 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 356 1518470405.715907 1518470405.7954204 80 192.168.1.119 - 49721 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 357 1518473690.327153 1518473690.3566158 29 192.168.1.119 - 49723 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 358 1518473690.5451577 1518473690.5736012 28 192.168.1.119 - 49722 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 359 1518473690.7590826 1518473690.7892292 30 192.168.1.119 - 49724 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 360 1518474489.5165224 1518474489.566948 50 192.168.1.119 - 49733 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 361 1518477241.93992 1518477241.9727128 33 192.168.1.119 - 49734 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.12%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 362 1518477291.8466737 1518477291.8907008 44 192.168.1.119 - 49737 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 363 1518477292.8319957 1518477293.0567482 225 192.168.1.119 - 49735 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 364 1518477293.0475097 1518477293.2703984 223 192.168.1.119 - 49736 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 365 1518480893.2744405 1518480893.3098426 35 192.168.1.119 - 49738 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 366 1518480893.601497 1518480893.6305914 29 192.168.1.119 - 49740 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 366 1518480893.6341884 1518480893.8829932 249 192.168.1.119 - 49740 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 367 1518484494.425092 1518484494.4572484 32 192.168.1.119 - 49741 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 368 1518484495.4508862 1518484495.4811223 30 192.168.1.119 - 49743 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 369 1518484495.6718059 1518484495.7024372 31 192.168.1.119 - 49742 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 370 1518488095.9812481 1518488096.013794 33 192.168.1.119 - 49745 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 371 1518488095.973028 1518488096.1929195 220 192.168.1.119 - 49744 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 372 1518488096.2248657 1518488096.2577608 33 192.168.1.119 - 49746 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 373 1518491697.328912 1518491697.3656545 37 192.168.1.119 - 49748 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 374 1518491697.38967 1518491697.4214072 32 192.168.1.119 - 49749 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 374 1518491697.6298442 1518491697.6609118 31 192.168.1.119 - 49749 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 375 1518495203.4332616 1518495203.4573812 24 192.168.1.119 - 49754 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 375 1518495204.027188 1518495204.051923 25 192.168.1.119 - 49754 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6427 0 6132 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 375 1518495204.4675753 1518495204.4942713 27 192.168.1.119 - 49754 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6943 0 6662 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 376 1518495261.4606965 1518495261.5433419 83 192.168.1.119 - 49756 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 377 1518495298.319634 1518495298.354514 35 192.168.1.119 - 49757 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 378 1518495299.3243012 1518495299.3585303 34 192.168.1.119 - 49758 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 379 1518495299.5440142 1518495299.5725431 29 192.168.1.119 - 49759 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 380 1518495549.267062 1518495549.2983284 31 192.168.1.119 - 49768 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.12%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 381 1518495552.9398952 1518495552.9780939 38 192.168.1.119 - 49769 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 382 1518496112.7449713 1518496112.7770977 32 192.168.1.119 - 49770 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 383 1518498899.2851968 1518498899.3209078 36 192.168.1.119 - 49771 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 384 1518498899.680428 1518498899.7088988 28 192.168.1.119 - 49772 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 384 1518498899.9987364 1518498900.0279837 29 192.168.1.119 - 49772 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 385 1518502500.674932 1518502500.7073724 32 192.168.1.119 - 49774 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 385 1518502500.917936 1518502500.9566815 39 192.168.1.119 - 49774 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 386 1518502501.6972418 1518502501.729994 33 192.168.1.119 - 49773 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 387 1518506101.6453433 1518506101.678572 33 192.168.1.119 - 49776 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 388 1518506101.8436518 1518506101.883602 40 192.168.1.119 - 49777 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 389 1518506102.0263152 1518506102.0620115 36 192.168.1.119 - 49778 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 390 1518509702.7129276 1518509702.7435513 31 192.168.1.119 - 49781 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 390 1518509702.9448855 1518509702.985347 40 192.168.1.119 - 49781 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 391 1518509704.1317067 1518509704.1731668 41 192.168.1.119 - 49780 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 392 1518513303.8778372 1518513303.9127402 35 192.168.1.119 - 49783 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 392 1518513304.1229196 1518513304.1565669 34 192.168.1.119 - 49783 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 393 1518513304.4616244 1518513304.4981904 37 192.168.1.119 - 49784 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 394 1518514508.2225075 1518514508.2552168 33 192.168.1.119 - 49785 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.13%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 395 1518516905.2341218 1518516905.2697892 36 192.168.1.119 - 49786 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 395 1518516905.677522 1518516905.7111948 34 192.168.1.119 - 49786 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 396 1518516906.2386885 1518516906.2740886 35 192.168.1.119 - 49788 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 397 1518517732.8034286 1518517732.8476176 44 192.168.1.119 - 49793 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 398 1518520506.379817 1518520506.4170802 37 192.168.1.119 - 49794 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 399 1518520506.59215 1518520506.6439981 52 192.168.1.119 - 49796 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 398 1518520506.626533 1518520506.6653252 39 192.168.1.119 - 49794 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 400 1518524062.171606 1518524062.375477 204 192.168.1.119 - 49797 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 401 1518524107.725596 1518524107.7513206 26 192.168.1.119 - 49798 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 401 1518524108.162102 1518524108.195331 33 192.168.1.119 - 49798 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 402 1518524108.9533257 1518524108.9926906 39 192.168.1.119 - 49800 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 403 1518524355.7586577 1518524355.7989616 40 192.168.1.119 - 49801 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:286362969&cup2hreq=8600fbb3e61884369c5a273d37b5173d399f0c15f87cb3e02d94cb23ba6803c7 1413 2486 986 1325 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 404 1518524357.4402945 1518524357.4719567 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 283 820 0 0 170 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0E5CA45D49B361B157D43072E970AD49D4579814.358789A6C55E84BFE36B80B209428EC504D6526F&key=cms1 - CTU.339.1.Malicious 405 1518524357.8727312 1518524357.890934 18 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0E5CA45D49B361B157D43072E970AD49D4579814.358789A6C55E84BFE36B80B209428EC504D6526F&key=cms1 577 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 404 1518524358.3399315 1518524358.3717191 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 371 1488 0 668 259 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6368043528F6DC207C9F8680AFCDCE6E725BEA22.172B6FA2392DA3A0D32C5C1D651925A1CBBF9FC6&key=cms1 - CTU.339.1.Malicious 405 1518524358.9574642 1518524358.9722712 15 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6368043528F6DC207C9F8680AFCDCE6E725BEA22.172B6FA2392DA3A0D32C5C1D651925A1CBBF9FC6&key=cms1 665 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524361.5366836 1518524361.5709136 34 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 374 1488 0 668 262 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=228C28644DA052E78FC2A527BE8A1AA51CF09618.1A54CF2A89CC98FA44F094100D85023E4BB2637B&key=cms1 - CTU.339.1.Malicious 405 1518524361.7737818 1518524361.789555 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=228C28644DA052E78FC2A527BE8A1AA51CF09618.1A54CF2A89CC98FA44F094100D85023E4BB2637B&key=cms1 668 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524363.7217438 1518524363.7523699 31 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 375 1488 0 668 263 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=631D39A617C5F14439C055F2E406831A600D2E1F.557464C32DC445A71ABD456B0E32872608FF43A2&key=cms1 - CTU.339.1.Malicious 405 1518524363.9559085 1518524363.96888 13 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=631D39A617C5F14439C055F2E406831A600D2E1F.557464C32DC445A71ABD456B0E32872608FF43A2&key=cms1 669 6442 0 5775 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524365.804716 1518524365.836201 31 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4BB68A6117D0ED51F36B79147FD316D9D3ED5C45.6E6DF2F8201D5BA5775213D388CFB6A66B60B144&key=cms1 - CTU.339.1.Malicious 405 1518524366.0391157 1518524366.0557675 17 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4BB68A6117D0ED51F36B79147FD316D9D3ED5C45.6E6DF2F8201D5BA5775213D388CFB6A66B60B144&key=cms1 670 14641 0 13972 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524367.4166985 1518524367.4466405 30 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7D93C924138937B2CB5C6F90D000FF8C689A7008.170DC3DD248983B66AC4D9A5B2E628C4456615B9&key=cms1 - CTU.339.1.Malicious 405 1518524367.6526556 1518524367.6693895 17 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7D93C924138937B2CB5C6F90D000FF8C689A7008.170DC3DD248983B66AC4D9A5B2E628C4456615B9&key=cms1 670 11303 0 10634 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524368.4601057 1518524368.491798 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63539FED668396CB43204932F8C9C108C4C1FA86.53109171BFE125D40673377D5ED93313E0C35E53&key=cms1 - CTU.339.1.Malicious 405 1518524368.6967514 1518524368.7120647 15 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63539FED668396CB43204932F8C9C108C4C1FA86.53109171BFE125D40673377D5ED93313E0C35E53&key=cms1 670 10389 0 9721 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524369.508447 1518524369.5399349 31 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2117148FE7D057EF90105D08D20DA83F9ACBA19F.3058F091D7E80940D86AE2E3A817B7991D4F4077&key=cms1 - CTU.339.1.Malicious 405 1518524369.7418642 1518524369.7571242 15 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2117148FE7D057EF90105D08D20DA83F9ACBA19F.3058F091D7E80940D86AE2E3A817B7991D4F4077&key=cms1 670 10108 0 9440 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524370.557541 1518524370.5895934 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=37707BB1A3FCAB509E9B7D1C3F3BB3E22E30CDD0.2293B3DBE505A54D65DA676915B22ABC4A77EEA1&key=cms1 - CTU.339.1.Malicious 405 1518524370.7980905 1518524370.814151 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=37707BB1A3FCAB509E9B7D1C3F3BB3E22E30CDD0.2293B3DBE505A54D65DA676915B22ABC4A77EEA1&key=cms1 670 9742 0 9074 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524371.6093006 1518524371.6394024 30 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=608AC4DDA19C040FF2452E91F31698D5AD568396.EF0944F4CBC8ECC02BE28EDAB1F4C84ED33688&key=cms1 - CTU.339.1.Malicious 405 1518524371.8432071 1518524371.859431 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=608AC4DDA19C040FF2452E91F31698D5AD568396.EF0944F4CBC8ECC02BE28EDAB1F4C84ED33688&key=cms1 668 9337 0 8669 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524372.663195 1518524372.6955132 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52BA0D1F179E8C634CA8D2329AC0EF0FBD48B70E.319A410D0F45F38A285C8416BD0D0625F5A7EE40&key=cms1 - CTU.339.1.Malicious 405 1518524372.8973224 1518524372.9136887 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52BA0D1F179E8C634CA8D2329AC0EF0FBD48B70E.319A410D0F45F38A285C8416BD0D0625F5A7EE40&key=cms1 670 8540 0 7872 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524373.721153 1518524373.7525065 31 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1EDC34E6A46D567068161B59DF829BA9376FB8CB.80131B8E50A7F16968D611C2402162E41AC86D32&key=cms1 - CTU.339.1.Malicious 405 1518524373.9527445 1518524373.9635038 11 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1EDC34E6A46D567068161B59DF829BA9376FB8CB.80131B8E50A7F16968D611C2402162E41AC86D32&key=cms1 670 8048 0 7380 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524374.7835848 1518524374.8159747 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=607022B4CE1356D00C4F6A97DD276B1157B5472E.6272E6F7C9C850132E80794CC24E8F1B6663DEFA&key=cms1 - CTU.339.1.Malicious 405 1518524375.0185144 1518524375.0350797 17 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=607022B4CE1356D00C4F6A97DD276B1157B5472E.6272E6F7C9C850132E80794CC24E8F1B6663DEFA&key=cms1 670 7560 0 6892 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524376.8513563 1518524376.8840487 33 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 377 1488 0 668 265 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2C74DC7D17E0F86FDEAD1372AC3C05D8F03CF56D.207170B2ADEEE823C7B80F6155C4DFFC872D6022&key=cms1 - CTU.339.1.Malicious 405 1518524377.0872452 1518524377.102875 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2C74DC7D17E0F86FDEAD1372AC3C05D8F03CF56D.207170B2ADEEE823C7B80F6155C4DFFC872D6022&key=cms1 671 6316 0 5647 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524378.934716 1518524378.9655259 31 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4D31ADF4F44B239BEAEE45D90702B45D85BB7F73.44C2F68B6F0C9AEFE0B4B77B567325D6C432511E&key=cms1 - CTU.339.1.Malicious 405 1518524379.1679924 1518524379.1835582 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4D31ADF4F44B239BEAEE45D90702B45D85BB7F73.44C2F68B6F0C9AEFE0B4B77B567325D6C432511E&key=cms1 672 5003 0 4333 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524380.036013 1518524380.0661283 30 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82B0E2DB99F43B631DFC38A124CB3416BAC6C7ED.4FD6E7C469716E734EF506CEE61D2A97A41A314D&key=cms1 - CTU.339.1.Malicious 405 1518524380.259791 1518524380.2758393 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82B0E2DB99F43B631DFC38A124CB3416BAC6C7ED.4FD6E7C469716E734EF506CEE61D2A97A41A314D&key=cms1 672 9962 0 9292 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524381.086539 1518524381.1197438 33 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=194F9B4E8EC77DFF8D3183836387EA928A1DDC1A.52A931C7121EF10054E4C3A39BB4BFBC6C35E0C7&key=cms1 - CTU.339.1.Malicious 405 1518524381.3252504 1518524381.3411348 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=194F9B4E8EC77DFF8D3183836387EA928A1DDC1A.52A931C7121EF10054E4C3A39BB4BFBC6C35E0C7&key=cms1 672 9543 0 8873 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524383.1396792 1518524383.1718662 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=75A5F89C0FC554DE6C33BEAB6E11301BB0357493.7DFA531D066354CBE025184A8D0B09671BE5464C&key=cms1 - CTU.339.1.Malicious 405 1518524383.3729374 1518524383.3908355 18 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=75A5F89C0FC554DE6C33BEAB6E11301BB0357493.7DFA531D066354CBE025184A8D0B09671BE5464C&key=cms1 672 18104 0 17433 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524385.7925599 1518524385.8227644 30 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D84FECD4F0BB678B444B4C751F7CE86185F2B5A.45EF21EFF8894D3E164A55C019E9ED1E0F46F5B2&key=cms1 - CTU.339.1.Malicious 405 1518524386.0261252 1518524386.0420399 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D84FECD4F0BB678B444B4C751F7CE86185F2B5A.45EF21EFF8894D3E164A55C019E9ED1E0F46F5B2&key=cms1 672 15546 0 14875 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524387.4469957 1518524387.4794643 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1501FD9F8A29CE33E090FD41DDE28DBC1BF69EFE.24AB8B507A7EFCC18A3DAD3A4A1A21F960248633&key=cms1 - CTU.339.1.Malicious 405 1518524387.6865928 1518524387.7023382 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1501FD9F8A29CE33E090FD41DDE28DBC1BF69EFE.24AB8B507A7EFCC18A3DAD3A4A1A21F960248633&key=cms1 672 13569 0 12898 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524390.122015 1518524390.154084 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3546BAD91E7821AA688155D47FC61FDA2B9E781F.1E0FE5DC4770A7BDEBE2BD5D22AD61C6CA4F7FDE&key=cms1 - CTU.339.1.Malicious 405 1518524390.3519578 1518524390.3693633 17 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3546BAD91E7821AA688155D47FC61FDA2B9E781F.1E0FE5DC4770A7BDEBE2BD5D22AD61C6CA4F7FDE&key=cms1 672 11757 0 11086 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524391.1634204 1518524391.1952932 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=177D9E4A9DF4EDF556DEECE05D8068A884161346.6A7A8F66E077D937B722BC2BBEC6A11DD82615C7&key=cms1 - CTU.339.1.Malicious 405 1518524391.397592 1518524391.4140599 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=177D9E4A9DF4EDF556DEECE05D8068A884161346.6A7A8F66E077D937B722BC2BBEC6A11DD82615C7&key=cms1 672 10811 0 10140 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524392.2099116 1518524392.2407477 31 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=83A50208BD00C5CFB8B4763B435A8B77EB699F46.7DDFD9219A5C516D1936F065D77228678374FF5E&key=cms1 - CTU.339.1.Malicious 405 1518524392.4406147 1518524392.4581137 17 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=83A50208BD00C5CFB8B4763B435A8B77EB699F46.7DDFD9219A5C516D1936F065D77228678374FF5E&key=cms1 672 10507 0 9837 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524393.2575786 1518524393.289386 32 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3D1D504BF6A90408C4AA866C0B7822C64159432D.7F538B7826F2114613467F844F446214FC99FAF4&key=cms1 - CTU.339.1.Malicious 405 1518524393.4930458 1518524393.5082686 15 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3D1D504BF6A90408C4AA866C0B7822C64159432D.7F538B7826F2114613467F844F446214FC99FAF4&key=cms1 672 10402 0 9732 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524394.306183 1518524394.339476 33 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=151BEBEA5FC50D742D450D2FCED7B3D790CD0E42.5D096202D1F64526A0EFAC33BCAE078A16D59D9E&key=cms1 - CTU.339.1.Malicious 405 1518524394.549391 1518524394.5650816 16 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=151BEBEA5FC50D742D450D2FCED7B3D790CD0E42.5D096202D1F64526A0EFAC33BCAE078A16D59D9E&key=cms1 672 10254 0 9584 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 404 1518524396.3549464 1518524396.3850691 30 192.168.1.119 - 49802 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4D2E6617E319292615C303D4094105B850A421D7.4606990794FB9CBCDAA1DEEF0B06D552970C38F2&key=cms1 - CTU.339.1.Malicious 405 1518524396.5889907 1518524396.6070707 18 192.168.1.119 - 49803 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOK-RaSoJbpl_4280/4280_all_crl-set-17035447139217683288.data.crx3?cms_redirect=yes&expire=1518538796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518524312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4D2E6617E319292615C303D4094105B850A421D7.4606990794FB9CBCDAA1DEEF0B06D552970C38F2&key=cms1 672 4639 0 3969 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 406 1518524397.4892817 1518524397.5271297 38 192.168.1.119 - 49804 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 407 1518527708.6658452 1518527708.9099522 244 192.168.1.119 - 49806 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 408 1518527708.670585 1518527708.9259472 255 192.168.1.119 - 49805 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 409 1518527709.2833276 1518527709.316541 33 192.168.1.119 - 49807 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 410 1518531309.8064044 1518531309.8419435 36 192.168.1.119 - 49808 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 411 1518531310.0226243 1518531310.0636237 41 192.168.1.119 - 49810 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 410 1518531310.2449224 1518531310.2854843 41 192.168.1.119 - 49808 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 412 1518534198.937357 1518534198.9667125 29 192.168.1.119 - 49811 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.13%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 413 1518534911.4462736 1518534911.4775991 31 192.168.1.119 - 49814 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 414 1518534912.447118 1518534912.4833767 36 192.168.1.119 - 49813 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 415 1518534912.6664588 1518534912.6989586 32 192.168.1.119 - 49812 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 416 1518538512.810763 1518538512.8465362 36 192.168.1.119 - 49815 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 417 1518538513.0098114 1518538513.0448322 35 192.168.1.119 - 49817 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 417 1518538513.254591 1518538513.3150158 60 192.168.1.119 - 49817 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 418 1518539358.6315002 1518539358.6672616 36 192.168.1.119 - 49822 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 419 1518542114.1359324 1518542114.175396 39 192.168.1.119 - 49823 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 420 1518542115.1372445 1518542115.3765562 239 192.168.1.119 - 49824 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 421 1518542115.3599412 1518542115.3921075 32 192.168.1.119 - 49825 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 422 1518545715.4716325 1518545715.508148 37 192.168.1.119 - 49826 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 423 1518545715.6875508 1518545715.75098 63 192.168.1.119 - 49827 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 423 1518545715.797143 1518545715.829317 32 192.168.1.119 - 49827 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 424 1518549316.4593976 1518549316.490556 31 192.168.1.119 - 49830 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 424 1518549316.7084265 1518549316.740035 32 192.168.1.119 - 49830 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 425 1518549317.4732397 1518549317.5058794 33 192.168.1.119 - 49828 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 426 1518552863.664302 1518552863.8015 137 192.168.1.119 - 49831 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 427 1518552917.7040138 1518552917.7562132 52 192.168.1.119 - 49832 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 428 1518552917.917363 1518552917.9466164 29 192.168.1.119 - 49833 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 429 1518552918.0502613 1518552918.0838206 34 192.168.1.119 - 49835 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 430 1518553063.0549288 1518553063.0833027 28 192.168.1.119 - 49836 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.13%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 431 1518556519.3586826 1518556519.3872092 29 192.168.1.119 - 49837 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 431 1518556519.4781778 1518556519.514154 36 192.168.1.119 - 49837 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 432 1518556519.9357138 1518556519.9724984 37 192.168.1.119 - 49839 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 433 1518560120.612973 1518560120.6420465 29 192.168.1.119 - 49840 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 433 1518560120.8449664 1518560120.8757255 31 192.168.1.119 - 49840 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 434 1518560121.6287928 1518560121.6586268 30 192.168.1.119 - 49842 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 435 1518560987.3322344 1518560987.360473 28 192.168.1.119 - 49846 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 436 1518563721.9495246 1518563721.9786563 29 192.168.1.119 - 49847 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 436 1518563722.390798 1518563722.4244971 34 192.168.1.119 - 49847 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 437 1518563722.9731836 1518563723.0078018 35 192.168.1.119 - 49849 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 438 1518567323.506834 1518567323.5361686 29 192.168.1.119 - 49850 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 438 1518567323.9466298 1518567323.9787133 32 192.168.1.119 - 49850 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 439 1518567324.758091 1518567324.795565 37 192.168.1.119 - 49852 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 440 1518570924.5105236 1518570924.5381885 28 192.168.1.119 - 49854 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 441 1518570924.72245 1518570924.7561717 34 192.168.1.119 - 49853 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 442 1518570925.0900834 1518570925.1206765 31 192.168.1.119 - 49855 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 443 1518571847.575633 1518571847.6055322 30 192.168.1.119 - 49856 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.13%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 444 1518571851.3582835 1518571851.383734 25 192.168.1.119 - 49857 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 445 1518574526.0640726 1518574526.0957768 32 192.168.1.119 - 49860 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 446 1518574527.0682628 1518574527.0962052 28 192.168.1.119 - 49859 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 447 1518574527.287416 1518574527.3171358 30 192.168.1.119 - 49858 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 448 1518578127.02698 1518578127.0605032 34 192.168.1.119 - 49861 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 449 1518578127.6151755 1518578127.6482344 33 192.168.1.119 - 49862 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 450 1518578127.854221 1518578127.8855517 31 192.168.1.119 - 49863 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 451 1518578356.1122622 1518578356.2190385 107 192.168.1.119 - 49864 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:889994095&cup2hreq=825c1a41d688ee1ca6fdd1e346f49cd5899578193549d8eeb0abdca5d1d371e7 1413 2483 986 1318 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 452 1518578357.9189177 1518578357.9513526 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 281 818 0 0 170 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=84932018BECFCFB726556A2EC32458048CE6A989.0923835A7F2C2156312CAE8A75F4F0BBDD618442&key=cms1 - CTU.339.1.Malicious 453 1518578358.2096157 1518578358.2267697 17 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=84932018BECFCFB726556A2EC32458048CE6A989.0923835A7F2C2156312CAE8A75F4F0BBDD618442&key=cms1 575 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 452 1518578359.940552 1518578359.9713736 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 369 1484 0 666 259 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44432E627D6736A973380D564EE64A5CE9F9BBEA.1A12EB536EC2902FB4B7F76894A4BE1BCAB03E64&key=cms1 - CTU.339.1.Malicious 453 1518578360.1744776 1518578360.189278 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44432E627D6736A973380D564EE64A5CE9F9BBEA.1A12EB536EC2902FB4B7F76894A4BE1BCAB03E64&key=cms1 663 3155 0 2492 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578363.1958787 1518578363.2263434 30 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 372 1484 0 666 262 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2CA03636FB0365A82472D01A3B6F23786A175A89.643924A405F71610A7E97AADD4418028906D4B58&key=cms1 - CTU.339.1.Malicious 453 1518578363.4296992 1518578363.4445462 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2CA03636FB0365A82472D01A3B6F23786A175A89.643924A405F71610A7E97AADD4418028906D4B58&key=cms1 666 3243 0 2577 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578365.3573117 1518578365.3877878 30 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 373 1484 0 666 263 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3FF28EBD9C9DBD981EC5C6B31B0C02604946624E.316A64983B2C07AF1C753D6A6E79581764E74ADB&key=cms1 - CTU.339.1.Malicious 453 1518578365.5903945 1518578365.6056967 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3FF28EBD9C9DBD981EC5C6B31B0C02604946624E.316A64983B2C07AF1C753D6A6E79581764E74ADB&key=cms1 667 6444 0 5777 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578367.4407024 1518578367.4731734 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=243AF7CB7AE8387C7E104F36FD8116CC29402A87.3FEBEFD7DBF51D4F3E1D789D14899E760142B10E&key=cms1 - CTU.339.1.Malicious 453 1518578367.6997967 1518578367.7156255 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=243AF7CB7AE8387C7E104F36FD8116CC29402A87.3FEBEFD7DBF51D4F3E1D789D14899E760142B10E&key=cms1 668 5833 0 5165 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578369.5442557 1518578369.5762258 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44CCFC13E2EA56712344E7964868A591EC4BE40B.83ECB7540E6F59CC15AAC8676A527F5CA2E56FB5&key=cms1 - CTU.339.1.Malicious 453 1518578369.7939923 1518578369.8087902 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578250&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44CCFC13E2EA56712344E7964868A591EC4BE40B.83ECB7540E6F59CC15AAC8676A527F5CA2E56FB5&key=cms1 668 4407 0 3739 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578371.6391854 1518578371.7008655 62 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5F4BEF937EF15D8EAC27C2E8541C5335D1C7F4CF.385D444A41930F4DA51480DC8FB717F35DA3060F&key=cms1 - CTU.339.1.Malicious 453 1518578371.9040017 1518578371.9222317 18 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5F4BEF937EF15D8EAC27C2E8541C5335D1C7F4CF.385D444A41930F4DA51480DC8FB717F35DA3060F&key=cms1 668 3460 0 2792 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578372.785795 1518578372.8164308 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=840C68784B98BFBD36548B97918802A93E78D3EA.10C96F54D63691D5D18726F190A2CE106B906CC9&key=cms1 - CTU.339.1.Malicious 453 1518578373.0193386 1518578373.0345368 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=840C68784B98BFBD36548B97918802A93E78D3EA.10C96F54D63691D5D18726F190A2CE106B906CC9&key=cms1 668 6875 0 6207 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578373.8593285 1518578373.8901455 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=01EB0D8B3D3B31F9C396D2A05A281252B3747FE7.068E535BE7B80894D612A0A04BC2450EEF8CE704&key=cms1 - CTU.339.1.Malicious 453 1518578374.091892 1518578374.1078215 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=01EB0D8B3D3B31F9C396D2A05A281252B3747FE7.068E535BE7B80894D612A0A04BC2450EEF8CE704&key=cms1 668 6071 0 5403 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578375.9417973 1518578375.9732268 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4B36431A82637FB2AF70BC1CBCDA325DCB1E2945.49235B98943AA387B2DD026155205E324A6370F2&key=cms1 - CTU.339.1.Malicious 453 1518578376.1920342 1518578376.2070894 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4B36431A82637FB2AF70BC1CBCDA325DCB1E2945.49235B98943AA387B2DD026155205E324A6370F2&key=cms1 688 5206 0 4538 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578378.0386178 1518578378.0697696 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68C86738E7D6B35249E9FE094C23C58F28026491.30361965F2CF5C262A00C99A1374F141B04D6777&key=cms1 - CTU.339.1.Malicious 453 1518578378.271902 1518578378.287629 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68C86738E7D6B35249E9FE094C23C58F28026491.30361965F2CF5C262A00C99A1374F141B04D6777&key=cms1 668 3939 0 3271 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578380.1674328 1518578380.200011 33 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=24B94583F5929449C502F37B49E2D20C84C0DD1D.1B511937553626888C7D720A3AF567F5435276D6&key=cms1 - CTU.339.1.Malicious 453 1518578380.4026072 1518578380.4194913 17 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=24B94583F5929449C502F37B49E2D20C84C0DD1D.1B511937553626888C7D720A3AF567F5435276D6&key=cms1 668 7833 0 7165 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578382.231934 1518578382.2637668 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2204EE57F7BD7FDCAE94850FDDB66D0B321E4B8A.3B20410653075186E1779CAACE1DCE91F6EAD1C1&key=cms1 - CTU.339.1.Malicious 453 1518578382.4679728 1518578382.4845567 17 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2204EE57F7BD7FDCAE94850FDDB66D0B321E4B8A.3B20410653075186E1779CAACE1DCE91F6EAD1C1&key=cms1 668 6472 0 5804 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578384.3098428 1518578384.3413877 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47246BF85ED380F4F5505945E8F11F5971F688F1.0D18ECDF3FBEE2EA5315A4FD7EBA673586AD1236&key=cms1 - CTU.339.1.Malicious 453 1518578384.5449865 1518578384.5603852 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47246BF85ED380F4F5505945E8F11F5971F688F1.0D18ECDF3FBEE2EA5315A4FD7EBA673586AD1236&key=cms1 668 5218 0 4550 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578386.406028 1518578386.436182 30 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66B766DA41903C906843E86C70B6286B23BC1E78.58CD233AF92D67B663A7ABC619695B9E59F907D7&key=cms1 - CTU.339.1.Malicious 453 1518578386.639466 1518578386.655563 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66B766DA41903C906843E86C70B6286B23BC1E78.58CD233AF92D67B663A7ABC619695B9E59F907D7&key=cms1 668 4225 0 3557 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578387.526224 1518578387.557202 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=80AA9D1E5AEB5A396B4C6A6E0DA007347CFCB119.3A3E79F295C72DC084B2D19001AB1890C4D2B36B&key=cms1 - CTU.339.1.Malicious 453 1518578387.7615142 1518578387.7799988 18 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=80AA9D1E5AEB5A396B4C6A6E0DA007347CFCB119.3A3E79F295C72DC084B2D19001AB1890C4D2B36B&key=cms1 668 8405 0 7737 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578389.5857024 1518578389.6172593 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47463D91324B28056A1B9243427BD372DEB2C8DE.824E21893E2BED777BD3565C5E1829537C3BC94B&key=cms1 - CTU.339.1.Malicious 453 1518578389.8247893 1518578389.8401577 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47463D91324B28056A1B9243427BD372DEB2C8DE.824E21893E2BED777BD3565C5E1829537C3BC94B&key=cms1 668 7175 0 6507 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578391.655221 1518578391.6864178 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5CAF31792BC3F9DFB1D54B15B98EFAD50CDCD210.12E7A855F05457616DE1EFF8978626F572C7B930&key=cms1 - CTU.339.1.Malicious 453 1518578391.8906815 1518578391.9057755 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5CAF31792BC3F9DFB1D54B15B98EFAD50CDCD210.12E7A855F05457616DE1EFF8978626F572C7B930&key=cms1 668 5801 0 5133 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578393.7414052 1518578393.7740586 33 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5920A71273C522FAFF1569154D7413E6CF2B340D.1172FAE1B6E42398107C221A8C9C9286987FB865&key=cms1 - CTU.339.1.Malicious 453 1518578393.9767022 1518578393.992342 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5920A71273C522FAFF1569154D7413E6CF2B340D.1172FAE1B6E42398107C221A8C9C9286987FB865&key=cms1 668 4905 0 4237 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578395.8452635 1518578395.876818 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=53182EC5ED9A257676E1B0CCA7589AD9B6A5F1C1.24B950D07DD64D8EC7E8142B3C8B16D10A1D721A&key=cms1 - CTU.339.1.Malicious 453 1518578396.0803978 1518578396.096052 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=53182EC5ED9A257676E1B0CCA7589AD9B6A5F1C1.24B950D07DD64D8EC7E8142B3C8B16D10A1D721A&key=cms1 668 4138 0 3470 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578397.9667013 1518578397.9985592 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=37F61084A772C732A73951C9C6DD3F3D282400EC.4AF3B790D5CDD1C4A10FA46B1E21A96A4319CDFC&key=cms1 - CTU.339.1.Malicious 453 1518578398.2014706 1518578398.220276 19 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=37F61084A772C732A73951C9C6DD3F3D282400EC.4AF3B790D5CDD1C4A10FA46B1E21A96A4319CDFC&key=cms1 668 3160 0 2492 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578400.1408663 1518578400.173067 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=09CEB0B8E15996644657BCE46A4F6FF2A76937C8.7111490A91B53114CB6C3A8F99FE3C663603A0F2&key=cms1 - CTU.339.1.Malicious 453 1518578400.375599 1518578400.3917818 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=09CEB0B8E15996644657BCE46A4F6FF2A76937C8.7111490A91B53114CB6C3A8F99FE3C663603A0F2&key=cms1 668 6204 0 5536 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578402.2223425 1518578402.254459 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 375 1484 0 666 265 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2211464BDD53229B620B7B43C962679EB3DAA5B8.6AE7478C0E26C204597720BA3275F08C641A3F1C&key=cms1 - CTU.339.1.Malicious 453 1518578402.4582622 1518578402.473476 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2211464BDD53229B620B7B43C962679EB3DAA5B8.6AE7478C0E26C204597720BA3275F08C641A3F1C&key=cms1 669 5288 0 4619 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578404.3184683 1518578404.3504312 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=78E26B75007D75A851C399D7900C68C244719612.11A98AE615F2400A4E4AA3168D44017852DE630F&key=cms1 - CTU.339.1.Malicious 453 1518578404.5537183 1518578404.5696552 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=78E26B75007D75A851C399D7900C68C244719612.11A98AE615F2400A4E4AA3168D44017852DE630F&key=cms1 670 4334 0 3664 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578406.4347813 1518578406.466458 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42F8B67D93612585722FD85BB982B791035C71D5.2FC2ECF5DC9F614DD0D94456D4953D9B2F36E82A&key=cms1 - CTU.339.1.Malicious 453 1518578406.6698163 1518578406.6854813 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42F8B67D93612585722FD85BB982B791035C71D5.2FC2ECF5DC9F614DD0D94456D4953D9B2F36E82A&key=cms1 670 3374 0 2704 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578407.5847921 1518578407.6157496 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1480 0 664 266 799 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=565D1188E8A38A0F1464D9291EB2276AFDDB13D5.8EC0E2B96B122870EA7D14736012F53FDEC2B6&key=cms1 - CTU.339.1.Malicious 453 1518578407.8123145 1518578407.8286812 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=565D1188E8A38A0F1464D9291EB2276AFDDB13D5.8EC0E2B96B122870EA7D14736012F53FDEC2B6&key=cms1 668 6701 0 6031 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578409.6592932 1518578409.6898134 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=019E07213C6BD3FC65C4909D6A0F77D6DD2D00BD.14AF6CF41D107F600ADB121605080E10F3645E90&key=cms1 - CTU.339.1.Malicious 453 1518578409.8925438 1518578409.9086308 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=019E07213C6BD3FC65C4909D6A0F77D6DD2D00BD.14AF6CF41D107F600ADB121605080E10F3645E90&key=cms1 670 5268 0 4598 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578411.7549324 1518578411.7867804 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592811&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=164FC7B9AD23881EB72263864540209AC1C58D5C.19F9243288F888961A6BFFA8460C666E822DE0E4&key=cms1 - CTU.339.1.Malicious 453 1518578411.9906235 1518578412.0068965 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592811&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=164FC7B9AD23881EB72263864540209AC1C58D5C.19F9243288F888961A6BFFA8460C666E822DE0E4&key=cms1 670 4323 0 3653 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578413.8720784 1518578413.9050052 33 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592813&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=39591200D61A0E5D2DD872C6D89D83C515393CC3.2CCCFEB8A2683D9CD0EDE3D99655D8C4801EB1C8&key=cms1 - CTU.339.1.Malicious 453 1518578414.1085465 1518578414.1247785 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592813&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=39591200D61A0E5D2DD872C6D89D83C515393CC3.2CCCFEB8A2683D9CD0EDE3D99655D8C4801EB1C8&key=cms1 690 8599 0 7929 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578414.9303768 1518578414.9622405 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592814&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52CB9497C895D88839F3C55B7B80E9C77D5BA93A.1BDB5D43AF70E94828BBCD146ECFB2B00A159B7C&key=cms1 - CTU.339.1.Malicious 453 1518578415.1625752 1518578415.1802168 18 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592814&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52CB9497C895D88839F3C55B7B80E9C77D5BA93A.1BDB5D43AF70E94828BBCD146ECFB2B00A159B7C&key=cms1 670 8118 0 7448 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578415.991679 1518578416.0223095 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592816&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A7AE83CF5D4048B94BB5CFDC138AA15FA3B5CF7.5493308FBBDF077900B22428CFF5D5D887F141CB&key=cms1 - CTU.339.1.Malicious 453 1518578416.225609 1518578416.2421958 17 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592816&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A7AE83CF5D4048B94BB5CFDC138AA15FA3B5CF7.5493308FBBDF077900B22428CFF5D5D887F141CB&key=cms1 670 7264 0 6594 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578417.0611458 1518578417.0935135 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592817&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7522D240997286FDEDF6F83E02E0F6EC75F7902E.1CD9BB07025C18D90057CB84F79DAE8A8736226E&key=cms1 - CTU.339.1.Malicious 453 1518578417.2902079 1518578417.3052454 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592817&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7522D240997286FDEDF6F83E02E0F6EC75F7902E.1CD9BB07025C18D90057CB84F79DAE8A8736226E&key=cms1 670 6674 0 6004 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578418.1363149 1518578418.1697056 33 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592818&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=691C5B95FC6FB4D09DC668EC4F44C830368E8F4A.5B78EFE98FC4533E505C23554BEC1049912A3090&key=cms1 - CTU.339.1.Malicious 453 1518578418.3773425 1518578418.3922591 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592818&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=691C5B95FC6FB4D09DC668EC4F44C830368E8F4A.5B78EFE98FC4533E505C23554BEC1049912A3090&key=cms1 670 5937 0 5267 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578420.2213376 1518578420.253298 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592820&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41CDB72C36BC5D7759DF1E33A2C81BD4D81A7036.48DC47A49EBECF63585223F0C316A03F981C4FDA&key=cms1 - CTU.339.1.Malicious 453 1518578420.4567914 1518578420.472305 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592820&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41CDB72C36BC5D7759DF1E33A2C81BD4D81A7036.48DC47A49EBECF63585223F0C316A03F981C4FDA&key=cms1 670 5088 0 4418 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578421.3198357 1518578421.3509111 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592821&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5B3D27D1F7977F28E484D13815AB41086180802D.29AD44962DA23158FE8B39C823F358839FD43320&key=cms1 - CTU.339.1.Malicious 453 1518578421.5545676 1518578421.5697474 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592821&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5B3D27D1F7977F28E484D13815AB41086180802D.29AD44962DA23158FE8B39C823F358839FD43320&key=cms1 670 6211 0 5541 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578423.3998616 1518578423.4315207 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592823&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4E8D3B2C3D8090D51B563E6AF5FF88AEDF34DA3D.79ACD712C606CA40F3506B4244776CB68EB78F09&key=cms1 - CTU.339.1.Malicious 453 1518578423.6350951 1518578423.6504412 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592823&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4E8D3B2C3D8090D51B563E6AF5FF88AEDF34DA3D.79ACD712C606CA40F3506B4244776CB68EB78F09&key=cms1 670 5364 0 4694 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578425.4939914 1518578425.523213 29 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592825&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6218ED860378F1C52B57ECB4702FB39967475F4A.28D0C57C91904BF9996D0BFB57441053DF5F39AE&key=cms1 - CTU.339.1.Malicious 453 1518578425.7268157 1518578425.7432973 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592825&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6218ED860378F1C52B57ECB4702FB39967475F4A.28D0C57C91904BF9996D0BFB57441053DF5F39AE&key=cms1 670 4376 0 3706 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578426.6092675 1518578426.6425936 33 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592826&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E5818AFC4E1903A317336A232DCDB1A27B26D21.5FD105C50B4368AB52DAE847F10BF283D053B013&key=cms1 - CTU.339.1.Malicious 453 1518578426.8491125 1518578426.8672106 18 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592826&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E5818AFC4E1903A317336A232DCDB1A27B26D21.5FD105C50B4368AB52DAE847F10BF283D053B013&key=cms1 670 8706 0 8036 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578427.666357 1518578427.700729 34 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592827&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=27182EEB3F1DBD854D31BAFA00B6D13F96C64872.5ABDA6EA95AC7F6AB49C495DB919FF59B3541472&key=cms1 - CTU.339.1.Malicious 453 1518578427.906896 1518578427.922914 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592827&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=27182EEB3F1DBD854D31BAFA00B6D13F96C64872.5ABDA6EA95AC7F6AB49C495DB919FF59B3541472&key=cms1 670 7787 0 7117 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578429.731523 1518578429.762825 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1480 0 664 266 799 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592829&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C12E8F1B00EA54F87527C527BDC46C621CFF6.08267376FF5AB95E0D707FB6ED0F3EDEE9074BD0&key=cms1 - CTU.339.1.Malicious 453 1518578429.9655771 1518578429.9809842 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592829&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C12E8F1B00EA54F87527C527BDC46C621CFF6.08267376FF5AB95E0D707FB6ED0F3EDEE9074BD0&key=cms1 668 6503 0 5833 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578430.8089077 1518578430.8399367 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592830&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=727C96599423F1A0A6513437BDB96F19DD6232DD.7C3088F12CCDE1E38BE905683E43491B2E7AD744&key=cms1 - CTU.339.1.Malicious 453 1518578431.0424318 1518578431.0578482 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592830&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=727C96599423F1A0A6513437BDB96F19DD6232DD.7C3088F12CCDE1E38BE905683E43491B2E7AD744&key=cms1 670 5705 0 5035 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578432.8977804 1518578432.9282422 30 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592832&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=755CB01C9B7EC6465DB7B1A148477B90AC6C5B60.3EFEC8C548E50E62F8D3943F1957EA2B3355EF20&key=cms1 - CTU.339.1.Malicious 453 1518578433.1323626 1518578433.1482477 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592832&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=755CB01C9B7EC6465DB7B1A148477B90AC6C5B60.3EFEC8C548E50E62F8D3943F1957EA2B3355EF20&key=cms1 670 4819 0 4149 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578435.0021212 1518578435.0351343 33 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592835&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=683F227FC13F24A1E24A7705B408EA06E395707B.2BE785D2E72C63217962AC73A6BC409EFE1EBDAB&key=cms1 - CTU.339.1.Malicious 453 1518578435.2389464 1518578435.2539246 15 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592835&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=683F227FC13F24A1E24A7705B408EA06E395707B.2BE785D2E72C63217962AC73A6BC409EFE1EBDAB&key=cms1 670 9591 0 8921 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578436.054713 1518578436.0864186 32 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592836&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3682194F6B927702E279F4A2B343FCF83753AB88.509896A366CC1994B33FE5FE73145ECD36AE0D1D&key=cms1 - CTU.339.1.Malicious 453 1518578436.2992213 1518578436.3156776 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592836&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3682194F6B927702E279F4A2B343FCF83753AB88.509896A366CC1994B33FE5FE73145ECD36AE0D1D&key=cms1 670 9261 0 8591 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 452 1518578437.1084576 1518578437.1395905 31 192.168.1.119 - 49865 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592837&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03711EF8C27C84F30FD1B258B54F30F431CC6FDB.22C494F7082D9A94624E06FBA71F9B8C15DB4C14&key=cms1 - CTU.339.1.Malicious 453 1518578437.345967 1518578437.3617356 16 192.168.1.119 - 49866 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/OWn8eIgkHNs_4281/4281_all_crl-set-8846236632980456486.data.crx3?cms_redirect=yes&expire=1518592837&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518578307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03711EF8C27C84F30FD1B258B54F30F431CC6FDB.22C494F7082D9A94624E06FBA71F9B8C15DB4C14&key=cms1 670 1845 0 1175 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 454 1518578442.019057 1518578442.2582524 239 192.168.1.119 - 49867 216.58.201.67 443 https://update.googleapis.com/service/update2 1251 944 918 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 455 1518581603.6499686 1518581603.67582 26 192.168.1.119 - 49868 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 455 1518581604.509445 1518581604.5332017 24 192.168.1.119 - 49868 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 294 0 2 258 278 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 455 1518581604.7316606 1518581604.7540743 22 192.168.1.119 - 49868 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6954 0 6673 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 456 1518581665.1506631 1518581665.293764 143 192.168.1.119 - 49870 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 457 1518581728.374026 1518581728.4078104 34 192.168.1.119 - 49873 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 457 1518581728.8188164 1518581728.8520882 33 192.168.1.119 - 49873 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 458 1518581729.374115 1518581729.412454 38 192.168.1.119 - 49871 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 459 1518582057.1702063 1518582057.1877713 18 192.168.1.119 - 49878 104.31.75.124 80 http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkfDD%2F78IrsoD5b%2Bp1JR 404 2169 0 1521 265 634 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 460 1518582617.410416 1518582617.4378598 27 192.168.1.119 - 49879 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 461 1518585329.3776317 1518585329.405343 28 192.168.1.119 - 49880 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 462 1518585329.706892 1518585329.7425997 36 192.168.1.119 - 49882 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 461 1518585329.8199809 1518585329.853019 33 192.168.1.119 - 49880 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 463 1518588930.9339466 1518588930.9625146 29 192.168.1.119 - 49884 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 463 1518588931.3759718 1518588931.410533 35 192.168.1.119 - 49884 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 464 1518588932.1540158 1518588932.184952 31 192.168.1.119 - 49885 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 465 1518589376.2052197 1518589376.2353425 30 192.168.1.119 - 49886 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.14%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 466 1518592532.7656722 1518592532.7965026 31 192.168.1.119 - 49887 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 467 1518592532.775918 1518592532.8122406 36 192.168.1.119 - 49888 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 468 1518592532.77151 1518592532.8178144 46 192.168.1.119 - 49889 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 469 1518596134.2264538 1518596134.2574184 31 192.168.1.119 - 49892 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 469 1518596134.4665644 1518596134.4982386 32 192.168.1.119 - 49892 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 470 1518596135.4528599 1518596135.4882739 35 192.168.1.119 - 49890 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 471 1518599735.1588733 1518599735.1967843 38 192.168.1.119 - 49894 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 472 1518599735.358148 1518599735.4011266 43 192.168.1.119 - 49893 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 473 1518599735.779721 1518599735.815901 36 192.168.1.119 - 49895 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 474 1518603336.5455024 1518603336.620689 75 192.168.1.119 - 49898 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 475 1518603337.546118 1518603337.581841 36 192.168.1.119 - 49896 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 475 1518603337.7863638 1518603337.8214707 35 192.168.1.119 - 49896 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 476 1518603684.918593 1518603684.936396 18 192.168.1.119 - 49903 104.31.75.124 80 http://ocsp2.globalsign.com/gscodesigng3/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTHTu2Y6Nr%2FMkfa3PrlxnwonnIpxQQUs9Pm1XFWfTlYs3jSK7j3oR%2F9S5sCDG3kH4ic%2BEZD8ySz1Q%3D%3D 411 2175 0 1527 266 634 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 477 1518604243.4880188 1518604243.5277903 40 192.168.1.119 - 49904 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 478 1518606937.880885 1518606937.916222 35 192.168.1.119 - 49905 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 479 1518606938.07572 1518606938.1082726 33 192.168.1.119 - 49906 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 479 1518606938.1119826 1518606938.9763834 864 192.168.1.119 - 49906 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 480 1518607575.4258974 1518607575.4556906 30 192.168.1.119 - 49908 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.14%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 481 1518610465.7328393 1518610465.984913 252 192.168.1.119 - 49909 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 482 1518610539.2361808 1518610539.2669332 31 192.168.1.119 - 49910 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 483 1518610539.4669437 1518610539.5048203 38 192.168.1.119 - 49911 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 482 1518610539.4785652 1518610539.5294368 51 192.168.1.119 - 49910 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 484 1518614140.5893176 1518614140.6209574 32 192.168.1.119 - 49913 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 484 1518614140.8356743 1518614140.8695512 34 192.168.1.119 - 49913 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 485 1518614141.817756 1518614141.8527439 35 192.168.1.119 - 49914 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 486 1518617741.9513466 1518617741.9910388 40 192.168.1.119 - 49916 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 487 1518617742.148874 1518617742.1783679 29 192.168.1.119 - 49918 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 486 1518617741.9948032 1518617742.2526922 258 192.168.1.119 - 49916 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 488 1518621342.7292962 1518621342.7654772 36 192.168.1.119 - 49921 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 489 1518621343.7747312 1518621343.8063726 32 192.168.1.119 - 49920 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 490 1518621343.7484248 1518621344.011851 263 192.168.1.119 - 49919 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 491 1518624261.958366 1518624261.9911232 33 192.168.1.119 - 49922 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.14%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 492 1518624943.8682604 1518624943.9045513 36 192.168.1.119 - 49923 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 493 1518624944.099107 1518624944.1274362 28 192.168.1.119 - 49924 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 494 1518624944.3178914 1518624944.3550885 37 192.168.1.119 - 49925 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 495 1518625871.7431211 1518625871.7911732 48 192.168.1.119 - 49930 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 496 1518628545.31499 1518628545.348889 34 192.168.1.119 - 49931 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 497 1518628546.3379567 1518628546.5912297 253 192.168.1.119 - 49933 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 498 1518628546.555243 1518628546.5974069 42 192.168.1.119 - 49932 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 499 1518632146.279341 1518632146.3131354 34 192.168.1.119 - 49934 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 500 1518632146.8448887 1518632146.880018 35 192.168.1.119 - 49935 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 500 1518632147.00456 1518632147.0370216 32 192.168.1.119 - 49935 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 501 1518632355.8930268 1518632355.9362361 43 192.168.1.119 - 49936 172.217.23.227 443 https://update.googleapis.com/service/update2?cup2key=7:2878046242&cup2hreq=77c1a41c893f114cad5160d47bb4c507760ca00a99a64ec972a778db9ed9253c 1414 2480 986 1319 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 502 1518632357.6136806 1518632357.6449323 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1D767F10FEEB15B18963DD5DBB5352F6767C54E5.0D2C0FE9A713F7F8174FDC2A5DC7C87A7C9712DC&key=cms1 - CTU.339.1.Malicious 503 1518632357.8559394 1518632357.8720448 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1D767F10FEEB15B18963DD5DBB5352F6767C54E5.0D2C0FE9A713F7F8174FDC2A5DC7C87A7C9712DC&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 502 1518632358.2812908 1518632358.3137586 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0FEC361DF2592A8C9F9ED3466B43C06D62459F0F.1D3215405F388A8445257A1BF4C3596400E4A703&key=cms1 - CTU.339.1.Malicious 503 1518632358.5168395 1518632358.5330598 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0FEC361DF2592A8C9F9ED3466B43C06D62459F0F.1D3215405F388A8445257A1BF4C3596400E4A703&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632361.5014331 1518632361.5319104 30 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D0A731D5ADA20F68B8C696B55A8C6FE8A80E8E8.68C09A0B9A591EB3B1A23E40FC8CD757ABEC4DC6&key=cms1 - CTU.339.1.Malicious 503 1518632361.731784 1518632361.747232 15 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D0A731D5ADA20F68B8C696B55A8C6FE8A80E8E8.68C09A0B9A591EB3B1A23E40FC8CD757ABEC4DC6&key=cms1 667 7577 0 6911 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632364.01494 1518632364.0469253 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5411742CEB97F52499EF7E296CDFABA03203F560.5231E12FEE82DCAE06B1B212BEFFB625C90C905B&key=cms1 - CTU.339.1.Malicious 503 1518632364.2601078 1518632364.2765117 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5411742CEB97F52499EF7E296CDFABA03203F560.5231E12FEE82DCAE06B1B212BEFFB625C90C905B&key=cms1 668 5311 0 4644 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632365.1131368 1518632365.1438527 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=330C54C616A8E95872C5C1347EBF1DA39C19CAE4.20868AF7A6A642E741E648199D71EEB26963CA33&key=cms1 - CTU.339.1.Malicious 503 1518632365.347414 1518632365.3649194 18 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=330C54C616A8E95872C5C1347EBF1DA39C19CAE4.20868AF7A6A642E741E648199D71EEB26963CA33&key=cms1 669 10580 0 9912 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632366.163105 1518632366.1938138 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=31C0420F10FB74CA8245E7CBA60095292A65382D.3F478883345D4FE03E10F63733542F4F1A2903C8&key=cms1 - CTU.339.1.Malicious 503 1518632366.3972464 1518632366.4105978 13 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=31C0420F10FB74CA8245E7CBA60095292A65382D.3F478883345D4FE03E10F63733542F4F1A2903C8&key=cms1 669 9954 0 9286 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632367.2187424 1518632367.2516663 33 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1482 0 665 264 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=C54644E85987B3E2248F9B6C0DA11B738B3A91.22244718DF1B9350921FBB3966D779FED7549600&key=cms1 - CTU.339.1.Malicious 503 1518632367.4527452 1518632367.470612 18 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=C54644E85987B3E2248F9B6C0DA11B738B3A91.22244718DF1B9350921FBB3966D779FED7549600&key=cms1 667 9921 0 9253 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632368.2690713 1518632368.3024302 33 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77A447187EE853D61DF4A0CC5ED2158608BB120E.6D5CAE1CCEE34E8F7B40CBF452042E3ECFE2EEE5&key=cms1 - CTU.339.1.Malicious 503 1518632368.5014749 1518632368.517167 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77A447187EE853D61DF4A0CC5ED2158608BB120E.6D5CAE1CCEE34E8F7B40CBF452042E3ECFE2EEE5&key=cms1 669 9146 0 8478 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632369.3229606 1518632369.354397 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3476FF803B873B942F7C3420B151337D4758B594.2C670943C14ADEFC457461832AC24B8C5E8CC203&key=cms1 - CTU.339.1.Malicious 503 1518632369.554842 1518632369.5707421 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3476FF803B873B942F7C3420B151337D4758B594.2C670943C14ADEFC457461832AC24B8C5E8CC203&key=cms1 669 8945 0 8277 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632371.3795178 1518632371.4140625 35 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A2498E7A5D6F3FD2955CC3CB9BFE0C43C7FD7C8.7E2FAD5A95F2B98F1FBA10ACC43D790427D4487A&key=cms1 - CTU.339.1.Malicious 503 1518632371.6174417 1518632371.6355894 18 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A2498E7A5D6F3FD2955CC3CB9BFE0C43C7FD7C8.7E2FAD5A95F2B98F1FBA10ACC43D790427D4487A&key=cms1 669 17613 0 16944 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632373.9860857 1518632374.017312 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632366&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33170F8669D32D101F6DFA10FB839492CB883721.74E8D996B82F1DA997B12F3D83B0216485F7349D&key=cms1 - CTU.339.1.Malicious 503 1518632374.227727 1518632374.2461476 18 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632366&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33170F8669D32D101F6DFA10FB839492CB883721.74E8D996B82F1DA997B12F3D83B0216485F7349D&key=cms1 669 15591 0 14922 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632376.6401858 1518632376.670948 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=821DB20C40711052C975135E69D56F129BBE5304.1C69228E5EEDA938CEFB7C80EC06740E92A49FB9&key=cms1 - CTU.339.1.Malicious 503 1518632376.8741133 1518632376.8888803 15 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=821DB20C40711052C975135E69D56F129BBE5304.1C69228E5EEDA938CEFB7C80EC06740E92A49FB9&key=cms1 670 13289 0 12619 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632378.2830052 1518632378.3149962 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B26CE4601C31927D55A1ADBB7B6DCD97EAB00A0.0FBAF7AC462EBBE0F2B692112145A1C4AC36C568&key=cms1 - CTU.339.1.Malicious 503 1518632378.5136003 1518632378.5288131 15 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B26CE4601C31927D55A1ADBB7B6DCD97EAB00A0.0FBAF7AC462EBBE0F2B692112145A1C4AC36C568&key=cms1 671 11588 0 10917 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632379.3070028 1518632379.3375545 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=65EE28A338C85E053D4DB1793EA12DB72D6DADE4.356CF0D76470EFDE718083FF3F6F519B3D19D637&key=cms1 - CTU.339.1.Malicious 503 1518632379.5465152 1518632379.5627217 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=65EE28A338C85E053D4DB1793EA12DB72D6DADE4.356CF0D76470EFDE718083FF3F6F519B3D19D637&key=cms1 671 11422 0 10751 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632381.3507497 1518632381.3811595 30 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=04A39B0978681E6EBDCFF570AD5615BDFAEA8172.5A4DE5DD675424FE384D7CC231CB1803E58AC607&key=cms1 - CTU.339.1.Malicious 503 1518632381.586613 1518632381.6017942 15 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=04A39B0978681E6EBDCFF570AD5615BDFAEA8172.5A4DE5DD675424FE384D7CC231CB1803E58AC607&key=cms1 671 22798 0 22127 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632384.7997324 1518632384.8321564 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42DDF260E418F31113D9894497D58ECCAC5DADD8.4828B471EE1CA7349C9FCA85809C02C9ADBC237F&key=cms1 - CTU.339.1.Malicious 503 1518632385.0362663 1518632385.052668 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42DDF260E418F31113D9894497D58ECCAC5DADD8.4828B471EE1CA7349C9FCA85809C02C9ADBC237F&key=cms1 671 18355 0 17684 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632387.455739 1518632387.4876468 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=56FC83BCC7709BAC438CA024D99E28B9B15630CB.785C772FEAA5CC7CF8AFA129CBD09DD9025A2A5B&key=cms1 - CTU.339.1.Malicious 503 1518632387.6968985 1518632387.711859 15 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=56FC83BCC7709BAC438CA024D99E28B9B15630CB.785C772FEAA5CC7CF8AFA129CBD09DD9025A2A5B&key=cms1 671 15768 0 15097 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632390.1167407 1518632390.1488035 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=23C64EAA6D5FCB551E7D8AD9AB5DB68221155E8D.3BFD084204E9BF38983DC281C025537D7D7D9328&key=cms1 - CTU.339.1.Malicious 503 1518632390.35215 1518632390.3684568 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=23C64EAA6D5FCB551E7D8AD9AB5DB68221155E8D.3BFD084204E9BF38983DC281C025537D7D7D9328&key=cms1 671 13426 0 12755 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632391.5666955 1518632391.5986109 32 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4B44EF2C37170617F5D08AD0057383E6802B379B.0327D90EB1319BE9A2991437D8ED60DBAD24DAAA&key=cms1 - CTU.339.1.Malicious 503 1518632391.8058488 1518632391.8218832 16 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4B44EF2C37170617F5D08AD0057383E6802B379B.0327D90EB1319BE9A2991437D8ED60DBAD24DAAA&key=cms1 671 11712 0 11041 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632392.6083612 1518632392.639175 31 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52E543D3037CB5896A5D2B2A0B37C228438D4A62.698F5DCC259C6EC84FD6B534FAC2F25498BB5DA1&key=cms1 - CTU.339.1.Malicious 503 1518632392.847376 1518632392.8645186 17 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52E543D3037CB5896A5D2B2A0B37C228438D4A62.698F5DCC259C6EC84FD6B534FAC2F25498BB5DA1&key=cms1 671 11626 0 10955 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 502 1518632393.651702 1518632393.6820693 30 192.168.1.119 - 49937 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6658F521864CE074207AB237D005A969DAB31C01.2EBF527DC776A3BD7897A3638BD88E0644F9E855&key=cms1 - CTU.339.1.Malicious 503 1518632393.8815253 1518632393.8986373 17 192.168.1.119 - 49938 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f2JpN4ZlxVc_4282/4282_all_crl-set-16257598228680438940.data.crx3?cms_redirect=yes&expire=1518646793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518632248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6658F521864CE074207AB237D005A969DAB31C01.2EBF527DC776A3BD7897A3638BD88E0644F9E855&key=cms1 671 9496 0 8826 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 504 1518632397.7865145 1518632397.8581731 72 192.168.1.119 - 49939 172.217.23.227 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 505 1518635747.002085 1518635747.0391102 37 192.168.1.119 - 49941 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 505 1518635747.2567174 1518635747.28857 32 192.168.1.119 - 49941 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 506 1518635748.003993 1518635748.0419226 38 192.168.1.119 - 49940 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 507 1518639267.3639069 1518639267.4626296 99 192.168.1.119 - 49943 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 508 1518639348.031798 1518639348.0637257 32 192.168.1.119 - 49945 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 508 1518639348.27408 1518639348.3032696 29 192.168.1.119 - 49945 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 509 1518639348.556735 1518639348.5884838 32 192.168.1.119 - 49946 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 510 1518641315.5356321 1518641315.5645976 29 192.168.1.119 - 49947 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.14%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 511 1518642949.538408 1518642949.5693514 31 192.168.1.119 - 49949 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 511 1518642949.5846183 1518642949.613515 29 192.168.1.119 - 49949 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 512 1518642950.778443 1518642950.8126957 34 192.168.1.119 - 49950 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 513 1518646550.4463303 1518646550.4753172 29 192.168.1.119 - 49951 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 513 1518646550.6860309 1518646550.7165148 30 192.168.1.119 - 49951 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 514 1518646551.10894 1518646551.1496084 41 192.168.1.119 - 49953 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 515 1518647502.014626 1518647502.0531135 38 192.168.1.119 - 49958 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 516 1518650151.5844223 1518650151.6171875 33 192.168.1.119 - 49960 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 516 1518650151.8234913 1518650151.8525965 29 192.168.1.119 - 49960 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 517 1518650152.8277764 1518650152.858113 30 192.168.1.119 - 49961 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 518 1518653752.2900503 1518653752.3190558 29 192.168.1.119 - 49962 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 518 1518653752.3483343 1518653752.378443 30 192.168.1.119 - 49962 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 519 1518653753.1581817 1518653753.1907475 33 192.168.1.119 - 49964 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 520 1518657353.0602217 1518657353.0883117 28 192.168.1.119 - 49965 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 521 1518657353.276522 1518657353.304183 28 192.168.1.119 - 49966 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 522 1518657353.483756 1518657353.5161533 32 192.168.1.119 - 49967 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 523 1518659351.4500177 1518659351.50622 56 192.168.1.119 - 49968 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.14%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 524 1518659355.7545998 1518659355.780323 26 192.168.1.119 - 49969 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 525 1518660954.1132815 1518660954.153512 40 192.168.1.119 - 49972 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 526 1518660955.102792 1518660955.1366355 34 192.168.1.119 - 49971 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 527 1518660955.3197875 1518660955.3484879 29 192.168.1.119 - 49970 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 528 1518664555.5493386 1518664555.5796857 30 192.168.1.119 - 49973 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 529 1518664555.7029097 1518664555.734874 32 192.168.1.119 - 49975 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 529 1518664555.7435875 1518664555.777371 34 192.168.1.119 - 49975 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 530 1518668004.924901 1518668004.9959135 71 192.168.1.119 - 49976 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 531 1518668005.336877 1518668005.3634863 27 192.168.1.119 - 49978 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6937 0 6656 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 530 1518668005.3346303 1518668005.370885 36 192.168.1.119 - 49976 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6429 0 6134 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 532 1518668068.1464329 1518668068.2601635 114 192.168.1.119 - 49979 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 533 1518668157.059809 1518668157.0967152 37 192.168.1.119 - 49981 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 534 1518668157.4782236 1518668157.509226 31 192.168.1.119 - 49980 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 534 1518668157.5197449 1518668157.5486455 29 192.168.1.119 - 49980 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 535 1518669129.81687 1518669129.8498766 33 192.168.1.119 - 49987 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 536 1518671758.4268823 1518671758.462809 36 192.168.1.119 - 49988 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 537 1518671759.6781511 1518671759.7098784 32 192.168.1.119 - 49989 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 538 1518671759.676475 1518671759.8929126 216 192.168.1.119 - 49990 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 539 1518675359.4049122 1518675359.4385312 34 192.168.1.119 - 49991 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 540 1518675359.9816668 1518675360.2875237 306 192.168.1.119 - 49992 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 541 1518675360.2040935 1518675360.4358277 232 192.168.1.119 - 49993 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 542 1518675691.8128562 1518675691.8436577 31 192.168.1.119 - 49994 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.15%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 543 1518678961.246777 1518678961.280552 34 192.168.1.119 - 49997 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 544 1518678961.2932868 1518678961.3435023 50 192.168.1.119 - 49995 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 545 1518678961.7628684 1518678961.7919214 29 192.168.1.119 - 49996 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 546 1518682562.881646 1518682562.924695 43 192.168.1.119 - 49998 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 546 1518682563.133908 1518682563.1657584 32 192.168.1.119 - 49998 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 547 1518682563.9017048 1518682563.9327347 31 192.168.1.119 - 49999 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 548 1518686163.7082863 1518686163.7438345 36 192.168.1.119 - 50001 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 548 1518686163.7537007 1518686163.7817519 28 192.168.1.119 - 50001 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 549 1518686164.2291973 1518686164.2624192 33 192.168.1.119 - 50003 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 550 1518686356.1499312 1518686356.1995997 50 192.168.1.119 - 50004 172.217.23.227 443 https://update.googleapis.com/service/update2?cup2key=7:1529590280&cup2hreq=dd10876f60395d966acaa3a8f5534835b0ab5740d674e81dbdec2f067fac7adc 1414 2474 986 1318 303 1144 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 551 1518686357.6987662 1518686357.7308362 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=38011428CD42A4F269457CAE871CCF0D89C7A040.4B7D75FF05D265AE63A0F22D0C49A77EF98AF854&key=cms1 - CTU.339.1.Malicious 552 1518686358.0354824 1518686358.0623553 27 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=38011428CD42A4F269457CAE871CCF0D89C7A040.4B7D75FF05D265AE63A0F22D0C49A77EF98AF854&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 551 1518686359.5864093 1518686359.617344 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E026773F0D56CC4B54880E6CD92A8D2B94DCCD1.3A91A6233C89F08FD1AD77D4EB8D7E3D8A0DF44C&key=cms1 - CTU.339.1.Malicious 552 1518686359.8204784 1518686359.8357053 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E026773F0D56CC4B54880E6CD92A8D2B94DCCD1.3A91A6233C89F08FD1AD77D4EB8D7E3D8A0DF44C&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686362.7706363 1518686362.8014073 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4EB04B78008BDBB408FEF4309AEF52C6833F9300.82BFBD420D95D9B4619402AD1D91EB3A1F6A83BA&key=cms1 - CTU.339.1.Malicious 552 1518686363.0045974 1518686363.0223484 18 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4EB04B78008BDBB408FEF4309AEF52C6833F9300.82BFBD420D95D9B4619402AD1D91EB3A1F6A83BA&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686364.9543326 1518686364.985073 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A6DC6822D6E16FF38FDF54D9CD6A78EFF8F46D9.4FD9B2A62D81C2B8A5E1804D3404BCACD9A14A64&key=cms1 - CTU.339.1.Malicious 552 1518686365.1893072 1518686365.2065184 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3A6DC6822D6E16FF38FDF54D9CD6A78EFF8F46D9.4FD9B2A62D81C2B8A5E1804D3404BCACD9A14A64&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686367.020362 1518686367.0504975 30 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69A8A6DEA5090CE2D2E40C69E7FE7A0020D811AA.07EF052D46665DA33DCF279AC3049BB9D5DA826D&key=cms1 - CTU.339.1.Malicious 552 1518686367.2529964 1518686367.2678525 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69A8A6DEA5090CE2D2E40C69E7FE7A0020D811AA.07EF052D46665DA33DCF279AC3049BB9D5DA826D&key=cms1 669 6724 0 6056 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686369.0913434 1518686369.122599 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=548EB6F5F4DD3B18D457F13381675D800429FBB4.030529065B4BFEE3E2D6AC57F62E2E6F991F92F8&key=cms1 - CTU.339.1.Malicious 552 1518686369.3256197 1518686369.3404818 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=548EB6F5F4DD3B18D457F13381675D800429FBB4.030529065B4BFEE3E2D6AC57F62E2E6F991F92F8&key=cms1 669 5950 0 5282 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686371.175716 1518686371.205919 30 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=02CAF8569ACC9FA66BE5E7EC860D7EE0CFE7E9B6.5583547BA1F27DCB3ED6E52346F44EA1186EAF03&key=cms1 - CTU.339.1.Malicious 552 1518686371.4089062 1518686371.4256487 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=02CAF8569ACC9FA66BE5E7EC860D7EE0CFE7E9B6.5583547BA1F27DCB3ED6E52346F44EA1186EAF03&key=cms1 689 5116 0 4448 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686373.2744048 1518686373.3045604 30 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41BB9BB8FC692055F62F2F77517C334A27BBB7B5.7E618CCBC25FB9BD12CB3CB8D14306098D31C81C&key=cms1 - CTU.339.1.Malicious 552 1518686373.5078108 1518686373.5225885 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41BB9BB8FC692055F62F2F77517C334A27BBB7B5.7E618CCBC25FB9BD12CB3CB8D14306098D31C81C&key=cms1 669 4129 0 3461 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686374.3971524 1518686374.4305048 33 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5305FED343C4D1077B03BEDAC1A87A47F188DB18.42D6CE55BADD0A409A6032F723BB10B7453D57B1&key=cms1 - CTU.339.1.Malicious 552 1518686374.6308782 1518686374.6470978 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5305FED343C4D1077B03BEDAC1A87A47F188DB18.42D6CE55BADD0A409A6032F723BB10B7453D57B1&key=cms1 689 8215 0 7547 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686375.4583983 1518686375.4902432 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F105D42EB7ABACD7B8A4EB07686A41D1976700E.4778F0A9C11296A49FDAEF1CA4664ED20396EC55&key=cms1 - CTU.339.1.Malicious 552 1518686375.692624 1518686375.7073514 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F105D42EB7ABACD7B8A4EB07686A41D1976700E.4778F0A9C11296A49FDAEF1CA4664ED20396EC55&key=cms1 669 7188 0 6520 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686376.5278003 1518686376.5585306 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=30472A18100391F1B31ED1C727BB9E4B9629CE05.84F1AAEB8E60B5DF6943FB36055C1E22B08A0207&key=cms1 - CTU.339.1.Malicious 552 1518686376.7697768 1518686376.78564 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=30472A18100391F1B31ED1C727BB9E4B9629CE05.84F1AAEB8E60B5DF6943FB36055C1E22B08A0207&key=cms1 669 6453 0 5785 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686377.6067152 1518686377.6426148 36 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4F3E0751FD7D263575349DD00D4851E1E24E49B0.752116F72781DE649F866E90AA419C1D11AA42ED&key=cms1 - CTU.339.1.Malicious 552 1518686377.844448 1518686377.8600314 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4F3E0751FD7D263575349DD00D4851E1E24E49B0.752116F72781DE649F866E90AA419C1D11AA42ED&key=cms1 669 5669 0 5001 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686379.6959488 1518686379.7313523 35 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1DCA654E6FEC999CBF2D775C266713102942B19C.07CED63EF832E889E1B1BAD0F5516652E74E07B9&key=cms1 - CTU.339.1.Malicious 552 1518686379.9343925 1518686379.9496646 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1DCA654E6FEC999CBF2D775C266713102942B19C.07CED63EF832E889E1B1BAD0F5516652E74E07B9&key=cms1 669 4714 0 4046 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686381.8034585 1518686381.8358276 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4DFAEBE347A90487D9658174BD6E0B8410E5A063.0F428E2308FE35473F086755749DD572DEB1812D&key=cms1 - CTU.339.1.Malicious 552 1518686382.0311944 1518686382.0477686 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4DFAEBE347A90487D9658174BD6E0B8410E5A063.0F428E2308FE35473F086755749DD572DEB1812D&key=cms1 669 3849 0 3181 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686382.935674 1518686382.9671454 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1D2A7778BD8E9EE5EEA68C34B0F92B04D255D6C9.1A3EDC4B9F412414DA970BC29F03962FDC969682&key=cms1 - CTU.339.1.Malicious 552 1518686383.174161 1518686383.1899955 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1D2A7778BD8E9EE5EEA68C34B0F92B04D255D6C9.1A3EDC4B9F412414DA970BC29F03962FDC969682&key=cms1 669 7655 0 6987 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686384.001869 1518686384.0328524 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=64FA0101F740B6CF22951F93472687C6C7286428.6A2813D86DE28A412A439FF53B302C502D1015C9&key=cms1 - CTU.339.1.Malicious 552 1518686384.2377026 1518686384.2550337 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=64FA0101F740B6CF22951F93472687C6C7286428.6A2813D86DE28A412A439FF53B302C502D1015C9&key=cms1 669 6965 0 6297 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686386.074978 1518686386.1070035 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0923FE2A577111740F9CFC61E3C90C18147004D0.4E696AB48484FA92E4FA0795F2C27ADF8ED86C99&key=cms1 - CTU.339.1.Malicious 552 1518686386.311347 1518686386.3282287 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0923FE2A577111740F9CFC61E3C90C18147004D0.4E696AB48484FA92E4FA0795F2C27ADF8ED86C99&key=cms1 669 5540 0 4872 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686388.1672902 1518686388.1991549 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6BDBFAD3B129A4462BBA990D763E2F93DC124573.500E89D8881DDC9A264B3FB337B24BAC1D293AFE&key=cms1 - CTU.339.1.Malicious 552 1518686388.4025018 1518686388.4182825 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6BDBFAD3B129A4462BBA990D763E2F93DC124573.500E89D8881DDC9A264B3FB337B24BAC1D293AFE&key=cms1 669 4442 0 3774 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686390.2803943 1518686390.3108253 30 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=27D5BA60B035C372CF353820266BE0028C53A527.23F9FE3401D305CCF646B8B76EA9227EFF0D2BC6&key=cms1 - CTU.339.1.Malicious 552 1518686390.513892 1518686390.5309258 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=27D5BA60B035C372CF353820266BE0028C53A527.23F9FE3401D305CCF646B8B76EA9227EFF0D2BC6&key=cms1 669 3523 0 2855 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686391.4249952 1518686391.4570758 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6B9F30F229B2A3FF4317DF4C23FEABAAC2E21F9C.834861C6D2D67DBC2D84AFCD0793BB328CC069AE&key=cms1 - CTU.339.1.Malicious 552 1518686391.6668017 1518686391.682523 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6B9F30F229B2A3FF4317DF4C23FEABAAC2E21F9C.834861C6D2D67DBC2D84AFCD0793BB328CC069AE&key=cms1 669 7002 0 6334 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686392.4958272 1518686392.5267467 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=36B1D550936398CE73B5FEF9A6E713AFC457589F.1B591D598B21893CEE692475357C61972A4F2D97&key=cms1 - CTU.339.1.Malicious 552 1518686392.730745 1518686392.746747 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=36B1D550936398CE73B5FEF9A6E713AFC457589F.1B591D598B21893CEE692475357C61972A4F2D97&key=cms1 670 8352 0 7683 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686394.5565944 1518686394.5873322 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4BB1196008AED9F2E60FC11D8AEB0892D47C1A35.1ECFE052BC442D4BE5F5E36A0E9E05A310CB1CC2&key=cms1 - CTU.339.1.Malicious 552 1518686394.791108 1518686394.8094542 18 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4BB1196008AED9F2E60FC11D8AEB0892D47C1A35.1ECFE052BC442D4BE5F5E36A0E9E05A310CB1CC2&key=cms1 671 7129 0 6459 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686396.6273994 1518686396.659671 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7DCF072C7127FE304643BBABC7F759A8095A3866.097624E1581CD8EF9F9403E6248B0125D81E7B1A&key=cms1 - CTU.339.1.Malicious 552 1518686396.862659 1518686396.8786397 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7DCF072C7127FE304643BBABC7F759A8095A3866.097624E1581CD8EF9F9403E6248B0125D81E7B1A&key=cms1 671 5775 0 5105 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686398.714759 1518686398.7468405 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7EBBDBADE45E8F818F80AF8811461BFB7B384535.104153FF9155DF729F8687C42FA9B813A721D03C&key=cms1 - CTU.339.1.Malicious 552 1518686398.9500592 1518686398.9649413 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7EBBDBADE45E8F818F80AF8811461BFB7B384535.104153FF9155DF729F8687C42FA9B813A721D03C&key=cms1 671 4313 0 3643 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686400.8322635 1518686400.863976 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5382AFC07433F001C2E4D7737D4EBB8FAA49B86E.788BAA635D630050FD9A3B0FEE72283E7C07DA7B&key=cms1 - CTU.339.1.Malicious 552 1518686401.066989 1518686401.0823946 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5382AFC07433F001C2E4D7737D4EBB8FAA49B86E.788BAA635D630050FD9A3B0FEE72283E7C07DA7B&key=cms1 671 3342 0 2672 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686401.9845319 1518686402.0163665 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=456D1FE810D6312F70DF689D915A57B989547DC0.28FDACEC4B8E3218DA5E7BAB22B0C2DC46053D51&key=cms1 - CTU.339.1.Malicious 552 1518686402.21976 1518686402.2371502 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=456D1FE810D6312F70DF689D915A57B989547DC0.28FDACEC4B8E3218DA5E7BAB22B0C2DC46053D51&key=cms1 671 6638 0 5968 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686404.0599155 1518686404.090715 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=430420A1E024EFEF5430837EF93DD4B8878AE841.0A44FB294FD321229A244619033152183E7E801C&key=cms1 - CTU.339.1.Malicious 552 1518686404.2943034 1518686404.3099883 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=430420A1E024EFEF5430837EF93DD4B8878AE841.0A44FB294FD321229A244619033152183E7E801C&key=cms1 671 5169 0 4499 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686406.1575136 1518686406.1895602 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1D0A28E6F3A15A49B720A251C637C0BBA53C69A4.4687FADC9FA927F72BCAC55C70B07F072022B137&key=cms1 - CTU.339.1.Malicious 552 1518686406.3926487 1518686406.4098892 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1D0A28E6F3A15A49B720A251C637C0BBA53C69A4.4687FADC9FA927F72BCAC55C70B07F072022B137&key=cms1 671 4178 0 3508 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686408.2796264 1518686408.3139904 34 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700808&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=78613218CEF5051A33801DA441F5094EC1EB4FF4.49600599A5E16C04FD375E8E1E7C885A391A8E13&key=cms1 - CTU.339.1.Malicious 552 1518686408.5176973 1518686408.5326 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700808&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=78613218CEF5051A33801DA441F5094EC1EB4FF4.49600599A5E16C04FD375E8E1E7C885A391A8E13&key=cms1 671 3166 0 2496 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686409.4419818 1518686409.473347 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=179114115F81DA0C449597B9F07614A7880CAC58.1654264901423B007CCBE5833A46592975D3CF1F&key=cms1 - CTU.339.1.Malicious 552 1518686409.670386 1518686409.6860337 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=179114115F81DA0C449597B9F07614A7880CAC58.1654264901423B007CCBE5833A46592975D3CF1F&key=cms1 671 6275 0 5605 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686410.5220351 1518686410.5526714 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700810&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4FB81A5CAA0233732D3B069337A713C9C328E4C9.5B3BD17A26245F197DC7E23D48391C76C68AAEAA&key=cms1 - CTU.339.1.Malicious 552 1518686410.7507484 1518686410.766107 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700810&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4FB81A5CAA0233732D3B069337A713C9C328E4C9.5B3BD17A26245F197DC7E23D48391C76C68AAEAA&key=cms1 671 5457 0 4787 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686412.6147978 1518686412.646431 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700812&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3846AA1CA12B8DF914D67801621451F62F3A2224.10FD9F380799508D9B233575CD9F79407E1FFB2A&key=cms1 - CTU.339.1.Malicious 552 1518686412.8500798 1518686412.8648865 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700812&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3846AA1CA12B8DF914D67801621451F62F3A2224.10FD9F380799508D9B233575CD9F79407E1FFB2A&key=cms1 671 4530 0 3860 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686414.7265644 1518686414.757163 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700814&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=04A2C2DAC0952F4FFA653C8014811FD58D6AB64E.3D2AF94243B4150ACA117839A3E732B260C7890C&key=cms1 - CTU.339.1.Malicious 552 1518686414.9601529 1518686414.977869 18 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700814&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=04A2C2DAC0952F4FFA653C8014811FD58D6AB64E.3D2AF94243B4150ACA117839A3E732B260C7890C&key=cms1 671 3636 0 2966 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686415.8667216 1518686415.8974888 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700815&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=45B009732C67E4C4E68EE766BA7F0BE78D925C25.7D4570959DA0A5549443CE1173FA9556A73F0E86&key=cms1 - CTU.339.1.Malicious 552 1518686416.101457 1518686416.1183631 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700815&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=45B009732C67E4C4E68EE766BA7F0BE78D925C25.7D4570959DA0A5549443CE1173FA9556A73F0E86&key=cms1 671 7227 0 6557 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686416.9360332 1518686416.9669695 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700816&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E2AA76ECA73DC17BFD8F419FE672277027F72CC.2EB7E9F44E802A8B1FA0B21262381E45E8C4A38B&key=cms1 - CTU.339.1.Malicious 552 1518686417.1737895 1518686417.1888716 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700816&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E2AA76ECA73DC17BFD8F419FE672277027F72CC.2EB7E9F44E802A8B1FA0B21262381E45E8C4A38B&key=cms1 671 12249 0 11578 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686417.976591 1518686418.0073276 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700817&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07B427C4DB10EEAA3516EA9D31FCFF12EF3CC1AD.2823C1D72688F751CEE6E6E19A255FBD8B3CDC28&key=cms1 - CTU.339.1.Malicious 552 1518686418.2202642 1518686418.236038 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700817&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07B427C4DB10EEAA3516EA9D31FCFF12EF3CC1AD.2823C1D72688F751CEE6E6E19A255FBD8B3CDC28&key=cms1 671 12449 0 11778 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686419.0163748 1518686419.0496116 33 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700819&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=286427CEA0061974C5EE93B92CA1BAC763B23065.2DD3D00D29C3E10C7175B989288E4CEAF07600BC&key=cms1 - CTU.339.1.Malicious 552 1518686419.2549343 1518686419.2937112 39 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700819&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=286427CEA0061974C5EE93B92CA1BAC763B23065.2DD3D00D29C3E10C7175B989288E4CEAF07600BC&key=cms1 671 11867 0 11196 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686420.0591216 1518686420.0909655 32 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700820&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=025C37E35F15EE06C07F5A652D00C6BA2C6E44A6.4487653C6D875D117745B843BE8157571B99F62F&key=cms1 - CTU.339.1.Malicious 552 1518686420.2914972 1518686420.3070204 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700820&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=025C37E35F15EE06C07F5A652D00C6BA2C6E44A6.4487653C6D875D117745B843BE8157571B99F62F&key=cms1 671 10500 0 9830 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686421.106264 1518686421.136431 30 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700821&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33D10D8401215D06476B18D55FE8922E096A6A50.1F5265C935810C653883C6046B44F04682B0A07D&key=cms1 - CTU.339.1.Malicious 552 1518686421.3459237 1518686421.362617 17 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700821&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33D10D8401215D06476B18D55FE8922E096A6A50.1F5265C935810C653883C6046B44F04682B0A07D&key=cms1 671 9591 0 8921 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686423.158841 1518686423.1900895 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700823&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=807418502553637D451EB360FCEF97CC84A10FCB.40ED9C7E19A60CB95ED1F5DEA642D1273DD73C17&key=cms1 - CTU.339.1.Malicious 552 1518686423.3934987 1518686423.4093964 16 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700823&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=807418502553637D451EB360FCEF97CC84A10FCB.40ED9C7E19A60CB95ED1F5DEA642D1273DD73C17&key=cms1 671 12504 0 11833 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 551 1518686424.590729 1518686424.6220639 31 192.168.1.119 - 50005 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700824&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=776CD1EE6EF4AE523AAC925D892E7012C983A3D9.76420966C1486A3F65D399DF49203FA461060718&key=cms1 - CTU.339.1.Malicious 552 1518686424.8210232 1518686424.8362432 15 192.168.1.119 - 50006 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/aa32gRPIAjc_4284/4284_all_crl-set-10433226052285937247.data.crx3?cms_redirect=yes&expire=1518700824&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518686307&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=776CD1EE6EF4AE523AAC925D892E7012C983A3D9.76420966C1486A3F65D399DF49203FA461060718&key=cms1 671 1872 0 1202 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 553 1518686425.9838953 1518686426.2145922 231 192.168.1.119 - 50007 172.217.23.227 443 https://update.googleapis.com/service/update2 1252 942 919 246 303 684 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 554 1518689764.465395 1518689764.495156 30 192.168.1.119 - 50009 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 554 1518689764.7060728 1518689764.7418585 36 192.168.1.119 - 50009 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 555 1518689764.8237925 1518689764.8689964 45 192.168.1.119 - 50011 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 556 1518690758.4357092 1518690758.4642687 29 192.168.1.119 - 50016 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 422 0 24 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 557 1518693365.202592 1518693365.2393837 37 192.168.1.119 - 50017 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 557 1518693365.2431152 1518693365.4940631 251 192.168.1.119 - 50017 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 558 1518693366.2066278 1518693366.24358 37 192.168.1.119 - 50018 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 559 1518695015.3848891 1518695015.4137692 29 192.168.1.119 - 50020 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.15%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 560 1518696869.1591206 1518696869.2288468 70 192.168.1.119 - 50021 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 561 1518696965.9622877 1518696965.993313 31 192.168.1.119 - 50022 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 561 1518696966.2387908 1518696966.280393 42 192.168.1.119 - 50022 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 562 1518696966.7116559 1518696966.7537262 42 192.168.1.119 - 50024 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 563 1518700567.0264628 1518700567.064064 38 192.168.1.119 - 50026 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 564 1518700567.1378717 1518700567.1696002 32 192.168.1.119 - 50027 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 565 1518700567.2391157 1518700567.267583 28 192.168.1.119 - 50025 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 566 1518704167.989104 1518704168.254289 265 192.168.1.119 - 50029 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 567 1518704167.9883258 1518704168.2572365 269 192.168.1.119 - 50028 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 567 1518704168.4705355 1518704168.5001929 30 192.168.1.119 - 50028 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 568 1518707769.3795938 1518707769.4172862 38 192.168.1.119 - 50031 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 569 1518707770.5881412 1518707770.622303 34 192.168.1.119 - 50032 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 570 1518707770.369085 1518707770.6300838 261 192.168.1.119 - 50033 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 571 1518711370.2785256 1518711370.3121748 34 192.168.1.119 - 50034 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 572 1518711370.8849146 1518711370.9149425 30 192.168.1.119 - 50035 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 573 1518711371.1740274 1518711371.213524 39 192.168.1.119 - 50036 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 574 1518711409.0752997 1518711409.1075556 32 192.168.1.119 - 50037 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.15%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 575 1518712384.842715 1518712384.8754191 33 192.168.1.119 - 50042 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 510 0 112 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 576 1518714971.3643875 1518714971.3982427 34 192.168.1.119 - 50043 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 577 1518714971.516571 1518714971.5499375 33 192.168.1.119 - 50045 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 578 1518714971.646908 1518714971.6796405 33 192.168.1.119 - 50044 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 579 1518718572.1872995 1518718572.2237918 36 192.168.1.119 - 50047 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 580 1518718572.4458554 1518718572.4797575 34 192.168.1.119 - 50048 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 581 1518718572.9985006 1518718573.0376139 39 192.168.1.119 - 50046 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 582 1518722173.480244 1518722173.514483 34 192.168.1.119 - 50049 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 583 1518722173.5456803 1518722173.5803778 35 192.168.1.119 - 50051 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 582 1518722173.9430668 1518722173.974624 32 192.168.1.119 - 50049 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 584 1518725670.035407 1518725670.3037136 268 192.168.1.119 - 50052 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 585 1518725774.437502 1518725774.4714105 34 192.168.1.119 - 50054 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 586 1518725774.6552274 1518725774.8825693 227 192.168.1.119 - 50055 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 587 1518725775.454784 1518725775.4924486 38 192.168.1.119 - 50053 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 588 1518728329.0103195 1518728329.0403368 30 192.168.1.119 - 50056 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.15%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 589 1518729375.9440472 1518729375.9761746 32 192.168.1.119 - 50057 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 589 1518729376.018256 1518729376.046849 29 192.168.1.119 - 50057 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 590 1518729377.1420066 1518729377.1752143 33 192.168.1.119 - 50059 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 591 1518732976.7015667 1518732976.7338476 32 192.168.1.119 - 50060 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 592 1518732976.9076865 1518732976.9380531 30 192.168.1.119 - 50061 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 593 1518732977.4599838 1518732977.4931414 33 192.168.1.119 - 50062 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 594 1518734014.6672301 1518734014.71518 48 192.168.1.119 - 50067 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 510 0 112 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 595 1518736578.266001 1518736578.296463 30 192.168.1.119 - 50068 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 595 1518736578.506771 1518736578.5377412 31 192.168.1.119 - 50068 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 596 1518736579.5022132 1518736579.5344458 32 192.168.1.119 - 50070 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 597 1518740179.2822297 1518740179.3123486 30 192.168.1.119 - 50072 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 598 1518740179.4972775 1518740179.5272322 30 192.168.1.119 - 50071 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 599 1518740179.8227515 1518740179.8606503 38 192.168.1.119 - 50073 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 600 1518740356.0000386 1518740356.0395432 40 192.168.1.119 - 50074 172.217.23.227 443 https://update.googleapis.com/service/update2?cup2key=7:550925213&cup2hreq=7295b459dfbf71dc2d40e608e11f8a54e75e2342d816c775ec4841732cdfabe8 1413 2476 986 1319 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 601 1518740357.3620238 1518740357.4170487 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=128129B749C58BBBE9A3A95B52056AA8E2B2EC0E.05539366B590793C2849B08CACD892514DAF7A8A&key=cms1 - CTU.339.1.Malicious 602 1518740357.6697204 1518740357.686089 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=128129B749C58BBBE9A3A95B52056AA8E2B2EC0E.05539366B590793C2849B08CACD892514DAF7A8A&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 601 1518740359.2098694 1518740359.2664082 57 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 370 1530 0 691 259 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=70653977F0FD8C5C0DAB2982780E290C105D00A8.84EC8BFE6385F162C24BA2DCEB516A1781FF86BC&key=cms1 - CTU.339.1.Malicious 602 1518740359.4698634 1518740359.4853158 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=70653977F0FD8C5C0DAB2982780E290C105D00A8.84EC8BFE6385F162C24BA2DCEB516A1781FF86BC&key=cms1 684 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740361.4439995 1518740361.4981606 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4993469D7FE186CE3B7179B8B829000F8B9F0A26.2FB1298F1DDFB0602AB99B9E1BEB311E6C279BE9&key=cms1 - CTU.339.1.Malicious 602 1518740361.70227 1518740361.7173064 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4993469D7FE186CE3B7179B8B829000F8B9F0A26.2FB1298F1DDFB0602AB99B9E1BEB311E6C279BE9&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740362.6035469 1518740362.657611 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4F698CEDCF3C1690CF1B4CA71E0471C7442B2EEB.7ED100D110DFC2711CEA72563FA19E5CEB7EC250&key=cms1 - CTU.339.1.Malicious 602 1518740362.861388 1518740362.877593 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4F698CEDCF3C1690CF1B4CA71E0471C7442B2EEB.7ED100D110DFC2711CEA72563FA19E5CEB7EC250&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740363.6851628 1518740363.7394898 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68FF1FD5BC605E3EDA25C3A38F0F0FCB72E06543.7C17D851122041DE19C22FBB1C51FF237DD29CC9&key=cms1 - CTU.339.1.Malicious 602 1518740363.9431334 1518740363.9588177 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68FF1FD5BC605E3EDA25C3A38F0F0FCB72E06543.7C17D851122041DE19C22FBB1C51FF237DD29CC9&key=cms1 669 6444 0 5776 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740365.7710807 1518740365.8258765 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=34BB9607E6AF5A35FA976284584B93A9AF972210.23167E9C0A47FFB3C3BBC32F05585581B8685E68&key=cms1 - CTU.339.1.Malicious 602 1518740366.0284915 1518740366.043605 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=34BB9607E6AF5A35FA976284584B93A9AF972210.23167E9C0A47FFB3C3BBC32F05585581B8685E68&key=cms1 669 5185 0 4517 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740367.872206 1518740367.9263787 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0552C14D35549D65D8E8067646B9AB7E2C8E1CD9.29E98C1F9D9E1160AFA066D4DB54D317044D12A1&key=cms1 - CTU.339.1.Malicious 602 1518740368.1260536 1518740368.1417954 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0552C14D35549D65D8E8067646B9AB7E2C8E1CD9.29E98C1F9D9E1160AFA066D4DB54D317044D12A1&key=cms1 669 5516 0 4848 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740369.963677 1518740370.018549 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3569D3ED96B2D04D1A42FA1C07FB61891C18F3C8.46FDAF6DCCD28F968A22086E257AA532FEFC51E9&key=cms1 - CTU.339.1.Malicious 602 1518740370.2218404 1518740370.238748 17 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3569D3ED96B2D04D1A42FA1C07FB61891C18F3C8.46FDAF6DCCD28F968A22086E257AA532FEFC51E9&key=cms1 669 4598 0 3930 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740372.0736668 1518740372.1291018 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6AE010031A0DB7D52688486EDAD4A79AA913358B.14C05E7C74F329A35AC3190F76EC8F7F6685AFE2&key=cms1 - CTU.339.1.Malicious 602 1518740372.3325565 1518740372.3472695 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6AE010031A0DB7D52688486EDAD4A79AA913358B.14C05E7C74F329A35AC3190F76EC8F7F6685AFE2&key=cms1 669 9152 0 8484 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740374.1287282 1518740374.1837873 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72C0358BD4075F115FB65324D0E3C5E135FF3932.40A4A445DAAC380221ACAE76309B58DE8F629449&key=cms1 - CTU.339.1.Malicious 602 1518740374.387252 1518740374.4030864 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72C0358BD4075F115FB65324D0E3C5E135FF3932.40A4A445DAAC380221ACAE76309B58DE8F629449&key=cms1 669 18261 0 17592 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740376.8638883 1518740376.9187684 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=45D8C7A88DDBF131CD333BE2BC8BE527D0089F83.22F88B28B2E80BD5FE061A60505C7063FD789E42&key=cms1 - CTU.339.1.Malicious 602 1518740377.1249957 1518740377.1430576 18 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=45D8C7A88DDBF131CD333BE2BC8BE527D0089F83.22F88B28B2E80BD5FE061A60505C7063FD789E42&key=cms1 669 15546 0 14877 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740379.6123168 1518740379.6667082 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=787E10A27F8D1D0969E9241762228EDA589E65E9.07B5ED26D6910B4102E600A7003C2EA9F71C91E8&key=cms1 - CTU.339.1.Malicious 602 1518740379.869443 1518740379.885441 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=787E10A27F8D1D0969E9241762228EDA589E65E9.07B5ED26D6910B4102E600A7003C2EA9F71C91E8&key=cms1 669 13099 0 12430 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740382.303853 1518740382.3576772 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6730EC8D3D94384F707B1B8A05EC76C76BBB6F5F.340D13D91FD04751C02E31607F410B66B989BCB2&key=cms1 - CTU.339.1.Malicious 602 1518740382.561013 1518740382.5767882 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740239&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6730EC8D3D94384F707B1B8A05EC76C76BBB6F5F.340D13D91FD04751C02E31607F410B66B989BCB2&key=cms1 669 11333 0 10664 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740383.85529 1518740383.9098513 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6BA02D2FB36A704198294C832D12C6DDA48E3894.24E66B16E5B01A874052ED2F088DA93BA0F0C3EB&key=cms1 - CTU.339.1.Malicious 602 1518740384.1148367 1518740384.1330318 18 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6BA02D2FB36A704198294C832D12C6DDA48E3894.24E66B16E5B01A874052ED2F088DA93BA0F0C3EB&key=cms1 670 9978 0 9309 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740384.904998 1518740384.9597533 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3711D2FBA324F812E63A75105ADD119396034F2C.7B35BDFC4F1A1806FC627F88B11049F994FFEDA4&key=cms1 - CTU.339.1.Malicious 602 1518740385.166566 1518740385.182643 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3711D2FBA324F812E63A75105ADD119396034F2C.7B35BDFC4F1A1806FC627F88B11049F994FFEDA4&key=cms1 691 8847 0 8177 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740386.9619608 1518740387.0163262 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=61406D94ADD4AAB9EA5DC3ABC6C2865343198790.80123223BD582FCFE357EA7469EE90FEC9724428&key=cms1 - CTU.339.1.Malicious 602 1518740387.2192266 1518740387.2353454 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=61406D94ADD4AAB9EA5DC3ABC6C2865343198790.80123223BD582FCFE357EA7469EE90FEC9724428&key=cms1 671 7586 0 6916 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740389.029209 1518740389.0837228 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=04F5A8320BBAC34744B5073748A94638925CFBF6.16DB51A9C348405B7EC889EF1C225202CF6965E6&key=cms1 - CTU.339.1.Malicious 602 1518740389.2866073 1518740389.3021533 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=04F5A8320BBAC34744B5073748A94638925CFBF6.16DB51A9C348405B7EC889EF1C225202CF6965E6&key=cms1 671 6247 0 5577 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740391.1097841 1518740391.1637027 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5CE63D69D2251886FEF3C67535B772BE5E8CBCFE.46E0D98B4D01779A064969164B165540B6182690&key=cms1 - CTU.339.1.Malicious 602 1518740391.3902032 1518740391.4064622 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5CE63D69D2251886FEF3C67535B772BE5E8CBCFE.46E0D98B4D01779A064969164B165540B6182690&key=cms1 671 5387 0 4717 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740393.2039533 1518740393.2591617 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=12B7969394F5805E30F9A2410048E42EB288739E.04CD91D929F8426DF5E87E69E016E05E1753BE17&key=cms1 - CTU.339.1.Malicious 602 1518740393.4631486 1518740393.4784355 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=12B7969394F5805E30F9A2410048E42EB288739E.04CD91D929F8426DF5E87E69E016E05E1753BE17&key=cms1 671 4146 0 3476 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740394.325481 1518740394.3806207 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A0A7D7CFA0832115EEEBD4922EFDA4E6F8019BE.784E2F58D35B2BC051E3FFED6F4E0E77B1700049&key=cms1 - CTU.339.1.Malicious 602 1518740394.5838146 1518740394.599579 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A0A7D7CFA0832115EEEBD4922EFDA4E6F8019BE.784E2F58D35B2BC051E3FFED6F4E0E77B1700049&key=cms1 671 8246 0 7576 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740395.3862457 1518740395.440031 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=142E287270373C278D2809DA062F360B1A2A0AF5.28FBEC061E83D70F2B52787D3FEC7FBD6BD5C5FA&key=cms1 - CTU.339.1.Malicious 602 1518740395.649214 1518740395.663868 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=142E287270373C278D2809DA062F360B1A2A0AF5.28FBEC061E83D70F2B52787D3FEC7FBD6BD5C5FA&key=cms1 671 7680 0 7010 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740396.4522443 1518740396.5067675 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=239A6587B6354ACC34395EE859EB25F355F92230.607A1E7067BEDD422D9261615157E3062115AA36&key=cms1 - CTU.339.1.Malicious 602 1518740396.7160351 1518740396.7319508 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=239A6587B6354ACC34395EE859EB25F355F92230.607A1E7067BEDD422D9261615157E3062115AA36&key=cms1 671 7060 0 6390 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740397.5233448 1518740397.5761268 53 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=12D3498315ED02555BB71F8B1ACA53117528010C.431913A826562E530FA42747D69058D5F1C3FFA9&key=cms1 - CTU.339.1.Malicious 602 1518740397.7707384 1518740397.786533 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=12D3498315ED02555BB71F8B1ACA53117528010C.431913A826562E530FA42747D69058D5F1C3FFA9&key=cms1 691 6386 0 5716 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740398.601969 1518740398.6557062 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=805E11492A61D2CB172854FBD033E46052EC6F77.4B1A9EA807FBF27154F2638BC3D1C07E6EA3788E&key=cms1 - CTU.339.1.Malicious 602 1518740398.8596647 1518740398.877678 18 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=805E11492A61D2CB172854FBD033E46052EC6F77.4B1A9EA807FBF27154F2638BC3D1C07E6EA3788E&key=cms1 671 10135 0 9465 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740399.6512048 1518740399.7071927 56 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C534C85C3F60755FA016A1A0E48F9D845F6B92E.3A752B78D05BFC1002361D203192C991911C64F9&key=cms1 - CTU.339.1.Malicious 602 1518740399.9118867 1518740399.925492 14 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C534C85C3F60755FA016A1A0E48F9D845F6B92E.3A752B78D05BFC1002361D203192C991911C64F9&key=cms1 671 9800 0 9130 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740401.707795 1518740401.7664564 59 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=14ACE2F2761DEA83FB69AC440825DD5944E7966D.66EAFF2FD848CB3B3045816E23541887C8049726&key=cms1 - CTU.339.1.Malicious 602 1518740401.96942 1518740401.9828973 13 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=14ACE2F2761DEA83FB69AC440825DD5944E7966D.66EAFF2FD848CB3B3045816E23541887C8049726&key=cms1 691 10431 0 9761 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740402.7560527 1518740402.809447 53 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A3AF830A7F4EF7CA35E1EDA0D9B153E1E443F3C.6D3BB75A3EDD36F230FEF78CE31DF186897F18A1&key=cms1 - CTU.339.1.Malicious 602 1518740403.0126579 1518740403.0279396 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A3AF830A7F4EF7CA35E1EDA0D9B153E1E443F3C.6D3BB75A3EDD36F230FEF78CE31DF186897F18A1&key=cms1 671 10291 0 9621 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740403.8047276 1518740403.8593137 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66095307B029BFFF8CF0998CC5E350E064780290.310D4C82347EE20395F4AE3D9D3AA1B6D9A42545&key=cms1 - CTU.339.1.Malicious 602 1518740404.0634882 1518740404.0811841 18 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66095307B029BFFF8CF0998CC5E350E064780290.310D4C82347EE20395F4AE3D9D3AA1B6D9A42545&key=cms1 671 10203 0 9533 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740404.8537748 1518740404.905492 52 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=845FC9B0B244CEBDB77E6A7F21708B5279B14A78.0F2BAD8C51A94B3E854A15448F20F8E4E1087C2F&key=cms1 - CTU.339.1.Malicious 602 1518740405.1091979 1518740405.1255312 16 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=845FC9B0B244CEBDB77E6A7F21708B5279B14A78.0F2BAD8C51A94B3E854A15448F20F8E4E1087C2F&key=cms1 671 10083 0 9413 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740405.903151 1518740405.9584057 55 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68733DD52F72DE5F37A2A6648D2D0370D0F6E990.38BAFD04FEBEA37402F914D006DCC6F03A36757D&key=cms1 - CTU.339.1.Malicious 602 1518740406.1644094 1518740406.1809313 17 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68733DD52F72DE5F37A2A6648D2D0370D0F6E990.38BAFD04FEBEA37402F914D006DCC6F03A36757D&key=cms1 671 10043 0 9373 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 601 1518740407.9535704 1518740408.007814 54 192.168.1.119 - 50075 172.217.23.238 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=392C212362327BD0E212D935CEA9367B4EB9EB02.6F606888F99BB1C0EB0D63665DA8C13B0759DF46&key=cms1 - CTU.339.1.Malicious 602 1518740408.211547 1518740408.2267191 15 192.168.1.119 - 50076 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/EeniRq6J7zs_4285/4285_all_crl-set-15694410373833746250.data.crx3?cms_redirect=yes&expire=1518754807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518740317&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=392C212362327BD0E212D935CEA9367B4EB9EB02.6F606888F99BB1C0EB0D63665DA8C13B0759DF46&key=cms1 671 1834 0 1164 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 603 1518740409.3935275 1518740409.6273487 234 192.168.1.119 - 50077 172.217.23.227 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 604 1518743780.4804444 1518743780.510367 30 192.168.1.119 - 50080 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 605 1518743780.6731308 1518743780.7035155 30 192.168.1.119 - 50078 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 605 1518743780.9149218 1518743780.949096 34 192.168.1.119 - 50078 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 606 1518747381.4568489 1518747381.488031 31 192.168.1.119 - 50082 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 607 1518747382.6882749 1518747382.7200148 32 192.168.1.119 - 50081 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 608 1518747382.6828258 1518747382.8995578 217 192.168.1.119 - 50083 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 609 1518747593.9403882 1518747593.9792397 39 192.168.1.119 - 50084 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.15%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 610 1518747598.4713318 1518747598.4966552 25 192.168.1.119 - 50085 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 611 1518750982.6515973 1518750982.6833591 32 192.168.1.119 - 50086 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 612 1518750983.2271984 1518750983.2610822 34 192.168.1.119 - 50087 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 613 1518750983.2320511 1518750983.4657552 234 192.168.1.119 - 50088 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 614 1518754406.5729947 1518754406.5978403 25 192.168.1.119 - 50091 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 614 1518754406.6017034 1518754406.625022 23 192.168.1.119 - 50091 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6432 0 6137 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 614 1518754406.829441 1518754407.0718608 242 192.168.1.119 - 50091 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6964 0 6683 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 615 1518754470.8765714 1518754470.9414597 65 192.168.1.119 - 50092 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 616 1518754583.4542394 1518754583.4875212 33 192.168.1.119 - 50093 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 617 1518754583.7233703 1518754583.760038 37 192.168.1.119 - 50094 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 617 1518754583.814101 1518754583.844383 30 192.168.1.119 - 50094 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 618 1518755641.2756674 1518755641.318275 43 192.168.1.119 - 50099 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 510 0 112 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 619 1518758184.8182771 1518758184.8496134 31 192.168.1.119 - 50101 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 619 1518758185.056189 1518758185.0928574 37 192.168.1.119 - 50101 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 620 1518758185.821129 1518758185.853019 32 192.168.1.119 - 50100 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 621 1518761786.15753 1518761786.1909378 33 192.168.1.119 - 50104 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 621 1518761786.401865 1518761786.4357927 34 192.168.1.119 - 50104 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 622 1518761787.1666944 1518761787.1982982 32 192.168.1.119 - 50105 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 623 1518764057.3344684 1518764057.3642333 30 192.168.1.119 - 50106 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.16%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 624 1518765387.7638657 1518765387.794151 30 192.168.1.119 - 50107 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 624 1518765387.921961 1518765387.9544883 33 192.168.1.119 - 50107 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 625 1518765387.9376864 1518765387.977818 40 192.168.1.119 - 50109 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 626 1518768988.6796606 1518768988.7111099 31 192.168.1.119 - 50112 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 626 1518768988.7156882 1518768988.9635139 248 192.168.1.119 - 50112 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 627 1518768989.913303 1518768989.9454677 32 192.168.1.119 - 50111 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 628 1518772589.8719356 1518772589.9119558 40 192.168.1.119 - 50114 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 629 1518772589.8666456 1518772590.1235936 257 192.168.1.119 - 50113 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 630 1518772590.2331479 1518772590.266308 33 192.168.1.119 - 50115 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 631 1518776191.1231387 1518776191.1541114 31 192.168.1.119 - 50117 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 447 0 16 676 417 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 632 1518776192.1241639 1518776192.3763325 252 192.168.1.119 - 50116 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3364 0 2931 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 632 1518776192.3802316 1518776192.4095473 29 192.168.1.119 - 50116 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3077 0 2644 260 419 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 633 1518777268.0365384 1518777268.0746968 38 192.168.1.119 - 50123 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 510 0 112 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 634 1518779792.6524649 1518779792.694837 42 192.168.1.119 - 50124 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 635 1518779792.9319298 1518779792.9758217 44 192.168.1.119 - 50126 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 636 1518779793.1106553 1518779793.1520622 41 192.168.1.119 - 50125 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 637 1518780474.4570339 1518780474.4860065 29 192.168.1.119 - 50127 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.16%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 638 1518783272.3975935 1518783272.5213156 124 192.168.1.119 - 50128 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 639 1518783393.6950796 1518783393.723578 28 192.168.1.119 - 50130 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 639 1518783393.9271858 1518783393.9574594 30 192.168.1.119 - 50130 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 640 1518783394.6870124 1518783394.718688 32 192.168.1.119 - 50129 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 641 1518786994.9187133 1518786994.9515333 33 192.168.1.119 - 50132 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 642 1518786994.911908 1518786995.1656814 254 192.168.1.119 - 50133 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 643 1518786996.0681794 1518786996.1031237 35 192.168.1.119 - 50134 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 644 1518790595.5312023 1518790595.5681365 37 192.168.1.119 - 50135 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 644 1518790595.7782993 1518790595.810279 32 192.168.1.119 - 50135 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 645 1518790596.4032822 1518790596.4457097 42 192.168.1.119 - 50137 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 646 1518794196.7357109 1518794196.7819567 46 192.168.1.119 - 50140 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 647 1518794196.83735 1518794196.8686182 31 192.168.1.119 - 50138 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 648 1518794196.8323927 1518794197.0886967 256 192.168.1.119 - 50139 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 649 1518794356.343405 1518794356.3870573 44 192.168.1.119 - 50141 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:104764931&cup2hreq=281c3d504c40c08cc6d99585b2bfb97dc86a2bfbd760b972e617ee96599d009d 1413 2484 986 1319 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 650 1518794358.190659 1518794358.2226756 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=24397D9AB77AC983A2392CED7661B3F5D2EFCA43.61AE158E56848D70F8D994258C68C5660434F887&key=cms1 - CTU.339.1.Malicious 651 1518794358.5574431 1518794358.573463 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=24397D9AB77AC983A2392CED7661B3F5D2EFCA43.61AE158E56848D70F8D994258C68C5660434F887&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 650 1518794360.0389078 1518794360.0707502 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=265837ECA63BD07F906238EFDEC2CD5D0CA508C6.484EE9BDBD047F4D40573D18C61118F6B93D80BC&key=cms1 - CTU.339.1.Malicious 651 1518794360.273916 1518794360.288855 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=265837ECA63BD07F906238EFDEC2CD5D0CA508C6.484EE9BDBD047F4D40573D18C61118F6B93D80BC&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794362.2520866 1518794362.2836633 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2130B85073F6EA405D7F735D6E5EE11BB67D6AE3.1AC0A0DCB27E21305BAEEFA9914FEAF197F4930C&key=cms1 - CTU.339.1.Malicious 651 1518794362.4877996 1518794362.503294 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2130B85073F6EA405D7F735D6E5EE11BB67D6AE3.1AC0A0DCB27E21305BAEEFA9914FEAF197F4930C&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794363.41267 1518794363.4460948 33 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33EA54096ACCF1FDE8DB90F7EC241E575BF07D92.80D63595640999A786CBB9B63D957C167947F09B&key=cms1 - CTU.339.1.Malicious 651 1518794363.6485987 1518794363.664708 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=33EA54096ACCF1FDE8DB90F7EC241E575BF07D92.80D63595640999A786CBB9B63D957C167947F09B&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794364.4941177 1518794364.5257235 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=64628310E9EE522413CAE148E18AF1020E5F6DF2.39BD4DBFA8DB2F23224590EF77937450D12AD487&key=cms1 - CTU.339.1.Malicious 651 1518794364.729179 1518794364.7449863 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=64628310E9EE522413CAE148E18AF1020E5F6DF2.39BD4DBFA8DB2F23224590EF77937450D12AD487&key=cms1 669 12845 0 12176 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794365.879776 1518794365.9112194 31 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82B8C02C72035269D2AA9DD53A401AFB0F1C6EDC.732751AF0BB04C57F7ED8600B74AB4E9966C23A6&key=cms1 - CTU.339.1.Malicious 651 1518794366.1137507 1518794366.1268725 13 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82B8C02C72035269D2AA9DD53A401AFB0F1C6EDC.732751AF0BB04C57F7ED8600B74AB4E9966C23A6&key=cms1 669 11327 0 10658 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794366.927872 1518794366.9600468 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=45369B6237CB7628BA32D28098C7BC5E3DDE6408.3A9E1A8DEE90A273981F4C0CE9CF1DAA2F398889&key=cms1 - CTU.339.1.Malicious 651 1518794367.1667569 1518794367.1826975 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=45369B6237CB7628BA32D28098C7BC5E3DDE6408.3A9E1A8DEE90A273981F4C0CE9CF1DAA2F398889&key=cms1 669 11408 0 10739 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794368.3701978 1518794368.3989933 29 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5D64182BBFEF6DE548540C82A1408314DB483189.6FA87ADD8FE9157173F8A650C8EDDEDE3729DC32&key=cms1 - CTU.339.1.Malicious 651 1518794368.606003 1518794368.6229668 17 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5D64182BBFEF6DE548540C82A1408314DB483189.6FA87ADD8FE9157173F8A650C8EDDEDE3729DC32&key=cms1 669 10238 0 9570 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794369.419279 1518794369.4499345 31 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1212D3B728B01EF7DED668B9123896FA35C8CB58.4C665FB29E5E91072DFE027BA49DC636D885440A&key=cms1 - CTU.339.1.Malicious 651 1518794369.6551964 1518794369.670473 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794248&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1212D3B728B01EF7DED668B9123896FA35C8CB58.4C665FB29E5E91072DFE027BA49DC636D885440A&key=cms1 669 9576 0 8908 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794371.473352 1518794371.5061512 33 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7E52592264127EC117CFA048688872AFA84CE7C2.7A9366FD5C44765B77AFF8623D2A6E85DD8BDFBF&key=cms1 - CTU.339.1.Malicious 651 1518794371.7091973 1518794371.7243752 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7E52592264127EC117CFA048688872AFA84CE7C2.7A9366FD5C44765B77AFF8623D2A6E85DD8BDFBF&key=cms1 669 19109 0 18440 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794374.1032755 1518794374.1338305 31 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=71ADEF17432D20EBB577DF69F5C9BDDDBA4471EE.73B2578C7A4788A8298056586CDB8D54B125CE03&key=cms1 - CTU.339.1.Malicious 651 1518794374.3371038 1518794374.3524601 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=71ADEF17432D20EBB577DF69F5C9BDDDBA4471EE.73B2578C7A4788A8298056586CDB8D54B125CE03&key=cms1 669 16870 0 16201 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794375.7035933 1518794375.7368839 33 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=580513F77BD065EA6AC09DCE50DE19994CC18673.18188E3BDF75FB02775622978991A930FCC839F6&key=cms1 - CTU.339.1.Malicious 651 1518794375.9425647 1518794375.9587877 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=580513F77BD065EA6AC09DCE50DE19994CC18673.18188E3BDF75FB02775622978991A930FCC839F6&key=cms1 670 14911 0 14241 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794378.3355556 1518794378.3666801 31 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=351F94DA8B42CFFB6885F5F6D4453AD039428926.251BCFFF37C8DA82990F093F02AF69D7287AE5C6&key=cms1 - CTU.339.1.Malicious 651 1518794378.575968 1518794378.5923994 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=351F94DA8B42CFFB6885F5F6D4453AD039428926.251BCFFF37C8DA82990F093F02AF69D7287AE5C6&key=cms1 671 12742 0 12071 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794379.3749964 1518794379.4067256 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1EF29E0C38EFB81AC65741E770A43705188A4A96.077566AE623A85012EEF6C68844816C324DCA4E4&key=cms1 - CTU.339.1.Malicious 651 1518794379.6187255 1518794379.634052 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1EF29E0C38EFB81AC65741E770A43705188A4A96.077566AE623A85012EEF6C68844816C324DCA4E4&key=cms1 671 12054 0 11383 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794380.8786654 1518794380.9109142 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=46734D13A25055CC208F775C36E480FC8627721B.82C5B39BEE418852C31FC9F245CDC6EB8EB8DB32&key=cms1 - CTU.339.1.Malicious 651 1518794381.1141346 1518794381.130558 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=46734D13A25055CC208F775C36E480FC8627721B.82C5B39BEE418852C31FC9F245CDC6EB8EB8DB32&key=cms1 671 10719 0 10048 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794382.9242282 1518794382.9564748 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B926E5154248D40B6DCA8DA5B9B880983DC425B.7D03B8D8DF94C9EFEECB8B5A25367B8BF9038B86&key=cms1 - CTU.339.1.Malicious 651 1518794383.1588182 1518794383.177324 19 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B926E5154248D40B6DCA8DA5B9B880983DC425B.7D03B8D8DF94C9EFEECB8B5A25367B8BF9038B86&key=cms1 671 21391 0 20720 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794385.824454 1518794385.856447 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0C5C0FC3A27388FF438334C5A6455300AAC270CA.0E1A924B607268C3C9D3F661475A45531B8D2482&key=cms1 - CTU.339.1.Malicious 651 1518794386.0542388 1518794386.0694728 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0C5C0FC3A27388FF438334C5A6455300AAC270CA.0E1A924B607268C3C9D3F661475A45531B8D2482&key=cms1 671 17889 0 17218 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794388.5502517 1518794388.5821843 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1095AD0EE24A930A1754F87C379D3F8AE009EDFA.0FABEC6FEEFD9BF608F1C8B0C9345D684D7D81E3&key=cms1 - CTU.339.1.Malicious 651 1518794388.7857916 1518794388.8014827 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1095AD0EE24A930A1754F87C379D3F8AE009EDFA.0FABEC6FEEFD9BF608F1C8B0C9345D684D7D81E3&key=cms1 671 15497 0 14826 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794391.2646866 1518794391.2962446 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3AEE07E89985D3A7D25FD52B5634DD046E3ACFF1.697140CCD11520CD09889673855D2FD24380FC0D&key=cms1 - CTU.339.1.Malicious 651 1518794391.504395 1518794391.519741 15 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3AEE07E89985D3A7D25FD52B5634DD046E3ACFF1.697140CCD11520CD09889673855D2FD24380FC0D&key=cms1 671 13405 0 12734 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794393.7502213 1518794393.7820618 32 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=38217BFEF3DB5FD4CB1E50B634CEDFF8C794C6F7.5FF5BF05C0C1ECEFF2B3EE4611C06EC35C444857&key=cms1 - CTU.339.1.Malicious 651 1518794393.9853828 1518794394.0026069 17 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=38217BFEF3DB5FD4CB1E50B634CEDFF8C794C6F7.5FF5BF05C0C1ECEFF2B3EE4611C06EC35C444857&key=cms1 671 11618 0 10947 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 650 1518794394.7934918 1518794394.8244758 31 192.168.1.119 - 50142 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=613118784097DC70FADABF0CC0EB8EB35010DA6F.2324ABA207AB19E1081CADA7694CF54A9501BA9C&key=cms1 - CTU.339.1.Malicious 651 1518794395.0217464 1518794395.0373445 16 192.168.1.119 - 50143 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/NFtl8FwqsZ4_4286/4286_all_crl-set-10839460775181189214.data.crx3?cms_redirect=yes&expire=1518808794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518794304&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=613118784097DC70FADABF0CC0EB8EB35010DA6F.2324ABA207AB19E1081CADA7694CF54A9501BA9C&key=cms1 671 5356 0 4686 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 652 1518794398.0153677 1518794398.2599616 245 192.168.1.119 - 50144 172.217.23.195 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 653 1518797237.7571852 1518797237.786494 29 192.168.1.119 - 50145 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.16%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 654 1518797798.2750175 1518797798.3054185 30 192.168.1.119 - 50147 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 654 1518797798.3456876 1518797798.3779137 32 192.168.1.119 - 50147 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 655 1518797799.4816139 1518797799.724135 243 192.168.1.119 - 50146 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 656 1518798891.4896548 1518798891.5347278 45 192.168.1.119 - 50153 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 510 0 112 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 657 1518801399.4811578 1518801399.5134616 32 192.168.1.119 - 50155 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 657 1518801399.5211213 1518801399.551531 30 192.168.1.119 - 50155 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 658 1518801400.0390105 1518801400.0839624 45 192.168.1.119 - 50156 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 659 1518805000.2601993 1518805000.2954888 35 192.168.1.119 - 50157 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 659 1518805000.4990711 1518805000.534468 35 192.168.1.119 - 50157 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 660 1518805001.4077218 1518805001.4403925 33 192.168.1.119 - 50159 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 661 1518808601.6076808 1518808601.6494904 42 192.168.1.119 - 50160 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 662 1518808601.856078 1518808601.8867404 31 192.168.1.119 - 50161 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 663 1518808602.7538822 1518808602.7849414 31 192.168.1.119 - 50162 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 664 1518812073.248013 1518812073.4217594 174 192.168.1.119 - 50163 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 665 1518812202.6939692 1518812202.723671 30 192.168.1.119 - 50164 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 665 1518812202.934514 1518812202.9639285 29 192.168.1.119 - 50164 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 666 1518812203.0756392 1518812203.1113 36 192.168.1.119 - 50166 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 667 1518814484.9991207 1518814485.029395 30 192.168.1.119 - 50167 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.16%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 668 1518815804.198438 1518815804.2324128 34 192.168.1.119 - 50169 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 668 1518815804.2704499 1518815804.3037891 33 192.168.1.119 - 50169 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 669 1518815805.392487 1518815805.4236553 31 192.168.1.119 - 50170 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 670 1518819405.3811913 1518819405.410065 29 192.168.1.119 - 50171 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 670 1518819405.6150565 1518819405.647959 33 192.168.1.119 - 50171 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 671 1518819405.918435 1518819405.9517996 33 192.168.1.119 - 50173 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 672 1518820522.3817792 1518820522.4154472 34 192.168.1.119 - 50178 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 673 1518823006.3966932 1518823006.4257674 29 192.168.1.119 - 50180 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 673 1518823006.6340263 1518823006.6655025 31 192.168.1.119 - 50180 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 674 1518823007.6418939 1518823007.8601737 218 192.168.1.119 - 50181 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 675 1518826607.2425652 1518826607.273894 31 192.168.1.119 - 50183 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 675 1518826607.284441 1518826607.3173606 33 192.168.1.119 - 50183 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 676 1518826607.9709117 1518826608.00239 31 192.168.1.119 - 50184 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 677 1518830208.2294936 1518830208.2618337 32 192.168.1.119 - 50186 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 678 1518830208.297807 1518830208.3325014 35 192.168.1.119 - 50187 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 679 1518830208.63498 1518830208.6622 27 192.168.1.119 - 50185 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 680 1518833606.6130264 1518833606.6441762 31 192.168.1.119 - 50188 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.16%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 681 1518833610.7787163 1518833610.8043363 26 192.168.1.119 - 50189 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 682 1518833809.7037187 1518833809.7360935 32 192.168.1.119 - 50190 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 683 1518833810.7197647 1518833810.945741 226 192.168.1.119 - 50192 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 684 1518833810.936091 1518833810.9654202 29 192.168.1.119 - 50191 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 685 1518837411.0670764 1518837411.0971317 30 192.168.1.119 - 50193 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 686 1518837411.4645994 1518837411.4931247 29 192.168.1.119 - 50195 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 687 1518837411.6581957 1518837411.6861255 28 192.168.1.119 - 50194 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 688 1518840807.6500118 1518840807.6808665 31 192.168.1.119 - 50196 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 689 1518840807.657646 1518840807.6865046 29 192.168.1.119 - 50198 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6432 0 6137 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 688 1518840807.9756289 1518840808.0021052 26 192.168.1.119 - 50196 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6934 0 6653 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 690 1518840873.8930933 1518840873.972181 79 192.168.1.119 - 50199 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 691 1518841012.4128778 1518841012.444792 32 192.168.1.119 - 50200 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 692 1518841012.3351834 1518841012.5949244 260 192.168.1.119 - 50202 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 693 1518841012.5549326 1518841012.5976467 43 192.168.1.119 - 50201 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 694 1518841590.351399 1518841590.3625374 11 192.168.1.119 - 50207 195.113.232.72 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.339.1.Malicious 695 1518842148.418265 1518842148.4514914 33 192.168.1.119 - 50208 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 696 1518844613.9368136 1518844613.9668777 30 192.168.1.119 - 50210 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 697 1518844614.9404862 1518844614.9722686 32 192.168.1.119 - 50211 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 698 1518844615.187765 1518844615.222531 35 192.168.1.119 - 50209 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 699 1518848215.2787623 1518848215.3108256 32 192.168.1.119 - 50212 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 700 1518848215.6943922 1518848215.7257907 31 192.168.1.119 - 50213 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 701 1518848215.726128 1518848215.9777236 252 192.168.1.119 - 50214 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 702 1518848356.1935446 1518848356.4498127 256 192.168.1.119 - 50216 172.217.23.195 80 http://update.googleapis.com/service/update2?cup2key=7:29113558&cup2hreq=bca7377be93f2f13b76e7a2ad21de2537ca591dfaf58acc180d036d7840784b0 1434 2332 986 1324 325 994 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 703 1518848357.5794196 1518848357.611387 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B576745DC3A0F20CDD8F2AC7B20FB601EC9A683.34F01A137631E87CD404A74C4FF7797791B774A8&key=cms1 - CTU.339.1.Malicious 704 1518848357.8685455 1518848357.8864248 18 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B576745DC3A0F20CDD8F2AC7B20FB601EC9A683.34F01A137631E87CD404A74C4FF7797791B774A8&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 703 1518848359.222015 1518848359.2513468 29 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 370 1482 0 665 259 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=E6148D72AF21AB78424A17E409E3F9A963F8E6.09DEC795AF80A373DA3BDE6F181327DC158166EF&key=cms1 - CTU.339.1.Malicious 704 1518848359.4541454 1518848359.4706025 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=E6148D72AF21AB78424A17E409E3F9A963F8E6.09DEC795AF80A373DA3BDE6F181327DC158166EF&key=cms1 662 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848362.4654408 1518848362.495577 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03CF590BC272B9973E56C3523D1C299CC877A618.6369DC876CE85447E51F73217569C90124E6EAB9&key=cms1 - CTU.339.1.Malicious 704 1518848362.6990817 1518848362.7145014 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03CF590BC272B9973E56C3523D1C299CC877A618.6369DC876CE85447E51F73217569C90124E6EAB9&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848364.6285582 1518848364.6596916 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5588CA3F90337028E3710F00979C36BB55AAB4D4.38F133C7A22D7B7EAF8ED3FE04267CD72052FEE9&key=cms1 - CTU.339.1.Malicious 704 1518848364.8627882 1518848364.8782027 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5588CA3F90337028E3710F00979C36BB55AAB4D4.38F133C7A22D7B7EAF8ED3FE04267CD72052FEE9&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848366.7128918 1518848366.743411 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C1B7E931BC204709002BCE179053ECE36368CB4.1B1C166150CE55B14D47F0B0EF652DD46F76C448&key=cms1 - CTU.339.1.Malicious 704 1518848366.9471843 1518848366.9631083 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C1B7E931BC204709002BCE179053ECE36368CB4.1B1C166150CE55B14D47F0B0EF652DD46F76C448&key=cms1 669 5851 0 5183 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848368.7963448 1518848368.826747 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=23308247AACB3762B913CDDEFC81D2EDEC47A40A.4078335D600B0F1162467DE2F5D361095CE67716&key=cms1 - CTU.339.1.Malicious 704 1518848369.0302148 1518848369.047389 17 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=23308247AACB3762B913CDDEFC81D2EDEC47A40A.4078335D600B0F1162467DE2F5D361095CE67716&key=cms1 669 4447 0 3779 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848369.9097047 1518848369.9414384 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6FD86C9B846E13C94CD47ABD364F347658D64F2F.714C78F2F1B80F1BC0B4D77439A6BED4D7E4B4D1&key=cms1 - CTU.339.1.Malicious 704 1518848370.1450777 1518848370.160072 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6FD86C9B846E13C94CD47ABD364F347658D64F2F.714C78F2F1B80F1BC0B4D77439A6BED4D7E4B4D1&key=cms1 669 8850 0 8182 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848371.9664488 1518848371.9974716 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F1DAB021A93C9BEE018F42E5BAD6042D7093349.6A077EE6346CB088DDD345F3F46B6AD3E3B80C76&key=cms1 - CTU.339.1.Malicious 704 1518848372.2049682 1518848372.2206023 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F1DAB021A93C9BEE018F42E5BAD6042D7093349.6A077EE6346CB088DDD345F3F46B6AD3E3B80C76&key=cms1 669 7628 0 6960 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848373.0315015 1518848373.0628476 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1DC596CAC79B399788E0A9F9BC6F48552C4FAA51.3AC9B0138C59141FA266E912A636659B406922E2&key=cms1 - CTU.339.1.Malicious 704 1518848373.2616346 1518848373.2782435 17 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1DC596CAC79B399788E0A9F9BC6F48552C4FAA51.3AC9B0138C59141FA266E912A636659B406922E2&key=cms1 669 6954 0 6286 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848374.1035635 1518848374.136074 33 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E5F3283D610286B930910E73565B6216A073616.5814C70352770B0C8EAD54316E6E2E0EFA1B7A9D&key=cms1 - CTU.339.1.Malicious 704 1518848374.3352232 1518848374.3506188 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E5F3283D610286B930910E73565B6216A073616.5814C70352770B0C8EAD54316E6E2E0EFA1B7A9D&key=cms1 669 6269 0 5601 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848375.1842322 1518848375.2158656 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4498FA99EFB46AE49E5665E5D9805BFB0F7CD3C0.4A2D2BC8B0877123D5C1009B46D024C38EDDF0F4&key=cms1 - CTU.339.1.Malicious 704 1518848375.420137 1518848375.436159 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4498FA99EFB46AE49E5665E5D9805BFB0F7CD3C0.4A2D2BC8B0877123D5C1009B46D024C38EDDF0F4&key=cms1 689 7588 0 6920 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848377.2511566 1518848377.281341 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=257FC94107253151606C7D77CDF0AF36AE4706C3.2C1B3A8D888920856E84AD4EE5D0C73E1ADABFE3&key=cms1 - CTU.339.1.Malicious 704 1518848377.4859338 1518848377.502185 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=257FC94107253151606C7D77CDF0AF36AE4706C3.2C1B3A8D888920856E84AD4EE5D0C73E1ADABFE3&key=cms1 669 6214 0 5546 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848379.332859 1518848379.3640606 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21EF8E11BE7F80334F4039849A0FEEE1091AF3F6.5E92745D2F3C5B4A8FC131DAC72F92F6EF3E2203&key=cms1 - CTU.339.1.Malicious 704 1518848379.567449 1518848379.5831892 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21EF8E11BE7F80334F4039849A0FEEE1091AF3F6.5E92745D2F3C5B4A8FC131DAC72F92F6EF3E2203&key=cms1 669 5313 0 4645 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848381.4284434 1518848381.4592876 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1482 0 665 264 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=252027651D01518F4301A76A0B157680F77DEF.4CA952F42510278C27EADA18D2155149511828D5&key=cms1 - CTU.339.1.Malicious 704 1518848381.6646295 1518848381.6795793 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=252027651D01518F4301A76A0B157680F77DEF.4CA952F42510278C27EADA18D2155149511828D5&key=cms1 667 3715 0 3047 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848383.5654573 1518848383.5968492 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=30D1F474144A2C71CDDB198F663333D423B1F15D.247F598A120C6E23245164100AA5E37305FE0D90&key=cms1 - CTU.339.1.Malicious 704 1518848383.8092248 1518848383.8249965 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=30D1F474144A2C71CDDB198F663333D423B1F15D.247F598A120C6E23245164100AA5E37305FE0D90&key=cms1 669 7387 0 6719 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848384.6336546 1518848384.6654413 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E6112E11956AA0B565BBFD9F5BF8EC5202FB092.5B67ACAAB1ABEDD20819E8A22476767168A57A4E&key=cms1 - CTU.339.1.Malicious 704 1518848384.8681347 1518848384.8846266 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E6112E11956AA0B565BBFD9F5BF8EC5202FB092.5B67ACAAB1ABEDD20819E8A22476767168A57A4E&key=cms1 669 6652 0 5984 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848386.7097058 1518848386.7420328 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1116E2CBC26AB1CDAE642B71CC2498AFA937264E.7F2D1D53D1736EE2C87C68B78811EA1D43B55DA9&key=cms1 - CTU.339.1.Malicious 704 1518848386.9455209 1518848386.960987 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1116E2CBC26AB1CDAE642B71CC2498AFA937264E.7F2D1D53D1736EE2C87C68B78811EA1D43B55DA9&key=cms1 669 5210 0 4542 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848388.8062053 1518848388.8364596 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4450BD547E412B33B669C8607B19278FA29E0951.4FBEC03F0C77164FA027EC45C36B6E804A80A8B6&key=cms1 - CTU.339.1.Malicious 704 1518848389.040063 1518848389.0554886 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4450BD547E412B33B669C8607B19278FA29E0951.4FBEC03F0C77164FA027EC45C36B6E804A80A8B6&key=cms1 669 4214 0 3546 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848390.925849 1518848390.9573905 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6AECD894735AF8675804771F8420D809C4986961.6D4A84AFF7A72D4065F347007A35F97B55EC9DBD&key=cms1 - CTU.339.1.Malicious 704 1518848391.1641498 1518848391.1801076 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6AECD894735AF8675804771F8420D809C4986961.6D4A84AFF7A72D4065F347007A35F97B55EC9DBD&key=cms1 689 8385 0 7717 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848391.9847887 1518848392.0174448 33 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=622789AA2FAB41EDA95F9F1821BDDB656AEF5268.4BDC2143B8A9C77C8E29B0B4B593807735096A68&key=cms1 - CTU.339.1.Malicious 704 1518848392.225263 1518848392.2431028 18 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=622789AA2FAB41EDA95F9F1821BDDB656AEF5268.4BDC2143B8A9C77C8E29B0B4B593807735096A68&key=cms1 670 7853 0 7184 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848394.0497887 1518848394.0808206 31 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=312CBA7FD296A9963D0938DA8B166903F48FA314.32352896060F1BFBABB63223BCC81F75F51B1C2B&key=cms1 - CTU.339.1.Malicious 704 1518848394.2843564 1518848394.2997344 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=312CBA7FD296A9963D0938DA8B166903F48FA314.32352896060F1BFBABB63223BCC81F75F51B1C2B&key=cms1 671 10521 0 9851 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848395.0966537 1518848395.1300583 33 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2BD7AB604B9747A8BB249DE26BCFDA46DDD6D1EB.6BAE88D357FBEA0347453C7A89E68A7005512C24&key=cms1 - CTU.339.1.Malicious 704 1518848395.3323538 1518848395.3492975 17 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2BD7AB604B9747A8BB249DE26BCFDA46DDD6D1EB.6BAE88D357FBEA0347453C7A89E68A7005512C24&key=cms1 671 9529 0 8859 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848396.1488404 1518848396.1812115 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=70F46EDB412EBFFAF5BB3861EBFD21C42B6183AE.6B58696E49F0AAA4BC94D4AB8805555F9495C22D&key=cms1 - CTU.339.1.Malicious 704 1518848396.3850977 1518848396.4012754 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=70F46EDB412EBFFAF5BB3861EBFD21C42B6183AE.6B58696E49F0AAA4BC94D4AB8805555F9495C22D&key=cms1 671 9184 0 8514 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848397.2034938 1518848397.2339725 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=559C08A20808D9041A84BC5FC020B3CFDD2BF08C.68C96973E980D9901A27164CF6AF96717DFF4DAF&key=cms1 - CTU.339.1.Malicious 704 1518848397.4314628 1518848397.4486716 17 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=559C08A20808D9041A84BC5FC020B3CFDD2BF08C.68C96973E980D9901A27164CF6AF96717DFF4DAF&key=cms1 671 8812 0 8142 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848398.260969 1518848398.292815 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=27D6414A74E4292E68BB37418D35BDEFDAEDC249.684AF125A90F9BD54A4641E7112708D110D98A5A&key=cms1 - CTU.339.1.Malicious 704 1518848398.495154 1518848398.510633 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=27D6414A74E4292E68BB37418D35BDEFDAEDC249.684AF125A90F9BD54A4641E7112708D110D98A5A&key=cms1 691 7724 0 7054 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848400.3267176 1518848400.3557172 29 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5E04D960BD092E878DA2776AB30ADAED8FD080C6.103EBD874D7F70F4AAB148859229CBBB20D2482F&key=cms1 - CTU.339.1.Malicious 704 1518848400.5594497 1518848400.5728397 13 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5E04D960BD092E878DA2776AB30ADAED8FD080C6.103EBD874D7F70F4AAB148859229CBBB20D2482F&key=cms1 691 14074 0 13403 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848401.9788997 1518848402.0088801 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=190434599006E6C11F9477C3E9876DCF4B6BFB15.73A1317C1D57D733E010158B880A598DA88F5CC4&key=cms1 - CTU.339.1.Malicious 704 1518848402.2185419 1518848402.2339838 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=190434599006E6C11F9477C3E9876DCF4B6BFB15.73A1317C1D57D733E010158B880A598DA88F5CC4&key=cms1 691 12238 0 11567 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848403.0203397 1518848403.052023 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B355080E58A5AA63D71143F5087B3D57BA8CAE7.4915149B768C60DC20EB78268B1FECA5F750C6FA&key=cms1 - CTU.339.1.Malicious 704 1518848403.253233 1518848403.2685895 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B355080E58A5AA63D71143F5087B3D57BA8CAE7.4915149B768C60DC20EB78268B1FECA5F750C6FA&key=cms1 671 12635 0 11964 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848404.4305844 1518848404.4605057 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3512EFA2203970EC1A82C08771A8C9B1597CC566.28DB8F2B30A4000D38B0AD42FAD78C6E2CB18605&key=cms1 - CTU.339.1.Malicious 704 1518848404.6606836 1518848404.6768882 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3512EFA2203970EC1A82C08771A8C9B1597CC566.28DB8F2B30A4000D38B0AD42FAD78C6E2CB18605&key=cms1 671 11042 0 10371 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848405.4763927 1518848405.5066824 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=24A09D5E6F408B33BF41BD537DDFD9FB1B8F834C.53BB4429CAE6468D46F16324D7A903555477D850&key=cms1 - CTU.339.1.Malicious 704 1518848405.7102222 1518848405.7308972 21 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=24A09D5E6F408B33BF41BD537DDFD9FB1B8F834C.53BB4429CAE6468D46F16324D7A903555477D850&key=cms1 691 10828 0 10157 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848406.5223002 1518848406.5524063 30 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E6A185AC5E6FAEBCE3E14809F5D72D8752FDF68.1337FDB7B9AF4789BC528E8CB218F4060A430E5F&key=cms1 - CTU.339.1.Malicious 704 1518848406.7552493 1518848406.771221 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E6A185AC5E6FAEBCE3E14809F5D72D8752FDF68.1337FDB7B9AF4789BC528E8CB218F4060A430E5F&key=cms1 671 10576 0 9906 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848407.5698175 1518848407.6027393 33 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=266D63D732B37805A89AB9FDC5BB5625541B174D.6B8A2E79B13598D74BD3D0865C4726BBC3F71F73&key=cms1 - CTU.339.1.Malicious 704 1518848407.8094268 1518848407.824856 15 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=266D63D732B37805A89AB9FDC5BB5625541B174D.6B8A2E79B13598D74BD3D0865C4726BBC3F71F73&key=cms1 671 9863 0 9193 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 703 1518848408.6196628 1518848408.6513157 32 192.168.1.119 - 50217 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862808&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=519808505D5D348414A9AF7986566313CCAE57BD.07D8B55008CECDC63CC98A0FD118BB717329977F&key=cms1 - CTU.339.1.Malicious 704 1518848408.853522 1518848408.8690755 16 192.168.1.119 - 50218 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKdPcdiYcPT3_4287/4287_all_crl-set-3396026098668711646.data.crx3?cms_redirect=yes&expire=1518862808&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518847493&mv=u&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=519808505D5D348414A9AF7986566313CCAE57BD.07D8B55008CECDC63CC98A0FD118BB717329977F&key=cms1 691 7866 0 7196 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 705 1518848413.5954316 1518848413.8347225 239 192.168.1.119 - 50219 172.217.23.195 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 706 1518851448.9230824 1518851448.9530694 30 192.168.1.119 - 50220 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.17%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 707 1518851816.294244 1518851816.3260803 32 192.168.1.119 - 50221 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 708 1518851817.3082209 1518851817.3372662 29 192.168.1.119 - 50222 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 709 1518851817.5272996 1518851817.5561073 29 192.168.1.119 - 50223 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 710 1518855417.3646135 1518855417.4045777 40 192.168.1.119 - 50224 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 711 1518855417.8776891 1518855417.9052818 28 192.168.1.119 - 50225 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 712 1518855418.0735645 1518855418.1102753 37 192.168.1.119 - 50226 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 713 1518859018.74816 1518859018.7851815 37 192.168.1.119 - 50229 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 713 1518859018.7882574 1518859018.8182628 30 192.168.1.119 - 50229 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 714 1518859019.9777942 1518859020.0301113 52 192.168.1.119 - 50227 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 715 1518862619.8901734 1518862619.9434533 53 192.168.1.119 - 50231 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 715 1518862619.9669342 1518862620.0011528 34 192.168.1.119 - 50231 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 716 1518862620.3214145 1518862620.354646 33 192.168.1.119 - 50232 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 717 1518863776.2920096 1518863776.32334 31 192.168.1.119 - 50237 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 718 1518866221.064566 1518866221.0988047 34 192.168.1.119 - 50238 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 718 1518866221.3141236 1518866221.3483422 34 192.168.1.119 - 50238 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 719 1518866222.2977667 1518866222.3302429 32 192.168.1.119 - 50240 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 720 1518866356.127882 1518866356.1838872 56 192.168.1.119 - 50241 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:2446396094&cup2hreq=a02c348565a84440198c2f5192e68877d9f08d48d209f7567c737b54de4d0c3a 1414 2484 986 1319 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 721 1518866357.1953888 1518866357.2268906 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866237&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B7CF0C989F7BA6278A8C8C6F1EF4C3B64E16B28.2B743D80BF1DAFE7578937BB75A2134F4880EC0A&key=cms1 - CTU.339.1.Malicious 722 1518866357.4008615 1518866357.4186604 18 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866237&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B7CF0C989F7BA6278A8C8C6F1EF4C3B64E16B28.2B743D80BF1DAFE7578937BB75A2134F4880EC0A&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 721 1518866357.6787043 1518866357.7084117 30 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1BF1D3DFC00ADA24DAD94449496E2CCDB771C5B4.2221A8AB39ED6BD5B73CE534C7A66DA830F68FA7&key=cms1 - CTU.339.1.Malicious 722 1518866357.9116473 1518866357.9271472 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1BF1D3DFC00ADA24DAD94449496E2CCDB771C5B4.2221A8AB39ED6BD5B73CE534C7A66DA830F68FA7&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866360.9456391 1518866360.9775412 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=34C9928AD2B3358B9182E7F0419BEDEF2C3A362C.6D78F67CAC8A63B9DCCBE3D183D4EEBD1E617682&key=cms1 - CTU.339.1.Malicious 722 1518866361.1877134 1518866361.202594 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=34C9928AD2B3358B9182E7F0419BEDEF2C3A362C.6D78F67CAC8A63B9DCCBE3D183D4EEBD1E617682&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866362.1060274 1518866362.1372008 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7B179F0FC36567772226B93AE3D82602F4F381F8.3DF6BBEA57DF16CC6A7F54BB0A5CBB56B0D82119&key=cms1 - CTU.339.1.Malicious 722 1518866362.3415961 1518866362.3571045 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7B179F0FC36567772226B93AE3D82602F4F381F8.3DF6BBEA57DF16CC6A7F54BB0A5CBB56B0D82119&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866363.187456 1518866363.2190752 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1475EA221C41B40478E45CE9FDF0990E4F5216B6.0FA6073522F8652110FD9FB2FD960E504166480A&key=cms1 - CTU.339.1.Malicious 722 1518866363.422129 1518866363.4371767 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1475EA221C41B40478E45CE9FDF0990E4F5216B6.0FA6073522F8652110FD9FB2FD960E504166480A&key=cms1 669 5969 0 5301 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866365.27642 1518866365.3048766 28 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42F95303451331F5436653A5CEB812CCCD9F3E79.63521E37EBD3E9DA57B0CD36DA5B66880C59EAB6&key=cms1 - CTU.339.1.Malicious 722 1518866365.5077336 1518866365.5227494 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42F95303451331F5436653A5CEB812CCCD9F3E79.63521E37EBD3E9DA57B0CD36DA5B66880C59EAB6&key=cms1 669 5105 0 4437 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866367.3808868 1518866367.4144416 34 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6731E1C64824A3DC5463614AEC0DD95B09F1FE74.2B89BA1BC973B1F5D741E8A23F4467C04BDE7B04&key=cms1 - CTU.339.1.Malicious 722 1518866367.6175597 1518866367.6326923 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6731E1C64824A3DC5463614AEC0DD95B09F1FE74.2B89BA1BC973B1F5D741E8A23F4467C04BDE7B04&key=cms1 669 6216 0 5548 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866369.4616048 1518866369.4938269 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A20002409819878F42396623FC37D67D11830E5.6420D36F2FF6AE0DC8875D03CE7B88CDF6DAA1D7&key=cms1 - CTU.339.1.Malicious 722 1518866369.6961882 1518866369.7134159 17 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A20002409819878F42396623FC37D67D11830E5.6420D36F2FF6AE0DC8875D03CE7B88CDF6DAA1D7&key=cms1 669 5345 0 4677 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866371.5674894 1518866371.5974853 30 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41D8240D2CF603D042D46BDA940478ACAB7942DD.442FC8B12797E8DD8E2513E49B168C7665663861&key=cms1 - CTU.339.1.Malicious 722 1518866371.8013303 1518866371.8163917 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41D8240D2CF603D042D46BDA940478ACAB7942DD.442FC8B12797E8DD8E2513E49B168C7665663861&key=cms1 669 6922 0 6254 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866372.6299438 1518866372.6622643 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=361E7D93FFDF11F467650370693E45CC0A3826A6.4ED321692236302DA2D06212115664C378ACC4AE&key=cms1 - CTU.339.1.Malicious 722 1518866372.8669968 1518866372.8822742 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=361E7D93FFDF11F467650370693E45CC0A3826A6.4ED321692236302DA2D06212115664C378ACC4AE&key=cms1 669 6118 0 5450 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866374.7126138 1518866374.7465096 34 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=629C2050D5BE2813FC60C4302D59009E98BF6D2E.7BBE3CE1EE374F5232E9427E8A0408DF96DD1827&key=cms1 - CTU.339.1.Malicious 722 1518866374.949776 1518866374.9653745 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=629C2050D5BE2813FC60C4302D59009E98BF6D2E.7BBE3CE1EE374F5232E9427E8A0408DF96DD1827&key=cms1 669 5289 0 4621 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866376.809617 1518866376.839685 30 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=460D7FCDFF951977517153ACCB2006D3366F111A.2E282F2D516875F69B276A881B00555B8072F068&key=cms1 - CTU.339.1.Malicious 722 1518866377.0433187 1518866377.0587893 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=460D7FCDFF951977517153ACCB2006D3366F111A.2E282F2D516875F69B276A881B00555B8072F068&key=cms1 669 4313 0 3645 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866377.9268756 1518866377.958439 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=54A602518924C3807B229FCFA1B8676CBE5629B7.0AA8F80D8D44DA6F7FEF61D8CF40DAD950E4BDBD&key=cms1 - CTU.339.1.Malicious 722 1518866378.1663318 1518866378.1816194 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=54A602518924C3807B229FCFA1B8676CBE5629B7.0AA8F80D8D44DA6F7FEF61D8CF40DAD950E4BDBD&key=cms1 669 8582 0 7914 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866378.984922 1518866379.0178246 33 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A7351DA9082996BAE89F9C4A17ACE9E44080FF4.01F0BFD28ED9E5084E473089F2B4CB79181935CC&key=cms1 - CTU.339.1.Malicious 722 1518866379.223443 1518866379.2404795 17 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A7351DA9082996BAE89F9C4A17ACE9E44080FF4.01F0BFD28ED9E5084E473089F2B4CB79181935CC&key=cms1 669 8052 0 7384 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866381.0475533 1518866381.0781133 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5EEACD4D8588B1A68D33983D59D982097F9035E7.527B58CA8FD0F53E6BA7A4815E5C4FBDFF8E707E&key=cms1 - CTU.339.1.Malicious 722 1518866381.2809103 1518866381.2983687 17 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5EEACD4D8588B1A68D33983D59D982097F9035E7.527B58CA8FD0F53E6BA7A4815E5C4FBDFF8E707E&key=cms1 669 11091 0 10422 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866382.093164 1518866382.1236947 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7422E86B9B7ACB9D9C47B69A6DD6128AED79970C.828BD05C44202A69AF36189656918C5BC7FE909A&key=cms1 - CTU.339.1.Malicious 722 1518866382.3277178 1518866382.342739 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7422E86B9B7ACB9D9C47B69A6DD6128AED79970C.828BD05C44202A69AF36189656918C5BC7FE909A&key=cms1 669 10954 0 10285 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866383.1385262 1518866383.1697834 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=117750999BB30B17590A294D3C6524252B6FC309.411AED7C3D5A296C41578708248B92047C0A22F1&key=cms1 - CTU.339.1.Malicious 722 1518866383.371147 1518866383.3870664 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=117750999BB30B17590A294D3C6524252B6FC309.411AED7C3D5A296C41578708248B92047C0A22F1&key=cms1 669 10151 0 9483 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866385.1880858 1518866385.218566 30 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=529723D27D81CD5874B5795E9D27CBC3A939E4FE.43AC98B7321A432F9AE9E801C8DEA8216E81355E&key=cms1 - CTU.339.1.Malicious 722 1518866385.4213064 1518866385.4387658 17 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=529723D27D81CD5874B5795E9D27CBC3A939E4FE.43AC98B7321A432F9AE9E801C8DEA8216E81355E&key=cms1 670 11137 0 10467 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866386.2330973 1518866386.265376 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=64AC848A12F5876AA7D73FCB4E53AD556CCADA53.203F43F7AB43E0A685A7326E4F56A8E501D86165&key=cms1 - CTU.339.1.Malicious 722 1518866386.464917 1518866386.4811099 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=64AC848A12F5876AA7D73FCB4E53AD556CCADA53.203F43F7AB43E0A685A7326E4F56A8E501D86165&key=cms1 671 10425 0 9755 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866387.281906 1518866387.312671 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866366&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=23F47B4644295FE2E8642C2E5251167CDC8A0E73.811D428873F0244295B3C90388B286837C6C567A&key=cms1 - CTU.339.1.Malicious 722 1518866387.5184448 1518866387.5366876 18 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866366&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=23F47B4644295FE2E8642C2E5251167CDC8A0E73.811D428873F0244295B3C90388B286837C6C567A&key=cms1 671 10155 0 9485 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866388.332044 1518866388.3631845 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0C0FB68EE01A2C8FEE296DD296206F8E7FB982D2.3FCE049ECF145228C52CF7AD0391D4B16631A27B&key=cms1 - CTU.339.1.Malicious 722 1518866388.5612934 1518866388.5751143 14 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0C0FB68EE01A2C8FEE296DD296206F8E7FB982D2.3FCE049ECF145228C52CF7AD0391D4B16631A27B&key=cms1 671 9321 0 8651 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866389.3849611 1518866389.4188657 34 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63A2822C3DDE431F1DB29EE4C8B260FE61E1C272.4347C786CACB40841F16A17A92D3B65E45C017B3&key=cms1 - CTU.339.1.Malicious 722 1518866389.6250472 1518866389.6405332 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63A2822C3DDE431F1DB29EE4C8B260FE61E1C272.4347C786CACB40841F16A17A92D3B65E45C017B3&key=cms1 671 9140 0 8470 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866391.4395952 1518866391.472253 33 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E0FFA09F22082B07C18047F323ED54385FBE5DA.75EB02ED3A5FAC8EF6BE9E2828F7CC0F7050469C&key=cms1 - CTU.339.1.Malicious 722 1518866391.6706324 1518866391.686393 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E0FFA09F22082B07C18047F323ED54385FBE5DA.75EB02ED3A5FAC8EF6BE9E2828F7CC0F7050469C&key=cms1 671 14626 0 13955 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866393.5681489 1518866393.5990453 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59BC60F137577907AE38CA54808C68BE49FFA3B4.686EED9ADF5AED5DA2632323DFF1851883839718&key=cms1 - CTU.339.1.Malicious 722 1518866393.8030438 1518866393.820376 17 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59BC60F137577907AE38CA54808C68BE49FFA3B4.686EED9ADF5AED5DA2632323DFF1851883839718&key=cms1 671 12611 0 11940 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866394.607152 1518866394.638996 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B6860499EC65B3809493849F99EA47C603F4D6E.5FA70F7454FCB17EF8EE23C769A48AADD3F003F9&key=cms1 - CTU.339.1.Malicious 722 1518866394.8483102 1518866394.8641615 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B6860499EC65B3809493849F99EA47C603F4D6E.5FA70F7454FCB17EF8EE23C769A48AADD3F003F9&key=cms1 671 12050 0 11379 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866395.648586 1518866395.6805441 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B8353FFB3708142C7BD086B24CA18972CAA617D.57254EDFD41A0570BAFA2712E1B3C36D1D960281&key=cms1 - CTU.339.1.Malicious 722 1518866395.884403 1518866395.9000301 16 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B8353FFB3708142C7BD086B24CA18972CAA617D.57254EDFD41A0570BAFA2712E1B3C36D1D960281&key=cms1 671 11500 0 10829 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866396.6924849 1518866396.7239337 31 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C09C86EA2857227EE1E1D94E305AB0C64FA18C4.2F91D7C08E36E625BDD71DD461AC72E209FE5ACF&key=cms1 - CTU.339.1.Malicious 722 1518866396.9269128 1518866396.9423637 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5C09C86EA2857227EE1E1D94E305AB0C64FA18C4.2F91D7C08E36E625BDD71DD461AC72E209FE5ACF&key=cms1 671 11732 0 11061 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866397.734967 1518866397.7673123 32 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=09E3B5342D3CF9CC8AB618B9647DB7C8B9096AEF.6417ADAC08ADFDE1822238EAE499104A96C30E41&key=cms1 - CTU.339.1.Malicious 722 1518866397.973173 1518866397.9879575 15 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=09E3B5342D3CF9CC8AB618B9647DB7C8B9096AEF.6417ADAC08ADFDE1822238EAE499104A96C30E41&key=cms1 671 11906 0 11235 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 721 1518866399.7783096 1518866399.8133101 35 192.168.1.119 - 50242 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B944CB3A195297063FB1EAA6136A0CD816CBB35.3DF2B55EC23C73D6692D4F2AB6370A5F510A5367&key=cms1 - CTU.339.1.Malicious 722 1518866400.0168064 1518866400.0268753 10 192.168.1.119 - 50243 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/HavOMqxlnbw_4288/4288_all_crl-set-11133331317998143426.data.crx3?cms_redirect=yes&expire=1518880799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518866297&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B944CB3A195297063FB1EAA6136A0CD816CBB35.3DF2B55EC23C73D6692D4F2AB6370A5F510A5367&key=cms1 671 16190 0 15519 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 723 1518866405.3858962 1518866405.4649017 79 192.168.1.119 - 50244 172.217.23.195 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 724 1518868404.3172824 1518868404.3483412 31 192.168.1.119 - 50245 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.17%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 725 1518869674.7381024 1518869674.889502 151 192.168.1.119 - 50246 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 726 1518869822.2219632 1518869822.2558818 34 192.168.1.119 - 50247 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 726 1518869822.2972512 1518869822.333363 36 192.168.1.119 - 50247 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 727 1518869822.7741468 1518869822.8054276 31 192.168.1.119 - 50249 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 728 1518873423.4136403 1518873423.4456446 32 192.168.1.119 - 50250 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 728 1518873423.6455204 1518873423.684691 39 192.168.1.119 - 50250 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 729 1518873424.6702187 1518873424.7059908 36 192.168.1.119 - 50252 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 730 1518877024.7464745 1518877024.7768776 30 192.168.1.119 - 50254 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 731 1518877024.9455807 1518877025.1971095 252 192.168.1.119 - 50253 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 732 1518877025.4151864 1518877025.4613392 46 192.168.1.119 - 50255 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 733 1518880626.037581 1518880626.077266 40 192.168.1.119 - 50258 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 734 1518880627.0345447 1518880627.065123 31 192.168.1.119 - 50256 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 735 1518880627.251487 1518880627.2842972 33 192.168.1.119 - 50257 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 736 1518884227.0468352 1518884227.0803213 33 192.168.1.119 - 50259 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 737 1518884227.3538113 1518884227.3896978 36 192.168.1.119 - 50260 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 737 1518884227.7076378 1518884227.738689 31 192.168.1.119 - 50260 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 738 1518885404.6212873 1518885404.6579978 37 192.168.1.119 - 50265 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 739 1518887086.1026495 1518887086.1349783 32 192.168.1.119 - 50266 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.17%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 740 1518887828.1393495 1518887828.174746 35 192.168.1.119 - 50269 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 740 1518887828.185433 1518887828.2262578 41 192.168.1.119 - 50269 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 741 1518887829.3730297 1518887829.4047315 32 192.168.1.119 - 50267 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 742 1518891429.0575 1518891429.0873768 30 192.168.1.119 - 50270 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 743 1518891429.1976566 1518891429.2312212 34 192.168.1.119 - 50271 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 744 1518891429.694185 1518891429.731809 38 192.168.1.119 - 50272 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 745 1518895030.3409944 1518895030.3725557 32 192.168.1.119 - 50274 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 745 1518895030.5723321 1518895030.6094263 37 192.168.1.119 - 50274 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 746 1518895031.5797431 1518895031.6152325 35 192.168.1.119 - 50275 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 747 1518898476.280105 1518898476.4578283 178 192.168.1.119 - 50276 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 748 1518898631.1479044 1518898631.1845546 37 192.168.1.119 - 50277 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 748 1518898631.5992076 1518898631.631588 32 192.168.1.119 - 50277 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 749 1518898631.9026787 1518898631.9340942 31 192.168.1.119 - 50279 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 750 1518902234.2591903 1518902234.292043 33 192.168.1.119 - 50282 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 750 1518902234.2960649 1518902234.333328 37 192.168.1.119 - 50282 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 751 1518902234.4377053 1518902234.470066 32 192.168.1.119 - 50280 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 752 1518905427.836574 1518905427.8679256 31 192.168.1.119 - 50283 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.17%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 753 1518905835.346863 1518905835.377954 31 192.168.1.119 - 50286 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 753 1518905835.3881729 1518905835.418353 30 192.168.1.119 - 50286 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 754 1518905836.5385478 1518905836.7897165 251 192.168.1.119 - 50285 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 755 1518907030.8771405 1518907030.9116712 35 192.168.1.119 - 50291 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 756 1518909436.4813852 1518909436.5127752 31 192.168.1.119 - 50292 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 757 1518909436.7014186 1518909436.728907 27 192.168.1.119 - 50293 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 758 1518909436.8825328 1518909436.9145687 32 192.168.1.119 - 50294 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 759 1518913037.6691217 1518913037.6992977 30 192.168.1.119 - 50295 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 759 1518913037.70776 1518913037.7411902 33 192.168.1.119 - 50295 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 760 1518913038.924463 1518913038.9566865 32 192.168.1.119 - 50296 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 761 1518916638.6539714 1518916638.6854126 31 192.168.1.119 - 50298 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 761 1518916638.8995483 1518916638.9319031 32 192.168.1.119 - 50298 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 762 1518916639.2561264 1518916639.2883794 32 192.168.1.119 - 50300 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 763 1518920240.043127 1518920240.0798173 37 192.168.1.119 - 50302 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 763 1518920240.0892756 1518920240.1167226 27 192.168.1.119 - 50302 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 764 1518920241.2481377 1518920241.2844148 36 192.168.1.119 - 50303 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 765 1518920356.1240618 1518920356.2187977 95 192.168.1.119 - 50304 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:3046369448&cup2hreq=b0275a6308942d8bcaceb07dc95089e6660c407043d04624768256ed001b4f5c 1414 2490 986 1325 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 766 1518920358.1205866 1518920358.1526778 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 283 820 0 0 170 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2313DE094DF2C793D934BA0BFF0150FD02CE7323.0A238AC296E85CD5161B76DF60E6F2983CD9BA5B&key=cms1 - CTU.339.1.Malicious 767 1518920358.3683095 1518920358.3854969 17 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2313DE094DF2C793D934BA0BFF0150FD02CE7323.0A238AC296E85CD5161B76DF60E6F2983CD9BA5B&key=cms1 577 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 766 1518920360.212824 1518920360.2447093 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 371 1488 0 668 259 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F184AB75AC3A4569791846AEEBBDD4B3C7B2F1B.65C034E843C39661284CB387C258F0A88BCD2673&key=cms1 - CTU.339.1.Malicious 767 1518920360.446963 1518920360.4627979 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F184AB75AC3A4569791846AEEBBDD4B3C7B2F1B.65C034E843C39661284CB387C258F0A88BCD2673&key=cms1 665 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920363.4412293 1518920363.4724603 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 374 1488 0 668 262 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5B24AADC21B19A9699338AEB2E200259CC38BA8A.41BB2F7FC48A3C44DD72E6C4E734423A260E6BCA&key=cms1 - CTU.339.1.Malicious 767 1518920363.6776829 1518920363.693285 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5B24AADC21B19A9699338AEB2E200259CC38BA8A.41BB2F7FC48A3C44DD72E6C4E734423A260E6BCA&key=cms1 668 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920365.6043208 1518920365.6312635 27 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 375 1488 0 668 263 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=25E9977BD46D4DFB0FA232ADD92F30C9169D8302.3D70C850DC570A6C9B044726C69D44F896802A0C&key=cms1 - CTU.339.1.Malicious 767 1518920365.8514047 1518920365.8691936 18 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=25E9977BD46D4DFB0FA232ADD92F30C9169D8302.3D70C850DC570A6C9B044726C69D44F896802A0C&key=cms1 669 6442 0 5775 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920367.6888835 1518920367.7200508 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=846BD56C7138765040FCA2ED4AA532A7392673DB.12C785610EA18EBE2D98F83D75163B6B0F581E6B&key=cms1 - CTU.339.1.Malicious 767 1518920367.9231882 1518920367.939228 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=846BD56C7138765040FCA2ED4AA532A7392673DB.12C785610EA18EBE2D98F83D75163B6B0F581E6B&key=cms1 670 5344 0 4676 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920369.7793443 1518920369.81228 33 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=093DE2FD267DC31681024B8C89DCF845A2456262.515AB3D5AC1AA17B62E04EE358BB4E32AC5F2D45&key=cms1 - CTU.339.1.Malicious 767 1518920370.0160239 1518920370.0315633 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=093DE2FD267DC31681024B8C89DCF845A2456262.515AB3D5AC1AA17B62E04EE358BB4E32AC5F2D45&key=cms1 670 3780 0 3112 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920370.9143882 1518920370.9450164 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=305166F4D5F5597F5D59359F0F0943E8F36E6BF0.635279D80C5A5C0A66631C02AB18216A144992AD&key=cms1 - CTU.339.1.Malicious 767 1518920371.1465607 1518920371.1619442 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=305166F4D5F5597F5D59359F0F0943E8F36E6BF0.635279D80C5A5C0A66631C02AB18216A144992AD&key=cms1 670 7517 0 6849 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920371.9813144 1518920372.0139148 33 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=25324C3AFCBD4A5045D6D3905A22AF0BB5559BFF.69FFECF340682EC84C218BD163C45B9190439C7E&key=cms1 - CTU.339.1.Malicious 767 1518920372.2200568 1518920372.2355163 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=25324C3AFCBD4A5045D6D3905A22AF0BB5559BFF.69FFECF340682EC84C218BD163C45B9190439C7E&key=cms1 670 7607 0 6939 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920374.048289 1518920374.0801322 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B614B055E1C7F079EE436A44EC9330B2DC11206.3173DEE0CA4517F9E9DEBF196ACC3DDFFE32ECF4&key=cms1 - CTU.339.1.Malicious 767 1518920374.284489 1518920374.2998898 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B614B055E1C7F079EE436A44EC9330B2DC11206.3173DEE0CA4517F9E9DEBF196ACC3DDFFE32ECF4&key=cms1 670 6574 0 5906 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920375.1243715 1518920375.155179 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3ADCBF838DFA3E9492870260304D4116B5F73767.3689CB1F97ACB8B6CB6702FC3225FA369759D11C&key=cms1 - CTU.339.1.Malicious 767 1518920375.3509493 1518920375.367108 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3ADCBF838DFA3E9492870260304D4116B5F73767.3689CB1F97ACB8B6CB6702FC3225FA369759D11C&key=cms1 670 5768 0 5100 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920377.2123363 1518920377.2436504 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2BC074F55054DEC964C38F42698DC43972A8FCB1.303E66C709D744DBED0E9B6C3F2A8291D8C7E921&key=cms1 - CTU.339.1.Malicious 767 1518920377.4466329 1518920377.4643013 18 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2BC074F55054DEC964C38F42698DC43972A8FCB1.303E66C709D744DBED0E9B6C3F2A8291D8C7E921&key=cms1 670 4325 0 3657 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920378.329666 1518920378.3600163 30 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7FB8C185D6BCF40E646C8106A64EFE32E5CBBB34.3E753EF25A7387441E672BA621644D5EB5B8F4DE&key=cms1 - CTU.339.1.Malicious 767 1518920378.563191 1518920378.5788746 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7FB8C185D6BCF40E646C8106A64EFE32E5CBBB34.3E753EF25A7387441E672BA621644D5EB5B8F4DE&key=cms1 670 8607 0 7939 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920379.3891332 1518920379.4182193 29 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0125471FBC2D4E6625112C159846BBA406F15388.20606EF109FA5D8C259DF50A2A56FEFEBE466F64&key=cms1 - CTU.339.1.Malicious 767 1518920379.628749 1518920379.6441104 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0125471FBC2D4E6625112C159846BBA406F15388.20606EF109FA5D8C259DF50A2A56FEFEBE466F64&key=cms1 670 8025 0 7357 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920381.4516318 1518920381.4839962 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=24A0A3443354136BB67E34587DE8F8FCBFD648B4.4016827972145129A2D1585D581D9E471D4DBA57&key=cms1 - CTU.339.1.Malicious 767 1518920381.6879933 1518920381.7050815 17 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=24A0A3443354136BB67E34587DE8F8FCBFD648B4.4016827972145129A2D1585D581D9E471D4DBA57&key=cms1 670 14075 0 13406 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920384.1298444 1518920384.161613 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2933EC749D291AA22A22CFCE3904988508B97434.4DDD14D721EBAC3A27FE9D06F3531C43D471C9CD&key=cms1 - CTU.339.1.Malicious 767 1518920384.3693893 1518920384.380325 11 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2933EC749D291AA22A22CFCE3904988508B97434.4DDD14D721EBAC3A27FE9D06F3531C43D471C9CD&key=cms1 670 11859 0 11190 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920385.6786373 1518920385.710814 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41206BCEC6050BF5F1FFEF981717171171BD0500.086EDA202E866374C92B43A80EEB5B2DBFD83245&key=cms1 - CTU.339.1.Malicious 767 1518920385.9126992 1518920385.9282649 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=41206BCEC6050BF5F1FFEF981717171171BD0500.086EDA202E866374C92B43A80EEB5B2DBFD83245&key=cms1 670 10424 0 9756 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920386.7262347 1518920386.757957 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 377 1488 0 668 265 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2FCE8AEAB146CD2E56A9EB54D70DF28B344390AF.26F5F80AFDC34A22E771DF0F02F057DA1B1E8BDB&key=cms1 - CTU.339.1.Malicious 767 1518920386.968777 1518920386.9851906 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2FCE8AEAB146CD2E56A9EB54D70DF28B344390AF.26F5F80AFDC34A22E771DF0F02F057DA1B1E8BDB&key=cms1 671 10016 0 9347 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920387.7768521 1518920387.8072603 30 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7D6169E4A63C15A6B3335A0BD508842E8F9E79B8.7A7C54ED488407DC732D18620A18FB7EA26FAA30&key=cms1 - CTU.339.1.Malicious 767 1518920388.0132189 1518920388.0303469 17 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7D6169E4A63C15A6B3335A0BD508842E8F9E79B8.7A7C54ED488407DC732D18620A18FB7EA26FAA30&key=cms1 672 9691 0 9021 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920388.8276496 1518920388.8616884 34 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E45F34BF4F9E1D15BC8F438E20B6458C07C2ECC.12F803B067E08E3A38C61186EF6D5106B640B7BA&key=cms1 - CTU.339.1.Malicious 767 1518920389.0675836 1518920389.0829005 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E45F34BF4F9E1D15BC8F438E20B6458C07C2ECC.12F803B067E08E3A38C61186EF6D5106B640B7BA&key=cms1 672 9571 0 8901 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920389.880611 1518920389.911845 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=DE9A1BDD44CCFBE844AD887241B59B9568B66D.34184C9A58DF47E00DB378139025A8D62BC22E57&key=cms1 - CTU.339.1.Malicious 767 1518920390.1134846 1518920390.129325 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=DE9A1BDD44CCFBE844AD887241B59B9568B66D.34184C9A58DF47E00DB378139025A8D62BC22E57&key=cms1 670 8560 0 7890 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920390.9384856 1518920390.9711268 33 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=08AC9D1A7D933CA6C4A7350B3D6F2046F25AE5FE.58C2717AD87208A18B6A1C6B814F93435E84D232&key=cms1 - CTU.339.1.Malicious 767 1518920391.1776378 1518920391.1934426 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=08AC9D1A7D933CA6C4A7350B3D6F2046F25AE5FE.58C2717AD87208A18B6A1C6B814F93435E84D232&key=cms1 672 9075 0 8405 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920391.9947133 1518920392.0268402 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=057018BEA4DAE474CEA53E073DD2F1F514D9E862.75C7A66848A92D2BA6D53F014FA4210413674315&key=cms1 - CTU.339.1.Malicious 767 1518920392.2209969 1518920392.2376857 17 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=057018BEA4DAE474CEA53E073DD2F1F514D9E862.75C7A66848A92D2BA6D53F014FA4210413674315&key=cms1 672 8782 0 8112 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920393.0515125 1518920393.0819695 30 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=51EF83DC67EB5737BD9365F91598192E35C34D98.6168943C171A2DCF6DED2A63644D9EB3E87CE567&key=cms1 - CTU.339.1.Malicious 767 1518920393.2845843 1518920393.3008845 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=51EF83DC67EB5737BD9365F91598192E35C34D98.6168943C171A2DCF6DED2A63644D9EB3E87CE567&key=cms1 672 9346 0 8676 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920394.1050391 1518920394.1350749 30 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2292413025188F2A9A56DD0E616C1E769AB1FDF7.184F93FE2E8490CFBB3ECDBA180676A4AE6046B1&key=cms1 - CTU.339.1.Malicious 767 1518920394.3363101 1518920394.3539171 18 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2292413025188F2A9A56DD0E616C1E769AB1FDF7.184F93FE2E8490CFBB3ECDBA180676A4AE6046B1&key=cms1 672 9102 0 8432 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920395.160304 1518920395.1919062 32 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03BBAF6DFC50A1E95FCB5B302E78860CF5984A13.401F45FC0B31664C2730D7AC206BFDC43B573D41&key=cms1 - CTU.339.1.Malicious 767 1518920395.3986712 1518920395.4136615 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03BBAF6DFC50A1E95FCB5B302E78860CF5984A13.401F45FC0B31664C2730D7AC206BFDC43B573D41&key=cms1 672 8946 0 8276 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920396.2165816 1518920396.2495208 33 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2C6B39CB6F90E3E117813E3BA975D7443A4AD6F2.01DCD6B49D068A2E2D34D5516A33F012A178D230&key=cms1 - CTU.339.1.Malicious 767 1518920396.4550748 1518920396.470175 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2C6B39CB6F90E3E117813E3BA975D7443A4AD6F2.01DCD6B49D068A2E2D34D5516A33F012A178D230&key=cms1 672 9843 0 9173 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920398.2683246 1518920398.3026128 34 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=263213FD14D400E9CD0A817F114DF5FF5A9EE570.3F16E0E565A3DDB17077C29530C92C1D977ADE7A&key=cms1 - CTU.339.1.Malicious 767 1518920398.505705 1518920398.5202928 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=263213FD14D400E9CD0A817F114DF5FF5A9EE570.3F16E0E565A3DDB17077C29530C92C1D977ADE7A&key=cms1 672 10705 0 10034 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920399.3157227 1518920399.346475 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E9562904311ED43DB926A02AB1B447F5534A286.5E1C5F980B77D3FC177F4AC012237630CB4F5F55&key=cms1 - CTU.339.1.Malicious 767 1518920399.5553372 1518920399.5725677 17 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E9562904311ED43DB926A02AB1B447F5534A286.5E1C5F980B77D3FC177F4AC012237630CB4F5F55&key=cms1 672 10685 0 10014 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920400.3629093 1518920400.393794 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=481701A75070FC21B1FDD56E6A01D2645D691989.1E5CFA2F59E455F1784C09D0C5483E10B9AB2700&key=cms1 - CTU.339.1.Malicious 767 1518920400.597603 1518920400.613054 15 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=481701A75070FC21B1FDD56E6A01D2645D691989.1E5CFA2F59E455F1784C09D0C5483E10B9AB2700&key=cms1 672 10657 0 9987 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920402.5279617 1518920402.5587413 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=27763D8EB03FBCAD258CD361ED1C4F3470BFF6C9.10B622460AB07EEC4AC599041022626548576AD3&key=cms1 - CTU.339.1.Malicious 767 1518920402.7624607 1518920402.778793 16 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=27763D8EB03FBCAD258CD361ED1C4F3470BFF6C9.10B622460AB07EEC4AC599041022626548576AD3&key=cms1 672 11831 0 11160 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 766 1518920403.5701053 1518920403.6015408 31 192.168.1.119 - 50305 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=250B96259401C8C083DEB1147DC804C6AFCD8B0D.0CFD0DD19B9C251A86D4791C7FDEC47B1B8EF3C6&key=cms1 - CTU.339.1.Malicious 767 1518920403.8005273 1518920403.8173196 17 192.168.1.119 - 50306 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/APclMrNM7Sc4_4289/4289_all_crl-set-12890765309016819518.data.crx3?cms_redirect=yes&expire=1518934803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518920234&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=250B96259401C8C083DEB1147DC804C6AFCD8B0D.0CFD0DD19B9C251A86D4791C7FDEC47B1B8EF3C6&key=cms1 672 8270 0 7600 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 768 1518920405.3515756 1518920405.4296775 78 192.168.1.119 - 50307 172.217.23.195 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 769 1518923840.2117443 1518923840.2405145 29 192.168.1.119 - 50308 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 769 1518923840.5272074 1518923840.5566688 29 192.168.1.119 - 50308 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 770 1518923841.5797353 1518923841.611656 32 192.168.1.119 - 50309 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 771 1518925180.2951577 1518925180.3266745 32 192.168.1.119 - 50310 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.17%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 771 1518925184.5512416 1518925184.5895073 38 192.168.1.119 - 50310 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 772 1518927208.769581 1518927208.802116 33 192.168.1.119 - 50312 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 773 1518927208.769961 1518927208.8065758 37 192.168.1.119 - 50311 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6432 0 6137 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 774 1518927208.7789981 1518927208.8113396 32 192.168.1.119 - 50313 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6958 0 6677 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 775 1518927277.8388445 1518927277.9158335 77 192.168.1.119 - 50314 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 776 1518927441.6287456 1518927441.658773 30 192.168.1.119 - 50316 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 777 1518927441.858406 1518927441.8874106 29 192.168.1.119 - 50315 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 778 1518927443.011716 1518927443.0465028 35 192.168.1.119 - 50317 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 779 1518928662.1973393 1518928662.2288787 32 192.168.1.119 - 50322 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 780 1518931042.9956937 1518931043.0255563 30 192.168.1.119 - 50323 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 780 1518931043.0353322 1518931043.0646229 29 192.168.1.119 - 50323 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 781 1518931043.3455663 1518931043.3780706 33 192.168.1.119 - 50325 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 782 1518934643.7625606 1518934643.7961051 34 192.168.1.119 - 50328 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 783 1518934644.6994035 1518934644.7310586 32 192.168.1.119 - 50327 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 784 1518934644.9200766 1518934644.9508057 31 192.168.1.119 - 50326 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 785 1518938244.5759966 1518938244.6116955 36 192.168.1.119 - 50329 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 786 1518938245.0434542 1518938245.0745037 31 192.168.1.119 - 50330 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 786 1518938245.1720514 1518938245.2200046 48 192.168.1.119 - 50330 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 787 1518941845.6415746 1518941845.6735675 32 192.168.1.119 - 50331 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 788 1518941846.8170137 1518941846.8749828 58 192.168.1.119 - 50333 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 788 1518941846.8787203 1518941846.9055378 27 192.168.1.119 - 50333 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 789 1518942578.6384354 1518942578.6674576 29 192.168.1.119 - 50334 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.18%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 790 1518945449.5563555 1518945449.601841 45 192.168.1.119 - 50336 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 791 1518945449.554609 1518945449.6137433 59 192.168.1.119 - 50337 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 792 1518945449.5583448 1518945449.6144404 56 192.168.1.119 - 50335 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 793 1518949050.9615564 1518949050.9973044 36 192.168.1.119 - 50339 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 793 1518949051.0077765 1518949051.0358057 28 192.168.1.119 - 50339 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 794 1518949051.802419 1518949051.8343546 32 192.168.1.119 - 50340 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 795 1518950292.3698106 1518950292.4191794 49 192.168.1.119 - 50345 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 796 1518952651.7278852 1518952651.7605822 33 192.168.1.119 - 50346 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 796 1518952651.973677 1518952652.0096352 36 192.168.1.119 - 50346 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 797 1518952652.1342769 1518952652.1655777 31 192.168.1.119 - 50348 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 798 1518956079.2907221 1518956079.6775851 387 192.168.1.119 - 50349 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 799 1518956252.5515697 1518956252.7999716 248 192.168.1.119 - 50350 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 799 1518956252.803949 1518956252.8882985 84 192.168.1.119 - 50350 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 800 1518956253.7657309 1518956253.7997413 34 192.168.1.119 - 50352 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 801 1518959734.565619 1518959734.594896 29 192.168.1.119 - 50353 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.18%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 802 1518959853.3403563 1518959853.3784616 38 192.168.1.119 - 50355 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 802 1518959853.382205 1518959853.6334443 251 192.168.1.119 - 50355 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 803 1518959854.1470401 1518959854.3491848 202 192.168.1.119 - 50356 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 804 1518963454.3637908 1518963454.4047043 41 192.168.1.119 - 50358 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 804 1518963454.6198256 1518963454.6536148 34 192.168.1.119 - 50358 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 805 1518963454.6416636 1518963454.8918025 250 192.168.1.119 - 50359 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 806 1518967054.9692826 1518967055.0021305 33 192.168.1.119 - 50361 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 807 1518967055.144415 1518967055.1761262 32 192.168.1.119 - 50360 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 808 1518967055.399786 1518967055.435227 35 192.168.1.119 - 50362 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 809 1518970655.6048503 1518970655.6456685 41 192.168.1.119 - 50363 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 810 1518970655.7130246 1518970655.7501338 37 192.168.1.119 - 50364 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 811 1518970656.0049734 1518970656.0378582 33 192.168.1.119 - 50366 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 812 1518971917.8716538 1518971917.8997169 28 192.168.1.119 - 50371 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 813 1518974256.4482381 1518974256.4793024 31 192.168.1.119 - 50372 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 813 1518974256.6898887 1518974256.7222013 32 192.168.1.119 - 50372 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 814 1518974257.4691205 1518974257.5058353 37 192.168.1.119 - 50374 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 815 1518974356.2943466 1518974356.3802352 86 192.168.1.119 - 50375 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:1548167371&cup2hreq=aabe61a1eab52879913d4dacd4e7c7083c53da956a08a414d9264376794579b7 1414 2476 986 1319 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 816 1518974357.694028 1518974357.726847 33 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 282 839 0 0 170 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4E00E1E021747737B7DB6200BDF6F06E43F5A6F6.26C2AABF8581E2501F2FC26243FF40E28D45F160&key=cms1 - CTU.339.1.Malicious 817 1518974358.036843 1518974358.0542722 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4E00E1E021747737B7DB6200BDF6F06E43F5A6F6.26C2AABF8581E2501F2FC26243FF40E28D45F160&key=cms1 596 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 816 1518974359.390349 1518974359.4217277 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1E3724DADE8C026BA944AAFA2DF1CC26C53272FA.7140352DB3BA00B97F532A5537F133981C1012FB&key=cms1 - CTU.339.1.Malicious 817 1518974359.64265 1518974359.6584387 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1E3724DADE8C026BA944AAFA2DF1CC26C53272FA.7140352DB3BA00B97F532A5537F133981C1012FB&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974362.6422043 1518974362.6742206 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 373 1530 0 691 262 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=511AFBE0231A13C02A6616FD5D8EA6A1C4827D5B.17FE949338B8625D15720693EEB98EFD1D90C7C8&key=cms1 - CTU.339.1.Malicious 817 1518974362.891715 1518974362.906942 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=511AFBE0231A13C02A6616FD5D8EA6A1C4827D5B.17FE949338B8625D15720693EEB98EFD1D90C7C8&key=cms1 687 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974364.8251526 1518974364.857166 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=834981E96CB3AB50BAF312303A588D2837088287.717BE42E33185BC0B6761B9288A0CC24B221E3EB&key=cms1 - CTU.339.1.Malicious 817 1518974365.0696023 1518974365.0852811 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=834981E96CB3AB50BAF312303A588D2837088287.717BE42E33185BC0B6761B9288A0CC24B221E3EB&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974366.890392 1518974366.9349232 45 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=608B6A6C7423866F041943693B7D4B23CF5CE1DE.21F88A5C3038512A5693525FAA8E976281125487&key=cms1 - CTU.339.1.Malicious 817 1518974367.1388636 1518974367.1551967 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=608B6A6C7423866F041943693B7D4B23CF5CE1DE.21F88A5C3038512A5693525FAA8E976281125487&key=cms1 669 5836 0 5168 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974368.973093 1518974369.030468 57 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=65000E3C6C98E2D2A0BD0169C365175736544CE4.10802F3FED693BBCB3516FF2DA9F75A29774B94F&key=cms1 - CTU.339.1.Malicious 817 1518974369.2340457 1518974369.2498662 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=65000E3C6C98E2D2A0BD0169C365175736544CE4.10802F3FED693BBCB3516FF2DA9F75A29774B94F&key=cms1 669 4426 0 3758 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974371.0872662 1518974371.1207929 34 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C2F6C16107EE6E15E8D6ED01FD6D270242B4F3E.742844B96BE18217BD24C0D663683A58F92CE506&key=cms1 - CTU.339.1.Malicious 817 1518974371.3233805 1518974371.3399882 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C2F6C16107EE6E15E8D6ED01FD6D270242B4F3E.742844B96BE18217BD24C0D663683A58F92CE506&key=cms1 669 3501 0 2833 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974373.2320526 1518974373.2655017 33 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D81929CAA4E9E9CDAB70DB647671B111F3E9B9A.49EA3358D025293885731873DA2A0F9F826AD296&key=cms1 - CTU.339.1.Malicious 817 1518974373.4683416 1518974373.483647 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D81929CAA4E9E9CDAB70DB647671B111F3E9B9A.49EA3358D025293885731873DA2A0F9F826AD296&key=cms1 669 6959 0 6291 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974375.305504 1518974375.3357148 30 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F4D21D91BC74EDF99DE568D1854F9F05954817E.47A46227EF1F5659DD93D9AD0D96015583422475&key=cms1 - CTU.339.1.Malicious 817 1518974375.5392296 1518974375.5546207 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F4D21D91BC74EDF99DE568D1854F9F05954817E.47A46227EF1F5659DD93D9AD0D96015583422475&key=cms1 669 5785 0 5117 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974376.392866 1518974376.4239037 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=798C36B9E961D0970EBBA4CBB3247EE51CC641AF.598D3E8B58546E4A562B3047EF84664142BEAA7D&key=cms1 - CTU.339.1.Malicious 817 1518974376.6277766 1518974376.6432233 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=798C36B9E961D0970EBBA4CBB3247EE51CC641AF.598D3E8B58546E4A562B3047EF84664142BEAA7D&key=cms1 669 8343 0 7675 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974378.4541993 1518974378.4864764 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4C32A24D55DD8832C0E55137CBE6187DA43AB28C.66D18D7596662DC665394CFE0F93560070346473&key=cms1 - CTU.339.1.Malicious 817 1518974378.6913865 1518974378.7066422 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4C32A24D55DD8832C0E55137CBE6187DA43AB28C.66D18D7596662DC665394CFE0F93560070346473&key=cms1 689 7037 0 6369 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974379.5252683 1518974379.5559642 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A1D111086F34B7C78926F1153ADC36497E414BB.47D2965CB2E58C417AF395C5294AD0392AE6A72F&key=cms1 - CTU.339.1.Malicious 817 1518974379.754365 1518974379.7717197 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A1D111086F34B7C78926F1153ADC36497E414BB.47D2965CB2E58C417AF395C5294AD0392AE6A72F&key=cms1 669 12042 0 11373 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974380.56615 1518974380.5974908 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77F345A610CCF2EBC1A828EDEB6BB6F3E2D22CFC.7A0739B2BE0D0901CBBE40D34DD2887E4F81BBFD&key=cms1 - CTU.339.1.Malicious 817 1518974380.8009377 1518974380.8172338 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77F345A610CCF2EBC1A828EDEB6BB6F3E2D22CFC.7A0739B2BE0D0901CBBE40D34DD2887E4F81BBFD&key=cms1 669 11397 0 10728 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974381.610348 1518974381.6418316 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6D9A2F3C31B31C9D2AFA8BE599DE0BEB720E20CB.5AA320EA17062FD38A098C9078B615C64E28E41B&key=cms1 - CTU.339.1.Malicious 817 1518974381.8476887 1518974381.8651764 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6D9A2F3C31B31C9D2AFA8BE599DE0BEB720E20CB.5AA320EA17062FD38A098C9078B615C64E28E41B&key=cms1 689 11300 0 10631 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974382.6551232 1518974382.687522 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974365&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=620307B8E7B77C007821188F4FC0808A650906FA.1C6BAEDBE51549877FF524413EEC5D91D163489D&key=cms1 - CTU.339.1.Malicious 817 1518974382.8912191 1518974382.9067454 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974365&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=620307B8E7B77C007821188F4FC0808A650906FA.1C6BAEDBE51549877FF524413EEC5D91D163489D&key=cms1 669 10595 0 9927 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974384.7027366 1518974384.732835 30 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 376 1530 0 691 265 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=690B6A7F45BE6C7DF601CA5EB18D9E1DCE9B5B2C.24AD9C800607DC26671F355B121C8A66F0787147&key=cms1 - CTU.339.1.Malicious 817 1518974384.9356985 1518974384.9507174 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=690B6A7F45BE6C7DF601CA5EB18D9E1DCE9B5B2C.24AD9C800607DC26671F355B121C8A66F0787147&key=cms1 690 21149 0 20479 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974387.798447 1518974387.8299809 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A0B27828E9847FFF75DDDF3D39F2C3C417BA203.436A8E62F07A707B16EF39D35FAF55F89B95FC9B&key=cms1 - CTU.339.1.Malicious 817 1518974388.032597 1518974388.0475836 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A0B27828E9847FFF75DDDF3D39F2C3C417BA203.436A8E62F07A707B16EF39D35FAF55F89B95FC9B&key=cms1 671 17313 0 16642 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974390.4644256 1518974390.497633 33 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A33CAD18EB171DD08D4D3E5E2E7414958C8BADA.767D3B3DF8D2E15FA9F9F6291CB960C0228E2638&key=cms1 - CTU.339.1.Malicious 817 1518974390.7045662 1518974390.7191186 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A33CAD18EB171DD08D4D3E5E2E7414958C8BADA.767D3B3DF8D2E15FA9F9F6291CB960C0228E2638&key=cms1 671 14829 0 14158 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974393.183868 1518974393.2152276 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F32C1DFF7376B007FCC28F8FFD27EAA5B867D2E.4471C1763B3910A03E43D1EB5AF00BE07BFE15AA&key=cms1 - CTU.339.1.Malicious 817 1518974393.4192033 1518974393.4343815 15 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1F32C1DFF7376B007FCC28F8FFD27EAA5B867D2E.4471C1763B3910A03E43D1EB5AF00BE07BFE15AA&key=cms1 671 12466 0 11795 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974395.7025943 1518974395.7330785 30 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=160764B23C06868B52733C927FB6701FDEDF85ED.83EB0F17D2C0F6BC3359B645659BD7A56B3E46FF&key=cms1 - CTU.339.1.Malicious 817 1518974395.9362853 1518974395.95201 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=160764B23C06868B52733C927FB6701FDEDF85ED.83EB0F17D2C0F6BC3359B645659BD7A56B3E46FF&key=cms1 691 10664 0 9994 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974396.7500708 1518974396.7830322 33 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5334FE5C989E7E5B49B9140C369DB7EBF3C7A5B4.4A3D94162D1EF4C0E09FDA5F9114C13D715FD8C5&key=cms1 - CTU.339.1.Malicious 817 1518974396.9885032 1518974397.0061197 18 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5334FE5C989E7E5B49B9140C369DB7EBF3C7A5B4.4A3D94162D1EF4C0E09FDA5F9114C13D715FD8C5&key=cms1 671 10300 0 9630 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974398.7981694 1518974398.8281124 30 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=297424738D90DDD6CD5206CB5964D56DA9F91FEF.0FD9BC59224A7CFF998A1F2A7259794D6ECD181A&key=cms1 - CTU.339.1.Malicious 817 1518974399.031837 1518974399.0489614 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=297424738D90DDD6CD5206CB5964D56DA9F91FEF.0FD9BC59224A7CFF998A1F2A7259794D6ECD181A&key=cms1 691 10919 0 10248 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974399.8439798 1518974399.8751035 31 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1928949AF04072CAA259AD49A034BAA72132DFB1.019DE140D0032E8C381735D7CFF3E7BE0F0E6DF4&key=cms1 - CTU.339.1.Malicious 817 1518974400.075663 1518974400.0920084 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1928949AF04072CAA259AD49A034BAA72132DFB1.019DE140D0032E8C381735D7CFF3E7BE0F0E6DF4&key=cms1 671 10308 0 9638 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974400.89197 1518974400.9239652 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0F4578B52C9D3FE757B94284699C904CB886AD3A.41497B32B41B89EA7AEBC1198C530BA2C6B62984&key=cms1 - CTU.339.1.Malicious 817 1518974401.129467 1518974401.1468601 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0F4578B52C9D3FE757B94284699C904CB886AD3A.41497B32B41B89EA7AEBC1198C530BA2C6B62984&key=cms1 691 10068 0 9398 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974401.9420822 1518974401.972394 30 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4FCF4AD40AD99E687CA93CB8A2856BBD4FCEB7D4.34D80F3B9CD7C23907377AC06CE1E03E950F675B&key=cms1 - CTU.339.1.Malicious 817 1518974402.1779263 1518974402.1948204 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4FCF4AD40AD99E687CA93CB8A2856BBD4FCEB7D4.34D80F3B9CD7C23907377AC06CE1E03E950F675B&key=cms1 671 9128 0 8458 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974402.9981065 1518974403.0279803 30 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=75C3181E9D3FF222BB35ACF1099C299D93917BED.4341C825C859C5646AE08DECC6A972C036999CC8&key=cms1 - CTU.339.1.Malicious 817 1518974403.232124 1518974403.2477744 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=75C3181E9D3FF222BB35ACF1099C299D93917BED.4341C825C859C5646AE08DECC6A972C036999CC8&key=cms1 671 8120 0 7450 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974404.0595562 1518974404.091329 32 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6240A204F1BC4A8ADDA7C545927A74A054DE6435.4C94A5376CBF157D4E87A4434A1071AAECF74C00&key=cms1 - CTU.339.1.Malicious 817 1518974404.298346 1518974404.3138654 16 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6240A204F1BC4A8ADDA7C545927A74A054DE6435.4C94A5376CBF157D4E87A4434A1071AAECF74C00&key=cms1 691 7660 0 6990 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 816 1518974405.125925 1518974405.1975873 72 192.168.1.119 - 50376 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3F668CFE947F44BCAE70BA8CCF64B1A8BE0C8F8E.72D12A89C34F29252DC0E90A6E7A86E9DD540462&key=cms1 - CTU.339.1.Malicious 817 1518974405.4010646 1518974405.4176009 17 192.168.1.119 - 50377 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/f87oZ0yBHX8_4290/4290_all_crl-set-14162630662132146021.data.crx3?cms_redirect=yes&expire=1518988805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1518974292&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3F668CFE947F44BCAE70BA8CCF64B1A8BE0C8F8E.72D12A89C34F29252DC0E90A6E7A86E9DD540462&key=cms1 691 6778 0 6108 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 818 1518974409.6404135 1518974409.8851855 245 192.168.1.119 - 50378 172.217.23.195 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 819 1518976002.1115563 1518976002.1426852 31 192.168.1.119 - 50379 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.18%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 820 1518977858.4255292 1518977858.4580197 32 192.168.1.119 - 50380 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 820 1518977858.46278 1518977858.4976654 35 192.168.1.119 - 50380 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 821 1518977859.3859804 1518977859.4200823 34 192.168.1.119 - 50382 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 822 1518981459.570397 1518981459.600364 30 192.168.1.119 - 50383 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 823 1518981459.722552 1518981459.758188 36 192.168.1.119 - 50385 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 822 1518981459.8100553 1518981459.8438497 34 192.168.1.119 - 50383 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 824 1518984880.1861656 1518984880.4303555 244 192.168.1.119 - 50386 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 825 1518985060.602626 1518985060.637153 35 192.168.1.119 - 50389 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 826 1518985061.5990071 1518985061.8539762 255 192.168.1.119 - 50387 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 827 1518985061.629224 1518985061.8601105 231 192.168.1.119 - 50388 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 828 1518988661.5051317 1518988661.5403557 35 192.168.1.119 - 50390 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 829 1518988661.995521 1518988662.0267832 31 192.168.1.119 - 50391 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 829 1518988662.281529 1518988662.3108573 29 192.168.1.119 - 50391 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 830 1518992262.850471 1518992262.8813481 31 192.168.1.119 - 50392 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 831 1518992263.8683252 1518992263.9044604 36 192.168.1.119 - 50393 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 832 1518992264.1011016 1518992264.1321232 31 192.168.1.119 - 50394 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 833 1518993544.4584928 1518993544.495591 37 192.168.1.119 - 50399 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 834 1518994480.5913823 1518994480.6200078 29 192.168.1.119 - 50400 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.18%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 835 1518995864.6457157 1518995864.6819193 36 192.168.1.119 - 50401 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 836 1518995864.8221335 1518995864.8532398 31 192.168.1.119 - 50403 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 836 1518995864.8762038 1518995864.9068303 31 192.168.1.119 - 50403 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 837 1518999466.0065534 1518999466.0361204 30 192.168.1.119 - 50404 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 837 1518999466.0396857 1518999466.2896042 250 192.168.1.119 - 50404 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 838 1518999467.005476 1518999467.03639 31 192.168.1.119 - 50405 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 839 1519003067.1402686 1519003067.1705055 30 192.168.1.119 - 50408 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 840 1519003067.326692 1519003067.35831 32 192.168.1.119 - 50409 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 839 1519003067.3873913 1519003067.4168468 29 192.168.1.119 - 50408 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 841 1519006668.283145 1519006668.3139274 31 192.168.1.119 - 50412 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 842 1519006669.2780538 1519006669.3064046 28 192.168.1.119 - 50411 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 843 1519006669.4957628 1519006669.5249217 29 192.168.1.119 - 50410 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 844 1519010269.6148431 1519010269.6463227 31 192.168.1.119 - 50413 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 845 1519010269.8277714 1519010269.862554 35 192.168.1.119 - 50415 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 845 1519010270.0792887 1519010270.111718 32 192.168.1.119 - 50415 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 846 1519010917.9583066 1519010917.9885814 30 192.168.1.119 - 50416 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.18%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 847 1519010922.0742826 1519010922.0997365 25 192.168.1.119 - 50417 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 848 1519013609.8791714 1519013609.9047697 26 192.168.1.119 - 50418 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6964 0 6683 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 848 1519013610.3302546 1519013610.3618355 32 192.168.1.119 - 50418 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 848 1519013610.3654618 1519013610.3900654 25 192.168.1.119 - 50418 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6432 0 6137 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 849 1519013680.9975793 1519013681.0506904 53 192.168.1.119 - 50421 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 850 1519013870.816607 1519013870.8483953 32 192.168.1.119 - 50424 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 850 1519013871.058674 1519013871.0905569 32 192.168.1.119 - 50424 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 851 1519013872.4623404 1519013872.5010166 39 192.168.1.119 - 50422 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 852 1519015172.329808 1519015172.3583622 29 192.168.1.119 - 50429 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 853 1519017471.6116867 1519017471.644265 33 192.168.1.119 - 50430 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 854 1519017471.8119812 1519017471.8455124 34 192.168.1.119 - 50431 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 855 1519017472.7989495 1519017472.8288615 30 192.168.1.119 - 50432 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 856 1519021072.203173 1519021072.230572 27 192.168.1.119 - 50433 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 857 1519021072.3689687 1519021072.405618 37 192.168.1.119 - 50434 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 858 1519021073.141606 1519021073.1741874 33 192.168.1.119 - 50435 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 859 1519024673.5144603 1519024673.5567226 42 192.168.1.119 - 50438 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 860 1519024673.7447412 1519024673.7751367 30 192.168.1.119 - 50437 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 861 1519024673.951403 1519024673.9817998 30 192.168.1.119 - 50436 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 862 1519028274.6054041 1519028274.6433656 38 192.168.1.119 - 50441 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 862 1519028275.0574577 1519028275.095556 38 192.168.1.119 - 50441 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 863 1519028276.2550251 1519028276.288558 34 192.168.1.119 - 50439 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 864 1519028356.3036485 1519028356.4128428 109 192.168.1.119 - 50442 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:3986162494&cup2hreq=b8a6209929fc70d986e73fff2f199002b2af3e59e436f15be067ebf1c7b8d02a 1414 2479 986 1323 303 1144 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 865 1519028357.8598356 1519028357.89394 34 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028237&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=557E93AFBE3358C5DC298D59FD2545881E728442.1421DCBB2FC21F457A462DC1EAD3D9A874690A87&key=cms1 - CTU.339.1.Malicious 866 1519028358.0922227 1519028358.1087089 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028237&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=557E93AFBE3358C5DC298D59FD2545881E728442.1421DCBB2FC21F457A462DC1EAD3D9A874690A87&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 865 1519028358.498822 1519028358.5317705 33 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028237&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3461856BF2870148CD6173D89A855D34D10683BC.44084319DE2674FDF9FBE81459EB188792D761C6&key=cms1 - CTU.339.1.Malicious 866 1519028358.7346592 1519028358.7496293 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028237&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3461856BF2870148CD6173D89A855D34D10683BC.44084319DE2674FDF9FBE81459EB188792D761C6&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028361.7619314 1519028361.7952812 33 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B5BE155F8F3BD4EFE833C054C011062E7D9A122.64F436C13A5D6A25621D4EB0D9469F8FF136D249&key=cms1 - CTU.339.1.Malicious 866 1519028361.9984212 1519028362.0140254 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B5BE155F8F3BD4EFE833C054C011062E7D9A122.64F436C13A5D6A25621D4EB0D9469F8FF136D249&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028362.9224584 1519028362.9549868 33 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4CE65626A0CA7DFEA126E837147386B27A79AC75.36E24D296CDAF232A75A96901DBA81C415818C05&key=cms1 - CTU.339.1.Malicious 866 1519028363.1506066 1519028363.1652935 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4CE65626A0CA7DFEA126E837147386B27A79AC75.36E24D296CDAF232A75A96901DBA81C415818C05&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028364.0040765 1519028364.0354733 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=062EDCD65AA2FD5CB3B200C2F117581848545329.7BC1C9BF1ED6AFEF7476B1F29AEA09B78B9E030D&key=cms1 - CTU.339.1.Malicious 866 1519028364.238668 1519028364.254052 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=062EDCD65AA2FD5CB3B200C2F117581848545329.7BC1C9BF1ED6AFEF7476B1F29AEA09B78B9E030D&key=cms1 669 5991 0 5323 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028366.0958428 1519028366.127759 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7740D4770ED2C703E0978C7EF3CC888E0C3B3026.071249A11BC8411A8AD73FC54A5FDC3BAB651025&key=cms1 - CTU.339.1.Malicious 866 1519028366.3307972 1519028366.3574798 27 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7740D4770ED2C703E0978C7EF3CC888E0C3B3026.071249A11BC8411A8AD73FC54A5FDC3BAB651025&key=cms1 669 5148 0 4480 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028368.1960604 1519028368.2286167 33 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7FCD47560FA1F1C6FF64F8EABAFF7E493D85D841.1B8687096DAEC81CD4169B320F39E768281EC975&key=cms1 - CTU.339.1.Malicious 866 1519028368.4323204 1519028368.4494126 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7FCD47560FA1F1C6FF64F8EABAFF7E493D85D841.1B8687096DAEC81CD4169B320F39E768281EC975&key=cms1 669 4156 0 3488 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028370.3169532 1519028370.3490512 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=077C18D74FB75CDE69C131FB3FC34323F31A2CB8.36D7F6A2403382CB622F1A3B5DB224B9687668C3&key=cms1 - CTU.339.1.Malicious 866 1519028370.5528636 1519028370.5692227 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=077C18D74FB75CDE69C131FB3FC34323F31A2CB8.36D7F6A2403382CB622F1A3B5DB224B9687668C3&key=cms1 669 8268 0 7600 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028371.3775518 1519028371.4116077 34 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52EEC29E569498839D65B633B8B039CDF9D92B16.1B121A40A833213F8CF607A8DCD03FF508A029C6&key=cms1 - CTU.339.1.Malicious 866 1519028371.6196368 1519028371.6351655 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52EEC29E569498839D65B633B8B039CDF9D92B16.1B121A40A833213F8CF607A8DCD03FF508A029C6&key=cms1 669 7619 0 6951 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028373.4443178 1519028373.478008 34 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1482 0 665 264 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6BC28F0B41E6B62AD3872DC91511D6127DA87FA2.103129B8AE7A777F9EBBC823CDAF7A128FD1D9&key=cms1 - CTU.339.1.Malicious 866 1519028373.7039227 1519028373.7194269 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6BC28F0B41E6B62AD3872DC91511D6127DA87FA2.103129B8AE7A777F9EBBC823CDAF7A128FD1D9&key=cms1 667 6259 0 5591 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028374.52433 1519028374.5563374 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=158675CE10327AD38A3217992E2ABA8E33ABAB29.702EE5E346F97C36B2232D71F0C50EA5E7B7C331&key=cms1 - CTU.339.1.Malicious 866 1519028374.7506728 1519028374.7670968 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=158675CE10327AD38A3217992E2ABA8E33ABAB29.702EE5E346F97C36B2232D71F0C50EA5E7B7C331&key=cms1 669 7035 0 6367 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028376.6160374 1519028376.649623 34 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1DFBE7B5201508E7D4CF29D928FA21828E36AC25.75CB7415D200E7B4BB9BF6228F2BBCBF7523278D&key=cms1 - CTU.339.1.Malicious 866 1519028376.8529298 1519028376.8684695 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1DFBE7B5201508E7D4CF29D928FA21828E36AC25.75CB7415D200E7B4BB9BF6228F2BBCBF7523278D&key=cms1 669 5585 0 4917 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028378.6879172 1519028378.7196681 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=32599C7446B160690AFD2EB3BDA19AB9DF1AC7EA.1F6D0F2C780FE07BAAD998C33D2EEE3799004D86&key=cms1 - CTU.339.1.Malicious 866 1519028378.9234388 1519028378.9401555 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=32599C7446B160690AFD2EB3BDA19AB9DF1AC7EA.1F6D0F2C780FE07BAAD998C33D2EEE3799004D86&key=cms1 669 4622 0 3954 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028380.7975497 1519028380.8302824 33 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B73FEF15A91E374B2EB35411687DB1A1F3C537C.70F60AE8119039B2BE4F645A529546FEC868D79B&key=cms1 - CTU.339.1.Malicious 866 1519028381.0332813 1519028381.0483315 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B73FEF15A91E374B2EB35411687DB1A1F3C537C.70F60AE8119039B2BE4F645A529546FEC868D79B&key=cms1 669 3712 0 3044 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028382.9344158 1519028382.9676912 33 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=815ED90B2848869B9BC0B040CD48893A8B4CA33B.14417A29D0DF96EA3CB70E84A75E3E3067FC201D&key=cms1 - CTU.339.1.Malicious 866 1519028383.1891825 1519028383.2067847 18 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=815ED90B2848869B9BC0B040CD48893A8B4CA33B.14417A29D0DF96EA3CB70E84A75E3E3067FC201D&key=cms1 669 3164 0 2496 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028385.369086 1519028385.4001193 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03E1C904A592B6C6A60147075534E4869D84FA16.196995C871C15C483A274D3800F052C16FEC1319&key=cms1 - CTU.339.1.Malicious 866 1519028385.6026602 1519028385.6191669 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=03E1C904A592B6C6A60147075534E4869D84FA16.196995C871C15C483A274D3800F052C16FEC1319&key=cms1 669 5090 0 4422 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028386.4690206 1519028386.4995983 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C79063582147CC1AA0DA237099987AF14137663.2C284BB45BD264554670C913C27B2C86FB68B952&key=cms1 - CTU.339.1.Malicious 866 1519028386.7026467 1519028386.7179024 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C79063582147CC1AA0DA237099987AF14137663.2C284BB45BD264554670C913C27B2C86FB68B952&key=cms1 669 8861 0 8193 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028387.524649 1519028387.555823 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=74A548D34825E2E9BA91052C16779787C9AC1E49.18CC6F7814D50228434745E674100DC8DA14C073&key=cms1 - CTU.339.1.Malicious 866 1519028387.7567086 1519028387.7719321 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=74A548D34825E2E9BA91052C16779787C9AC1E49.18CC6F7814D50228434745E674100DC8DA14C073&key=cms1 669 8342 0 7674 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028388.585774 1519028388.6171057 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=569CD4B5FEE7718DF4B203EB3BC5F3E7B8BDE2F7.454D10B9E9CA244C5EF720F32102DEB13F8086AB&key=cms1 - CTU.339.1.Malicious 866 1519028388.8211253 1519028388.8366961 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=569CD4B5FEE7718DF4B203EB3BC5F3E7B8BDE2F7.454D10B9E9CA244C5EF720F32102DEB13F8086AB&key=cms1 669 7820 0 7152 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028389.6498604 1519028389.6810496 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6451B971EF11C92999A30BF0C8EF9C6441DC55C4.4BB7277A8F059EF756180A78482A2316A5BC9BCF&key=cms1 - CTU.339.1.Malicious 866 1519028389.880473 1519028389.8959436 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6451B971EF11C92999A30BF0C8EF9C6441DC55C4.4BB7277A8F059EF756180A78482A2316A5BC9BCF&key=cms1 669 7187 0 6519 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028391.7197285 1519028391.7502744 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4EDEDB25A1F8261B6FE8DF4D5371F3DB800CAD46.46317D3E8CE5C37A425076D9A512D29F34B08E4E&key=cms1 - CTU.339.1.Malicious 866 1519028391.95307 1519028391.968731 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4EDEDB25A1F8261B6FE8DF4D5371F3DB800CAD46.46317D3E8CE5C37A425076D9A512D29F34B08E4E&key=cms1 670 8445 0 7776 274 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028392.778894 1519028392.8098278 31 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=016313A84F43F0140321BB13C0107F86CC7F9A15.64717E02299281DCE422A390A34619DCD435D634&key=cms1 - CTU.339.1.Malicious 866 1519028393.0169384 1519028393.034266 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=016313A84F43F0140321BB13C0107F86CC7F9A15.64717E02299281DCE422A390A34619DCD435D634&key=cms1 671 7882 0 7212 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028394.8423557 1519028394.8746824 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B9617975F93A603E613941B080EB345094194C9.61FDC83F90E253D7E588B51136035DBECCBD4EF6&key=cms1 - CTU.339.1.Malicious 866 1519028395.0782015 1519028395.0941632 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B9617975F93A603E613941B080EB345094194C9.61FDC83F90E253D7E588B51136035DBECCBD4EF6&key=cms1 671 14691 0 14020 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028396.5042138 1519028396.5364408 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6217FD818ECDC6D22F79C28D2E1519A2F882B8EA.63A4940E1E21B65E6BFA575869AB57F8E173A240&key=cms1 - CTU.339.1.Malicious 866 1519028396.7334282 1519028396.7484179 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6217FD818ECDC6D22F79C28D2E1519A2F882B8EA.63A4940E1E21B65E6BFA575869AB57F8E173A240&key=cms1 671 12818 0 12147 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028399.1688585 1519028399.199091 30 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69FB78B0A7D708B4115A2013663AEC8181332FCB.71CA4C1A3058E1639E053C783C04BF30B55DAEB9&key=cms1 - CTU.339.1.Malicious 866 1519028399.4016538 1519028399.417255 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=69FB78B0A7D708B4115A2013663AEC8181332FCB.71CA4C1A3058E1639E053C783C04BF30B55DAEB9&key=cms1 671 11077 0 10406 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028400.2133713 1519028400.2897396 76 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E411CD143A150D433F3379CD8FA69A689E6DFF3.69A906C9E973F6BA31F6A235B0F7D360DBA2A2C9&key=cms1 - CTU.339.1.Malicious 866 1519028400.4956222 1519028400.5123 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E411CD143A150D433F3379CD8FA69A689E6DFF3.69A906C9E973F6BA31F6A235B0F7D360DBA2A2C9&key=cms1 671 10794 0 10123 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028401.2598994 1519028401.2895682 30 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=750A740FCB2B3ED69813FE242D0568819E98E077.78CD928526CC66A1309812154E3C36C5239F4742&key=cms1 - CTU.339.1.Malicious 866 1519028401.4986014 1519028401.5135272 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=750A740FCB2B3ED69813FE242D0568819E98E077.78CD928526CC66A1309812154E3C36C5239F4742&key=cms1 671 9858 0 9188 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028402.3099437 1519028402.3375418 28 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3342DDDABE8FE950070DA227EF9C205A46AA4709.575340E1A022E96ED218901AEA87AD649B55886A&key=cms1 - CTU.339.1.Malicious 866 1519028402.5412405 1519028402.5584269 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3342DDDABE8FE950070DA227EF9C205A46AA4709.575340E1A022E96ED218901AEA87AD649B55886A&key=cms1 671 9476 0 8806 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028404.363628 1519028404.3938992 30 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7BDF5854C0349EE9C20400DB24176FFA8EDAD85D.793226586BD27656A78B5B69F9AFECAC2FE94208&key=cms1 - CTU.339.1.Malicious 866 1519028404.5971932 1519028404.6132083 16 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7BDF5854C0349EE9C20400DB24176FFA8EDAD85D.793226586BD27656A78B5B69F9AFECAC2FE94208&key=cms1 671 18907 0 18236 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028407.0312138 1519028407.0635343 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=024DE8DD2B447BFA42A518548C339937EE8ADDDF.5CF141E2B1923857E99FF5B19C2A375A6CD5FF35&key=cms1 - CTU.339.1.Malicious 866 1519028407.2676435 1519028407.2852623 18 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=024DE8DD2B447BFA42A518548C339937EE8ADDDF.5CF141E2B1923857E99FF5B19C2A375A6CD5FF35&key=cms1 671 16573 0 15902 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028409.7593038 1519028409.7882838 29 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5F23B5331A96314D6352714F87BB7C12805B025F.4ABC22585F92205D67BA10FB0EA2B66AF5584D03&key=cms1 - CTU.339.1.Malicious 866 1519028409.9909265 1519028410.0082262 17 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5F23B5331A96314D6352714F87BB7C12805B025F.4ABC22585F92205D67BA10FB0EA2B66AF5584D03&key=cms1 671 14010 0 13339 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 865 1519028412.4794772 1519028412.511139 32 192.168.1.119 - 50443 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042812&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E070664B05F499DE3EE3458B169587F7CF4A1C6.5711B82CDA6F52EF269AD1CC78FC9FF37E881FFD&key=cms1 - CTU.339.1.Malicious 866 1519028412.7098825 1519028412.7251606 15 192.168.1.119 - 50444 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANeFXE54ly8s_4291/4291_all_crl-set-2702952415876479321.data.crx3?cms_redirect=yes&expire=1519042812&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519028299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E070664B05F499DE3EE3458B169587F7CF4A1C6.5711B82CDA6F52EF269AD1CC78FC9FF37E881FFD&key=cms1 671 6264 0 5594 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 867 1519028417.97195 1519028418.048896 77 192.168.1.119 - 50445 172.217.23.195 443 https://update.googleapis.com/service/update2 1252 942 919 246 303 684 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 868 1519030106.736188 1519030106.7657304 30 192.168.1.119 - 50446 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.19%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 869 1519031875.9443142 1519031875.9816456 37 192.168.1.119 - 50447 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 869 1519031876.010526 1519031876.0419354 31 192.168.1.119 - 50447 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 870 1519031876.6498034 1519031876.6788046 29 192.168.1.119 - 50450 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 871 1519035476.9817042 1519035477.0184963 37 192.168.1.119 - 50453 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 872 1519035477.150103 1519035477.1814275 31 192.168.1.119 - 50452 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 872 1519035477.3898904 1519035477.4236224 34 192.168.1.119 - 50452 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 873 1519036798.8009162 1519036798.835233 34 192.168.1.119 - 50458 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 874 1519039077.77942 1519039077.8166952 37 192.168.1.119 - 50460 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 874 1519039078.0267332 1519039078.0612319 34 192.168.1.119 - 50460 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 875 1519039078.7833545 1519039078.8174887 34 192.168.1.119 - 50459 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 876 1519042481.3980405 1519042481.617333 219 192.168.1.119 - 50462 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 877 1519042678.6758785 1519042678.7100415 34 192.168.1.119 - 50463 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 877 1519042678.917935 1519042678.9535234 36 192.168.1.119 - 50463 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 878 1519042679.1141965 1519042679.1480982 34 192.168.1.119 - 50465 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 879 1519046280.0203037 1519046280.0492673 29 192.168.1.119 - 50466 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 879 1519046280.2563205 1519046280.2977264 41 192.168.1.119 - 50466 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 880 1519046281.05443 1519046281.0907485 36 192.168.1.119 - 50468 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 881 1519047466.6971254 1519047466.7283895 31 192.168.1.119 - 50469 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.19%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 882 1519049882.0172863 1519049882.0538568 37 192.168.1.119 - 50470 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 883 1519049882.0125978 1519049882.0602834 48 192.168.1.119 - 50471 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 884 1519049882.748548 1519049882.790812 42 192.168.1.119 - 50472 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 885 1519053483.1257117 1519053483.1675746 42 192.168.1.119 - 50474 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 885 1519053483.1772928 1519053483.4338772 257 192.168.1.119 - 50474 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 886 1519053484.1317315 1519053484.1632714 32 192.168.1.119 - 50475 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 887 1519057084.0111072 1519057084.0433593 32 192.168.1.119 - 50477 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 887 1519057084.2603526 1519057084.298038 38 192.168.1.119 - 50477 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 888 1519057084.4722242 1519057084.516184 44 192.168.1.119 - 50478 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 889 1519058429.656782 1519058429.7482736 91 192.168.1.119 - 50483 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 890 1519060685.3939943 1519060685.4371436 43 192.168.1.119 - 50486 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 891 1519060686.369952 1519060686.6175601 248 192.168.1.119 - 50484 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 892 1519060686.591916 1519060686.6307688 39 192.168.1.119 - 50485 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 893 1519064286.7452478 1519064286.785619 40 192.168.1.119 - 50487 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 894 1519064286.8850613 1519064286.9211543 36 192.168.1.119 - 50488 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 895 1519064287.1325905 1519064287.1802044 48 192.168.1.119 - 50489 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 896 1519065944.9807138 1519065945.011395 31 192.168.1.119 - 50490 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.19%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 897 1519067887.9479458 1519067887.9855878 38 192.168.1.119 - 50492 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 898 1519067888.294662 1519067888.33532 41 192.168.1.119 - 50491 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 899 1519067888.2965682 1519067888.3405695 44 192.168.1.119 - 50493 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 900 1519071282.4344578 1519071282.5020516 68 192.168.1.119 - 50494 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 901 1519071489.145956 1519071489.1757126 30 192.168.1.119 - 50495 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 902 1519071489.1828341 1519071489.212319 29 192.168.1.119 - 50496 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 903 1519071489.4313428 1519071489.4688756 38 192.168.1.119 - 50497 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 904 1519075090.264732 1519075090.2948537 30 192.168.1.119 - 50499 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 904 1519075090.5047152 1519075090.5401852 35 192.168.1.119 - 50499 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 905 1519075091.2613578 1519075091.2965345 35 192.168.1.119 - 50498 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 906 1519078691.6017003 1519078691.6322722 31 192.168.1.119 - 50502 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 906 1519078691.8416827 1519078691.869721 28 192.168.1.119 - 50502 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 907 1519078693.0234737 1519078693.055084 32 192.168.1.119 - 50503 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 908 1519080055.7273474 1519080055.7653682 38 192.168.1.119 - 50508 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 909 1519082292.2929118 1519082292.3238542 31 192.168.1.119 - 50509 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 909 1519082292.5379274 1519082292.5660799 28 192.168.1.119 - 50509 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 910 1519082293.5477312 1519082293.5829425 35 192.168.1.119 - 50511 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 911 1519082356.4253027 1519082356.480706 55 192.168.1.119 - 50512 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:2766092554&cup2hreq=dc987daece778863dd1d56a9530d43601d9be917b7012737866dff042310cc7f 1414 2480 986 1323 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 912 1519082357.9233963 1519082357.978961 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 281 838 0 0 170 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=02B7F4AED2012D456EACE6C7B7CE513AE918A430.502EE621628FA55757DC2DFA78F2B3A4F9A6293F&key=cms1 - CTU.339.1.Malicious 913 1519082358.2302673 1519082358.246427 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096757&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=02B7F4AED2012D456EACE6C7B7CE513AE918A430.502EE621628FA55757DC2DFA78F2B3A4F9A6293F&key=cms1 595 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 912 1519082359.7629547 1519082359.81869 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 369 1528 0 690 259 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1C660F95FF9E55D70C77B6F28B17F9B7FC2ACC25.59E73542AF16AC1768103FD08270A693242A0587&key=cms1 - CTU.339.1.Malicious 913 1519082360.0226016 1519082360.0399652 17 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1C660F95FF9E55D70C77B6F28B17F9B7FC2ACC25.59E73542AF16AC1768103FD08270A693242A0587&key=cms1 683 3155 0 2492 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082361.9962316 1519082362.0511894 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 372 1528 0 690 262 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=628093F6111ADFF89CDB3E4FDE70E5BD82742691.732751800947CBBAF13FF41FF1E12A0636C01ECA&key=cms1 - CTU.339.1.Malicious 913 1519082362.2550108 1519082362.2706046 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=628093F6111ADFF89CDB3E4FDE70E5BD82742691.732751800947CBBAF13FF41FF1E12A0636C01ECA&key=cms1 686 3243 0 2577 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082363.1540866 1519082363.2088826 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 373 1528 0 690 263 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7B407C6CC9CEA2CC6D5BD8E19F1C704C70F6591F.15C8CEDD430FBED23D3F55A04F76C013F7391878&key=cms1 - CTU.339.1.Malicious 913 1519082363.4118717 1519082363.427476 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7B407C6CC9CEA2CC6D5BD8E19F1C704C70F6591F.15C8CEDD430FBED23D3F55A04F76C013F7391878&key=cms1 687 6444 0 5777 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082364.2349164 1519082364.2885933 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=659DDA23A8B1BBA7CF33ED7313723B6936D48A50.40EB703868581B4BC05FD03222E5908BF2DD639B&key=cms1 - CTU.339.1.Malicious 913 1519082364.491461 1519082364.5069668 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=659DDA23A8B1BBA7CF33ED7313723B6936D48A50.40EB703868581B4BC05FD03222E5908BF2DD639B&key=cms1 688 6445 0 5777 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082366.3183975 1519082366.3728914 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=35AC46C0D6ED9818E298F3A50185DBE81B07F518.4E06C17CFD857D24B69CC9D67950ECDB94AA746F&key=cms1 - CTU.339.1.Malicious 913 1519082366.5762315 1519082366.5914578 15 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=35AC46C0D6ED9818E298F3A50185DBE81B07F518.4E06C17CFD857D24B69CC9D67950ECDB94AA746F&key=cms1 688 5315 0 4647 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082368.4162238 1519082368.4719718 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11EB02945C1AEF637DBBCA97FF82322199CAC4CF.60C8698C0C4CD70961100AC7D2A67903CCF2B5B6&key=cms1 - CTU.339.1.Malicious 913 1519082368.6784506 1519082368.6958165 17 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11EB02945C1AEF637DBBCA97FF82322199CAC4CF.60C8698C0C4CD70961100AC7D2A67903CCF2B5B6&key=cms1 688 3739 0 3071 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082369.5511167 1519082369.6051486 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=57D0A16287D1C2D1458BACFA99FB22AA1D196441.53541BA49F80800A9F972C3293490C1AEFA54244&key=cms1 - CTU.339.1.Malicious 913 1519082369.8084495 1519082369.8250985 17 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=57D0A16287D1C2D1458BACFA99FB22AA1D196441.53541BA49F80800A9F972C3293490C1AEFA54244&key=cms1 688 7434 0 6766 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082371.6190863 1519082371.6739933 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5C5A264075E9C3F9A959EC28E515FB7731DBC2CC.3A5B8E4EB0DA42BD90F774141E0F2A92C781D9F6&key=cms1 - CTU.339.1.Malicious 913 1519082371.8778849 1519082371.8937678 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5C5A264075E9C3F9A959EC28E515FB7731DBC2CC.3A5B8E4EB0DA42BD90F774141E0F2A92C781D9F6&key=cms1 688 12086 0 11417 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082372.6602232 1519082372.714341 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4BD2FCE08F2C32F564718D1ED8E247577E01BD55.260F7E38DD6BCF8D02F81EB8DEB8F102681BC770&key=cms1 - CTU.339.1.Malicious 913 1519082372.918679 1519082372.9349785 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4BD2FCE08F2C32F564718D1ED8E247577E01BD55.260F7E38DD6BCF8D02F81EB8DEB8F102681BC770&key=cms1 688 12120 0 11451 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082373.7021883 1519082373.7583597 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0B1E4BF7EF1D0AFA58F8F7E4A1396592A7CAA24A.6493B61F66AD5A27DC4C1C0AE374481EDB3BF7AC&key=cms1 - CTU.339.1.Malicious 913 1519082373.9626596 1519082373.9782245 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0B1E4BF7EF1D0AFA58F8F7E4A1396592A7CAA24A.6493B61F66AD5A27DC4C1C0AE374481EDB3BF7AC&key=cms1 688 11543 0 10874 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082374.7460086 1519082374.8004723 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82CE101C9AD08D2A36921D814C402D3D0F60CE1D.1370CAA71A79546F1D40D00604BC2710F63AC565&key=cms1 - CTU.339.1.Malicious 913 1519082375.0054364 1519082375.020486 15 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82CE101C9AD08D2A36921D814C402D3D0F60CE1D.1370CAA71A79546F1D40D00604BC2710F63AC565&key=cms1 688 11789 0 11120 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082375.788368 1519082375.8434 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6BBF01299372FD9F069792712A8753EE01657138.8502F5800BD90953435EFDFF973857EAA0777547&key=cms1 - CTU.339.1.Malicious 913 1519082376.0485818 1519082376.064563 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6BBF01299372FD9F069792712A8753EE01657138.8502F5800BD90953435EFDFF973857EAA0777547&key=cms1 688 12273 0 11604 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082377.183105 1519082377.2378573 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1333A5ECD5BF4F5A27BEBA7B1B76B8DF8C15D43B.309FC3A2096A9CE3FC81F6F0D7A22D4BE206419F&key=cms1 - CTU.339.1.Malicious 913 1519082377.443179 1519082377.4603312 17 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1333A5ECD5BF4F5A27BEBA7B1B76B8DF8C15D43B.309FC3A2096A9CE3FC81F6F0D7A22D4BE206419F&key=cms1 688 11276 0 10607 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082378.2114956 1519082378.2690635 58 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 375 1528 0 690 265 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3B9031844F083AAF4DBA53264441A851368C8186.57696F3069393FE2E21D604E577A44944090A8AB&key=cms1 - CTU.339.1.Malicious 913 1519082378.4766574 1519082378.4947262 18 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3B9031844F083AAF4DBA53264441A851368C8186.57696F3069393FE2E21D604E577A44944090A8AB&key=cms1 689 11177 0 10507 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082379.2563605 1519082379.3114176 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1BA3FB763B04CAFB020A8A1AA0EEBC6619EDDA5E.10D729BBC648A23331BC81A89663B59EA727B00C&key=cms1 - CTU.339.1.Malicious 913 1519082379.5201335 1519082379.5352607 15 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1BA3FB763B04CAFB020A8A1AA0EEBC6619EDDA5E.10D729BBC648A23331BC81A89663B59EA727B00C&key=cms1 690 10657 0 9987 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082380.3037107 1519082380.357795 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4E515D5E99F5D7383F480DC493BB8047D52E486C.781E57D9631B4CC06F67BBEBE23B15E50881CA1C&key=cms1 - CTU.339.1.Malicious 913 1519082380.5690095 1519082380.5847406 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4E515D5E99F5D7383F480DC493BB8047D52E486C.781E57D9631B4CC06F67BBEBE23B15E50881CA1C&key=cms1 690 9751 0 9081 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082381.3551428 1519082381.4106905 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=80FED244C7426C1E13E8B1ED2A86B9A754FC7E96.71B0EA5B126B887665D7D96886745D4CE9084257&key=cms1 - CTU.339.1.Malicious 913 1519082381.6122417 1519082381.6285388 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=80FED244C7426C1E13E8B1ED2A86B9A754FC7E96.71B0EA5B126B887665D7D96886745D4CE9084257&key=cms1 690 9520 0 8850 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082382.4073312 1519082382.4625816 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4EAA4B49A8CF94DEB173563FF8D53147110106D6.23BFE7C1626680891226843C26E3460D7AD0CEB1&key=cms1 - CTU.339.1.Malicious 913 1519082382.6732583 1519082382.6887724 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4EAA4B49A8CF94DEB173563FF8D53147110106D6.23BFE7C1626680891226843C26E3460D7AD0CEB1&key=cms1 690 9344 0 8674 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082383.4609056 1519082383.5153646 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1D1341FFEAEDCC78DCE7C5042EDC3A72CDBC127A.0A75ECEE8F237A96C2EF6DD967585CF2197ED433&key=cms1 - CTU.339.1.Malicious 913 1519082383.7122767 1519082383.728479 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1D1341FFEAEDCC78DCE7C5042EDC3A72CDBC127A.0A75ECEE8F237A96C2EF6DD967585CF2197ED433&key=cms1 690 9150 0 8480 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082384.5151062 1519082384.5705736 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B2C6465EBB5C97667A4551C4B814E496C1C47AD.20B2FD44976D4213E2E2A86B06F49CCD90D39AA5&key=cms1 - CTU.339.1.Malicious 913 1519082384.778046 1519082384.796356 18 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1B2C6465EBB5C97667A4551C4B814E496C1C47AD.20B2FD44976D4213E2E2A86B06F49CCD90D39AA5&key=cms1 690 8860 0 8190 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082385.571324 1519082385.6260905 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=106BEB238E870856209FE7FF8468C8F534199D55.3DB876B1027678C60047B3A0D8FF9BA44C6B7510&key=cms1 - CTU.339.1.Malicious 913 1519082385.8233032 1519082385.8391712 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=106BEB238E870856209FE7FF8468C8F534199D55.3DB876B1027678C60047B3A0D8FF9BA44C6B7510&key=cms1 690 7837 0 7167 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082387.6359832 1519082387.6895297 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=06A9E965DC6DDC75247FF29156A0BBB22A5AA73F.72A46022453B40DB11C0184542AD763F32036ECB&key=cms1 - CTU.339.1.Malicious 913 1519082387.8935645 1519082387.9101443 17 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=06A9E965DC6DDC75247FF29156A0BBB22A5AA73F.72A46022453B40DB11C0184542AD763F32036ECB&key=cms1 690 6615 0 5945 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082388.7116888 1519082388.7675223 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2F5FACBE2A38218D308558B8ABD40D17BC83D4D5.7D6BAE6C5C44FDEF4465CF3EDFC0F343AD499C72&key=cms1 - CTU.339.1.Malicious 913 1519082388.975588 1519082388.991019 15 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2F5FACBE2A38218D308558B8ABD40D17BC83D4D5.7D6BAE6C5C44FDEF4465CF3EDFC0F343AD499C72&key=cms1 690 5824 0 5154 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082390.7985556 1519082390.8530326 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=32B1D8DABABDF60A666ADCC8A830DA73EFCAF926.314414AF19987EFDB76C54BFDDE067146E2F0E9D&key=cms1 - CTU.339.1.Malicious 913 1519082391.056663 1519082391.0737827 17 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=32B1D8DABABDF60A666ADCC8A830DA73EFCAF926.314414AF19987EFDB76C54BFDDE067146E2F0E9D&key=cms1 690 11602 0 10931 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082391.8415024 1519082391.896282 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=110FD737F4DA2C6FE6DC81BAA5D4026B1546DE51.2F634E21D4A21BA3DDC87C5F1681A8DF6649AEA3&key=cms1 - CTU.339.1.Malicious 913 1519082392.0990942 1519082392.1154997 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=110FD737F4DA2C6FE6DC81BAA5D4026B1546DE51.2F634E21D4A21BA3DDC87C5F1681A8DF6649AEA3&key=cms1 690 11449 0 10778 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082392.8852694 1519082392.9406571 55 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=587E4B0B32C4BF11E7BFCB5C8F50304EB661F1E5.0213614596D1724D6181EC05FDB45F676DFCEE6D&key=cms1 - CTU.339.1.Malicious 913 1519082393.1426291 1519082393.1584053 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=587E4B0B32C4BF11E7BFCB5C8F50304EB661F1E5.0213614596D1724D6181EC05FDB45F676DFCEE6D&key=cms1 690 10680 0 10009 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082393.9312413 1519082393.9849885 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1480 0 664 266 799 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=362B83D9385EBA6190FA5A5CAA0BDD58F4B73954.DC7D8DA0FF729CBC7D470F2ACD252B94B37063&key=cms1 - CTU.339.1.Malicious 913 1519082394.1868036 1519082394.2029452 16 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082245&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=362B83D9385EBA6190FA5A5CAA0BDD58F4B73954.DC7D8DA0FF729CBC7D470F2ACD252B94B37063&key=cms1 668 10586 0 9916 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082394.978615 1519082395.0322685 54 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082296&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7B8D9867B6A7B694FA6A5EFEE87130266D0410A4.36165735C62666A1A585C6C581BA770D84823319&key=cms1 - CTU.339.1.Malicious 913 1519082395.2330604 1519082395.250862 18 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082296&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7B8D9867B6A7B694FA6A5EFEE87130266D0410A4.36165735C62666A1A585C6C581BA770D84823319&key=cms1 690 9843 0 9173 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 912 1519082396.0288224 1519082396.084325 56 192.168.1.119 - 50513 172.217.23.206 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082296&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0D4B8DFC4C517C4177F208C1A8D008E01927FB8C.324D1C1CFDFC4807AE54AA62BC648C65B9D4B985&key=cms1 - CTU.339.1.Malicious 913 1519082396.2872517 1519082396.3025827 15 192.168.1.119 - 50514 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJPCPWjDNjBL_4293/4293_all_crl-set-539311055731041573.data.crx3?cms_redirect=yes&expire=1519096796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519082296&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0D4B8DFC4C517C4177F208C1A8D008E01927FB8C.324D1C1CFDFC4807AE54AA62BC648C65B9D4B985&key=cms1 690 2109 0 1439 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 914 1519082398.4106956 1519082398.4695513 59 192.168.1.119 - 50515 172.217.23.195 443 https://update.googleapis.com/service/update2 1251 944 918 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 915 1519084049.343634 1519084049.3765197 33 192.168.1.119 - 50516 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.19%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 916 1519085893.9341655 1519085893.9737267 40 192.168.1.119 - 50517 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 916 1519085893.9785564 1519085894.0068245 28 192.168.1.119 - 50517 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 917 1519085894.2701263 1519085894.3042376 34 192.168.1.119 - 50520 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 918 1519089495.1070702 1519089495.1406207 34 192.168.1.119 - 50523 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 919 1519089496.092898 1519089496.123885 31 192.168.1.119 - 50522 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 920 1519089496.3079078 1519089496.3377874 30 192.168.1.119 - 50521 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 921 1519093096.6360831 1519093096.6681406 32 192.168.1.119 - 50526 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 922 1519093096.8569705 1519093096.890503 34 192.168.1.119 - 50524 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 921 1519093096.8779223 1519093096.9067998 29 192.168.1.119 - 50526 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 923 1519096697.641171 1519096697.673659 32 192.168.1.119 - 50528 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 924 1519096698.8759077 1519096698.9140441 38 192.168.1.119 - 50527 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 925 1519096698.8783915 1519096699.096347 218 192.168.1.119 - 50529 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 926 1519100011.6465359 1519100011.6712534 25 192.168.1.119 - 50530 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6927 0 6646 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 926 1519100012.083815 1519100012.1101673 26 192.168.1.119 - 50530 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 926 1519100012.1134906 1519100012.1356826 22 192.168.1.119 - 50530 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6431 0 6136 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 927 1519100083.0824535 1519100083.154833 72 192.168.1.119 - 50533 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 928 1519100298.5832238 1519100298.6157234 32 192.168.1.119 - 50534 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 929 1519100299.212062 1519100299.2401915 28 192.168.1.119 - 50535 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 929 1519100299.5475998 1519100299.5818102 34 192.168.1.119 - 50535 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 930 1519101680.6963947 1519101680.7295814 33 192.168.1.119 - 50540 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 931 1519103654.400917 1519103654.4301043 29 192.168.1.119 - 50541 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.19%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 932 1519103660.7793615 1519103660.8169274 38 192.168.1.119 - 50542 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 933 1519103899.4408095 1519103899.4724214 32 192.168.1.119 - 50543 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 934 1519103899.6653419 1519103899.6969554 32 192.168.1.119 - 50544 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 934 1519103899.8982382 1519103899.9268765 29 192.168.1.119 - 50544 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 935 1519107500.7944288 1519107500.8251936 31 192.168.1.119 - 50546 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 936 1519107501.8493757 1519107501.8844323 35 192.168.1.119 - 50548 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 937 1519107502.0241797 1519107502.0587013 35 192.168.1.119 - 50547 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 938 1519111102.3370533 1519111102.3703122 33 192.168.1.119 - 50549 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 939 1519111102.6116936 1519111102.6411948 30 192.168.1.119 - 50551 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 940 1519111102.828621 1519111102.8594398 31 192.168.1.119 - 50550 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 941 1519114703.787318 1519114703.8274379 40 192.168.1.119 - 50553 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 941 1519114703.8311274 1519114703.8635128 32 192.168.1.119 - 50553 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 942 1519114704.9572973 1519114704.9936001 36 192.168.1.119 - 50552 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 943 1519118304.3626056 1519118304.3966758 34 192.168.1.119 - 50555 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 943 1519118304.6100318 1519118304.6437488 34 192.168.1.119 - 50555 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 944 1519118305.2903874 1519118305.3392887 49 192.168.1.119 - 50557 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 945 1519120669.5022624 1519120669.535765 34 192.168.1.119 - 50558 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.20%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 946 1519121905.88403 1519121905.9232376 39 192.168.1.119 - 50561 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 947 1519121906.208697 1519121906.2398922 31 192.168.1.119 - 50559 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 947 1519121906.2689092 1519121906.297398 28 192.168.1.119 - 50559 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 948 1519123308.0567925 1519123308.093966 37 192.168.1.119 - 50566 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 949 1519125507.2960749 1519125507.5276687 232 192.168.1.119 - 50568 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 949 1519125507.5366707 1519125507.5648947 28 192.168.1.119 - 50568 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 950 1519125508.546425 1519125508.5854418 39 192.168.1.119 - 50567 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 951 1519128883.6966264 1519128883.812394 116 192.168.1.119 - 50570 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 952 1519129108.1584172 1519129108.2077122 49 192.168.1.119 - 50571 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 952 1519129108.2168705 1519129108.2506852 34 192.168.1.119 - 50571 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 953 1519129108.8768642 1519129108.911487 35 192.168.1.119 - 50573 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 954 1519132709.3218493 1519132709.3552766 33 192.168.1.119 - 50574 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 954 1519132709.57154 1519132709.603767 32 192.168.1.119 - 50574 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 955 1519132710.3328133 1519132710.364656 32 192.168.1.119 - 50576 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 956 1519136310.6760035 1519136310.7066252 31 192.168.1.119 - 50579 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 957 1519136311.689749 1519136311.7299101 40 192.168.1.119 - 50578 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 957 1519136311.734045 1519136311.9867449 253 192.168.1.119 - 50578 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 958 1519136356.512468 1519136356.5664957 54 192.168.1.119 - 50580 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:141710023&cup2hreq=3fcdbf663dae5fba01f723e727647e76f639ac858e3c6594ef053d76d210e713 1413 2490 986 1325 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 959 1519136358.2273865 1519136358.259627 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 283 820 0 0 170 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2AD3ED532C544E74C24B0DA656FB41848494B6B2.10191BFE2F04F5A5D4B09EC0AAA1338B41A80007&key=cms1 - CTU.339.1.Malicious 960 1519136358.5023224 1519136358.519283 17 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2AD3ED532C544E74C24B0DA656FB41848494B6B2.10191BFE2F04F5A5D4B09EC0AAA1338B41A80007&key=cms1 577 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 959 1519136359.3164496 1519136359.3474727 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 371 1488 0 668 259 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0A875DA56D94A600CD230B06829B49F26098EDEB.75D0E9DB74395847EB2D1C391A035D7F8FFEB459&key=cms1 - CTU.339.1.Malicious 960 1519136359.5510626 1519136359.566709 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0A875DA56D94A600CD230B06829B49F26098EDEB.75D0E9DB74395847EB2D1C391A035D7F8FFEB459&key=cms1 665 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136362.5260038 1519136362.5579371 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 374 1488 0 668 262 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D3DD60A9551EFAE5D2B5D9F6B7D35C6DDCE1C58.31FBF25E38287507714617602CE93C8E23AD63A5&key=cms1 - CTU.339.1.Malicious 960 1519136362.7612545 1519136362.7766635 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D3DD60A9551EFAE5D2B5D9F6B7D35C6DDCE1C58.31FBF25E38287507714617602CE93C8E23AD63A5&key=cms1 668 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136364.6901166 1519136364.7223022 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 375 1488 0 668 263 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44B90B45457E437BA2F00AB744346035F0868161.6F0DCF70248D94D11BF525D428164BDE9DF37BEE&key=cms1 - CTU.339.1.Malicious 960 1519136364.9251094 1519136364.9393053 14 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=44B90B45457E437BA2F00AB744346035F0868161.6F0DCF70248D94D11BF525D428164BDE9DF37BEE&key=cms1 669 6442 0 5775 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136366.7741656 1519136366.8059044 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=026FDAC9D70FCA5CBCAEB8591FC6D673C33E58BF.3A699F404A904999E336C03E21A0679BFEF3A1BF&key=cms1 - CTU.339.1.Malicious 960 1519136367.0086653 1519136367.0238311 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=026FDAC9D70FCA5CBCAEB8591FC6D673C33E58BF.3A699F404A904999E336C03E21A0679BFEF3A1BF&key=cms1 670 5348 0 4680 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136368.8845453 1519136368.915421 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=54D0C5B501A5F145744A6AB082E0DF1436EDE8D9.6F7ECBC626C4A4715950878EECA7CE5E051096AE&key=cms1 - CTU.339.1.Malicious 960 1519136369.1180305 1519136369.1336637 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=54D0C5B501A5F145744A6AB082E0DF1436EDE8D9.6F7ECBC626C4A4715950878EECA7CE5E051096AE&key=cms1 670 3790 0 3122 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136371.006394 1519136371.0387306 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=05F7E87800ED24CF67C6B2E9B4AEA46AED6EA970.220AC7E9C9832ABD84CA987A27E5DE89390C64B7&key=cms1 - CTU.339.1.Malicious 960 1519136371.2421458 1519136371.259971 18 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=05F7E87800ED24CF67C6B2E9B4AEA46AED6EA970.220AC7E9C9832ABD84CA987A27E5DE89390C64B7&key=cms1 670 3168 0 2500 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136372.385419 1519136372.4177098 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59714ED0EA0934645863F709CFA75918B0EDB508.649AAD26126AF31C114CB8619BDAD153A0D1C5E7&key=cms1 - CTU.339.1.Malicious 960 1519136372.6247811 1519136372.6420906 17 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59714ED0EA0934645863F709CFA75918B0EDB508.649AAD26126AF31C114CB8619BDAD153A0D1C5E7&key=cms1 670 5304 0 4636 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136374.4817638 1519136374.5121686 30 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77D9814495E0F8AA2F2313600A85730A4C52921C.64495094F9106ABC08561BDADA8818036D589BE8&key=cms1 - CTU.339.1.Malicious 960 1519136374.7366595 1519136374.7726364 36 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136247&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77D9814495E0F8AA2F2313600A85730A4C52921C.64495094F9106ABC08561BDADA8818036D589BE8&key=cms1 670 4343 0 3675 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136376.598819 1519136376.630664 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59B912E58C0218864C0230179CF4EB3A4D603D2E.53185FB106721D0F44C0B30BC7D9FDE7B3E9517B&key=cms1 - CTU.339.1.Malicious 960 1519136376.8337302 1519136376.850871 17 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=59B912E58C0218864C0230179CF4EB3A4D603D2E.53185FB106721D0F44C0B30BC7D9FDE7B3E9517B&key=cms1 670 8644 0 7976 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136377.65812 1519136377.688795 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5B898756FAD81759E74798BD61B1D30E058D1629.3D65FC5E03C66FA7988F1C86AEF18B19BF137A31&key=cms1 - CTU.339.1.Malicious 960 1519136377.8922343 1519136377.9077573 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5B898756FAD81759E74798BD61B1D30E058D1629.3D65FC5E03C66FA7988F1C86AEF18B19BF137A31&key=cms1 670 7661 0 6993 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136378.7237837 1519136378.7547011 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2C15BD8C2ADAB6F4E949F4EAB55BB8C5388969CA.5ED3D54F6828B823E511A6A4EE7730FC018E57C6&key=cms1 - CTU.339.1.Malicious 960 1519136378.9550803 1519136378.9704442 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2C15BD8C2ADAB6F4E949F4EAB55BB8C5388969CA.5ED3D54F6828B823E511A6A4EE7730FC018E57C6&key=cms1 670 7605 0 6937 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136379.7906158 1519136379.821509 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A0C1C0870F3E61D724EC506B6F78DC66BD25B7B.469FFB324BD7D82D57FFC4BDCBAF4B322F3BEC33&key=cms1 - CTU.339.1.Malicious 960 1519136380.028546 1519136380.0443566 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A0C1C0870F3E61D724EC506B6F78DC66BD25B7B.469FFB324BD7D82D57FFC4BDCBAF4B322F3BEC33&key=cms1 670 6907 0 6239 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136380.8628576 1519136380.8931913 30 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66FEB70F9D71F26D5931307960ABE265248B299D.782ACAE8696F1D49CB12DF61F4FA8923DB144280&key=cms1 - CTU.339.1.Malicious 960 1519136381.0908444 1519136381.1089647 18 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66FEB70F9D71F26D5931307960ABE265248B299D.782ACAE8696F1D49CB12DF61F4FA8923DB144280&key=cms1 670 6172 0 5504 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136382.9446006 1519136382.9758427 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47360F0FAFAAEDF7FB2BF29CC7B63B1970C3817A.3A6134E4D9680B96EF04A2241C54870211ED2519&key=cms1 - CTU.339.1.Malicious 960 1519136383.1761615 1519136383.203171 27 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=47360F0FAFAAEDF7FB2BF29CC7B63B1970C3817A.3A6134E4D9680B96EF04A2241C54870211ED2519&key=cms1 670 4876 0 4208 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136385.0484166 1519136385.0813541 33 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=661BCBA1DAC97291DB1F7840363F3407921EAA80.7357175BF54B4B4AF656BC792845EC663917D9C2&key=cms1 - CTU.339.1.Malicious 960 1519136385.2845798 1519136385.2993805 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=661BCBA1DAC97291DB1F7840363F3407921EAA80.7357175BF54B4B4AF656BC792845EC663917D9C2&key=cms1 670 9709 0 9041 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136386.0999017 1519136386.1317444 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=717B0FCCB5201BDF21D02BF2545313100B54969C.2F2040DAF033E8AB274B522F61ABBFFC7824B16F&key=cms1 - CTU.339.1.Malicious 960 1519136386.3368328 1519136386.352784 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=717B0FCCB5201BDF21D02BF2545313100B54969C.2F2040DAF033E8AB274B522F61ABBFFC7824B16F&key=cms1 670 9384 0 8716 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136388.1530387 1519136388.1850693 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 377 1488 0 668 265 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=701D06201FA0547EDFC977F33F3DA93FEABF6B4C.3CB3D9B1D5A3BF09AFC802051DFC6B8B72E6F094&key=cms1 - CTU.339.1.Malicious 960 1519136388.3887286 1519136388.4047165 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=701D06201FA0547EDFC977F33F3DA93FEABF6B4C.3CB3D9B1D5A3BF09AFC802051DFC6B8B72E6F094&key=cms1 671 18727 0 18057 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136391.0619042 1519136391.0921822 30 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=17CD046560E6CAF17CA4DDBBB9FD20D98DABAB32.1C46FE1EBD88A59B8C4CD0B4DBB6C37F05910FD5&key=cms1 - CTU.339.1.Malicious 960 1519136391.294977 1519136391.3122284 17 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=17CD046560E6CAF17CA4DDBBB9FD20D98DABAB32.1C46FE1EBD88A59B8C4CD0B4DBB6C37F05910FD5&key=cms1 672 16277 0 15606 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136393.8011699 1519136393.8356564 34 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7348B86D11D2A9D0D309FF54ED6E8FE97567174A.3A7F61DBBCB5EACC8EE4043C71A23E5F2958EB2A&key=cms1 - CTU.339.1.Malicious 960 1519136394.0384367 1519136394.0534818 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7348B86D11D2A9D0D309FF54ED6E8FE97567174A.3A7F61DBBCB5EACC8EE4043C71A23E5F2958EB2A&key=cms1 672 13749 0 13078 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136396.5122619 1519136396.542953 31 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=401A94DAA4A6B5CB8CF49F05D63E1EDE19B84A75.2CA82D1658FEEACFB92D3C0E5F55418BBF81F55F&key=cms1 - CTU.339.1.Malicious 960 1519136396.7463794 1519136396.7617412 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=401A94DAA4A6B5CB8CF49F05D63E1EDE19B84A75.2CA82D1658FEEACFB92D3C0E5F55418BBF81F55F&key=cms1 672 11845 0 11174 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136398.5545375 1519136398.586086 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66708C465CDDF716A18809BD009293075AAB7258.77F4DA8B8E866B7ADEC3EE239E58400198247F0F&key=cms1 - CTU.339.1.Malicious 960 1519136398.7890916 1519136398.804447 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66708C465CDDF716A18809BD009293075AAB7258.77F4DA8B8E866B7ADEC3EE239E58400198247F0F&key=cms1 672 23644 0 22973 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136400.958796 1519136400.9911258 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07C5D3D8742283DAB5C2E52E79576C21CF102630.59C28A5B8C1744E1A2392EE0E0BB1E88A4E8A144&key=cms1 - CTU.339.1.Malicious 960 1519136401.1900756 1519136401.2344244 44 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07C5D3D8742283DAB5C2E52E79576C21CF102630.59C28A5B8C1744E1A2392EE0E0BB1E88A4E8A144&key=cms1 672 22374 0 21703 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136403.9035761 1519136403.9359438 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B3DE4CF9BC2C5C0F9C1074E7E8EC376301EF7F1.8198FF73D33C7ED6D097A101933F9AAE0A662369&key=cms1 - CTU.339.1.Malicious 960 1519136404.1387365 1519136404.1541824 15 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0B3DE4CF9BC2C5C0F9C1074E7E8EC376301EF7F1.8198FF73D33C7ED6D097A101933F9AAE0A662369&key=cms1 672 21078 0 20407 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136406.8476849 1519136406.882342 35 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=514F795812600454103A9BE5E00D47AF6110A7.03757C45FE794500D8D5C6B7B16EF7D61896E352&key=cms1 - CTU.339.1.Malicious 960 1519136407.085931 1519136407.1018407 16 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150806&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=514F795812600454103A9BE5E00D47AF6110A7.03757C45FE794500D8D5C6B7B16EF7D61896E352&key=cms1 670 18498 0 17827 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 959 1519136409.5680943 1519136409.5998907 32 192.168.1.119 - 50581 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B42D9E390269F17653AB733988928F7E4B3E165.57839604B4BDA77DA972ADF5556D828F8A6CC34B&key=cms1 - CTU.339.1.Malicious 960 1519136409.8030093 1519136409.8209767 18 192.168.1.119 - 50582 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AM6ch3LxbAAW_4294/4294_all_crl-set-12839316202610890964.data.crx3?cms_redirect=yes&expire=1519150809&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519136312&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B42D9E390269F17653AB733988928F7E4B3E165.57839604B4BDA77DA972ADF5556D828F8A6CC34B&key=cms1 672 7258 0 6588 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 961 1519136414.1520596 1519136414.2095 57 192.168.1.119 - 50583 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 962 1519139911.635056 1519139911.674335 39 192.168.1.119 - 50584 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 963 1519139911.837637 1519139911.8855462 48 192.168.1.119 - 50585 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 963 1519139912.2043626 1519139912.2356734 31 192.168.1.119 - 50585 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 964 1519140336.5405073 1519140336.575715 35 192.168.1.119 - 50586 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.20%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 965 1519143513.044132 1519143513.0914078 47 192.168.1.119 - 50588 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 966 1519143513.0462554 1519143513.0959563 50 192.168.1.119 - 50587 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 967 1519143513.2839718 1519143513.3141468 30 192.168.1.119 - 50589 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 887 0 615 260 229 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 503 - - - - - - - CTU.339.1.Malicious 968 1519144938.5935009 1519144938.6434703 50 192.168.1.119 - 50594 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 969 1519147115.6354012 1519147115.6686356 33 192.168.1.119 - 50597 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 970 1519147115.863111 1519147115.8903503 27 192.168.1.119 - 50595 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 971 1519147116.037116 1519147116.068647 32 192.168.1.119 - 50596 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 972 1519150717.2164671 1519150717.2574866 41 192.168.1.119 - 50600 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 972 1519150717.4656947 1519150717.495116 29 192.168.1.119 - 50600 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 973 1519150718.2338545 1519150718.278004 44 192.168.1.119 - 50599 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 974 1519154319.581996 1519154319.6125028 31 192.168.1.119 - 50602 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 975 1519154319.9939687 1519154320.0311115 37 192.168.1.119 - 50603 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 976 1519154319.7904644 1519154320.0373955 247 192.168.1.119 - 50601 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 977 1519157685.1579697 1519157685.4677267 310 192.168.1.119 - 50604 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 1550 1477 1159 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 978 1519157922.3633964 1519157922.401116 38 192.168.1.119 - 50606 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 979 1519157922.3584127 1519157922.6056907 247 192.168.1.119 - 50607 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 979 1519157922.6078644 1519157922.849857 242 192.168.1.119 - 50607 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 980 1519159344.9592106 1519159345.0794327 120 192.168.1.119 - 50608 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.20%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 981 1519161523.9507747 1519161523.9793503 29 192.168.1.119 - 50611 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 981 1519161524.1899061 1519161524.214066 24 192.168.1.119 - 50611 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 982 1519161525.1955056 1519161525.2256782 30 192.168.1.119 - 50610 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 983 1519165124.9552052 1519165125.183145 228 192.168.1.119 - 50612 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 983 1519165125.1857634 1519165125.210416 25 192.168.1.119 - 50612 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 984 1519165125.498716 1519165125.5259085 27 192.168.1.119 - 50614 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 985 1519166566.0366673 1519166566.0737236 37 192.168.1.119 - 50619 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 986 1519168727.284165 1519168727.3158112 32 192.168.1.119 - 50621 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 987 1519168727.4980543 1519168727.7227523 225 192.168.1.119 - 50620 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 988 1519168727.7046542 1519168727.7341497 29 192.168.1.119 - 50622 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 989 1519172329.6198444 1519172329.6622105 42 192.168.1.119 - 50624 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 990 1519172329.8364208 1519172329.8644845 28 192.168.1.119 - 50625 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 989 1519172329.8731005 1519172330.1206527 248 192.168.1.119 - 50624 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 991 1519175932.0576744 1519175932.084081 26 192.168.1.119 - 50626 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 991 1519175932.297662 1519175932.327488 30 192.168.1.119 - 50626 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 992 1519175933.6963675 1519175933.7235613 27 192.168.1.119 - 50627 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 993 1519177750.72829 1519177750.762553 34 192.168.1.119 - 50629 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.20%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 994 1519177755.2864776 1519177755.3113651 25 192.168.1.119 - 50630 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 995 1519179533.596384 1519179533.6228673 26 192.168.1.119 - 50631 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 995 1519179533.625544 1519179533.6511862 26 192.168.1.119 - 50631 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 996 1519179534.1819313 1519179534.2132435 31 192.168.1.119 - 50633 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 997 1519183134.5790632 1519183134.6072316 28 192.168.1.119 - 50634 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 998 1519183134.7369862 1519183134.7615356 25 192.168.1.119 - 50635 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 999 1519183134.7444434 1519183134.776012 32 192.168.1.119 - 50636 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1000 1519186412.5350685 1519186412.5603266 25 192.168.1.119 - 50637 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6954 0 6673 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1001 1519186413.1105485 1519186413.1433175 33 192.168.1.119 - 50639 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1000 1519186413.1107678 1519186413.144014 33 192.168.1.119 - 50637 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6429 0 6134 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1002 1519186486.910146 1519186487.1693726 259 192.168.1.119 - 50640 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1003 1519186735.6730945 1519186735.8952608 222 192.168.1.119 - 50642 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1004 1519186736.6907346 1519186736.7264004 36 192.168.1.119 - 50641 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1005 1519186736.9165225 1519186736.942887 26 192.168.1.119 - 50643 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1006 1519188193.2567084 1519188193.284145 27 192.168.1.119 - 50648 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1007 1519190337.1838627 1519190337.220778 37 192.168.1.119 - 50649 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1008 1519190337.434816 1519190337.465219 30 192.168.1.119 - 50650 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1008 1519190337.6739202 1519190337.7036023 30 192.168.1.119 - 50650 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1009 1519190358.510246 1519190358.5772965 67 192.168.1.119 - 50652 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:349994862&cup2hreq=db3cc109fc48b194668b15ffb6f17c68fad918a58acfb58b0ed210ed0dae4fc8 1413 2490 986 1325 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1010 1519190363.2765 1519190363.3044312 28 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 283 820 0 0 170 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8323C29D25504EE1DA37E88E42FD2281F0E5CD28.6C5DE24E3002BCBA7566ACA4D64940FD2DCB2732&key=cms1 - CTU.339.1.Malicious 1011 1519190363.7524674 1519190363.7637293 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8323C29D25504EE1DA37E88E42FD2281F0E5CD28.6C5DE24E3002BCBA7566ACA4D64940FD2DCB2732&key=cms1 577 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1010 1519190366.3069334 1519190366.3327293 26 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 371 1488 0 668 259 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=40B6D014E4EEAFBA2C839627A324353769804696.454151C06CAE6F7473517B269CC80619892995C7&key=cms1 - CTU.339.1.Malicious 1011 1519190366.5351582 1519190366.5460172 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=40B6D014E4EEAFBA2C839627A324353769804696.454151C06CAE6F7473517B269CC80619892995C7&key=cms1 665 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190369.5088418 1519190369.5339444 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 374 1488 0 668 262 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=727DD574706CFC2747E6364A59A2884956BE962D.4A20EE88198CEAC4FAFAC18D06958D8D4D312B87&key=cms1 - CTU.339.1.Malicious 1011 1519190369.7304409 1519190369.7411175 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=727DD574706CFC2747E6364A59A2884956BE962D.4A20EE88198CEAC4FAFAC18D06958D8D4D312B87&key=cms1 668 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190371.6697078 1519190371.6959522 26 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 375 1488 0 668 263 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=581E6E0E52D1088D3901AF9D1A24129058BB400D.2ACBD1685D8AC93E6FA3DC266F22304B3D1A30DC&key=cms1 - CTU.339.1.Malicious 1011 1519190371.8981419 1519190371.9115748 13 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=581E6E0E52D1088D3901AF9D1A24129058BB400D.2ACBD1685D8AC93E6FA3DC266F22304B3D1A30DC&key=cms1 669 11764 0 11096 272 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190373.5819607 1519190373.6111164 29 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5238FA205D251155C8FC04D5D70139DC05D4F1CB.1682116446BA61EEA23E94B0088E65598AC57245&key=cms1 - CTU.339.1.Malicious 1011 1519190373.8137534 1519190373.824579 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5238FA205D251155C8FC04D5D70139DC05D4F1CB.1682116446BA61EEA23E94B0088E65598AC57245&key=cms1 670 9834 0 9166 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190374.629894 1519190374.660634 31 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=57FE30B5D4AF2357D8C8474C3F7B51D508B6438F.22EA7DC0CDAB9794F4DD11A5921E0491BCAE0149&key=cms1 - CTU.339.1.Malicious 1011 1519190374.8672216 1519190374.8779998 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=57FE30B5D4AF2357D8C8474C3F7B51D508B6438F.22EA7DC0CDAB9794F4DD11A5921E0491BCAE0149&key=cms1 670 9732 0 9064 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190376.9381502 1519190376.9651585 27 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D4DCAB191D1DA7271BB8104E34D99BA7B0A49D6.70068CEDB792315C825202641B899A1D72133B1C&key=cms1 - CTU.339.1.Malicious 1011 1519190377.1672912 1519190377.1794043 12 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D4DCAB191D1DA7271BB8104E34D99BA7B0A49D6.70068CEDB792315C825202641B899A1D72133B1C&key=cms1 670 19423 0 18754 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190379.5189223 1519190379.5443208 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42765FE051E8FB27C0C6BE9E308D55B196D1FE4A.2964DD61E61D1FF4CDD9938771F20215F69FFBA0&key=cms1 - CTU.339.1.Malicious 1011 1519190379.740188 1519190379.751983 12 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=42765FE051E8FB27C0C6BE9E308D55B196D1FE4A.2964DD61E61D1FF4CDD9938771F20215F69FFBA0&key=cms1 670 17277 0 16608 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190381.1109579 1519190381.1390252 28 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4E99D883A5F332B43DF143697720B8218B5C3BE0.56F634899C4B49D36F8C9C8FFC8A859B152DAB10&key=cms1 - CTU.339.1.Malicious 1011 1519190381.3406286 1519190381.3515296 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4E99D883A5F332B43DF143697720B8218B5C3BE0.56F634899C4B49D36F8C9C8FFC8A859B152DAB10&key=cms1 670 15257 0 14588 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190382.7158432 1519190382.7455158 30 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0DFB09654D9781E9EE4E1D7FD806A2AF81EE4B59.20E6214E4BB2A44127E9E2F4BBCF4CE017993322&key=cms1 - CTU.339.1.Malicious 1011 1519190382.9463885 1519190382.9582014 12 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0DFB09654D9781E9EE4E1D7FD806A2AF81EE4B59.20E6214E4BB2A44127E9E2F4BBCF4CE017993322&key=cms1 670 13400 0 12731 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190385.3746927 1519190385.4001756 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 377 1488 0 668 265 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E8F02020A886A502A39DD40DAD4F5D1C4E0363D.0A04F5212D52EFC79775EAF31F9F5F31921CD1BF&key=cms1 - CTU.339.1.Malicious 1011 1519190385.603295 1519190385.6184638 15 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E8F02020A886A502A39DD40DAD4F5D1C4E0363D.0A04F5212D52EFC79775EAF31F9F5F31921CD1BF&key=cms1 671 11609 0 10939 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190387.4184966 1519190387.446478 28 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7681EDA00B1C9CC81AE004E35210FAD5D9BF5FB6.62AAE30743CFCE1EC889654466DC7F0AA938AD03&key=cms1 - CTU.339.1.Malicious 1011 1519190387.6490958 1519190387.6598444 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7681EDA00B1C9CC81AE004E35210FAD5D9BF5FB6.62AAE30743CFCE1EC889654466DC7F0AA938AD03&key=cms1 672 23174 0 22503 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190390.7914627 1519190390.821621 30 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=058DE4E6F2094EEF99DC93A81C53371CAB965973.06729A1A4A95CB1699CF7513814C9A6B07A0D54E&key=cms1 - CTU.339.1.Malicious 1011 1519190391.0250623 1519190391.0361862 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=058DE4E6F2094EEF99DC93A81C53371CAB965973.06729A1A4A95CB1699CF7513814C9A6B07A0D54E&key=cms1 672 18762 0 18091 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190393.471623 1519190393.5008209 29 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8255230B3229C712D67B49A0CE8DC5F856B61B23.639E49600888958F4ED09FAE05ED75342C0B6134&key=cms1 - CTU.339.1.Malicious 1011 1519190393.7030976 1519190393.7177663 15 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8255230B3229C712D67B49A0CE8DC5F856B61B23.639E49600888958F4ED09FAE05ED75342C0B6134&key=cms1 672 16424 0 15753 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190395.1268198 1519190395.1560242 29 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2380EE780A584C69916144388E8DDCA331F5F9C2.203AAEEA5D3CD944FE26E4BAC2A5A8255C41BE4C&key=cms1 - CTU.339.1.Malicious 1011 1519190395.3566844 1519190395.3717492 15 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2380EE780A584C69916144388E8DDCA331F5F9C2.203AAEEA5D3CD944FE26E4BAC2A5A8255C41BE4C&key=cms1 672 14352 0 13681 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190397.7565591 1519190397.7820504 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7CBE3820634F11F5C9B8F8180A6D87166D04CEBE.15E2E8784AD1A84ABE8E52337B18600CC3185C12&key=cms1 - CTU.339.1.Malicious 1011 1519190397.984876 1519190397.9958541 11 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7CBE3820634F11F5C9B8F8180A6D87166D04CEBE.15E2E8784AD1A84ABE8E52337B18600CC3185C12&key=cms1 672 12178 0 11507 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190399.278284 1519190399.303645 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7A75E142D36DEBDCFB46AC9CFA2AA9537236E2EF.30265FA900C863CEC6A9261D953636B3F50D42AF&key=cms1 - CTU.339.1.Malicious 1011 1519190399.9171193 1519190399.931914 15 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7A75E142D36DEBDCFB46AC9CFA2AA9537236E2EF.30265FA900C863CEC6A9261D953636B3F50D42AF&key=cms1 672 10753 0 10082 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190401.739044 1519190401.7647262 26 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7A16D5C3F0F595011A33C243D86735342BD6FB10.23716D08D37CFAE789FDD2117AB87771A0C0A0A4&key=cms1 - CTU.339.1.Malicious 1011 1519190401.986048 1519190401.9992933 13 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7A16D5C3F0F595011A33C243D86735342BD6FB10.23716D08D37CFAE789FDD2117AB87771A0C0A0A4&key=cms1 672 14799 0 14128 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190404.434991 1519190404.4598894 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C2B41E88AD531837D0053F3FB8A5239F4018B26.7451FA1828179959CEF19A95DD5076C646ADBEA9&key=cms1 - CTU.339.1.Malicious 1011 1519190404.6678877 1519190404.6782818 10 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3C2B41E88AD531837D0053F3FB8A5239F4018B26.7451FA1828179959CEF19A95DD5076C646ADBEA9&key=cms1 672 12829 0 12158 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1010 1519190407.1340823 1519190407.1594558 25 192.168.1.119 - 50653 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=188A3BFDB83A89993E47D298D2176AE34AFE88EC.1F321638C9749F5F57105E3D677BCA4045721758&key=cms1 - CTU.339.1.Malicious 1011 1519190407.3616986 1519190407.3720024 10 192.168.1.119 - 50654 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALP61Q2lk3eB_4295/4295_all_crl-set-14963299686321808509.data.crx3?cms_redirect=yes&expire=1519204807&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519190299&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=188A3BFDB83A89993E47D298D2176AE34AFE88EC.1F321638C9749F5F57105E3D677BCA4045721758&key=cms1 672 8085 0 7415 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1012 1519190412.1459758 1519190412.380472 234 192.168.1.119 - 50655 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1013 1519193938.5352929 1519193938.563905 29 192.168.1.119 - 50658 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1013 1519193938.773659 1519193938.8544035 81 192.168.1.119 - 50658 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1014 1519193939.762883 1519193939.7997494 37 192.168.1.119 - 50656 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1015 1519194642.21313 1519194642.2439535 31 192.168.1.119 - 50659 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.21%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1016 1519197540.618908 1519197540.6526334 34 192.168.1.119 - 50660 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1017 1519197540.643357 1519197540.6813998 38 192.168.1.119 - 50661 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1018 1519197541.301999 1519197541.339399 37 192.168.1.119 - 50662 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1019 1519201141.8804197 1519201141.9126174 32 192.168.1.119 - 50664 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1019 1519201141.916028 1519201141.9451108 29 192.168.1.119 - 50664 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1020 1519201142.8797994 1519201143.1063643 227 192.168.1.119 - 50665 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1021 1519204742.633219 1519204742.6668336 34 192.168.1.119 - 50666 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1021 1519204742.675264 1519204742.70857 33 192.168.1.119 - 50666 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3311 0 2931 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1022 1519204743.4040833 1519204743.4360366 32 192.168.1.119 - 50668 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1023 1519208343.803462 1519208343.8429267 39 192.168.1.119 - 50671 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1024 1519208344.8299985 1519208344.8647296 35 192.168.1.119 - 50669 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1024 1519208345.068167 1519208345.1045506 36 192.168.1.119 - 50669 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1025 1519208357.098552 1519208357.1171315 19 192.168.1.119 - 50672 2.17.6.233 443 https://sd-images.operacdn.com/api/v1/images/65b8077d6e7d4748c2bdbb3c16f9926b48198aa0.png 445 6885 0 6422 373 449 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 1025 1519208357.338005 1519208357.3528597 15 192.168.1.119 - 50672 2.17.6.233 443 https://sd-images.operacdn.com/api/v1/images/a3412c068bd0a369534907ebcca4ee118095826f.png 445 8573 0 8110 373 449 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 - - - - - - - CTU.339.1.Malicious 1026 1519209824.1060033 1519209824.1414 35 192.168.1.119 - 50678 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1027 1519211243.3779306 1519211243.4099057 32 192.168.1.119 - 50679 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.21%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1028 1519211945.372423 1519211945.405972 34 192.168.1.119 - 50680 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1029 1519211946.3362224 1519211946.3904192 54 192.168.1.119 - 50681 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1029 1519211946.5989773 1519211946.6308966 32 192.168.1.119 - 50681 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1030 1519215287.9574149 1519215288.1031053 146 192.168.1.119 - 50683 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 1550 1477 1159 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1031 1519215546.774284 1519215546.8112512 37 192.168.1.119 - 50684 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1032 1519215547.175114 1519215547.202859 28 192.168.1.119 - 50686 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1032 1519215547.205992 1519215547.4561503 250 192.168.1.119 - 50686 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1033 1519219147.9345977 1519219147.9689155 34 192.168.1.119 - 50688 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1033 1519219148.1831684 1519219148.2130122 30 192.168.1.119 - 50688 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1034 1519219148.9516532 1519219148.9888704 37 192.168.1.119 - 50687 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1035 1519222749.2713242 1519222749.305669 34 192.168.1.119 - 50691 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1035 1519222749.513691 1519222749.5446436 31 192.168.1.119 - 50691 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1036 1519222750.4985263 1519222750.531284 33 192.168.1.119 - 50692 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1037 1519226349.9148948 1519226349.9426246 28 192.168.1.119 - 50693 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1037 1519226350.1496494 1519226350.1781118 28 192.168.1.119 - 50693 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1038 1519226351.019506 1519226351.0480783 29 192.168.1.119 - 50695 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1039 1519229951.2482765 1519229951.282765 34 192.168.1.119 - 50697 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1039 1519229951.4938924 1519229951.5239303 30 192.168.1.119 - 50697 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1040 1519229952.3673694 1519229952.396497 29 192.168.1.119 - 50698 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1041 1519230612.537737 1519230612.574134 36 192.168.1.119 - 50699 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.21%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1042 1519231451.8816826 1519231451.9663017 85 192.168.1.119 - 50704 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1043 1519233552.423863 1519233552.4649384 41 192.168.1.119 - 50705 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1044 1519233552.4455678 1519233552.4773507 32 192.168.1.119 - 50706 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1045 1519233552.6714106 1519233552.9234824 252 192.168.1.119 - 50707 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1046 1519237153.8520389 1519237153.907693 56 192.168.1.119 - 50710 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1047 1519237154.8758383 1519237154.9022126 26 192.168.1.119 - 50709 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1048 1519237154.9688127 1519237155.0000005 31 192.168.1.119 - 50708 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1049 1519240754.8124185 1519240754.8581913 46 192.168.1.119 - 50711 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1050 1519240755.2303357 1519240755.2599692 30 192.168.1.119 - 50712 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1050 1519240755.4309628 1519240755.457785 27 192.168.1.119 - 50712 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1051 1519244088.6502411 1519244088.771062 121 192.168.1.119 - 50713 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1052 1519244357.4067404 1519244357.4356754 29 192.168.1.119 - 50716 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1052 1519244357.442735 1519244357.472418 30 192.168.1.119 - 50716 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1053 1519244357.5574896 1519244357.590382 33 192.168.1.119 - 50714 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1054 1519244357.2017417 1519244357.699755 498 192.168.1.119 - 50717 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:3476652213&cup2hreq=34738ad8a60ac2a1cb7c0869436f3e30e11fa10a895aaf962481cbb3d95380b5 1414 2476 986 1319 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1055 1519244359.4581275 1519244359.50916 51 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244241&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=769D45AFE667473956342EB3D2ADE209711A7D71.4BF7CAED314D68683EDF28C4A42AABD808C1D99C&key=cms1 - CTU.339.1.Malicious 1056 1519244359.7500596 1519244359.760401 10 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244241&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=769D45AFE667473956342EB3D2ADE209711A7D71.4BF7CAED314D68683EDF28C4A42AABD808C1D99C&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1055 1519244360.748479 1519244360.778261 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=069EE4CAEAA48B55E9C41F3584EF9ADC53FCB7C4.380844A424EEF68CDD5344C9A8C9F062DA3C8EFD&key=cms1 - CTU.339.1.Malicious 1056 1519244360.980168 1519244360.9922776 12 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=069EE4CAEAA48B55E9C41F3584EF9ADC53FCB7C4.380844A424EEF68CDD5344C9A8C9F062DA3C8EFD&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244363.9673839 1519244363.9962692 29 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=614A4072AEA5C08A313A2CABB368C5944318C77D.2051B93F23B831A35984DE6EAB50A2A0B39066BF&key=cms1 - CTU.339.1.Malicious 1056 1519244364.198404 1519244364.218432 20 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=614A4072AEA5C08A313A2CABB368C5944318C77D.2051B93F23B831A35984DE6EAB50A2A0B39066BF&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244366.1289403 1519244366.1730163 44 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F99BF3F8372E9046C18CB7AB052522509EA3996.4BA11E551C21961CB3AD641EB3EE7F6A9DCEFF88&key=cms1 - CTU.339.1.Malicious 1056 1519244366.372471 1519244366.3835232 11 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F99BF3F8372E9046C18CB7AB052522509EA3996.4BA11E551C21961CB3AD641EB3EE7F6A9DCEFF88&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244368.2117984 1519244368.2419279 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52A868DDD1AF9DCD9810E5BEDBD7156878935801.620155A9B0E99F64737704C8238F2B7B04611C34&key=cms1 - CTU.339.1.Malicious 1056 1519244368.4424732 1519244368.453272 11 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=52A868DDD1AF9DCD9810E5BEDBD7156878935801.620155A9B0E99F64737704C8238F2B7B04611C34&key=cms1 669 5766 0 5098 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244370.3016355 1519244370.3321567 31 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=392D0BC5B267059ADA5B6F599E8EBE252D1FFECD.58B7822826C6B79DA401664D1D571D97EAA8EBE1&key=cms1 - CTU.339.1.Malicious 1056 1519244370.5344205 1519244370.550308 16 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=392D0BC5B267059ADA5B6F599E8EBE252D1FFECD.58B7822826C6B79DA401664D1D571D97EAA8EBE1&key=cms1 669 4870 0 4202 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244372.4047904 1519244372.4346957 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=73FE9FC968D21B476B4D8DEFA8CE6A3BA90EEC8E.2A4A40DF3A4E875BED40DA68234C67E5FD529F27&key=cms1 - CTU.339.1.Malicious 1056 1519244372.6375036 1519244372.6694562 32 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=73FE9FC968D21B476B4D8DEFA8CE6A3BA90EEC8E.2A4A40DF3A4E875BED40DA68234C67E5FD529F27&key=cms1 669 9228 0 8560 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244373.459131 1519244373.4845994 25 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E5CE5BA2027E6ABB8A4E20E27B90856E157B8BB.05CAC6289EDBEDA9813AE33ADD6CE16DD150D96F&key=cms1 - CTU.339.1.Malicious 1056 1519244373.6800156 1519244373.6955547 16 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E5CE5BA2027E6ABB8A4E20E27B90856E157B8BB.05CAC6289EDBEDA9813AE33ADD6CE16DD150D96F&key=cms1 669 8753 0 8085 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244374.5170646 1519244374.5467932 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=01E349951516935E4394A79A35D598A693CF7A2E.2E563AD3FB8DA6B1A7505011DB972FE83C83B9B8&key=cms1 - CTU.339.1.Malicious 1056 1519244374.753507 1519244374.768923 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=01E349951516935E4394A79A35D598A693CF7A2E.2E563AD3FB8DA6B1A7505011DB972FE83C83B9B8&key=cms1 669 8973 0 8305 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244375.5726464 1519244375.5978498 25 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A59C12C8C76B45E69376F1D54093EFD5F5B8FA1.60AFB7A7D524AF99DC44AD20E1658A1B95A37AAA&key=cms1 - CTU.339.1.Malicious 1056 1519244375.8081348 1519244375.8240137 16 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6A59C12C8C76B45E69376F1D54093EFD5F5B8FA1.60AFB7A7D524AF99DC44AD20E1658A1B95A37AAA&key=cms1 669 8536 0 7868 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244377.630507 1519244377.6609025 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=06341CBC9580A1BA3CB1907C432B88DD2355E7A2.3D6323F99BE8456561113073C319F0344DA7068B&key=cms1 - CTU.339.1.Malicious 1056 1519244377.8628042 1519244377.8777442 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=06341CBC9580A1BA3CB1907C432B88DD2355E7A2.3D6323F99BE8456561113073C319F0344DA7068B&key=cms1 669 7351 0 6683 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244379.6992743 1519244379.7300217 31 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=29CFCE40F717CC5E78C1331FC6FC3C74CFE1BF98.6667410E52F2D219D1507A71F79BC16D6B84AA6F&key=cms1 - CTU.339.1.Malicious 1056 1519244379.9386067 1519244379.9533548 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=29CFCE40F717CC5E78C1331FC6FC3C74CFE1BF98.6667410E52F2D219D1507A71F79BC16D6B84AA6F&key=cms1 669 9330 0 8662 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244380.7528367 1519244380.7817645 29 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21CE1352C37CF124E20DB9F3323DE8E440D2AA82.6815AE4EB65797B696C9480A23DA3F1E5ECA913F&key=cms1 - CTU.339.1.Malicious 1056 1519244380.9811203 1519244380.9970424 16 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=21CE1352C37CF124E20DB9F3323DE8E440D2AA82.6815AE4EB65797B696C9480A23DA3F1E5ECA913F&key=cms1 669 10024 0 9356 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244381.803167 1519244381.8303525 27 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1E7848333DC7AF8D8102DF82F0D47AEF8446C707.5B76D5B48D444E3805D2F382D0CA00A4BF62153C&key=cms1 - CTU.339.1.Malicious 1056 1519244382.0382347 1519244382.053027 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1E7848333DC7AF8D8102DF82F0D47AEF8446C707.5B76D5B48D444E3805D2F382D0CA00A4BF62153C&key=cms1 669 10528 0 9860 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244383.85043 1519244383.8757353 25 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A7BE88D69608DD0220879D7D3C37EC9FBEA89DA.58006AC3596EF747F4832730CA80F26DBD23B3AE&key=cms1 - CTU.339.1.Malicious 1056 1519244384.0778646 1519244384.0928392 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2A7BE88D69608DD0220879D7D3C37EC9FBEA89DA.58006AC3596EF747F4832730CA80F26DBD23B3AE&key=cms1 670 20814 0 20144 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244386.760793 1519244386.7900534 29 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=35D7312EC567375A0AE89F229A8BFB67BADFC7C3.3EFE512512B2677A9C8236B645269F537F3AD73F&key=cms1 - CTU.339.1.Malicious 1056 1519244386.9925885 1519244387.0029159 10 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=35D7312EC567375A0AE89F229A8BFB67BADFC7C3.3EFE512512B2677A9C8236B645269F537F3AD73F&key=cms1 671 18307 0 17636 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244389.4374166 1519244389.4785774 41 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=283A208DE3981DB5C18A519354AE48BD9230A454.6D0638E4B3A649BA2DE2B0F961ED5E2CD7A059D5&key=cms1 - CTU.339.1.Malicious 1056 1519244389.680093 1519244389.691949 12 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=283A208DE3981DB5C18A519354AE48BD9230A454.6D0638E4B3A649BA2DE2B0F961ED5E2CD7A059D5&key=cms1 671 16023 0 15352 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244391.0944886 1519244391.1213043 27 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=456685D6FF276BE604B6B93B1B87B19C42DB4937.5B95EB66DF77BFB2BD87773453D391AAAE57BB0B&key=cms1 - CTU.339.1.Malicious 1056 1519244391.324115 1519244391.3588104 35 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=456685D6FF276BE604B6B93B1B87B19C42DB4937.5B95EB66DF77BFB2BD87773453D391AAAE57BB0B&key=cms1 671 14010 0 13339 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244393.129347 1519244393.1715431 42 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=839FB3D2BF834F6A0CC406C4481E2D2608D4BC71.10885D1C2D7E89E35202C4129CC19E53272A8991&key=cms1 - CTU.339.1.Malicious 1056 1519244393.3733518 1519244393.3886714 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=839FB3D2BF834F6A0CC406C4481E2D2608D4BC71.10885D1C2D7E89E35202C4129CC19E53272A8991&key=cms1 671 19853 0 19182 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244396.0317519 1519244396.0620735 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63D09450498CA88C212580A05FC6389460325370.58B1508DFFA088A356987F0F7ADFAC1C48B5D89A&key=cms1 - CTU.339.1.Malicious 1056 1519244396.264639 1519244396.2794254 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=63D09450498CA88C212580A05FC6389460325370.58B1508DFFA088A356987F0F7ADFAC1C48B5D89A&key=cms1 671 17489 0 16818 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244397.6902554 1519244397.7162516 26 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D965A5376ABCE6C03C3AAB12C5B537430853B7B.629F1553B45360BE641862E93DD3667707C26329&key=cms1 - CTU.339.1.Malicious 1056 1519244397.9104211 1519244397.9255269 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D965A5376ABCE6C03C3AAB12C5B537430853B7B.629F1553B45360BE641862E93DD3667707C26329&key=cms1 671 15312 0 14641 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244399.3225117 1519244399.347803 25 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=101CEAA34D27387E9FD4B3D24BDFEBA8399BF622.5632302A16707EAE71BFEAF0E075C1F17701DE50&key=cms1 - CTU.339.1.Malicious 1056 1519244399.5528321 1519244399.5678515 15 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=101CEAA34D27387E9FD4B3D24BDFEBA8399BF622.5632302A16707EAE71BFEAF0E075C1F17701DE50&key=cms1 671 13376 0 12705 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244401.4758244 1519244401.5024996 27 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=169776D3E2168FA510AF62007645F861D8A257D2.65293CBEE118B0E2A230EDBEEF543CE2442EA070&key=cms1 - CTU.339.1.Malicious 1056 1519244401.7042003 1519244401.7214365 17 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=169776D3E2168FA510AF62007645F861D8A257D2.65293CBEE118B0E2A230EDBEEF543CE2442EA070&key=cms1 671 13076 0 12405 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1055 1519244403.9900818 1519244404.0197058 30 192.168.1.119 - 50718 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2062D7427785A43CA4B4104CC2B5E54C129DE1F6.76B355767DF06211E63DE488A736CBFBE99378E0&key=cms1 - CTU.339.1.Malicious 1056 1519244404.2261906 1519244404.241974 16 192.168.1.119 - 50719 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/U1I4TfAF5-g_4296/4296_all_crl-set-13997791439531172712.data.crx3?cms_redirect=yes&expire=1519258803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519244300&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2062D7427785A43CA4B4104CC2B5E54C129DE1F6.76B355767DF06211E63DE488A736CBFBE99378E0&key=cms1 691 4282 0 3612 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1057 1519244407.1116529 1519244407.340084 228 192.168.1.119 - 50720 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1058 1519247958.5310264 1519247958.753026 222 192.168.1.119 - 50723 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1058 1519247958.760244 1519247958.7952368 35 192.168.1.119 - 50723 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1059 1519247960.17226 1519247960.2052276 33 192.168.1.119 - 50722 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1060 1519248205.240309 1519248205.2748525 35 192.168.1.119 - 50724 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.21%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1061 1519251559.857306 1519251559.8880694 31 192.168.1.119 - 50725 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1061 1519251560.0976937 1519251560.1277144 30 192.168.1.119 - 50725 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1062 1519251560.4881577 1519251560.5169299 29 192.168.1.119 - 50727 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1063 1519253081.9525185 1519253081.977662 25 192.168.1.119 - 50732 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1064 1519255160.7198865 1519255160.942038 222 192.168.1.119 - 50733 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1064 1519255160.9485626 1519255160.9728 24 192.168.1.119 - 50733 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1065 1519255162.029475 1519255162.0568326 27 192.168.1.119 - 50735 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1066 1519258762.0855637 1519258762.1154566 30 192.168.1.119 - 50736 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1066 1519258762.3296518 1519258762.3609395 31 192.168.1.119 - 50736 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1067 1519258762.3495047 1519258762.3787916 29 192.168.1.119 - 50738 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1068 1519262362.8964264 1519262362.9242952 28 192.168.1.119 - 50741 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1069 1519262363.097309 1519262363.1261997 29 192.168.1.119 - 50739 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1070 1519262363.8945448 1519262363.9236772 29 192.168.1.119 - 50740 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1071 1519264484.186218 1519264484.2173207 31 192.168.1.119 - 50742 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.21%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1071 1519264487.7072656 1519264487.7492979 42 192.168.1.119 - 50742 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1072 1519265964.5326405 1519265964.5615761 29 192.168.1.119 - 50744 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1072 1519265964.769801 1519265964.8004332 31 192.168.1.119 - 50744 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1073 1519265965.7654047 1519265965.7979596 33 192.168.1.119 - 50745 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1074 1519269565.9157064 1519269565.9470215 31 192.168.1.119 - 50746 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1075 1519269566.0868056 1519269566.115732 29 192.168.1.119 - 50748 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1074 1519269566.3589008 1519269566.3890064 30 192.168.1.119 - 50746 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1076 1519272814.0494885 1519272814.3077228 258 192.168.1.119 - 50749 82.145.213.68 443 https://desktop-qualityclient-sub.osp.opera.software/v1/binary 638 244 144 36 470 189 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 1077 1519272814.3843381 1519272814.4109147 27 192.168.1.119 - 50752 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6958 0 6677 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1077 1519272814.4354577 1519272814.6753132 240 192.168.1.119 - 50752 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1077 1519272814.6785803 1519272814.704789 26 192.168.1.119 - 50752 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6428 0 6133 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1078 1519272890.0444608 1519272890.27994 235 192.168.1.119 - 50753 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1079 1519273167.1068764 1519273167.1335676 27 192.168.1.119 - 50754 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1080 1519273168.1336808 1519273168.1663785 33 192.168.1.119 - 50755 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1080 1519273168.1705978 1519273168.4222584 252 192.168.1.119 - 50755 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1081 1519274709.1183186 1519274709.1496756 31 192.168.1.119 - 50761 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1082 1519276768.0866454 1519276768.115768 29 192.168.1.119 - 50762 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1083 1519276768.2489233 1519276768.286577 38 192.168.1.119 - 50763 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1083 1519276768.482075 1519276768.5084548 26 192.168.1.119 - 50763 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1084 1519280369.423547 1519280369.652652 229 192.168.1.119 - 50767 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1084 1519280369.6566317 1519280369.7089088 52 192.168.1.119 - 50767 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1085 1519280370.679323 1519280370.7170098 38 192.168.1.119 - 50765 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1086 1519283229.572104 1519283229.6050806 33 192.168.1.119 - 50768 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.22%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1087 1519283970.7836206 1519283970.815309 32 192.168.1.119 - 50770 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1088 1519283971.0467794 1519283971.0782917 32 192.168.1.119 - 50771 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1087 1519283971.2267761 1519283971.360142 133 192.168.1.119 - 50770 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1089 1519287572.5757964 1519287572.6072829 31 192.168.1.119 - 50774 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1089 1519287572.8184445 1519287572.849986 32 192.168.1.119 - 50774 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1090 1519287573.8156688 1519287573.8497043 34 192.168.1.119 - 50773 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1091 1519291174.1738336 1519291174.2118537 38 192.168.1.119 - 50777 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1092 1519291174.1671972 1519291174.4096649 242 192.168.1.119 - 50775 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1092 1519291174.6176772 1519291174.6439762 26 192.168.1.119 - 50775 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1093 1519294775.1724806 1519294775.209828 37 192.168.1.119 - 50778 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1094 1519294776.1894426 1519294776.2441812 55 192.168.1.119 - 50779 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1095 1519294776.4207978 1519294776.451109 30 192.168.1.119 - 50780 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1096 1519296336.8143704 1519296336.867498 53 192.168.1.119 - 50785 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1097 1519298357.561765 1519298357.688595 127 192.168.1.119 - 50786 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:717457926&cup2hreq=8ec847b4e98d332a940822825f0638aa7fbe3a3333882662b5bf4ff9eb187a2e 1413 2481 986 1324 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1098 1519298359.2788699 1519298359.3094234 31 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07813BF948E7A162F8CCA8F73075BD62CBC64327.62B534995EE02B20BD8DB8F7EDE6B8EE5E903664&key=cms1 - CTU.339.1.Malicious 1099 1519298359.5838864 1519298359.61804 34 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07813BF948E7A162F8CCA8F73075BD62CBC64327.62B534995EE02B20BD8DB8F7EDE6B8EE5E903664&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1098 1519298361.1349938 1519298361.1819715 47 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D4F2C7B2F98BCA994AD5F42DC565DF32B56C4AB.517CC2F43374BDDD508BF920BD464D624A76A9FF&key=cms1 - CTU.339.1.Malicious 1099 1519298361.3839962 1519298361.4013622 17 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2D4F2C7B2F98BCA994AD5F42DC565DF32B56C4AB.517CC2F43374BDDD508BF920BD464D624A76A9FF&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298363.365505 1519298363.3957102 30 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=064DB0C7CFF0D963398670BDDC48C4012898428A.39F1D64CBB03D6DBA7EA55C357B8EA9957728295&key=cms1 - CTU.339.1.Malicious 1099 1519298363.5982969 1519298363.613514 15 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=064DB0C7CFF0D963398670BDDC48C4012898428A.39F1D64CBB03D6DBA7EA55C357B8EA9957728295&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298364.525531 1519298364.5555644 30 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 374 1530 0 691 263 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4A65C88CE116D887D10E829107FB277A3CD77B13.5427DC612B87899727B89B459556BA07460B8FAF&key=cms1 - CTU.339.1.Malicious 1099 1519298364.7581933 1519298364.7743523 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4A65C88CE116D887D10E829107FB277A3CD77B13.5427DC612B87899727B89B459556BA07460B8FAF&key=cms1 688 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298365.6050532 1519298365.6341045 29 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2923DBC2FB35A1DF2C8EA1080AAA51A00E6E0630.3D48D13BA7A3940D55A091EEB3EFA3615BE244CD&key=cms1 - CTU.339.1.Malicious 1099 1519298365.8366146 1519298365.8479373 11 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2923DBC2FB35A1DF2C8EA1080AAA51A00E6E0630.3D48D13BA7A3940D55A091EEB3EFA3615BE244CD&key=cms1 689 10981 0 10312 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298366.6527967 1519298366.6820855 29 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5B90C2E5B0F4FB028744B9600EAA85B4F0D3C0F6.5F2DF29EB5B6D85E9F61199F30AB6C40CE390CC5&key=cms1 - CTU.339.1.Malicious 1099 1519298366.902529 1519298366.925385 23 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5B90C2E5B0F4FB028744B9600EAA85B4F0D3C0F6.5F2DF29EB5B6D85E9F61199F30AB6C40CE390CC5&key=cms1 689 10759 0 10090 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298367.7068043 1519298367.7371345 30 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F23FF9E2F64A1F3C96CA1A99FC5117CFAEBEB7A.05FCF019C7A5D093AC0136D7A39202A36F061FD4&key=cms1 - CTU.339.1.Malicious 1099 1519298367.9494374 1519298368.0048044 55 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F23FF9E2F64A1F3C96CA1A99FC5117CFAEBEB7A.05FCF019C7A5D093AC0136D7A39202A36F061FD4&key=cms1 669 10549 0 9881 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298369.7569916 1519298369.790521 34 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11EAD49C2FEA0BF80995FB8B710DC4394F53359F.179B50870A4B379C41457A59F2A224F081FA6A78&key=cms1 - CTU.339.1.Malicious 1099 1519298369.9925854 1519298370.0102117 18 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=11EAD49C2FEA0BF80995FB8B710DC4394F53359F.179B50870A4B379C41457A59F2A224F081FA6A78&key=cms1 689 11449 0 10780 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298371.1821241 1519298371.2117352 30 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3D514EA63F194D848C48F32B7A958376D24EF9D8.3A483B021276AAFBEDF39D62586AB937FE2DC48C&key=cms1 - CTU.339.1.Malicious 1099 1519298371.4118605 1519298371.4253924 14 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3D514EA63F194D848C48F32B7A958376D24EF9D8.3A483B021276AAFBEDF39D62586AB937FE2DC48C&key=cms1 689 10305 0 9637 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298372.2301967 1519298372.2589211 29 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0FF9229A76C4C52A88AAD60C2DE8E7B04760FCE0.8164955DD982FD21590A2597C3AF2143BCBFF316&key=cms1 - CTU.339.1.Malicious 1099 1519298372.464666 1519298372.4802852 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0FF9229A76C4C52A88AAD60C2DE8E7B04760FCE0.8164955DD982FD21590A2597C3AF2143BCBFF316&key=cms1 669 10808 0 10139 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298374.2771754 1519298374.3079836 31 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6197494A02F71671323E6409C0F17DFDBC02645F.32634BEEEFC30571735F2855A690FAEE678DA1FA&key=cms1 - CTU.339.1.Malicious 1099 1519298374.5106714 1519298374.525691 15 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6197494A02F71671323E6409C0F17DFDBC02645F.32634BEEEFC30571735F2855A690FAEE678DA1FA&key=cms1 689 19538 0 18869 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1100 1519298376.7305002 1519298376.7636662 33 192.168.1.119 - 50789 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1101 1519298376.7666357 1519298377.0056622 239 192.168.1.119 - 50790 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1098 1519298376.971222 1519298377.0062952 35 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 376 1530 0 691 265 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=264A666913A33B65934674184DE8C63FC7BBA9BC.353CE336B169272CB2353D52D271B7D2129679C2&key=cms1 - CTU.339.1.Malicious 1099 1519298377.2124481 1519298377.2284756 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=264A666913A33B65934674184DE8C63FC7BBA9BC.353CE336B169272CB2353D52D271B7D2129679C2&key=cms1 690 17115 0 16445 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1102 1519298377.3620698 1519298377.4051347 43 192.168.1.119 - 50791 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1098 1519298379.6790197 1519298379.7080913 29 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3C6B548320FF42ED861B21E3638225CB22814784.348EEB5B19DF6C299BA740FF82BB9046323C00D5&key=cms1 - CTU.339.1.Malicious 1099 1519298379.9100783 1519298379.9237633 14 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3C6B548320FF42ED861B21E3638225CB22814784.348EEB5B19DF6C299BA740FF82BB9046323C00D5&key=cms1 691 14925 0 14254 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298382.3844125 1519298382.4147801 30 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=454CE9FEB3FC507E8C4A739F85AFC1A83F706640.81E871A87712961B2A7C860478D5DF100494DBF2&key=cms1 - CTU.339.1.Malicious 1099 1519298382.6155741 1519298382.6315937 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=454CE9FEB3FC507E8C4A739F85AFC1A83F706640.81E871A87712961B2A7C860478D5DF100494DBF2&key=cms1 671 13970 0 13299 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298384.5836143 1519298384.6129844 29 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6B5DA092BF856F14D79809C905C21B1C934EEE0B.0BF98C5E2E5BB87BDB502E742592887DE98724D5&key=cms1 - CTU.339.1.Malicious 1099 1519298384.8152823 1519298384.8314393 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6B5DA092BF856F14D79809C905C21B1C934EEE0B.0BF98C5E2E5BB87BDB502E742592887DE98724D5&key=cms1 671 18677 0 18006 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298387.2952185 1519298387.3204877 25 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=73881C891A0B06A4E9CD2B2309488005346885F5.347FF46B5D85C62487C4E3EF097A838DAE255D8B&key=cms1 - CTU.339.1.Malicious 1099 1519298387.5236409 1519298387.53939 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=73881C891A0B06A4E9CD2B2309488005346885F5.347FF46B5D85C62487C4E3EF097A838DAE255D8B&key=cms1 671 17717 0 17046 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298389.447832 1519298389.4763703 29 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82D79E289E4CD31AE363828D8BF0A29A2A2337B2.02DCB217E48AEA7A96C312B4CBF108E9A2EE36FF&key=cms1 - CTU.339.1.Malicious 1099 1519298389.679456 1519298389.6960125 17 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82D79E289E4CD31AE363828D8BF0A29A2A2337B2.02DCB217E48AEA7A96C312B4CBF108E9A2EE36FF&key=cms1 671 26462 0 25791 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298392.0095325 1519298392.0393472 30 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=54A3A772C49D5FDCA55D6EF9D8B910865B984567.17BC8B0D7072BC474B66EBBA7A724AC07BF7D042&key=cms1 - CTU.339.1.Malicious 1099 1519298392.2406206 1519298392.2553475 15 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=54A3A772C49D5FDCA55D6EF9D8B910865B984567.17BC8B0D7072BC474B66EBBA7A724AC07BF7D042&key=cms1 671 24053 0 23382 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1098 1519298394.9177914 1519298394.9462435 28 192.168.1.119 - 50787 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=51AE98A79C8A9C4629967D3FA0B7D0AAC5BE2D76.4EA4CC99E00EEB2A61D0229718750AC1DA50C5A4&key=cms1 - CTU.339.1.Malicious 1099 1519298395.1480844 1519298395.164115 16 192.168.1.119 - 50788 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AOdDH2hY2DAA_4298/4298_all_crl-set-8393330853105558407.data.crx3?cms_redirect=yes&expire=1519312794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519298322&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=51AE98A79C8A9C4629967D3FA0B7D0AAC5BE2D76.4EA4CC99E00EEB2A61D0229718750AC1DA50C5A4&key=cms1 671 16744 0 16073 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1103 1519298399.4057686 1519298399.4819126 76 192.168.1.119 - 50792 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1104 1519299452.291608 1519299452.5512428 260 192.168.1.119 - 50794 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.22%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1105 1519301692.2693884 1519301692.883085 614 192.168.1.119 - 50795 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1106 1519301978.5430515 1519301978.5773647 34 192.168.1.119 - 50797 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1107 1519301979.3515596 1519301979.3841636 33 192.168.1.119 - 50799 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1108 1519301979.574162 1519301979.6079743 34 192.168.1.119 - 50798 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1109 1519305579.7230923 1519305579.7613027 38 192.168.1.119 - 50801 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1109 1519305580.0361023 1519305580.0634007 27 192.168.1.119 - 50801 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1110 1519305580.5324473 1519305580.5644646 32 192.168.1.119 - 50800 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1111 1519309181.2672687 1519309181.3024428 35 192.168.1.119 - 50803 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1112 1519309181.093368 1519309181.3499067 257 192.168.1.119 - 50805 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1111 1519309181.5310113 1519309181.560675 30 192.168.1.119 - 50803 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1113 1519312782.4119759 1519312782.4475007 36 192.168.1.119 - 50807 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1113 1519312782.4510038 1519312782.4808216 30 192.168.1.119 - 50807 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1114 1519312783.5159974 1519312783.5479298 32 192.168.1.119 - 50806 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1115 1519316383.8703494 1519316383.9012458 31 192.168.1.119 - 50809 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1115 1519316383.9099953 1519316383.9384587 28 192.168.1.119 - 50809 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1116 1519316384.0633168 1519316384.0953295 32 192.168.1.119 - 50811 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1117 1519317963.2446308 1519317963.3344398 90 192.168.1.119 - 50816 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1118 1519318081.0584216 1519318081.0880346 30 192.168.1.119 - 50817 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.22%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1119 1519319985.1683798 1519319985.20407 36 192.168.1.119 - 50820 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1120 1519319986.367204 1519319986.4152822 48 192.168.1.119 - 50819 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1121 1519319986.3772886 1519319986.4199917 43 192.168.1.119 - 50818 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1122 1519323586.155196 1519323586.1975982 42 192.168.1.119 - 50821 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1123 1519323587.1350465 1519323587.1587846 24 192.168.1.119 - 50823 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1124 1519323587.1403553 1519323587.1712453 31 192.168.1.119 - 50822 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1125 1519327187.1221533 1519327187.1504145 28 192.168.1.119 - 50824 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1126 1519327187.4733238 1519327187.5043483 31 192.168.1.119 - 50825 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1127 1519327187.6344502 1519327187.6652207 31 192.168.1.119 - 50826 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1128 1519330493.5882707 1519330493.8543978 266 192.168.1.119 - 50827 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1129 1519330788.6919265 1519330788.7200274 28 192.168.1.119 - 50830 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1130 1519330788.699939 1519330788.7313354 31 192.168.1.119 - 50828 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1129 1519330788.92541 1519330788.9537854 28 192.168.1.119 - 50830 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1131 1519334389.5086956 1519334389.5453322 37 192.168.1.119 - 50831 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1131 1519334389.552284 1519334389.5842295 32 192.168.1.119 - 50831 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1132 1519334390.5211349 1519334390.5528462 32 192.168.1.119 - 50832 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1133 1519337265.268471 1519337265.2950053 27 192.168.1.119 - 50834 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.22%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1134 1519337990.793099 1519337990.8219564 29 192.168.1.119 - 50835 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1134 1519337990.8305614 1519337990.8594208 29 192.168.1.119 - 50835 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1135 1519337991.1431234 1519337991.1760013 33 192.168.1.119 - 50837 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1136 1519339590.8981197 1519339590.9229183 25 192.168.1.119 - 50842 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1137 1519341591.21005 1519341591.2398512 30 192.168.1.119 - 50843 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1137 1519341591.453149 1519341591.482273 29 192.168.1.119 - 50843 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1138 1519341591.471543 1519341591.50632 35 192.168.1.119 - 50845 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1139 1519345193.3005269 1519345193.32857 28 192.168.1.119 - 50846 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1140 1519345193.5205061 1519345193.5472226 27 192.168.1.119 - 50848 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1141 1519345193.780688 1519345193.8078644 27 192.168.1.119 - 50847 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1142 1519348794.8894753 1519348794.922222 33 192.168.1.119 - 50851 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1143 1519348795.856875 1519348795.8842313 27 192.168.1.119 - 50849 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1144 1519348795.9242473 1519348796.1776173 253 192.168.1.119 - 50850 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1145 1519352357.1067517 1519352357.165378 59 192.168.1.119 - 50852 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2632304361&cup2hreq=0e07dee1747df46c932eaaa059efaabb05ee025c70df4b53298f5e8d38be6c45 1414 2486 986 1325 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1146 1519352358.6716404 1519352358.7017653 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 283 820 0 0 170 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=02EF8B1D1F0B45FCF08A84FFC3546D2795FDADA3.29CE7703DF99E8AAC8A63706206903F0EBDF60DA&key=cms1 - CTU.339.1.Malicious 1147 1519352358.9843051 1519352358.998995 15 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=02EF8B1D1F0B45FCF08A84FFC3546D2795FDADA3.29CE7703DF99E8AAC8A63706206903F0EBDF60DA&key=cms1 577 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1146 1519352360.4861798 1519352360.515851 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 371 1488 0 668 259 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=603B74323ADBA3BBC0F136322CAFD32A253FEEC2.01E29B164B0D81C1626C5948EC6EC23CF32E3EA3&key=cms1 - CTU.339.1.Malicious 1147 1519352360.717779 1519352360.7323127 15 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=603B74323ADBA3BBC0F136322CAFD32A253FEEC2.01E29B164B0D81C1626C5948EC6EC23CF32E3EA3&key=cms1 665 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352362.7370281 1519352362.7836735 47 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 374 1488 0 668 262 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4632D65F3FCD6E3893EBDC79D1BCC6C215263110.032F5507DFAC8EB61DC609E5CADE83EF6F411E6D&key=cms1 - CTU.339.1.Malicious 1147 1519352362.9858978 1519352362.9971876 11 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4632D65F3FCD6E3893EBDC79D1BCC6C215263110.032F5507DFAC8EB61DC609E5CADE83EF6F411E6D&key=cms1 668 6985 0 6319 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352365.0473974 1519352365.0857582 38 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 375 1488 0 668 263 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=30540015BD40D451F04C3D87CC59BA33AF5D78D6.31962632519B543D9B538E583AAFA0B9E65F5C19&key=cms1 - CTU.339.1.Malicious 1147 1519352365.2878659 1519352365.3035715 16 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=30540015BD40D451F04C3D87CC59BA33AF5D78D6.31962632519B543D9B538E583AAFA0B9E65F5C19&key=cms1 669 12627 0 11959 272 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352367.3050275 1519352367.3345702 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2763321DC0C543789D6D3512E285358DD2C339E6.104E5813E8C742C45E0FE9B06426B4BF7745F80E&key=cms1 - CTU.339.1.Malicious 1147 1519352367.5372767 1519352367.5904913 53 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2763321DC0C543789D6D3512E285358DD2C339E6.104E5813E8C742C45E0FE9B06426B4BF7745F80E&key=cms1 670 15141 0 14472 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352369.0699065 1519352369.096345 26 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6461DD7B709891F771C8B1884EF56B8FE2AAB901.36D6A36288EC9E2B2AD40AE48C4E49454A40BE4C&key=cms1 - CTU.339.1.Malicious 1147 1519352369.2988932 1519352369.3090987 10 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6461DD7B709891F771C8B1884EF56B8FE2AAB901.36D6A36288EC9E2B2AD40AE48C4E49454A40BE4C&key=cms1 670 8753 0 8085 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352370.1268578 1519352370.155712 29 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66C5A74620E79BF6A5220D680FEACEC1EF99902B.12D122CC4A5AC2AB950B44B0E29EEF7DB304CB24&key=cms1 - CTU.339.1.Malicious 1147 1519352370.359536 1519352370.3701227 11 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=66C5A74620E79BF6A5220D680FEACEC1EF99902B.12D122CC4A5AC2AB950B44B0E29EEF7DB304CB24&key=cms1 670 7592 0 6924 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352371.1931272 1519352371.2217073 29 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E69DBECBBC0C375FAC0E8E620B9A7BEB90DBC2F.0626C67970AD76A2EAF89D8444D8BAAF493F9CDC&key=cms1 - CTU.339.1.Malicious 1147 1519352371.42287 1519352371.4385939 16 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E69DBECBBC0C375FAC0E8E620B9A7BEB90DBC2F.0626C67970AD76A2EAF89D8444D8BAAF493F9CDC&key=cms1 670 7016 0 6348 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352373.2649505 1519352373.294 29 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=553FF901FF4A2A97D81AA01BD9F5F3BB0CAE36CB.7013CFC062CA5C62BB32910078384A40DFCFEF86&key=cms1 - CTU.339.1.Malicious 1147 1519352373.496707 1519352373.5074286 11 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=553FF901FF4A2A97D81AA01BD9F5F3BB0CAE36CB.7013CFC062CA5C62BB32910078384A40DFCFEF86&key=cms1 670 13991 0 13322 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352375.4013662 1519352375.4303534 29 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=81E7EA20513A146E4C767CF9129B4AD81A4EA4F6.0272BE59FAA9DDBFFC8B5C4A58B5231BDD73151D&key=cms1 - CTU.339.1.Malicious 1147 1519352375.6319602 1519352375.643163 11 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519352240&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=81E7EA20513A146E4C767CF9129B4AD81A4EA4F6.0272BE59FAA9DDBFFC8B5C4A58B5231BDD73151D&key=cms1 670 13786 0 13117 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352378.0474944 1519352378.0764227 29 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 376 1488 0 668 264 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7D2EA249D9A056745E9431B6B3B5065B4A957444.40A4F912A9C56F4159E1449B5FE6340CC78ED862&key=cms1 - CTU.339.1.Malicious 1147 1519352378.278724 1519352378.289015 10 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7D2EA249D9A056745E9431B6B3B5065B4A957444.40A4F912A9C56F4159E1449B5FE6340CC78ED862&key=cms1 670 12959 0 12290 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352380.7657375 1519352380.796312 31 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 377 1488 0 668 265 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0599412CF65B0E70CEE0B71FC0E59383C591BE9F.1C5E891CF35AA17E3D75A3DCEEE59FC0B0F7A652&key=cms1 - CTU.339.1.Malicious 1147 1519352380.9990904 1519352381.013367 14 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0599412CF65B0E70CEE0B71FC0E59383C591BE9F.1C5E891CF35AA17E3D75A3DCEEE59FC0B0F7A652&key=cms1 671 11104 0 10434 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352382.2859664 1519352382.3157578 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7F0B865C6E74594F78130E15515D664505919A11.695621E783A36A85F8790D8584BF5B0218ADF7AC&key=cms1 - CTU.339.1.Malicious 1147 1519352382.5761504 1519352382.5907636 15 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7F0B865C6E74594F78130E15515D664505919A11.695621E783A36A85F8790D8584BF5B0218ADF7AC&key=cms1 672 9805 0 9135 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352384.3371432 1519352384.3622546 25 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C9C2043A63F8B73AA6F3806B178710F846D5AA2.2C2B94B73FA90C58ECA3024A34BBCA9E1227518B&key=cms1 - CTU.339.1.Malicious 1147 1519352384.563913 1519352384.5739686 10 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1C9C2043A63F8B73AA6F3806B178710F846D5AA2.2C2B94B73FA90C58ECA3024A34BBCA9E1227518B&key=cms1 672 19566 0 18895 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352387.2315023 1519352387.2567103 25 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=852D1A53B5219F1E20C1EF7E5E15CD236D2E3391.4FB43C8A126AB179532EC9EA29867E52AD529F92&key=cms1 - CTU.339.1.Malicious 1147 1519352387.4597018 1519352387.4757898 16 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=852D1A53B5219F1E20C1EF7E5E15CD236D2E3391.4FB43C8A126AB179532EC9EA29867E52AD529F92&key=cms1 672 17108 0 16437 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352389.951237 1519352389.981079 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E21F241AC13DC26F7F7D69CF878921A070D3EE8.586AD0DC250D759D15B0C1DCBD28CF9F012113C1&key=cms1 - CTU.339.1.Malicious 1147 1519352390.1823158 1519352390.1979716 16 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6E21F241AC13DC26F7F7D69CF878921A070D3EE8.586AD0DC250D759D15B0C1DCBD28CF9F012113C1&key=cms1 672 15606 0 14935 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352392.637822 1519352392.6682541 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B775B6C91D9C1705B9F2675205F3204B1DD8FB7.30915F805A8E5FCE65A18508E82863CC6683EC0C&key=cms1 - CTU.339.1.Malicious 1147 1519352392.8703463 1519352392.8852775 15 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1B775B6C91D9C1705B9F2675205F3204B1DD8FB7.30915F805A8E5FCE65A18508E82863CC6683EC0C&key=cms1 672 14176 0 13505 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352395.2952907 1519352395.3250782 30 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A2E20066FCF9198EC43C04A0DA928D46AB3D037.7E6D4D6A2FFAABD675F011ADF7075AA78D737739&key=cms1 - CTU.339.1.Malicious 1147 1519352395.5360153 1519352395.547685 12 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1A2E20066FCF9198EC43C04A0DA928D46AB3D037.7E6D4D6A2FFAABD675F011ADF7075AA78D737739&key=cms1 672 13866 0 13195 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1148 1519352396.468721 1519352396.4986649 30 192.168.1.119 - 50857 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1149 1519352396.5699701 1519352396.603462 33 192.168.1.119 - 50855 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1148 1519352396.9256449 1519352396.9546177 29 192.168.1.119 - 50857 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1146 1519352397.9463506 1519352397.9717364 25 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=73CF16004A96AA9397186A5E389ED0787B730629.46DC1EF4487BEF165AFA1704D96DAD93998FCB31&key=cms1 - CTU.339.1.Malicious 1147 1519352398.1771762 1519352398.1901603 13 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=73CF16004A96AA9397186A5E389ED0787B730629.46DC1EF4487BEF165AFA1704D96DAD93998FCB31&key=cms1 672 12065 0 11394 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352399.4061813 1519352399.4315307 25 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=09FAC0D34DB7BEC99920BA0857ED8F7B2C9C47DC.34029ED6B8176B284EEB384F8D9388AE1DAEBE40&key=cms1 - CTU.339.1.Malicious 1147 1519352399.6337194 1519352399.648683 15 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=09FAC0D34DB7BEC99920BA0857ED8F7B2C9C47DC.34029ED6B8176B284EEB384F8D9388AE1DAEBE40&key=cms1 672 10789 0 10118 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352401.4520369 1519352401.4840503 32 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5165514A431B4C172E5ED8146DAC7929C2A1C43C.35B28178F8E1A049679FBF41C904A0B8F0421930&key=cms1 - CTU.339.1.Malicious 1147 1519352401.6893196 1519352401.7071395 18 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5165514A431B4C172E5ED8146DAC7929C2A1C43C.35B28178F8E1A049679FBF41C904A0B8F0421930&key=cms1 672 11384 0 10713 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352402.4962893 1519352402.5277042 31 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=13EF0C82FB6ACB3D2621365B1DCEF779651059A4.5CE6E903D9B9567A7427473C01CB5A962EA5EE59&key=cms1 - CTU.339.1.Malicious 1147 1519352402.732888 1519352402.7498693 17 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=13EF0C82FB6ACB3D2621365B1DCEF779651059A4.5CE6E903D9B9567A7427473C01CB5A962EA5EE59&key=cms1 672 11252 0 10581 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1146 1519352403.5408633 1519352403.5723996 32 192.168.1.119 - 50853 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3 378 1488 0 668 266 803 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3071A5A4469627795BAF0F119691DA408A156D61.5E8719411EEAF6923DF77D37FBDC70D3402AA362&key=cms1 - CTU.339.1.Malicious 1147 1519352403.7968543 1519352403.8149831 18 192.168.1.119 - 50854 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AJlJ-xUilfOe_4299/4299_all_crl-set-15298454128714770003.data.crx3?cms_redirect=yes&expire=1519366803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519351740&mv=u&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3071A5A4469627795BAF0F119691DA408A156D61.5E8719411EEAF6923DF77D37FBDC70D3402AA362&key=cms1 672 2008 0 1338 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1150 1519352406.683906 1519352406.9465098 263 192.168.1.119 - 50858 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1151 1519355997.9762697 1519355998.027189 51 192.168.1.119 - 50860 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1152 1519355998.0720265 1519355998.1041114 32 192.168.1.119 - 50859 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1153 1519355998.1456683 1519355998.1730084 27 192.168.1.119 - 50861 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1154 1519356723.6625063 1519356723.6949787 32 192.168.1.119 - 50862 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.22%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1155 1519356728.3787704 1519356728.4168909 38 192.168.1.119 - 50863 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1156 1519359215.2042017 1519359215.22962 25 192.168.1.119 - 50864 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6947 0 6666 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1157 1519359215.2088337 1519359215.234606 26 192.168.1.119 - 50865 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1937 0 1664 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1156 1519359215.6437373 1519359215.6670363 23 192.168.1.119 - 50864 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6431 0 6136 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1158 1519359294.3635128 1519359294.4631362 100 192.168.1.119 - 50867 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1159 1519359599.3703928 1519359599.5895824 219 192.168.1.119 - 50869 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1160 1519359600.4023745 1519359600.4306815 28 192.168.1.119 - 50868 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1160 1519359600.434183 1519359600.683669 249 192.168.1.119 - 50868 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1161 1519361219.3933816 1519361219.4260437 33 192.168.1.119 - 50875 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1162 1519363200.7491424 1519363200.9732432 224 192.168.1.119 - 50876 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1163 1519363201.8040464 1519363201.8344226 30 192.168.1.119 - 50878 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1164 1519363201.7508175 1519363201.9747891 224 192.168.1.119 - 50877 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1165 1519366801.6086411 1519366801.6362152 28 192.168.1.119 - 50879 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1166 1519366802.0813434 1519366802.1086879 27 192.168.1.119 - 50880 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1167 1519366802.3560188 1519366802.5930026 237 192.168.1.119 - 50881 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1168 1519370402.9362812 1519370402.964641 28 192.168.1.119 - 50883 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1168 1519370403.3713782 1519370403.402348 31 192.168.1.119 - 50883 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1169 1519370404.1836503 1519370404.4083414 225 192.168.1.119 - 50882 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1170 1519374004.2475984 1519374004.2747817 27 192.168.1.119 - 50886 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1170 1519374004.6844053 1519374004.722231 38 192.168.1.119 - 50886 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1171 1519374004.7073798 1519374004.7474592 40 192.168.1.119 - 50887 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1172 1519376289.229577 1519376289.2566047 27 192.168.1.119 - 50888 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.23%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1173 1519377605.5466082 1519377605.5741143 28 192.168.1.119 - 50889 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1173 1519377605.9826248 1519377606.012676 30 192.168.1.119 - 50889 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1174 1519377606.5474946 1519377606.5802252 33 192.168.1.119 - 50891 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1175 1519381206.8812754 1519381206.915368 34 192.168.1.119 - 50894 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1176 1519381206.7998352 1519381207.0434349 244 192.168.1.119 - 50893 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1176 1519381207.0474794 1519381207.0995653 52 192.168.1.119 - 50893 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1177 1519382846.0170414 1519382846.0738294 57 192.168.1.119 - 50899 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 511 0 113 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1178 1519384808.1548386 1519384808.1987119 44 192.168.1.119 - 50900 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1179 1519384808.3984272 1519384808.430885 32 192.168.1.119 - 50901 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1178 1519384808.4097033 1519384808.547836 138 192.168.1.119 - 50900 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1180 1519388095.7969127 1519388095.9903817 193 192.168.1.119 - 50903 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1181 1519388409.785021 1519388409.8181114 33 192.168.1.119 - 50905 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1182 1519388409.7555993 1519388409.973949 218 192.168.1.119 - 50906 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1181 1519388410.0313773 1519388410.0625026 31 192.168.1.119 - 50905 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1183 1519392029.4845083 1519392029.5164118 32 192.168.1.119 - 50908 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1184 1519392029.6806211 1519392029.7106023 30 192.168.1.119 - 50907 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1185 1519392034.79953 1519392034.8429916 43 192.168.1.119 - 50909 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1186 1519395013.979593 1519395014.0104158 31 192.168.1.119 - 50910 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.23%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1187 1519395631.1348476 1519395631.1679158 33 192.168.1.119 - 50911 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1188 1519395631.3415043 1519395631.3737435 32 192.168.1.119 - 50912 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1189 1519395635.1654925 1519395635.1938872 28 192.168.1.119 - 50913 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1190 1519399232.7290502 1519399232.976087 247 192.168.1.119 - 50914 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1190 1519399232.9794507 1519399233.0088253 29 192.168.1.119 - 50914 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1191 1519399235.4673643 1519399235.495347 28 192.168.1.119 - 50916 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1192 1519402833.978971 1519402834.0182333 39 192.168.1.119 - 50917 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1192 1519402834.2257736 1519402834.2640834 38 192.168.1.119 - 50917 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1193 1519402835.7843356 1519402835.8290038 45 192.168.1.119 - 50919 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1194 1519404473.9951663 1519404474.0374417 42 192.168.1.119 - 50924 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1195 1519406357.1083856 1519406357.162604 54 192.168.1.119 - 50925 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:1104618281&cup2hreq=8de8ac370966eb45d6691c09fee8be984cfbf315f23aa4ae53954d13e7c98201 1414 2476 986 1319 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1196 1519406358.4067674 1519406358.433798 27 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0A1C486C91493366B1F9EA301FC87903AFEB10F4.7B6B3A0C7CC2B1EE9EB079718966A5CFCD6FAE4F&key=cms1 - CTU.339.1.Malicious 1197 1519406358.6789596 1519406358.6888697 10 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420758&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0A1C486C91493366B1F9EA301FC87903AFEB10F4.7B6B3A0C7CC2B1EE9EB079718966A5CFCD6FAE4F&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1196 1519406360.087761 1519406360.11793 30 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=39CFD8A2B2469AC674AB4866FD550545AE101F23.074A200E18C0364EFF766DC11FCD6320004837BA&key=cms1 - CTU.339.1.Malicious 1197 1519406360.3262682 1519406360.3366578 10 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=39CFD8A2B2469AC674AB4866FD550545AE101F23.074A200E18C0364EFF766DC11FCD6320004837BA&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406363.3601272 1519406363.3900237 30 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=05ADE2FB05AD0B5F59E0CEE3D53DB962CAAE7DC5.21CFC2D70502A34C3C2B68230B3A4438B5B350DF&key=cms1 - CTU.339.1.Malicious 1197 1519406363.5915692 1519406363.6056314 14 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=05ADE2FB05AD0B5F59E0CEE3D53DB962CAAE7DC5.21CFC2D70502A34C3C2B68230B3A4438B5B350DF&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406365.5217395 1519406365.5468204 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 374 1482 0 665 263 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1878A6B7E0FAA7B65694AAF4AE55D1585F2DFD9C.3EB8EA2190CE1BAB009727053956D79D888BDC&key=cms1 - CTU.339.1.Malicious 1197 1519406365.7584364 1519406365.7685072 10 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1878A6B7E0FAA7B65694AAF4AE55D1585F2DFD9C.3EB8EA2190CE1BAB009727053956D79D888BDC&key=cms1 666 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406367.6078546 1519406367.6327713 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=399EC7C2358CAEC0BF13557D1FA899F730DEB47D.4D425B6BBD19A5794353BDBF68B868081003328A&key=cms1 - CTU.339.1.Malicious 1197 1519406367.8330064 1519406367.8486896 16 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=399EC7C2358CAEC0BF13557D1FA899F730DEB47D.4D425B6BBD19A5794353BDBF68B868081003328A&key=cms1 669 6675 0 6007 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406369.6928017 1519406369.7180977 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5E73DF5CE93D24868B3F525456EC8D5AA45A7BEA.528356521B34BE0723740137B9EB0746C3A48714&key=cms1 - CTU.339.1.Malicious 1197 1519406369.9204326 1519406369.935935 16 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406184&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5E73DF5CE93D24868B3F525456EC8D5AA45A7BEA.528356521B34BE0723740137B9EB0746C3A48714&key=cms1 689 13307 0 12638 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406371.0862613 1519406371.1132739 27 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=027221DF5278A8E8D35E46D38F5E2C257E097055.722721A632774563001DA0BF66EF9C70A4A2DCA3&key=cms1 - CTU.339.1.Malicious 1197 1519406371.3160625 1519406371.3290386 13 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=027221DF5278A8E8D35E46D38F5E2C257E097055.722721A632774563001DA0BF66EF9C70A4A2DCA3&key=cms1 689 11750 0 11081 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406372.223804 1519406372.2495675 26 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68794D671FA27626F9F9DE71984E57B8D6AB48F7.3045BDBE3E5CA682D9DFFB91B561F7673C1A6D2A&key=cms1 - CTU.339.1.Malicious 1197 1519406372.4534407 1519406372.4660833 13 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=68794D671FA27626F9F9DE71984E57B8D6AB48F7.3045BDBE3E5CA682D9DFFB91B561F7673C1A6D2A&key=cms1 669 11436 0 10767 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406374.7421634 1519406374.769774 28 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6026CA2A60B81C3E8A67DD721539A75956007452.4C9CB477E95A88840547539081C55CD3EE6E3679&key=cms1 - CTU.339.1.Malicious 1197 1519406374.9733253 1519406374.9841478 11 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6026CA2A60B81C3E8A67DD721539A75956007452.4C9CB477E95A88840547539081C55CD3EE6E3679&key=cms1 689 11735 0 11066 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406376.2699497 1519406376.2989857 29 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=562F1402EFC082CF6C2EE8E355E7C468AB2F01F0.7A5943E5A7718DAB9B9E43027274877899EB0C04&key=cms1 - CTU.339.1.Malicious 1197 1519406376.4995332 1519406376.5162508 17 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420776&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=562F1402EFC082CF6C2EE8E355E7C468AB2F01F0.7A5943E5A7718DAB9B9E43027274877899EB0C04&key=cms1 669 10333 0 9665 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406378.3180554 1519406378.342808 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=525852444C23B6B8E3F64E1C9435C19B17919CD0.76081719E711D83742A3087C9FA4B7B421F40988&key=cms1 - CTU.339.1.Malicious 1197 1519406378.5447206 1519406378.5604692 16 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=525852444C23B6B8E3F64E1C9435C19B17919CD0.76081719E711D83742A3087C9FA4B7B421F40988&key=cms1 669 20623 0 19954 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406381.4940937 1519406381.5193853 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=17EDBF4DBCCC84169736ED3A79FDE66EFE7F7E8B.24586287DB46AB75F18CB5BB454E4D74EBF66260&key=cms1 - CTU.339.1.Malicious 1197 1519406381.7224574 1519406381.7330613 11 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=17EDBF4DBCCC84169736ED3A79FDE66EFE7F7E8B.24586287DB46AB75F18CB5BB454E4D74EBF66260&key=cms1 670 16958 0 16288 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406384.1821113 1519406384.2116237 30 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=65FF912E520CAFBEE9ED773FF6147B4F6CD45578.3E1A38716D1EC8A37B5A747AE93A30FB8CD18F4E&key=cms1 - CTU.339.1.Malicious 1197 1519406384.413788 1519406384.4303603 17 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=65FF912E520CAFBEE9ED773FF6147B4F6CD45578.3E1A38716D1EC8A37B5A747AE93A30FB8CD18F4E&key=cms1 691 15331 0 14660 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406386.9111228 1519406386.9359996 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B7F56433950953F095301A2F4654DA76ADC6C1A.7E924EEDD7F934D250AA28C21BC0F0F382347E1D&key=cms1 - CTU.339.1.Malicious 1197 1519406387.1372032 1519406387.1522655 15 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2B7F56433950953F095301A2F4654DA76ADC6C1A.7E924EEDD7F934D250AA28C21BC0F0F382347E1D&key=cms1 671 13214 0 12543 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406389.0858607 1519406389.111666 26 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=29DCE915A24DC83F225AB52AF158B33453A72B50.7DA66A347C48AEDDC312F187C29E7CF30041BBAE&key=cms1 - CTU.339.1.Malicious 1197 1519406389.3173642 1519406389.3317783 14 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=29DCE915A24DC83F225AB52AF158B33453A72B50.7DA66A347C48AEDDC312F187C29E7CF30041BBAE&key=cms1 671 12793 0 12122 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406391.8029962 1519406391.828246 25 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=28A564C2621E96BCE12601F6083AADA4A3995547.7EB62C65CEFAE40479AAD224C1A47A4E183D41F8&key=cms1 - CTU.339.1.Malicious 1197 1519406392.030929 1519406392.045716 15 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=28A564C2621E96BCE12601F6083AADA4A3995547.7EB62C65CEFAE40479AAD224C1A47A4E183D41F8&key=cms1 671 12233 0 11562 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406392.994174 1519406393.1216168 127 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406311&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 1197 1519406393.3243127 1519406393.3376477 13 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406311&mv=m&pl=15&shardbypass=yes 500 11735 0 11064 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406394.606396 1519406394.63391 28 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A62FE5277FCACCF61709EBAE16196490081A6CC.4AD34B101A2DAF05739DA19591BB072696BA0F1F&key=cms1 - CTU.339.1.Malicious 1197 1519406394.831849 1519406394.8451195 13 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A62FE5277FCACCF61709EBAE16196490081A6CC.4AD34B101A2DAF05739DA19591BB072696BA0F1F&key=cms1 671 10368 0 9698 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406395.653556 1519406395.6799695 26 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77CB7A8F69CDDE32AAD00EDF2E6E74DFC21FC789.6B549B4C5ED824EF0322924FABFFFF42038729C3&key=cms1 - CTU.339.1.Malicious 1197 1519406395.884255 1519406395.8947868 11 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=77CB7A8F69CDDE32AAD00EDF2E6E74DFC21FC789.6B549B4C5ED824EF0322924FABFFFF42038729C3&key=cms1 671 10871 0 10200 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406397.700687 1519406397.7301207 29 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=20165027C69A76235CA0B57B0437824F14AB8DA0.765AF8D0CEAEB5515042A93179E9DF2F91FE4452&key=cms1 - CTU.339.1.Malicious 1197 1519406397.9320514 1519406397.9436212 12 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=20165027C69A76235CA0B57B0437824F14AB8DA0.765AF8D0CEAEB5515042A93179E9DF2F91FE4452&key=cms1 691 11699 0 11028 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406399.1499667 1519406399.1792405 29 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4E444704E6A06C924879B372D76F2BFB4915EA5D.4BA53D08E6074386444E745E6255DD40AF930CDE&key=cms1 - CTU.339.1.Malicious 1197 1519406399.3885095 1519406399.4032114 15 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=4E444704E6A06C924879B372D76F2BFB4915EA5D.4BA53D08E6074386444E745E6255DD40AF930CDE&key=cms1 671 10466 0 9796 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406400.1975718 1519406400.229665 32 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1DEA820C75CB579EFA64E58FC6970986B1C3A750.39336557596ADF20664844D413DC18CA0B05DFE5&key=cms1 - CTU.339.1.Malicious 1197 1519406400.4392507 1519406400.4561398 17 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1DEA820C75CB579EFA64E58FC6970986B1C3A750.39336557596ADF20664844D413DC18CA0B05DFE5&key=cms1 691 9526 0 8856 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406401.249833 1519406401.2813768 32 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=55C4E96D43340103AD0A384CAFB65CC8DC42F2FA.7A91D07CBB7BD8A9A03EB4B1C46070080D70D3D5&key=cms1 - CTU.339.1.Malicious 1197 1519406401.4841683 1519406401.4944434 10 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=55C4E96D43340103AD0A384CAFB65CC8DC42F2FA.7A91D07CBB7BD8A9A03EB4B1C46070080D70D3D5&key=cms1 691 9955 0 9285 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1196 1519406403.4228547 1519406403.451963 29 192.168.1.119 - 50926 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=10DB7DE93472584E9E22FAD85679AB08342B688F.3851C08EFC5BABA0396A5ED950DB32CE74F26D5D&key=cms1 - CTU.339.1.Malicious 1197 1519406403.6552515 1519406403.669618 14 192.168.1.119 - 50927 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/SRTqaD223kk_4300/4300_all_crl-set-11539712298414163244.data.crx3?cms_redirect=yes&expire=1519420803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519406305&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=10DB7DE93472584E9E22FAD85679AB08342B688F.3851C08EFC5BABA0396A5ED950DB32CE74F26D5D&key=cms1 671 7564 0 6894 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1198 1519406406.7004597 1519406406.8239915 124 192.168.1.119 - 50928 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1199 1519406434.9337602 1519406434.9654543 32 192.168.1.119 - 50930 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1200 1519406435.146059 1519406435.185604 40 192.168.1.119 - 50929 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1201 1519406436.4874809 1519406436.5206227 33 192.168.1.119 - 50931 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1202 1519410036.4921803 1519410036.5208292 29 192.168.1.119 - 50932 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1202 1519410036.7349288 1519410036.7645915 30 192.168.1.119 - 50932 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1203 1519410036.8746066 1519410036.9005864 26 192.168.1.119 - 50934 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1204 1519410392.5961714 1519410392.8308113 235 192.168.1.119 - 50935 54.197.251.114 80 http://i-21.b-44332.ut.bench.utorrent.com/e?i=21 460 232 275 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1205 1519410392.83926 1519410394.0804718 1241 192.168.1.119 - 50936 54.235.208.27 80 http://i-21.b-44332.ut.bench.utorrent.com/e?i=21 581 232 396 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1206 1519410396.0643835 1519410396.1054451 41 192.168.1.119 - 50939 13.32.145.129 80 http://utclient.utorrent.com/pro/utorrent/index.html 184 969 0 264 147 691 'BTWebClient/351S(44332)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1207 1519410396.26519 1519410396.2971413 32 192.168.1.119 - 50940 13.32.159.202 80 http://now.bt.co/inclient 157 628 0 183 135 416 'BTWebClient/351S(44332)' text/html GET 301 - - - - - https://now.bt.co/inclient - CTU.339.1.Malicious 1208 1519410396.9799185 1519410397.4451115 465 192.168.1.119 - 50943 178.79.242.147 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111389996&ol=en&ul=&tk=stable34&c=uTorrent 255 3609 0 3097 145 498 'BTWebClient/351S(44332)' binary/octet-stream GET 200 - - - - - - - CTU.339.1.Malicious 1209 1519410396.6627343 1519410397.4467 784 192.168.1.119 - 50942 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=BundleInstallComplete 2365 460 2140 29 156 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 1210 1519410397.4295468 1519410398.5331852 1104 192.168.1.119 - 50944 178.79.227.15 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111389996&ol=en&ul=&tk=stable34&c=uTorrent 263 28792 0 28315 145 463 'BTWebClient/351S(44332)' binary/octet-stream GET 200 - - - - - - - CTU.339.1.Malicious 1209 1519410398.2493577 1519410398.5962498 347 192.168.1.119 - 50942 104.17.61.19 80 http://flow.lavasoft.com/v1/event-stat/?ProductID=IS&Type=ProfileDebug 2315 460 2131 29 124 417 'None' application/json POST 200 - - - - - - - CTU.339.1.Malicious 1211 1519410405.2987413 1519410405.3352332 36 192.168.1.119 - 50951 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/tags/ut.json 213 8888 0 8357 179 517 'BTWebClient/351S(44332)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1212 1519410405.558821 1519410405.779253 220 192.168.1.119 - 50952 23.21.92.252 80 http://i-29.b-44332.ut.bench.utorrent.com/e?i=29 382 232 197 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1213 1519410406.86572 1519410407.0772898 212 192.168.1.119 - 50954 23.21.139.158 80 http://i-29.b-44332.ut.bench.utorrent.com/e?i=29 355 232 170 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1214 1519410407.8664277 1519410408.07792 211 192.168.1.119 - 50955 23.23.85.1 80 http://i-32.b-44332.ut.bench.utorrent.com/e?i=32 377 232 192 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1215 1519410408.1547077 1519410408.171605 17 192.168.1.119 - 50956 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/351S(44332)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1216 1519410409.2831595 1519410409.5162134 233 192.168.1.119 - 50958 54.225.194.96 80 http://i-49.b-44332.ut.bench.utorrent.com/e?i=49 354 232 169 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1217 1519410410.5055673 1519410410.5237784 18 192.168.1.119 - 50959 178.79.227.76 80 http://www.bt.co/network/start.html?langs=en 371 1850 0 1371 330 465 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1218 1519410411.1989138 1519410411.2110362 12 192.168.1.119 - 50960 216.58.201.106 80 http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js 453 70462 0 69838 403 610 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/javascript; charset=UTF-8 GET 200 http://www.bt.co/network/start.html?langs=en - - - - - - CTU.339.1.Malicious 1219 1519410411.3612716 1519410411.3849277 24 192.168.1.119 - 50961 104.17.30.15 80 http://static.ap.bittorrent.com/ados.js 429 33552 0 32654 408 884 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/x-javascript GET 200 http://www.bt.co/network/start.html?langs=en - - - - - - CTU.339.1.Malicious 1220 1519410413.2613015 1519410413.524904 264 192.168.1.119 - 50962 54.243.137.87 80 http://engine.bitmedianetwork.com/ados?t=1519410412705&request={"Placements":[{"A":"5682","S":"54166","D":"bt_ap_div","AT":5,"Properties":{"tag":"start-cookie"}}],"Keywords":"tag%3Dstart-cookie","Referrer":"","IsAsync":true} 614 2082 0 1124 410 944 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript; charset=utf-8 GET 200 http://www.bt.co/network/start.html?langs=en - - - - - - CTU.339.1.Malicious 1220 1519410413.8565927 1519410414.0166306 160 192.168.1.119 - 50962 54.243.137.87 80 http://engine.bitmedianetwork.com/i.gif?e=eyJhdiI6NjAzMTYsImF0Ijo1LCJidCI6MCwiY20iOjQ0OTU2MCwiY2giOjE0MTQwLCJjayI6e30sImNyIjoxNjQwMjczLCJkaSI6IjFkMTFiNDVhN2FkZTQ0NDNhZDQzNWQwZTZjNGFiOTZiIiwiZGoiOjAsImlpIjoiYjNmZjFjOTcxYzQ3NDgzYzkzZjVmMGYxMDAxNDYyZjAiLCJkbSI6MSwiZmMiOjE5NDUwNzAsImZsIjoyMTk0MDQ1LCJpcCI6IjE0Ny4zMi44My41NiIsImt3IjoidGFnPXN0YXJ0LWNvb2tpZSIsIm53Ijo1NjgyLCJwYyI6MCwiZWMiOjAsInByIjo5NTY5MywicnQiOjIsInJzIjo1MDAsInNhIjoiOSIsInNiIjoiaS0wZTcwYjVhNGQ1N2ViNjI0ZiIsInNwIjoxNzc4NSwic3QiOjU0MTY2LCJ1ayI6InVlMS05ZDBmZjE0MGQyNTY0YWUwOTNlYzY4NGYyNTdiMjExMiIsInRzIjoxNTE5NDEwNDEzNDYyLCJiZiI6dHJ1ZSwicG4iOiJidF9hcF9kaXYiLCJiYSI6MSwiZnEiOjB9&s=zkgcG14BAKQ4uthIoYFyoVbQl0Q 1116 939 0 43 468 882 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://www.bt.co/network/start.html?langs=en - - - - - - CTU.339.1.Malicious 1221 1519410415.598958 1519410415.826797 228 192.168.1.119 - 50964 23.23.215.82 80 http://i-43.b-44332.ut.bench.utorrent.com/e?i=43 341 232 156 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1222 1519410437.1830268 1519410439.5396636 2357 192.168.1.119 - 50969 178.79.227.167 80 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e1%2e1%2e44332 602 1745 0 1216 441 515 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1223 1519410440.0658617 1519410440.0939817 28 192.168.1.119 - 50971 185.26.182.103 443 https://sitecheck2.opera.com/api/v2/check 419 319 58 34 334 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-protobuf POST 200 - - - - - - - CTU.339.1.Malicious 1224 1519410442.018727 1519410442.1713438 153 192.168.1.119 - 50974 172.217.23.202 80 http://ajax.googleapis.com/ajax/libs/jquery/1.4.0/jquery.min.js 564 70462 0 69838 514 610 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=UTF-8 GET 200 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e1%2e1%2e44332 - - - - - - CTU.339.1.Malicious 1225 1519410444.197343 1519410444.2165759 19 192.168.1.119 - 50975 178.79.227.167 80 http://cdn.bitmedianetwork.com/network/5682.js 547 4180 0 3638 518 528 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e1%2e1%2e44332 - - - - - - CTU.339.1.Malicious 1226 1519410446.94815 1519410446.9862776 38 192.168.1.119 - 50976 185.26.182.103 443 https://sitecheck2.opera.com/api/v2/check 408 308 47 23 334 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-protobuf POST 200 - - - - - - - CTU.339.1.Malicious 1227 1519410446.3626003 1519410447.2398322 877 192.168.1.119 - 50977 98.143.146.7 80 http://utorrent.com/prodnews?uid=&v=3.5.1.1.44332 670 461 0 184 627 248 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 301 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e1%2e1%2e44332 - - - - http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - CTU.339.1.Malicious 1226 1519410447.2780504 1519410447.3042054 26 192.168.1.119 - 50976 185.26.182.103 443 https://sitecheck2.opera.com/api/v2/check 412 312 51 27 334 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-protobuf POST 200 - - - - - - - CTU.339.1.Malicious 1228 1519410448.2480412 1519410448.3918352 144 192.168.1.119 - 50978 178.79.227.142 80 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 674 27491 0 27106 631 371 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e1%2e1%2e44332 - - - - - - CTU.339.1.Malicious 1229 1519410449.3190665 1519410449.5062826 187 192.168.1.119 - 50983 178.79.227.142 80 http://www.utorrent.com/scripts/vendor/modernizr.js 427 13188 0 12792 386 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1230 1519410449.1611848 1519410451.774693 2614 192.168.1.119 - 50982 178.79.227.142 80 http://www.utorrent.com/stylesheets/jquery.smartbanner.css?1416516159 460 4386 0 4007 401 365 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1231 1519410449.180078 1519410451.9031985 2723 192.168.1.119 - 50981 178.79.227.142 80 http://www.utorrent.com/stylesheets/panels.css?1518555861 448 2716 0 2337 401 365 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1232 1519410449.4998088 1519410451.9709127 2471 192.168.1.119 - 50987 172.217.23.202 80 http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js 440 96410 0 95786 389 610 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=UTF-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410449.506102 1519410453.4625247 3956 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/styles/components.css?1513713229 447 79865 0 79485 401 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1234 1519410449.3599086 1519410453.5345275 4175 192.168.1.119 - 50986 95.101.173.226 80 http://cdn.optimizely.com/js/50136351.js 416 2036787 0 2035801 388 972 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1235 1519410452.060793 1519410454.2078724 2147 192.168.1.119 - 50985 178.79.227.142 80 http://www.utorrent.com/scripts/jquery.smartbanner.js 429 15233 0 14837 386 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1236 1519410451.7397854 1519410454.468416 2729 192.168.1.119 - 50988 216.58.201.74 80 http://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600 455 9975 0 9528 405 433 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1237 1519410460.0382164 1519410460.0601943 22 192.168.1.119 - 50989 104.17.27.15 80 http://static.bitmedianetwork.com/sync/5682.js 422 4505 0 3598 396 893 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410460.268567 1519410460.4991138 231 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/scripts/app.js 414 2172 0 1777 386 381 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410460.519662 1519410460.5341175 14 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/scripts/jquery.colorbox-min.js 430 12143 0 11747 386 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410461.9539747 1519410461.9711523 17 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/scripts/main.min.js 419 30910 0 30514 386 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410464.413202 1519410464.4276502 14 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/scripts/tracking.js 419 5566 0 5171 386 381 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1238 1519410465.3188307 1519410465.458045 139 192.168.1.119 - 50991 82.221.103.246 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111389996&l=en&svp=4&svn_revno=44332&tk=stable34&cmp=290&ocmp=290&period=8&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=16&nat_state=255&pc=6&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=78&rsb=2&rtsb=77&view=win32&cmp=290&ocmp=290&db=other&plus=3&pupsell=1&adc=1&ch_up=1?fg=16000&ssb=1178085&ssu=11645651684&xseq=0&cau_time=0 580 2359 0 2006 144 339 'BTWebClient/351S(44332)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1239 1519410465.5288866 1519410465.5550494 26 192.168.1.119 - 50990 95.172.94.51 443 https://secure.quantserve.com/quant.js 417 11495 0 11050 395 431 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410465.7833545 1519410465.7981126 15 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/img/prodnews/blogpng.png 460 5388 0 5008 422 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1240 1519410465.6455717 1519410465.8686404 223 192.168.1.119 - 50992 54.225.194.96 80 http://i-29.b-44332.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1241 1519410466.046544 1519410466.0891619 43 192.168.1.119 - 50993 13.32.145.50 80 http://utclient.utorrent.com/images/mobile-icon.png 240 1862 0 1263 204 585 'BTWebClient/351S(44332)' image/png GET 200 - - - - - - - CTU.339.1.Malicious 1242 1519410466.2502728 1519410466.3819885 132 192.168.1.119 - 50994 82.221.103.246 80 http://update.utorrent.li/update_event.php?cl=uTorrent&v=111389996&l=en&svp=4&svn_revno=44332&tk=stable34&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&auexit=1 281 359 0 0 144 345 'BTWebClient/351S(44332)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1233 1519410466.5454936 1519410466.5634053 18 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/img/prodnews/mobilepng.png 462 1471 0 1091 422 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1243 1519410466.5610366 1519410466.8145506 254 192.168.1.119 - 50995 54.235.208.27 80 http://i-139.b-44332.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1233 1519410466.7970357 1519410466.8155797 19 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/img/prodnews/noadspng.png 461 4810 0 4430 422 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1233 1519410467.8453074 1519410467.8600855 15 192.168.1.119 - 50980 178.79.227.142 80 http://www.utorrent.com/img/btn/googleplay.png 458 5744 0 5364 422 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1244 1519410467.506812 1519410469.0434012 1537 192.168.1.119 - 50998 54.235.208.27 80 http://i-32.b-44332.ut.bench.utorrent.com/e?i=32 535 232 350 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1245 1519410466.671068 1519410469.0931242 2422 192.168.1.119 - 50996 178.79.242.19 80 http://ll.download3.utorrent.com/langpacks/langpack-4308500ut.win.zip 201 1326744 0 1326360 151 370 'BTWebClient/351S(44332)' application/zip GET 200 - - - - - - - CTU.339.1.Malicious 1246 1519410469.7462366 1519410469.9522638 206 192.168.1.119 - 50999 54.235.208.27 80 http://i-43.b-44332.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1247 1519410466.6997874 1519410470.706843 4006 192.168.1.119 - 50997 178.79.242.147 80 http://ll.download3.utorrent.com/3.5.3/utorrent.44358.installer.exe?au=1&hash=7d2e61324fb78ff0df0bf175758cf5efe8da8e5e 250 2148417 0 2148024 151 379 'BTWebClient/351S(44332)' application/octet-stream GET 200 - - - - - - - CTU.339.1.Malicious 1248 1519410470.9912903 1519410472.611167 1620 192.168.1.119 - 51000 54.235.208.27 80 http://i-43.b-44332.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1249 1519410483.3868747 1519410483.4604142 74 192.168.1.119 - 51001 95.101.173.226 80 http://cdn3.optimizely.com/js/geo2.js 413 807 0 287 389 506 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1250 1519410484.975019 1519410485.1744392 199 192.168.1.119 - 51003 178.79.227.142 80 http://www.utorrent.com/scripts/headers.php?callback=jQuery11110006726656208148718_1519410485572&_=1519410485573 1196 529 0 247 1094 268 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1251 1519410485.1654003 1519410485.3023026 137 192.168.1.119 - 51002 54.235.199.22 443 https://50136351.log.optimizely.com/event?a=50136351&d=8230037&y=false&src=js&s172074712=false&s172226670=none&s172411375=opera&s172441755=referral&tsent=1519410485.021&n=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&u=oeu1519410484539r0.7009016301951327&wxhr=true&time=1519410485.02&f=8439400808,10346362521,9368840927,10039463070,10327913862,9280175262,9726032462&g=&cx2=494b7499 825 775 0 2 442 759 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1252 1519410485.3030686 1519410485.329846 27 192.168.1.119 - 51007 178.79.227.142 80 http://www.utorrent.com/img/logos/utorrent.png 1028 2891 0 2511 992 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 http://www.utorrent.com/styles/components.css?1513713229 - - - - - - CTU.339.1.Malicious 1253 1519410485.1335006 1519410485.5469964 413 192.168.1.119 - 51005 216.58.201.72 80 http://www.googletagmanager.com/gtm.js?id=GTM-M5F5X5 428 62217 0 61641 394 562 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=UTF-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1254 1519410485.2209811 1519410485.626149 405 192.168.1.119 - 51006 104.16.2.9 80 http://s.zkcdn.net/ados.js 402 26608 0 25716 381 878 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1252 1519410485.545478 1519410486.3246987 779 192.168.1.119 - 51007 178.79.227.142 80 http://www.utorrent.com/img/bkgd/header.jpg 1025 25768 0 25386 992 368 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/jpeg GET 200 http://www.utorrent.com/styles/components.css?1513713229 - - - - - - CTU.339.1.Malicious 1255 1519410485.6539977 1519410486.3930721 739 192.168.1.119 - 51013 216.58.201.67 80 http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0b.woff2 498 14557 0 14048 439 495 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' font/woff2 GET 200 http://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600 - - - - - - CTU.339.1.Malicious 1256 1519410485.6264675 1519410486.5586333 932 192.168.1.119 - 51008 178.79.227.142 80 http://www.utorrent.com/img/icons/menu-white.svg 1030 1005 0 622 992 369 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/svg+xml GET 200 http://www.utorrent.com/styles/components.css?1513713229 - - - - - - CTU.339.1.Malicious 1257 1519410486.3310373 1519410491.4435828 5113 192.168.1.119 - 51016 95.101.175.202 80 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D 641 1154 0 341 510 784 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=iso-8859-1 GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - CTU.339.1.Malicious 1258 1519410486.4196358 1519410491.5402632 5121 192.168.1.119 - 51011 216.58.201.67 80 http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2 502 15073 0 14564 439 495 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' font/woff2 GET 200 http://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600 - - - - - - CTU.339.1.Malicious 1259 1519410486.4159603 1519410491.5444355 5128 192.168.1.119 - 51012 216.58.201.67 80 http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 502 15229 0 14720 439 495 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' font/woff2 GET 200 http://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600 - - - - - - CTU.339.1.Malicious 1251 1519410490.9056518 1519410491.8268256 921 192.168.1.119 - 51002 54.235.199.22 443 https://50136351.log.optimizely.com/event?a=50136351&d=8230037&y=false&src=js&s172074712=false&s172226670=none&s172411375=opera&s172441755=referral&tsent=1519410487.914&n=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&u=oeu1519410484539r0.7009016301951327&wxhr=true&time=1519410487.914&f=8439400808,10346362521,9368840927,10039463070,10327913862,9280175262,9726032462&g=&cx2=e9c86b86 891 497 0 2 507 481 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1260 1519410491.703882 1519410491.954719 251 192.168.1.119 - 51023 216.58.201.67 80 http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhp.woff2 502 15053 0 14544 439 495 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' font/woff2 GET 200 http://fonts.googleapis.com/css?family=Open+Sans:400,300,700,600 - - - - - - CTU.339.1.Malicious 1257 1519410491.8646924 1519410492.010379 146 192.168.1.119 - 51016 95.101.175.202 80 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 703 2782 0 1587 568 1181 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1261 1519410493.7670052 1519410493.7929184 26 192.168.1.119 - 51029 185.26.182.103 443 https://sitecheck2.opera.com/api/v2/check 416 316 55 31 334 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-protobuf POST 200 - - - - - - - CTU.339.1.Malicious 1256 1519410490.9067137 1519410493.8865416 2980 192.168.1.119 - 51008 178.79.227.142 80 http://www.utorrent.com/fonts/fontawesome/fontawesome-webfont.woff?v=4.0.3 1062 44828 0 44432 998 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/octet-stream GET 200 http://www.utorrent.com/styles/components.css?1513713229 - - - - - - CTU.339.1.Malicious 1262 1519410491.7287426 1519410493.9083521 2180 192.168.1.119 - 51025 54.225.184.50 80 http://engine.ap.bittorrent.com/ados?t=1519410487958&request={%22Placements%22:[{%22A%22:5682,%22S%22:671386,%22D%22:%22nexway-leaderboard%22,%22AT%22:4}],%22Keywords%22:%22undefined%22,%22Referrer%22:%22http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332%22,%22IsAsync%22:true} 835 814 0 0 394 800 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1263 1519410491.7435298 1519410494.0795965 2336 192.168.1.119 - 51026 13.32.145.96 80 http://rules.quantcount.com/rules-p-f87ZgUEkM-SZY.js 428 590 0 3 390 573 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1264 1519410491.7494185 1519410494.1578531 2408 192.168.1.119 - 51027 195.113.232.74 80 http://edge.quantserve.com/quant.js 411 12365 0 11923 389 428 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1265 1519410492.619517 1519410494.2441046 1625 192.168.1.119 - 51030 54.225.184.50 80 http://engine.ap.bittorrent.com/ados?t=1519410491971&request={%22Placements%22:[{%22A%22:5682,%22S%22:55041,%22D%22:%22azk15347%22,%22AT%22:5,%22Z%22:[160853]}],%22Keywords%22:%22undefined%22,%22Referrer%22:%22http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332%22,%22IsAsync%22:true} 841 814 0 0 394 800 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1266 1519410494.2184741 1519410494.2500088 32 192.168.1.119 - 51021 104.103.109.179 443 https://a8230037.cdn.optimizely.com/client_storage/a8230037.html 563 2176 0 1496 521 666 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1267 1519410493.4907348 1519410494.7893286 1299 192.168.1.119 - 51031 54.225.184.50 80 http://engine.ap.bittorrent.com/ados?t=1519410491976&request={%22Placements%22:[{%22A%22:5682,%22S%22:55041,%22D%22:%22azk54412%22,%22AT%22:5,%22Z%22:[160854]}],%22Keywords%22:%22undefined%22,%22Referrer%22:%22http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332%22,%22IsAsync%22:true} 841 814 0 0 394 800 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1268 1519410491.7295253 1519410494.833252 3104 192.168.1.119 - 51024 13.32.145.96 80 http://rules.quantcount.com/rules-p-zddNYNtUkUhdQ.js 428 590 0 3 390 573 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1269 1519410495.3251343 1519410495.3802261 55 192.168.1.119 - 51032 195.113.232.72 80 http://b.scorecardresearch.com/b?c1=2&c2=17330952&ns__t=1519410491202&ns_c=UTF-8&c8=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&c7=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&c9=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332 904 1070 0 0 429 1041 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - http://b.scorecardresearch.com/b2?c1=2&c2=17330952&ns__t=1519410491202&ns_c=UTF-8&c8=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&c7=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&c9=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332 - CTU.339.1.Malicious 1270 1519410495.3376422 1519410495.4458416 108 192.168.1.119 - 51034 172.217.23.226 80 http://cm.g.doubleclick.net/pixel?google_nid=casale_media2_nonsecure&google_cm&google_sc 596 1078 0 310 522 751 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=UTF-8 GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://cm.g.doubleclick.net/pixel?google_nid=casale_media2_nonsecure&google_cm=&google_sc=&google_tc= - CTU.339.1.Malicious 1271 1519410495.5356193 1519410495.6122177 77 192.168.1.119 - 51040 77.238.185.35 80 http://pr-bh.ybp.yahoo.com/sync/casale/WpBdOrlQJ70AAG7r97gAAADDBGoAAAAB 579 396 0 43 521 339 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1272 1519410495.3760793 1519410495.7001967 324 192.168.1.119 - 51036 185.31.128.208 80 http://p.rfihub.com/cm?in=1&pub=2079 544 723 0 0 514 706 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://dsum.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1041809273257993778 - CTU.339.1.Malicious 1273 1519410495.3460798 1519410495.7270389 381 192.168.1.119 - 51035 46.228.164.11 80 http://ad.turn.com/r/cs?pid=21 538 565 0 0 513 548 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - https://dsum-sec.casalemedia.com/crum?cm_dsp_id=4&external_user_id=8741643084357605365 - CTU.339.1.Malicious 1274 1519410496.0488684 1519410496.3056417 257 192.168.1.119 - 51041 159.253.128.188 80 http://um.simpli.fi/pm_match?http://dsum.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID 604 1030 0 154 514 847 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=90&external_user_id=BC80FD9F405D905A5B87B46E0257DB93 - CTU.339.1.Malicious 1269 1519410496.611637 1519410496.6411695 30 192.168.1.119 - 51032 195.113.232.72 80 http://b.scorecardresearch.com/b2?c1=2&c2=17330952&ns__t=1519410491202&ns_c=UTF-8&c8=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&c7=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&c9=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332 977 298 0 0 501 276 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 204 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1275 1519410496.537048 1519410496.6460783 109 192.168.1.119 - 51018 216.58.201.78 443 https://www.google-analytics.com/analytics.js 456 290 0 0 430 278 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1270 1519410496.6128423 1519410496.667977 55 192.168.1.119 - 51034 172.217.23.226 80 http://cm.g.doubleclick.net/pixel?google_nid=casale_media2_nonsecure&google_cm=&google_sc=&google_tc= 657 1228 0 309 570 902 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=UTF-8 GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECcBlMh3EvacDUlgHOjx738&google_cver=1 - CTU.339.1.Malicious 1276 1519410495.3835578 1519410496.6715994 1288 192.168.1.119 - 51037 151.101.38.49 80 http://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=http%3A%2F%2Fdsum.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D 659 866 0 0 525 849 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=http%3A%2F%2Fdsum.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=WpBdQAAAALY7zjRz - CTU.339.1.Malicious 1277 1519410495.4375699 1519410496.6800532 1242 192.168.1.119 - 51038 52.73.66.244 80 http://track.eyeviewads.com/sync/csle 545 543 0 0 522 526 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://pixeltrack.eyeviewads.com/check?r=http%3A%2F%2Fdsum.casalemedia.com%2Frum%3Fcm_dsp_id%3D77%26external_user_id%3Da407f604c436509aa8ed53766de07605&vndr=csle - CTU.339.1.Malicious 1276 1519410496.7863529 1519410496.8142045 28 192.168.1.119 - 51037 151.101.38.49 80 http://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=http%3A%2F%2Fdsum.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=WpBdQAAAALY7zjRz 743 540 0 0 583 523 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://dsum.casalemedia.com/rum?cm_dsp_id=88&external_user_id=WpBdQAAAALY7zjRz&_test=WpBdQAAAALY7zjRz - CTU.339.1.Malicious 1278 1519410496.829728 1519410497.0701928 240 192.168.1.119 - 51042 52.73.66.244 80 http://pixeltrack.eyeviewads.com/check?r=http%3A%2F%2Fdsum.casalemedia.com%2Frum%3Fcm_dsp_id%3D77%26external_user_id%3Da407f604c436509aa8ed53766de07605&vndr=csle 728 488 0 0 586 471 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://dsum.casalemedia.com/rum?cm_dsp_id=77&external_user_id=a407f604c436509aa8ed53766de07605&sticky=true - CTU.339.1.Malicious 1279 1519410496.941865 1519410497.070358 128 192.168.1.119 - 51022 35.153.45.65 443 https://logx.optimizely.com/v1/events 1503 404 968 0 511 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain POST 204 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1280 1519410497.1056728 1519410497.2512116 146 192.168.1.119 - 51043 95.101.175.202 80 http://dsum.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1041809273257993778 829 1094 0 43 762 1037 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1281 1519410497.5213976 1519410497.569864 48 192.168.1.119 - 51052 95.172.94.29 80 http://pixel.quantserve.com/pixel;r=698922851;rf=0;a=p-zddNYNtUkUhdQ;url=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332;ref=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332;fpan=1;fpa=P0-2011111031-1519410496672;ns=0;ce=1;cm=;je=0;sr=819x583x24;enc=n;dst=1;et=1519410496613;tzo=480;ogl=title.Product%20News%20-%20%2Ctype.website%2Cimage.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fimages%2Finterface%2FutorrentLogoRetina%252Epng%2Curl.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fprodnews%3Fuid%3D%26v%3D3%252E5%252E1%252E1%252E44332%2Cdescription.The%20official%20%C2%B5Torrent%C2%AE%20(uTorrent)%20torrent%20client%20for%20Windows%252C%20Mac%252C%20Android%20and%20L 1278 556 0 35 426 507 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1282 1519410497.503885 1519410497.860808 357 192.168.1.119 - 51051 204.11.109.66 80 http://a.tribalfusion.com/i.match?p=b20&redirect=http%3A%2F%2Fdsum.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_dsp_id=131&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD 762 794 0 36 520 729 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - /z/i.match?p=b20&redirect=http%3A%2F%2Fdsum.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_dsp_id=131&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD - CTU.339.1.Malicious 1280 1519410497.4566875 1519410497.8624458 406 192.168.1.119 - 51043 95.101.175.202 80 http://dsum.casalemedia.com/rum?cm_dsp_id=88&external_user_id=WpBdQAAAALY7zjRz&_test=WpBdQAAAALY7zjRz 849 1003 0 43 762 946 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1283 1519410497.3631237 1519410498.0203302 657 192.168.1.119 - 51049 54.243.33.238 80 http://engine.bitmedianetwork.com/udb/5682/sync/i.gif?partnerId=1&userId=WpBdOrlQJ70AAG7r97gAAADD%261130 612 831 0 43 528 774 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1284 1519410497.8318965 1519410498.0227044 191 192.168.1.119 - 51050 95.101.175.202 443 https://dsum-sec.casalemedia.com/crum?cm_dsp_id=4&external_user_id=8741643084357605365 837 1022 0 43 770 965 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1285 1519410498.1283588 1519410498.5091815 381 192.168.1.119 - 51047 95.101.175.202 80 http://dsum.casalemedia.com/rum?cm_dsp_id=77&external_user_id=a407f604c436509aa8ed53766de07605&sticky=true 854 1161 0 43 762 1104 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1286 1519410498.8637557 1519410498.8767471 13 192.168.1.119 - 51059 216.58.201.78 443 https://www.google-analytics.com/collect?v=1&_v=j66&a=1132775337&t=pageview&_s=1&dl=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&dr=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332&ul=en-us&de=UTF-8&dt=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&sd=24-bit&sr=819x583&vp=762x456&je=0&_u=IGBAgEAB~&jid=820509973&gjid=377539374&cid=1589858469.1519410497&tid=UA-116155-1&_gid=2119875414.1519410497&z=2103640864 1060 633 0 35 408 586 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1286 1519410498.8698316 1519410498.882874 13 192.168.1.119 - 51059 216.58.201.78 443 https://www.google-analytics.com/collect?v=1&_v=j66&a=1132775337&t=event&ni=1&_s=2&dl=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&dr=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332&ul=en-us&de=UTF-8&dt=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&sd=24-bit&sr=819x583&vp=762x456&je=0&ec=Reading&ea=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&el=Article%20Loaded&ev=1&_u=IGBAgEAB~&jid=&gjid=&cid=1589858469.1519410497&tid=UA-116155-1&_gid=2119875414.1519410497&z=1086935612 1183 633 0 35 408 586 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1287 1519410498.798919 1519410499.0738983 275 192.168.1.119 - 51054 95.172.94.29 80 http://pixel.quantserve.com/pixel;r=48289397;rf=0;a=p-f87ZgUEkM-SZY;url=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332;ref=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332;fpan=0;fpa=P0-2011111031-1519410496672;ns=0;ce=1;cm=;je=0;sr=819x583x24;enc=n;dst=1;et=1519410496677;tzo=480;ogl=title.Product%20News%20-%20%2Ctype.website%2Cimage.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fimages%2Finterface%2FutorrentLogoRetina%252Epng%2Curl.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fprodnews%3Fuid%3D%26v%3D3%252E5%252E1%252E1%252E44332%2Cdescription.The%20official%20%C2%B5Torrent%C2%AE%20(uTorrent)%20torrent%20client%20for%20Windows%252C%20Mac%252C%20Android%20and%20L 1324 353 0 35 473 304 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1288 1519410497.8956213 1519410499.8059874 1910 192.168.1.119 - 51055 204.11.109.66 80 http://a.tribalfusion.com/z/i.match?p=b20&redirect=http%3A%2F%2Fdsum.casalemedia.com/crum%3Fcm_dsp_id%3D131%26external_user_id%3D%24TF_USER_ID_ENC%24&cm_dsp_id=131&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD 833 680 0 36 589 615 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662320384899943 - CTU.339.1.Malicious 1285 1519410499.8120267 1519410499.9546578 143 192.168.1.119 - 51047 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=131&external_user_id=18072662320384899943 918 1181 0 43 848 1124 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1289 1519410491.7545407 1519410500.0883873 8334 192.168.1.119 - 51028 174.37.241.117 80 http://www.searchme.com/sr/intst.cgi?js=1&afid=utmac 428 363 0 164 386 185 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1290 1519410500.16741 1519410500.2015755 34 192.168.1.119 - 51053 64.233.184.155 443 https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j66&tid=UA-116155-1&cid=1589858469.1519410497&jid=820509973&gjid=377539374&_gid=2119875414.1519410497&_u=IGBAgEAB~&z=152189351 660 693 0 35 487 646 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1291 1519410497.1114035 1519410500.536503 3425 192.168.1.119 - 51044 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=90&external_user_id=BC80FD9F405D905A5B87B46E0257DB93 843 1213 0 43 762 1156 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1292 1519410497.1245873 1519410504.4882562 7364 192.168.1.119 - 51048 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESECcBlMh3EvacDUlgHOjx738&google_cver=1 852 1240 0 43 762 1183 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D&C=1 - - - - - - CTU.339.1.Malicious 1293 1519410504.6994793 1519410504.7116787 12 192.168.1.119 - 51060 195.113.232.72 80 http://b.scorecardresearch.com/c2/17330952/cs.js 496 462 0 0 465 448 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1294 1519410504.8938982 1519410504.9095578 16 192.168.1.119 - 51061 195.113.232.75 80 http://a.adroll.com/j/roundtrip.js 410 31861 0 31215 382 632 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1295 1519410504.9766552 1519410505.233136 256 192.168.1.119 - 51062 178.79.227.142 80 http://www.utorrent.com/faviconUT.ico 847 1725 0 1342 820 369 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/x-icon GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1296 1519410505.969293 1519410506.0155983 46 192.168.1.119 - 51063 54.246.125.195 443 https://d.adroll.com/pixel/WRNHYSCUBBFDJDUFLNAD4M/HKJ25VUTI5H4LPF7Z3GRW2?pv=756630807.7709305&cookie=&adroll_s_ref=http%3A//cdn.bitmedianetwork.com/network/r.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A//utorrent.com/prodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332&keyw=&arrfrr=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332 795 1042 0 0 386 1013 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://s.adroll.com/pixel/WRNHYSCUBBFDJDUFLNAD4M/HKJ25VUTI5H4LPF7Z3GRW2/N7JPP7FBQBCK7DDMZ3B4KY.js - CTU.339.1.Malicious 1297 1519410506.6826057 1519410506.7401743 58 192.168.1.119 - 51064 95.101.175.165 443 https://s.adroll.com/pixel/WRNHYSCUBBFDJDUFLNAD4M/HKJ25VUTI5H4LPF7Z3GRW2/N7JPP7FBQBCK7DDMZ3B4KY.js 477 10255 0 9385 386 856 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1296 1519410506.7657177 1519410506.821091 55 192.168.1.119 - 51063 54.246.125.195 443 https://d.adroll.com/fb/tr/?id=836023326534362&ev=ViewContent&cd[content_type]=product&cd[content_ids]=adroll_dummy_product_&cd[application_id]=321379434608647&cd[product_catalog_id]=896175290488468 672 1139 0 245 481 865 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://www.facebook.com/tr/?id=836023326534362&ev=ViewContent&cd[content_type]=product&cd[content_ids]=adroll_dummy_product_&cd[application_id]=321379434608647&cd[product_catalog_id]=896175290488468&cd[external_id]=6C2FmbjDco1FZCsekbB4lQ - CTU.339.1.Malicious 1296 1519410507.0204277 1519410507.0637562 43 192.168.1.119 - 51063 54.246.125.195 443 https://d.adroll.com/cm/r/out 503 1012 0 181 481 802 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1 - CTU.339.1.Malicious 1298 1519410507.2346761 1519410507.2581775 24 192.168.1.119 - 51070 31.13.91.36 443 https://www.facebook.com/tr/?id=836023326534362&ev=ViewContent&cd[content_type]=product&cd[content_ids]=adroll_dummy_product_&cd[application_id]=321379434608647&cd[product_catalog_id]=896175290488468&cd[external_id]=6C2FmbjDco1FZCsekbB4lQ 687 514 0 44 460 458 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1299 1519410507.4034865 1519410507.4452567 42 192.168.1.119 - 51071 31.13.91.6 443 https://connect.facebook.net/en_US/fbevents.js 399 40931 0 39435 368 1484 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1296 1519410507.2615607 1519410507.5428815 281 192.168.1.119 - 51063 54.246.125.195 443 https://d.adroll.com/cm/b/out 503 841 0 96 481 716 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://x.bidswitch.net/sync?dsp_id=44&user_id=ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU - CTU.339.1.Malicious 1300 1519410507.7410254 1519410507.8143315 73 192.168.1.119 - 51072 217.12.15.83 443 https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1 632 1549 0 0 465 1532 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 - CTU.339.1.Malicious 1296 1519410507.74344 1519410508.0313406 288 192.168.1.119 - 51063 54.246.125.195 443 https://d.adroll.com/cm/x/out 503 876 0 113 481 734 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU') - CTU.339.1.Malicious 1300 1519410508.044014 1519410508.106983 63 192.168.1.119 - 51072 217.12.15.83 443 https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 557 1816 0 0 465 1799 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain; charset=utf-8 GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://d.adroll.com/cm/r/in?xid=DC9jbIAHIcqUpUSTd.OaN4jq - CTU.339.1.Malicious 1301 1519410507.9415944 1519410508.2210248 279 192.168.1.119 - 51069 54.246.125.195 443 https://d.adroll.com/cm/l/out 503 821 0 86 481 706 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://idsync.rlcdn.com/377928.gif?partner_uid=e82d8599b8c3728d45642b1e91b07895 - CTU.339.1.Malicious 1299 1519410508.4990249 1519410508.5211747 22 192.168.1.119 - 51071 31.13.91.6 443 https://connect.facebook.net/signals/config/836023326534362?v=2.8.12&r=stable 430 58738 0 57138 368 1588 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/x-javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1301 1519410508.4793823 1519410508.5363898 57 192.168.1.119 - 51069 54.246.125.195 443 https://d.adroll.com/cm/o/out 503 823 0 87 481 707 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://us-u.openx.net/w/1.0/sd?id=537103138&val=e82d8599b8c3728d45642b1e91b07895 - CTU.339.1.Malicious 1296 1519410508.6233687 1519410508.6721385 49 192.168.1.119 - 51063 54.246.125.195 443 https://d.adroll.com/cm/g/out?google_nid=adroll5 522 886 0 118 481 739 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=6C2FmbjDco1FZCsekbB4lQ&google_ula=1535926 - CTU.339.1.Malicious 1301 1519410508.7708871 1519410508.816496 46 192.168.1.119 - 51069 54.246.125.195 443 https://d.adroll.com/cm/r/in?xid=DC9jbIAHIcqUpUSTd.OaN4jq 531 688 0 35 481 639 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1302 1519410508.928394 1519410508.9561467 28 192.168.1.119 - 51077 173.241.240.143 443 https://us-u.openx.net/w/1.0/sd?id=537103138&val=e82d8599b8c3728d45642b1e91b07895 496 452 0 0 424 423 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=e82d8599b8c3728d45642b1e91b07895 - CTU.339.1.Malicious 1303 1519410509.310357 1519410509.3386817 28 192.168.1.119 - 51078 37.252.172.80 443 https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU%27) 526 1107 0 0 422 1090 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://ib.adnxs.com/bounce?%2Fpxj%3Fbidder%3D172%26seg%3D802787%26action%3Dsetuid%28%2527ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU%2527%29 - CTU.339.1.Malicious 1303 1519410509.3434172 1519410509.4151323 72 192.168.1.119 - 51078 37.252.172.80 443 https://ib.adnxs.com/bounce?%2Fpxj%3Fbidder%3D172%26seg%3D802787%26action%3Dsetuid%28%2527ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU%2527%29 607 1236 0 43 473 1179 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1302 1519410509.198945 1519410509.438867 240 192.168.1.119 - 51077 173.241.240.143 443 https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=e82d8599b8c3728d45642b1e91b07895 568 391 0 43 491 334 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1304 1519410509.426772 1519410509.4581323 31 192.168.1.119 - 51073 18.195.183.62 443 https://x.bidswitch.net/sync?dsp_id=44&user_id=ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU 505 824 0 0 425 795 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU - CTU.339.1.Malicious 1305 1519410509.5306356 1519410509.5606225 30 192.168.1.119 - 51075 172.217.23.226 443 https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=6C2FmbjDco1FZCsekbB4lQ&google_ula=1535926 581 1188 0 246 484 930 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=UTF-8 GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://d.adroll.com/cm/g/in?google_ula=1535926,0 - CTU.339.1.Malicious 1304 1519410509.462739 1519410509.702093 239 192.168.1.119 - 51073 18.195.183.62 443 https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU 615 707 0 0 529 678 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - //eb2.3lift.com/xuid?mid=2409&xuid=bbe46049-54dc-4bfe-bc54-2f9db1e17faa&dongle=d3d3 - CTU.339.1.Malicious 1301 1519410509.7519906 1519410509.7954636 43 192.168.1.119 - 51069 54.246.125.195 443 https://d.adroll.com/cm/g/in?google_ula=1535926,0 523 754 0 35 481 705 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1306 1519410510.1318839 1519410510.244038 112 192.168.1.119 - 51076 34.196.128.88 443 https://idsync.rlcdn.com/377928.gif?partner_uid=e82d8599b8c3728d45642b1e91b07895 495 497 0 0 426 480 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif; charset=ISO-8859-1 GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - https://idsync.rlcdn.com/377928.gif?partner_uid=e82d8599b8c3728d45642b1e91b07895&redirect=1 - CTU.339.1.Malicious 1306 1519410510.4551053 1519410510.9063609 451 192.168.1.119 - 51076 34.196.128.88 443 https://idsync.rlcdn.com/377928.gif?partner_uid=e82d8599b8c3728d45642b1e91b07895&redirect=1 531 599 0 43 451 542 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif; charset=ISO-8859-1 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1307 1519410511.1544726 1519410511.1832054 29 192.168.1.119 - 51079 35.158.199.54 443 https://eb2.3lift.com/xuid?mid=2409&xuid=bbe46049-54dc-4bfe-bc54-2f9db1e17faa&dongle=d3d3 504 549 0 0 423 532 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - /xuid?ld=1&mid=2409&xuid=bbe46049-54dc-4bfe-bc54-2f9db1e17faa&dongle=d3d3 - CTU.339.1.Malicious 1307 1519410511.1876297 1519410511.216083 28 192.168.1.119 - 51079 35.158.199.54 443 https://eb2.3lift.com/xuid?ld=1&mid=2409&xuid=bbe46049-54dc-4bfe-bc54-2f9db1e17faa&dongle=d3d3 553 524 0 37 467 473 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1308 1519410511.891625 1519410511.9706347 79 192.168.1.119 - 51081 31.13.91.36 443 https://www.facebook.com/tr/?id=836023326534362&ev=PageView&dl=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.1.1.44332&rl=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e1%252e1%252e44332&if=false&ts=1519410510541&cd[segment_eid]=N7JPP7FBQBCK7DDMZ3B4KY&sw=819&sh=583&v=2.8.12&r=stable&ec=0&o=29&it=1519410508470 941 380 0 44 460 324 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.1.1.44332 - - - - - - CTU.339.1.Malicious 1309 1519410638.1271946 1519410638.1812427 54 192.168.1.119 - 51082 23.51.123.27 80 http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D 267 2183 0 1754 133 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 1310 1519410638.4650216 1519410638.5195386 55 192.168.1.119 - 51083 23.51.123.27 80 http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEAzzU2mpcQdiw29oBfyeRdY%3D 267 2039 0 1610 133 415 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 1311 1519410639.7813292 1519410639.9922469 211 192.168.1.119 - 51084 54.225.194.96 80 http://i-31.b-44332.ut.bench.utorrent.com/e?i=31 420 232 235 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1312 1519410671.3763423 1519410671.38372 7 192.168.1.119 - 51086 195.113.232.72 80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 361 329 0 0 292 305 'Microsoft-CryptoAPI/6.1' application/vnd.ms-cab-compressed GET 304 - - - - - - - CTU.339.1.Malicious 1313 1519411485.2833335 1519411485.51017 227 192.168.1.119 - 51092 174.129.255.167 80 http://i-30.b-44332.ut.bench.utorrent.com/e?i=30 370 232 185 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1314 1519411486.2346973 1519411486.460389 226 192.168.1.119 - 51093 23.21.92.252 80 http://i-43.b-44332.ut.bench.utorrent.com/e?i=43 425 232 240 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1315 1519411491.2086437 1519411491.4124875 204 192.168.1.119 - 51095 23.21.139.158 80 http://i-30.b-44332.ut.bench.utorrent.com/e?i=30 362 232 177 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1316 1519411492.0811903 1519411492.329573 248 192.168.1.119 - 51096 23.21.139.158 80 http://i-31.b-44332.ut.bench.utorrent.com/e?i=31 413 232 228 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1317 1519411493.3902638 1519411493.6086175 218 192.168.1.119 - 51097 54.225.194.96 80 http://i-21.b-44332.ut.bench.utorrent.com/e?i=21 701 232 516 21 164 197 'ut_core BenchHttp (ver:44332)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1318 1519411504.8620415 1519411505.068496 206 192.168.1.119 - 51098 23.21.139.158 80 http://i-21.b-44358.ut.bench.utorrent.com/e?i=21 701 232 516 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1319 1519411517.4193244 1519411517.5027819 83 192.168.1.119 - 51099 13.32.159.202 80 http://now.bt.co/inclient 157 628 0 183 135 416 'BTWebClient/353S(44358)' text/html GET 301 - - - - - https://now.bt.co/inclient - CTU.339.1.Malicious 1320 1519411518.0613108 1519411518.317621 256 192.168.1.119 - 51102 13.32.145.161 80 http://utclient.utorrent.com/pro/utorrent/index.html 184 969 0 264 147 691 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1321 1519411518.6511488 1519411518.903043 252 192.168.1.119 - 51105 178.79.242.147 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 252 0 0 203 228 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1322 1519411518.6470985 1519411518.9039564 257 192.168.1.119 - 51104 178.79.242.147 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 252 0 0 203 228 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1323 1519411524.6404438 1519411524.6652834 25 192.168.1.119 - 51108 178.79.227.76 80 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e3%2e1%2e44358 602 1745 0 1216 441 515 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1324 1519411527.0798779 1519411527.114356 34 192.168.1.119 - 51110 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/tags/ut.json 213 8888 0 8357 179 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1325 1519411527.864999 1519411528.0776896 213 192.168.1.119 - 51113 23.21.139.158 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 382 232 197 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1326 1519411528.7960346 1519411529.000898 205 192.168.1.119 - 51114 23.21.139.158 80 http://i-31.b-44358.ut.bench.utorrent.com/e?i=31 435 232 250 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1327 1519411530.0307894 1519411530.2355757 205 192.168.1.119 - 51115 23.23.215.82 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 355 232 170 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1328 1519411530.9293523 1519411531.1687737 239 192.168.1.119 - 51116 178.79.227.76 80 http://cdn.bitmedianetwork.com/network/index.html?adt=4&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en 499 1127 0 599 344 514 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1329 1519411530.9350088 1519411531.1689327 234 192.168.1.119 - 51117 23.23.215.82 80 http://i-38.b-44358.ut.bench.utorrent.com/e?i=38 409 232 224 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1330 1519411531.3237488 1519411531.3418567 18 192.168.1.119 - 51118 178.79.227.167 80 http://cdn.bitmedianetwork.com/network/start.html?langs=en 385 1900 0 1371 344 515 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1331 1519411532.0590527 1519411532.0926213 34 192.168.1.119 - 51119 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1332 1519411532.1446233 1519411532.37124 227 192.168.1.119 - 51120 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 341 232 156 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1328 1519411532.631089 1519411532.6466234 16 192.168.1.119 - 51116 178.79.227.76 80 http://cdn.bitmedianetwork.com/network/assets/css/styles.css 578 1214 0 687 535 513 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/css GET 200 http://cdn.bitmedianetwork.com/network/index.html?adt=4&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en - - - - - - CTU.339.1.Malicious 1328 1519411533.376233 1519411533.3952188 19 192.168.1.119 - 51116 178.79.227.76 80 http://cdn.bitmedianetwork.com/assets/js/3p/ie8.js 568 8055 0 7513 535 528 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript GET 200 http://cdn.bitmedianetwork.com/network/index.html?adt=4&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en - - - - - - CTU.339.1.Malicious 1333 1519411533.3855548 1519411534.0406017 655 192.168.1.119 - 51122 178.79.227.76 80 http://cdn.bitmedianetwork.com/adzerk/ados-00dce7.js 570 26259 0 25716 535 529 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript GET 200 http://cdn.bitmedianetwork.com/network/index.html?adt=4&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en - - - - - - CTU.339.1.Malicious 1328 1519411534.0934465 1519411534.375146 282 192.168.1.119 - 51116 178.79.227.76 80 http://cdn.bitmedianetwork.com/assets/js/index-bundled.js 575 112852 0 112308 535 530 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript GET 200 http://cdn.bitmedianetwork.com/network/index.html?adt=4&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en - - - - - - CTU.339.1.Malicious 1334 1519411535.184088 1519411535.4788358 295 192.168.1.119 - 51123 54.243.33.238 80 http://engine.bitmedianetwork.com/ados?t=1519411534937&request={"Placements":[{"A":"5682","S":"54166","D":"bt_ap_div","AT":5,"Properties":{"tag":"start-cookie"}}],"Keywords":"tag%3Dstart-cookie","Referrer":"","IsAsync":true} 686 2089 0 1124 482 951 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript; charset=utf-8 GET 200 http://cdn.bitmedianetwork.com/network/start.html?langs=en - - - - - - CTU.339.1.Malicious 1334 1519411536.3277035 1519411536.5128841 185 192.168.1.119 - 51123 54.243.33.238 80 http://engine.bitmedianetwork.com/i.gif?e=eyJhdiI6NjAzMTYsImF0Ijo1LCJidCI6MCwiY20iOjQ0OTU2MCwiY2giOjE0MTQwLCJjayI6e30sImNyIjoxNjQwMjczLCJkaSI6ImUzMDNhZTRmMzI0NjQzZDBhNzA2NjFhYmUwODM4MTY3IiwiZGoiOjAsImlpIjoiNzQ0MGUyYzdiMDMzNGZlZTkyYzg4MjQ5NGE3ZTZkNjIiLCJkbSI6MSwiZmMiOjE5NDUwNzAsImZsIjoyMTk0MDQ1LCJpcCI6IjE0Ny4zMi44My41NiIsImt3IjoidGFnPXN0YXJ0LWNvb2tpZSIsIm53Ijo1NjgyLCJwYyI6MCwiZWMiOjAsInByIjo5NTY5MywicnQiOjIsInJzIjo1MDAsInNhIjoiOSIsInNiIjoiaS0wYjY2N2FkYTU5M2NkN2NkMSIsInNwIjoxODc0MCwic3QiOjU0MTY2LCJ1ayI6InVlMS05ZDBmZjE0MGQyNTY0YWUwOTNlYzY4NGYyNTdiMjExMiIsInRzIjoxNTE5NDExNTM1NDAzLCJiZiI6dHJ1ZSwicG4iOiJidF9hcF9kaXYiLCJiYSI6MSwiZnEiOjB9&s=yzp0D3lMGGpFtSbaDKlhoKRQDXU 1130 939 0 43 482 882 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://cdn.bitmedianetwork.com/network/start.html?langs=en - - - - - - CTU.339.1.Malicious 1330 1519411536.9613357 1519411536.983331 22 192.168.1.119 - 51118 178.79.227.167 80 http://cdn.bitmedianetwork.com/network/index.html?adt=5&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en 641 1127 0 599 486 514 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1330 1519411537.1874864 1519411537.4754026 288 192.168.1.119 - 51118 178.79.227.167 80 http://cdn.bitmedianetwork.com/assets/js/index-bundled.js 575 112852 0 112308 535 530 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/javascript GET 200 http://cdn.bitmedianetwork.com/network/index.html?adt=5&browser=other&clientdata=utorrent%7c3%2e5%2e3%2e44358%7c290&geo=cz&ie=8&page=torrent&site=33049&w=498073862&langs=en - - - - - - CTU.339.1.Malicious 1335 1519411537.3922813 1519411537.5987077 206 192.168.1.119 - 51126 23.23.215.82 80 http://i-38.b-44358.ut.bench.utorrent.com/e?i=38 409 232 224 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1336 1519411543.879293 1519411544.2261813 347 192.168.1.119 - 51128 98.143.146.7 80 http://utorrent.com/prodnews?uid=&v=3.5.3.1.44358 1025 461 0 184 982 248 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 301 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e3%2e1%2e44358 - - - - http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - CTU.339.1.Malicious 1337 1519411544.6260676 1519411544.8614535 235 192.168.1.119 - 51144 178.79.227.142 80 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 1159 27491 0 27106 1116 371 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 http://cdn.bitmedianetwork.com/network/r.html?u=ue1-9d0ff140d2564ae093ec684f257b2112&next=http://utorrent.com/prodnews&osv=1DB00106&iev=8&geo=US&lang=en&ver=3%2e5%2e3%2e1%2e44358 - - - - - - CTU.339.1.Malicious 1338 1519411545.6929028 1519411545.7177908 25 192.168.1.119 - 51149 178.79.227.142 80 http://www.utorrent.com/stylesheets/jquery.smartbanner.css?1416516157 945 4386 0 4007 886 365 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1339 1519411545.5525575 1519411545.7859817 233 192.168.1.119 - 51146 178.79.227.142 80 http://www.utorrent.com/stylesheets/panels.css?1518555864 933 2716 0 2337 886 365 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1340 1519411545.949518 1519411546.0258029 76 192.168.1.119 - 51129 95.101.173.226 80 http://cdn.optimizely.com/js/50136351.js 533 563 0 0 505 539 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=utf-8 GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1341 1519411545.5218198 1519411546.2460115 724 192.168.1.119 - 51145 178.79.227.142 80 http://www.utorrent.com/styles/components.css?1513713231 932 79865 0 79485 886 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/css GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1342 1519411555.0397294 1519411555.1627886 123 192.168.1.119 - 51152 23.21.80.94 443 https://50136351.log.optimizely.com/event?a=50136351&d=8230037&y=false&src=js&s172074712=false&s172226670=none&s172411375=opera&s172441755=referral&tsent=1519411554.346&n=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358&u=oeu1519410484539r0.7009016301951327&wxhr=true&time=1519411554.345&f=8439400808,10346362521,9368840927,10039463070,10327913862,9280175262,9726032462&g=&cx2=bd634501 891 497 0 2 507 481 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1341 1519411555.0741065 1519411555.2814791 207 192.168.1.119 - 51145 178.79.227.142 80 http://www.utorrent.com/scripts/headers.php?callback=jQuery111104505339555348873_1519411554867&_=1519411554868 1427 527 0 245 1327 268 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1343 1519411555.2496204 1519411555.478354 229 192.168.1.119 - 51153 216.58.201.72 80 http://www.googletagmanager.com/gtm.js?id=GTM-M5F5X5 428 62217 0 61641 394 562 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=UTF-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1342 1519411555.3727024 1519411555.4998147 127 192.168.1.119 - 51152 23.21.80.94 443 https://50136351.log.optimizely.com/event?a=50136351&d=8230037&y=false&src=js&s172074712=false&s172226670=none&s172411375=opera&s172441755=referral&tsent=1519411555.27&n=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358&u=oeu1519410484539r0.7009016301951327&wxhr=true&time=1519411555.27&f=8439400808,10346362521,9368840927,10039463070,10327913862,9280175262,9726032462&g=&cx2=1c5b65e8 889 497 0 2 507 481 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1344 1519411555.7789612 1519411555.7988544 20 192.168.1.119 - 51182 104.103.109.179 443 https://a8230037.cdn.optimizely.com/client_storage/a8230037.html 680 295 0 0 638 271 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1345 1519411555.5183544 1519411556.6768732 1159 192.168.1.119 - 51172 95.101.175.202 80 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D 1046 3079 0 1760 915 1305 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1346 1519411557.4724138 1519411557.5172658 45 192.168.1.119 - 51186 13.32.145.12 80 http://rules.quantcount.com/rules-p-zddNYNtUkUhdQ.js 545 438 0 0 507 414 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1347 1519411557.3908248 1519411557.6828055 292 192.168.1.119 - 51185 50.19.239.17 80 http://engine.ap.bittorrent.com/ados?t=1519411556865&request={%22Placements%22:[{%22A%22:5682,%22S%22:671386,%22D%22:%22nexway-leaderboard%22,%22AT%22:4}],%22Keywords%22:%22undefined%22,%22Referrer%22:%22http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358%22,%22IsAsync%22:true} 893 814 0 0 452 800 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1348 1519411557.8205924 1519411558.023665 203 192.168.1.119 - 51184 34.226.159.171 443 https://logx.optimizely.com/v1/events 1503 404 968 0 511 382 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain POST 204 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1346 1519411558.2332132 1519411558.2922904 59 192.168.1.119 - 51186 13.32.145.12 80 http://rules.quantcount.com/rules-p-f87ZgUEkM-SZY.js 545 438 0 0 507 414 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1347 1519411558.2686741 1519411558.4534934 185 192.168.1.119 - 51185 50.19.239.17 80 http://engine.ap.bittorrent.com/ados?t=1519411558175&request={%22Placements%22:[{%22A%22:5682,%22S%22:55041,%22D%22:%22azk15347%22,%22AT%22:5,%22Z%22:[160853]}],%22Keywords%22:%22undefined%22,%22Referrer%22:%22http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358%22,%22IsAsync%22:true} 899 814 0 0 452 800 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1349 1519411558.281467 1519411558.5494494 268 192.168.1.119 - 51187 50.19.239.17 80 http://engine.ap.bittorrent.com/ados?t=1519411558181&request={%22Placements%22:[{%22A%22:5682,%22S%22:55041,%22D%22:%22azk54412%22,%22AT%22:5,%22Z%22:[160854]}],%22Keywords%22:%22undefined%22,%22Referrer%22:%22http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358%22,%22IsAsync%22:true} 899 814 0 0 452 800 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript; charset=utf-8 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1350 1519411558.8408976 1519411558.8587284 18 192.168.1.119 - 51189 195.113.232.73 80 http://b.scorecardresearch.com/b?c1=2&c2=17330952&ns__t=1519411558124&ns_c=UTF-8&c8=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&c7=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358&c9=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358 976 298 0 0 501 276 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 204 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1351 1519411562.3873498 1519411562.4136658 26 192.168.1.119 - 51191 64.233.184.157 443 https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&v=1&_v=j66&tid=UA-116155-1&cid=1589858469.1519410497&jid=625781065&gjid=1164889205&_gid=2119875414.1519410497&_u=ACCAgEAB~&z=1634668696 662 693 0 35 487 646 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1352 1519411563.087233 1519411563.1093297 22 192.168.1.119 - 51193 216.58.201.78 443 https://www.google-analytics.com/collect?v=1&_v=j66&a=951029696&t=event&ni=1&_s=2&dl=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358&dr=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358&ul=en-us&de=UTF-8&dt=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&sd=24-bit&sr=819x583&vp=762x456&je=0&ec=Reading&ea=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&el=Article%20Loaded&ev=1&_u=ACCAgEAB~&jid=&gjid=&cid=1589858469.1519410497&tid=UA-116155-1&_gid=2119875414.1519410497&z=805205757 1181 633 0 35 408 586 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1352 1519411563.080556 1519411563.1164622 36 192.168.1.119 - 51193 216.58.201.78 443 https://www.google-analytics.com/collect?v=1&_v=j66&a=951029696&t=pageview&_s=1&dl=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358&dr=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358&ul=en-us&de=UTF-8&dt=Product%20News%20-%20%CE%BCTorrent%C2%AE%20(uTorrent)%20-%20a%20(very)%20tiny%20BitTorrent%20client&sd=24-bit&sr=819x583&vp=762x456&je=0&_u=ACCAgEAB~&jid=625781065&gjid=1164889205&cid=1589858469.1519410497&tid=UA-116155-1&_gid=2119875414.1519410497&z=1276700192 1060 633 0 35 408 586 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1353 1519411563.1550088 1519411563.2288632 74 192.168.1.119 - 51199 52.19.120.86 80 http://match.adsrvr.org/track/cmf/casale?cm_dsp_id=70&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD 650 1138 0 323 514 798 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://match.adsrvr.org/track/cmb/casale?cm_dsp_id=70&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD - CTU.339.1.Malicious 1354 1519411563.3566015 1519411563.3978558 41 192.168.1.119 - 51204 63.251.232.165 80 http://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE 557 684 0 0 510 667 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://cm.adgrx.com/bridge.gif?AG_PID=casale - CTU.339.1.Malicious 1355 1519411558.3529623 1519411563.4095926 5057 192.168.1.119 - 51188 174.37.241.117 80 http://www.searchme.com/sr/intst.cgi?js=1&afid=utmac 428 363 0 164 386 185 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/javascript GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1356 1519411563.2020595 1519411563.4677227 266 192.168.1.119 - 51200 94.31.6.170 80 http://p.adsymptotic.com/d/px?_pid=13041&_psign=be82b7faf482c24ef42e8702b774bd66&_redirect=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D100%26external_user_id%3D%24%7BUUID%7D 688 478 0 0 515 461 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://p.adsymptotic.com/d/px?_pid=13041&_psign=be82b7faf482c24ef42e8702b774bd66&_redirect=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D100%26external_user_id%3D%24%7BUUID%7D&_expected_cookie=49217a261b1e344bb9069aa17e3f6c88 - CTU.339.1.Malicious 1357 1519411563.2883322 1519411563.5758054 287 192.168.1.119 - 51202 23.23.236.103 80 http://engine.bitmedianetwork.com/udb/5682/sync/i.gif?partnerId=1&userId=WpBdOrlQJ70AAG7r97gAAADD%261130 666 831 0 43 582 774 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1358 1519411563.120494 1519411563.638221 518 192.168.1.119 - 51198 192.132.33.27 80 http://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=0 592 973 0 221 509 735 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=7ce2e671-6c23-463f-9ea4-a12319a16b49 - CTU.339.1.Malicious 1359 1519411563.6443496 1519411563.6845481 40 192.168.1.119 - 51205 95.172.94.64 80 http://pixel.quantserve.com/pixel;r=1976549051;rf=0;a=p-zddNYNtUkUhdQ;url=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358;ref=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358;fpan=0;fpa=P0-2011111031-1519410496672;ns=0;ce=1;cm=;je=0;sr=819x583x24;enc=n;dst=1;et=1519411562847;tzo=480;ogl=title.Product%20News%20-%20%2Ctype.website%2Cimage.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fimages%2Finterface%2FutorrentLogoRetina%252Epng%2Curl.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fprodnews%3Fuid%3D%26v%3D3%252E5%252E3%252E1%252E44358%2Cdescription.The%20official%20%C2%B5Torrent%C2%AE%20(uTorrent)%20torrent%20client%20for%20Windows%252C%20Mac%252C%20Android%20and%20L 1326 353 0 35 473 304 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1360 1519411563.7748554 1519411563.8242614 49 192.168.1.119 - 51206 95.172.94.64 80 http://pixel.quantserve.com/pixel;r=289456429;rf=0;a=p-f87ZgUEkM-SZY;url=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358;ref=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358;fpan=0;fpa=P0-2011111031-1519410496672;ns=0;ce=1;cm=;je=0;sr=819x583x24;enc=n;dst=1;et=1519411562907;tzo=480;ogl=title.Product%20News%20-%20%2Ctype.website%2Cimage.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fimages%2Finterface%2FutorrentLogoRetina%252Epng%2Curl.http%3A%2F%2Fwww%252Eutorrent%252Ecom%2Fprodnews%3Fuid%3D%26v%3D3%252E5%252E3%252E1%252E44358%2Cdescription.The%20official%20%C2%B5Torrent%C2%AE%20(uTorrent)%20torrent%20client%20for%20Windows%252C%20Mac%252C%20Android%20and%20L 1325 353 0 35 473 304 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1361 1519411563.3209226 1519411563.864823 544 192.168.1.119 - 51203 65.39.202.99 80 http://cm.eyereturn.com/casale/?cm_dsp_id=28&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD 641 914 0 154 514 731 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=28&external_user_id=d2c54c36-001a-4b0b-cb68-a138fa877230&expiration=1522003563 - CTU.339.1.Malicious 1362 1519411563.2024996 1519411563.9057772 703 192.168.1.119 - 51201 52.58.188.198 80 http://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=http://dsum.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ 628 821 0 0 509 804 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=47&external_user_id=lwbVKvr01EPim75 - CTU.339.1.Malicious 1354 1519411563.8864117 1519411563.9171925 31 192.168.1.119 - 51204 63.251.232.165 80 http://cm.adgrx.com/bridge.gif?AG_PID=casale 612 715 0 0 574 698 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=41&external_user_id=cc87de2e-18c9-11e8-983b-b7370100475a - CTU.339.1.Malicious 1363 1519411563.072927 1519411564.1430876 1070 192.168.1.119 - 51194 185.29.135.226 80 http://sync.mathtag.com/sync/img?mt_exid=15&redir=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D 645 741 0 0 514 712 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://sync.mathtag.com/sync/img?mt_exid=15&redir=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&mm_bnc&mm_bct - CTU.339.1.Malicious 1353 1519411564.1476343 1519411564.1896787 42 192.168.1.119 - 51199 52.19.120.86 80 http://match.adsrvr.org/track/cmb/casale?cm_dsp_id=70&cm_callback_url=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum&cm_user_id=WpBdOrlQJ70AAG7r97gAAADD 745 1099 0 273 609 809 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=39&external_user_id=050bdcfb-cffa-4e46-bbbd-c0424a3571b3&expiration=1522003564 - CTU.339.1.Malicious 1363 1519411564.2255907 1519411564.2550502 29 192.168.1.119 - 51194 185.29.135.226 80 http://sync.mathtag.com/sync/img?mt_exid=15&redir=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&mm_bnc&mm_bct 718 755 0 0 573 726 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=3&external_user_id=4cde5a8f-14ad-4600-b64c-cae187f52ce0 - CTU.339.1.Malicious 1364 1519411563.0943687 1519411564.3870282 1293 192.168.1.119 - 51196 95.172.94.64 80 http://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 614 605 0 0 565 588 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&external_user_id=NynSqzcs36ovcN2vNyzGrTIq264vftyqOyqkSZ4s - CTU.339.1.Malicious 1365 1519411564.6387203 1519411564.8102124 171 192.168.1.119 - 51209 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=156&external_user_id=7ce2e671-6c23-463f-9ea4-a12319a16b49 1129 1396 0 43 1043 1339 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1366 1519411564.861345 1519411565.0101058 149 192.168.1.119 - 51215 95.101.175.202 443 https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&external_user_id=NynSqzcs36ovcN2vNyzGrTIq264vftyqOyqkSZ4s 1139 1329 0 43 1051 1272 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1367 1519411564.6564326 1519411565.1011236 445 192.168.1.119 - 51212 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=41&external_user_id=cc87de2e-18c9-11e8-983b-b7370100475a 1128 1401 0 43 1043 1344 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1368 1519411564.6382556 1519411565.1012824 463 192.168.1.119 - 51210 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=28&external_user_id=d2c54c36-001a-4b0b-cb68-a138fa877230&expiration=1522003563 1150 1472 0 43 1043 1415 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1365 1519411565.018907 1519411565.101491 83 192.168.1.119 - 51209 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=3&external_user_id=4cde5a8f-14ad-4600-b64c-cae187f52ce0 1127 1473 0 43 1043 1416 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1369 1519411564.6515262 1519411565.119302 468 192.168.1.119 - 51213 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=39&external_user_id=050bdcfb-cffa-4e46-bbbd-c0424a3571b3&expiration=1522003564 1150 1437 0 43 1043 1380 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1370 1519411564.4019997 1519411565.4615784 1060 192.168.1.119 - 51208 94.31.6.170 80 http://p.adsymptotic.com/d/px?_pid=13041&_psign=be82b7faf482c24ef42e8702b774bd66&_redirect=http%3A%2F%2Fdsum.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D100%26external_user_id%3D%24%7BUUID%7D&_expected_cookie=49217a261b1e344bb9069aa17e3f6c88 790 388 0 0 567 371 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - http://dsum.casalemedia.com/crum?cm_dsp_id=100&external_user_id=49217a261b1e344bb9069aa17e3f6c88 - CTU.339.1.Malicious 1365 1519411565.5155137 1519411565.6563191 141 192.168.1.119 - 51209 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=100&external_user_id=49217a261b1e344bb9069aa17e3f6c88 1309 1505 0 43 1227 1448 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1371 1519411564.6832197 1519411565.841008 1158 192.168.1.119 - 51211 95.101.175.202 80 http://dsum.casalemedia.com/crum?cm_dsp_id=47&external_user_id=lwbVKvr01EPim75 1107 1520 0 43 1043 1463 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://ssum.casalemedia.com/usermatch?s=180334&cb=http%3A%2F%2Fengine.bitmedianetwork.com%2Fudb%2F5682%2Fsync%2Fi.gif%3FpartnerId%3D1%26userId%3D - - - - - - CTU.339.1.Malicious 1372 1519411567.2762744 1519411567.3020294 26 192.168.1.119 - 51216 195.113.232.75 80 http://a.adroll.com/j/roundtrip.js 527 304 0 0 499 280 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1373 1519411567.6841323 1519411567.7366276 52 192.168.1.119 - 51217 54.246.94.194 443 https://d.adroll.com/pixel/WRNHYSCUBBFDJDUFLNAD4M/HKJ25VUTI5H4LPF7Z3GRW2?pv=82308105064.27432&cookie=WRNHYSCUBBFDJDUFLNAD4M%3A1%7CHKJ25VUTI5H4LPF7Z3GRW2%3A1%7CN7JPP7FBQBCK7DDMZ3B4KY%3A1&adroll_s_ref=http%3A//cdn.bitmedianetwork.com/network/r.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A//utorrent.com/prodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358&keyw=&arrfrr=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358 951 1068 0 0 458 1039 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://s.adroll.com/pixel/WRNHYSCUBBFDJDUFLNAD4M/HKJ25VUTI5H4LPF7Z3GRW2/N7JPP7FBQBCK7DDMZ3B4KY.js - CTU.339.1.Malicious 1374 1519411568.1540365 1519411568.2011685 47 192.168.1.119 - 51218 95.101.175.165 443 https://s.adroll.com/pixel/WRNHYSCUBBFDJDUFLNAD4M/HKJ25VUTI5H4LPF7Z3GRW2/N7JPP7FBQBCK7DDMZ3B4KY.js 594 529 0 0 503 505 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/javascript; charset=utf-8 GET 304 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1373 1519411568.305553 1519411568.3620613 57 192.168.1.119 - 51217 54.246.94.194 443 https://d.adroll.com/fb/tr/?id=836023326534362&ev=ViewContent&cd[content_type]=product&cd[content_ids]=adroll_dummy_product_&cd[application_id]=321379434608647&cd[product_catalog_id]=896175290488468 685 1165 0 245 494 891 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://www.facebook.com/tr/?id=836023326534362&ev=ViewContent&cd[content_type]=product&cd[content_ids]=adroll_dummy_product_&cd[application_id]=321379434608647&cd[product_catalog_id]=896175290488468&cd[external_id]=6C2FmbjDco1FZCsekbB4lQ - CTU.339.1.Malicious 1373 1519411568.6790707 1519411568.7372646 58 192.168.1.119 - 51217 54.246.94.194 443 https://d.adroll.com/cm/r/out 516 1038 0 181 494 828 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1 - CTU.339.1.Malicious 1373 1519411569.1351862 1519411569.18061 45 192.168.1.119 - 51217 54.246.94.194 443 https://d.adroll.com/cm/b/out 516 867 0 96 494 742 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://x.bidswitch.net/sync?dsp_id=44&user_id=ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU - CTU.339.1.Malicious 1375 1519411569.25914 1519411569.3258877 67 192.168.1.119 - 51219 54.246.94.194 443 https://d.adroll.com/cm/x/out 516 902 0 113 494 760 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid('ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU') - CTU.339.1.Malicious 1376 1519411569.2960212 1519411569.3306975 35 192.168.1.119 - 51225 31.13.91.36 443 https://www.facebook.com/tr/?id=836023326534362&ev=ViewContent&cd[content_type]=product&cd[content_ids]=adroll_dummy_product_&cd[application_id]=321379434608647&cd[product_catalog_id]=896175290488468&cd[external_id]=6C2FmbjDco1FZCsekbB4lQ 745 380 0 44 518 324 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1376 1519411569.2983305 1519411569.3357224 37 192.168.1.119 - 51225 31.13.91.36 443 https://www.facebook.com/tr/?id=836023326534362&ev=PageView&dl=http%3A%2F%2Fwww.utorrent.com%2Fprodnews%3Fuid%3D%26v%3D3.5.3.1.44358&rl=http%3A%2F%2Fcdn.bitmedianetwork.com%2Fnetwork%2Fr.html%3Fu%3Due1-9d0ff140d2564ae093ec684f257b2112%26next%3Dhttp%3A%2F%2Futorrent.com%2Fprodnews%26osv%3D1DB00106%26iev%3D8%26geo%3DUS%26lang%3Den%26ver%3D3%252e5%252e3%252e1%252e44358&if=false&ts=1519411568521&cd[segment_eid]=N7JPP7FBQBCK7DDMZ3B4KY&sw=819&sh=583&v=2.8.12&r=stable&ec=0&o=29&it=1519411568376 941 380 0 44 460 324 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1373 1519411569.387856 1519411569.4344933 47 192.168.1.119 - 51217 54.246.94.194 443 https://d.adroll.com/cm/o/out 516 849 0 87 494 733 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://us-u.openx.net/w/1.0/sd?id=537103138&val=e82d8599b8c3728d45642b1e91b07895 - CTU.339.1.Malicious 1377 1519411569.3185 1519411569.603295 285 192.168.1.119 - 51221 54.246.94.194 443 https://d.adroll.com/cm/l/out 516 847 0 86 494 732 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://idsync.rlcdn.com/377928.gif?partner_uid=e82d8599b8c3728d45642b1e91b07895 - CTU.339.1.Malicious 1375 1519411569.5781515 1519411569.621005 43 192.168.1.119 - 51219 54.246.94.194 443 https://d.adroll.com/cm/g/out?google_nid=adroll5 535 714 0 35 494 665 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1378 1519411569.7666347 1519411569.7951295 28 192.168.1.119 - 51229 173.241.240.143 443 https://us-u.openx.net/w/1.0/sd?id=537103138&val=e82d8599b8c3728d45642b1e91b07895 563 391 0 43 491 334 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1379 1519411570.3699975 1519411570.4892573 119 192.168.1.119 - 51231 52.2.225.154 443 https://idsync.rlcdn.com/377928.gif?partner_uid=e82d8599b8c3728d45642b1e91b07895 625 599 0 43 556 542 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif; charset=ISO-8859-1 GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1380 1519411570.7271821 1519411570.7805393 53 192.168.1.119 - 51230 217.12.15.54 443 https://ads.yahoo.com/pixel?id=2498203&t=2&piggyback=https%3A%2F%2Fads.yahoo.com%2Fcms%2Fv1%3Fesig%3D1~bf4e7dc4546a90c08591652d78a230d3f2ef5733%26nwid%3D10001032567%26sigv%3D1 632 1549 0 0 465 1532 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 - CTU.339.1.Malicious 1381 1519411570.9667125 1519411571.0061154 39 192.168.1.119 - 51232 185.33.223.216 443 https://ib.adnxs.com/pxj?bidder=172&seg=802787&action=setuid(%27ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU%27) 638 1153 0 43 534 1096 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1380 1519411570.9424624 1519411571.044607 102 192.168.1.119 - 51230 217.12.15.54 443 https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1 557 1816 0 0 465 1799 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain; charset=utf-8 GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - https://d.adroll.com/cm/r/in?xid=DC9jbIAHIcqUpUSTd.OaN4jq - CTU.339.1.Malicious 1375 1519411571.0579119 1519411571.1034486 46 192.168.1.119 - 51219 54.246.94.194 443 https://d.adroll.com/cm/r/in?xid=DC9jbIAHIcqUpUSTd.OaN4jq 544 714 0 35 494 665 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/gif GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1382 1519411571.2693214 1519411571.3088706 40 192.168.1.119 - 51228 18.196.57.48 443 https://x.bidswitch.net/sync?dsp_id=44&user_id=ZTgyZDg1OTliOGMzNzI4ZDQ1NjQyYjFlOTFiMDc4OTU 609 513 0 0 529 484 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' - GET 302 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=bbe46049-54dc-4bfe-bc54-2f9db1e17faa&seat_user_id=&seat_key= - CTU.339.1.Malicious 1383 1519411571.7111192 1519411571.7395833 28 192.168.1.119 - 51233 52.29.139.151 443 https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=bbe46049-54dc-4bfe-bc54-2f9db1e17faa&seat_user_id=&seat_key= 564 325 0 68 432 243 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' image/png GET 200 http://www.utorrent.com/prodnews?uid=&v=3.5.3.1.44358 - - - - - - CTU.339.1.Malicious 1384 1519411587.1868463 1519411587.3043318 117 192.168.1.119 - 51234 82.221.103.246 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=71&nat_state=255&pc=6&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=83&rsb=4&rtsb=1179&view=win32&cmp=290&ocmp=290&db=other&plus=3&pupsell=1&adc=1&ch_up=1?fg=71000&t_upP_=33163&t_downP_=3589092&t_up=33163&t_down=3589092&mt=36491&ssb=1179207&ssu=11645652806&xseq=2&cau_time=0 660 851 0 499 144 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1385 1519411587.5267584 1519411587.7517002 225 192.168.1.119 - 51236 23.23.85.1 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1386 1519411588.3344285 1519411588.3995965 65 192.168.1.119 - 51235 13.32.145.57 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1387 1519411588.814902 1519411589.0203207 205 192.168.1.119 - 51237 23.23.215.82 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1388 1519411589.7066164 1519411589.9423327 236 192.168.1.119 - 51238 23.23.215.82 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 558 232 373 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1389 1519411590.634299 1519411590.8393147 205 192.168.1.119 - 51239 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1390 1519411591.8543384 1519411592.0959713 242 192.168.1.119 - 51240 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 345 232 160 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1391 1519411593.1347997 1519411593.3394248 205 192.168.1.119 - 51241 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1392 1519411621.6299322 1519411621.75035 120 192.168.1.119 - 51242 82.221.103.245 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=106&nat_state=255&pc=8&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=118&rsb=4&rtsb=1214&view=win32&cmp=290&ocmp=290&db=other&plus=3&pupsell=1&adc=1&ch_up=1?fg=106000&t_upP_=33163&t_downP_=3589092&t_up=33163&t_down=3589092&mt=39397&ssb=1179242&ssu=11645652841&xseq=3&cau_time=0 667 851 0 499 144 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1393 1519411622.6628234 1519411622.8951561 232 192.168.1.119 - 51244 23.21.92.252 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1394 1519411622.7669744 1519411623.018749 252 192.168.1.119 - 51243 13.32.145.16 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1395 1519411623.6312816 1519411623.879405 248 192.168.1.119 - 51245 54.197.251.114 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1396 1519411624.5554857 1519411624.7789543 223 192.168.1.119 - 51246 23.21.139.158 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 543 232 358 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1397 1519411625.451672 1519411625.6637464 212 192.168.1.119 - 51247 23.21.139.158 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1398 1519411626.7028646 1519411626.952504 250 192.168.1.119 - 51248 23.21.139.158 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1399 1519412941.323951 1519412941.3508017 27 192.168.1.119 - 51260 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.23%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1400 1519412961.780066 1519412962.0064049 226 192.168.1.119 - 51262 54.197.251.114 80 http://i-47.b-44358.ut.bench.utorrent.com/e?i=47 353 232 168 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1401 1519413638.2152882 1519413638.248637 33 192.168.1.119 - 51267 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1402 1519413639.1603584 1519413639.1950283 35 192.168.1.119 - 51265 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1402 1519413639.198399 1519413639.2278862 29 192.168.1.119 - 51265 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1403 1519415133.438878 1519415133.4719663 33 192.168.1.119 - 51275 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1404 1519416897.7846656 1519416898.098486 314 192.168.1.119 - 51287 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1405 1519417239.4139698 1519417239.4448526 31 192.168.1.119 - 51290 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1405 1519417239.5770726 1519417239.609965 33 192.168.1.119 - 51290 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1406 1519417240.3968503 1519417240.4342527 37 192.168.1.119 - 51289 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1407 1519418732.9153738 1519418732.9339676 19 192.168.1.119 - 51297 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1408 1519420840.7824178 1519420840.8124037 30 192.168.1.119 - 51311 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1409 1519420840.902964 1519420840.929824 27 192.168.1.119 - 51310 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1410 1519420840.8692822 1519420841.1187973 250 192.168.1.119 - 51312 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1411 1519422333.9806447 1519422333.9968388 16 192.168.1.119 - 51319 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1412 1519424442.2451818 1519424442.2800682 35 192.168.1.119 - 51332 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1412 1519424442.3329356 1519424442.3625972 30 192.168.1.119 - 51332 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1413 1519424443.2100902 1519424443.2371364 27 192.168.1.119 - 51334 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1414 1519425934.3561256 1519425934.3750367 19 192.168.1.119 - 51345 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1415 1519426100.3062022 1519426100.3391182 33 192.168.1.119 - 51346 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1416 1519428043.5905051 1519428043.6316953 41 192.168.1.119 - 51360 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1417 1519428043.5891082 1519428043.6324356 43 192.168.1.119 - 51359 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1418 1519428044.663878 1519428044.6909227 27 192.168.1.119 - 51361 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1419 1519429535.1274676 1519429535.1463792 19 192.168.1.119 - 51368 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1420 1519430697.196388 1519430697.2279525 32 192.168.1.119 - 51375 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.23%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1421 1519430712.908057 1519430712.9443102 36 192.168.1.119 - 51376 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1422 1519431646.3226094 1519431646.353898 31 192.168.1.119 - 51385 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1423 1519431646.5441134 1519431646.5695066 25 192.168.1.119 - 51384 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1424 1519431646.7160308 1519431646.7475822 32 192.168.1.119 - 51383 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1425 1519433135.0973225 1519433135.1147876 17 192.168.1.119 - 51391 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1426 1519435248.5232575 1519435248.5536609 30 192.168.1.119 - 51406 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1426 1519435248.5641315 1519435248.5926955 29 192.168.1.119 - 51406 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1427 1519435248.724374 1519435248.7589169 35 192.168.1.119 - 51405 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1428 1519436735.5879476 1519436735.6072419 19 192.168.1.119 - 51413 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1429 1519438849.2496006 1519438849.282921 33 192.168.1.119 - 51427 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1429 1519438849.2915845 1519438849.3200557 28 192.168.1.119 - 51427 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1430 1519438850.2923748 1519438850.3186986 26 192.168.1.119 - 51429 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1431 1519440335.6218517 1519440335.6388476 17 192.168.1.119 - 51435 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1432 1519442450.401208 1519442450.4289017 28 192.168.1.119 - 51450 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1432 1519442450.4898865 1519442450.5219069 32 192.168.1.119 - 51450 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1433 1519442450.7841296 1519442450.811876 28 192.168.1.119 - 51451 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1434 1519443936.3063495 1519443936.342138 36 192.168.1.119 - 51457 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1435 1519445616.2324772 1519445616.2592556 27 192.168.1.119 - 51466 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1436 1519445616.2277744 1519445616.2637417 36 192.168.1.119 - 51465 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6936 0 6655 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1435 1519445616.3145504 1519445616.3364334 22 192.168.1.119 - 51466 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6431 0 6136 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1437 1519445629.3456838 1519445629.4018993 56 192.168.1.119 - 51468 82.145.213.68 443 https://desktop-qualityclient-sub.osp.opera.software/v1/binary 651 244 157 36 470 189 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/html; charset=utf-8 POST 201 - - - - - - - CTU.339.1.Malicious 1438 1519445699.6700141 1519445700.0093603 339 192.168.1.119 - 51474 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1439 1519446051.1411154 1519446051.1736665 33 192.168.1.119 - 51478 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1440 1519446051.3211834 1519446051.350599 29 192.168.1.119 - 51476 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1440 1519446051.3541243 1519446051.6010265 247 192.168.1.119 - 51476 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1441 1519447423.052719 1519447423.0829916 30 192.168.1.119 - 51488 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.24%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1442 1519447537.139531 1519447537.182261 43 192.168.1.119 - 51489 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1443 1519447729.5866563 1519447729.6207016 34 192.168.1.119 - 51491 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1444 1519449652.6687934 1519449652.6979089 29 192.168.1.119 - 51506 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1444 1519449652.7216358 1519449652.7490685 27 192.168.1.119 - 51506 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1445 1519449653.8640697 1519449653.8972936 33 192.168.1.119 - 51505 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1446 1519451137.895245 1519451137.9281757 33 192.168.1.119 - 51512 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1447 1519453253.495126 1519453253.5262403 31 192.168.1.119 - 51526 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1447 1519453253.7365596 1519453253.765554 29 192.168.1.119 - 51526 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1448 1519453254.2839923 1519453254.318789 35 192.168.1.119 - 51528 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1449 1519454737.8330324 1519454737.8523557 19 192.168.1.119 - 51534 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1450 1519456855.087944 1519456855.114182 26 192.168.1.119 - 51549 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1451 1519456855.2603722 1519456855.2946754 34 192.168.1.119 - 51548 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1451 1519456855.502064 1519456855.5396628 38 192.168.1.119 - 51548 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1452 1519458338.4377415 1519458338.4567878 19 192.168.1.119 - 51556 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1453 1519460357.4957886 1519460357.5557191 60 192.168.1.119 - 51569 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:3217513423&cup2hreq=e4bac674b6b4f9cf9f1ef8bada7ee40fa1f86466112d007ceccc6d04145313cd 1414 2484 986 1324 303 1148 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1454 1519460359.2994637 1519460359.3280709 29 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 283 840 0 0 170 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460232&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=02F64710B929F1266E8BBFF4E59415972FF1AAE1.47720C01420CF2F6C21A285AAC88793D15C8DA6F&key=cms1 - CTU.339.1.Malicious 1455 1519460359.6715996 1519460359.6849754 13 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460232&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=02F64710B929F1266E8BBFF4E59415972FF1AAE1.47720C01420CF2F6C21A285AAC88793D15C8DA6F&key=cms1 597 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1454 1519460361.8652487 1519460361.895831 31 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 371 1532 0 692 259 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=8462651FAA647D11A38F2F1AD07CD47765D57831.48B1F46478E08E3AF3717410B8CEBE0303AD3946&key=cms1 - CTU.339.1.Malicious 1455 1519460362.0921977 1519460362.107888 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=8462651FAA647D11A38F2F1AD07CD47765D57831.48B1F46478E08E3AF3717410B8CEBE0303AD3946&key=cms1 685 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460365.077944 1519460365.1105447 33 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 374 1532 0 692 262 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4143756AA80813638EEAE56075380B4E12534E8E.0B6B41D3490CC665040CB07A0303710391B7B862&key=cms1 - CTU.339.1.Malicious 1455 1519460365.3132904 1519460365.3298745 17 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4143756AA80813638EEAE56075380B4E12534E8E.0B6B41D3490CC665040CB07A0303710391B7B862&key=cms1 688 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460367.2719753 1519460367.3018544 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 375 1532 0 692 263 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=060BDBDC092E2BFA36140C11D8515BEB6A61FA47.3568D0DAE139F7B37F80F823F3D0561B95D11516&key=cms1 - CTU.339.1.Malicious 1455 1519460367.5138702 1519460367.5271301 13 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=060BDBDC092E2BFA36140C11D8515BEB6A61FA47.3568D0DAE139F7B37F80F823F3D0561B95D11516&key=cms1 689 6442 0 5775 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460369.3379638 1519460369.3638446 26 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 376 1532 0 692 264 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=34D8DC1ACB21E3D343B5BEFD565DD359BC302CC1.83BCD501A60F083B10D3A7F5224879DDF4776E79&key=cms1 - CTU.339.1.Malicious 1455 1519460369.5639315 1519460369.579934 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=34D8DC1ACB21E3D343B5BEFD565DD359BC302CC1.83BCD501A60F083B10D3A7F5224879DDF4776E79&key=cms1 690 10117 0 9449 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460371.3918898 1519460371.4212615 29 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 376 1532 0 692 264 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2802917799774FE80567AE04A361C1A2C375B68C.7B9F9B125EA5B31197985CD1AFB3AD3120EBF151&key=cms1 - CTU.339.1.Malicious 1455 1519460371.621891 1519460371.6379714 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2802917799774FE80567AE04A361C1A2C375B68C.7B9F9B125EA5B31197985CD1AFB3AD3120EBF151&key=cms1 690 20193 0 19524 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460374.581804 1519460374.6133351 32 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 376 1532 0 692 264 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2E3F796F5F4BC4C13E0C3835A1BC01E6C1C1F9E7.6935B8A3EBE837B6C088B43A801E371A0997B06B&key=cms1 - CTU.339.1.Malicious 1455 1519460374.8121147 1519460374.8284864 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2E3F796F5F4BC4C13E0C3835A1BC01E6C1C1F9E7.6935B8A3EBE837B6C088B43A801E371A0997B06B&key=cms1 690 16578 0 15909 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460377.3200796 1519460377.349662 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 376 1532 0 692 264 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5DECB950EE77DB4F3DBB59278038D5DE9CD55BFC.43C21A350A7CF84D159F475547EC596004F7F4A6&key=cms1 - CTU.339.1.Malicious 1455 1519460377.552345 1519460377.5676482 15 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5DECB950EE77DB4F3DBB59278038D5DE9CD55BFC.43C21A350A7CF84D159F475547EC596004F7F4A6&key=cms1 690 13981 0 13312 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460380.04014 1519460380.0698967 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 376 1532 0 692 264 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1A823898352D412517B569969470B9E732358682.840A2FA13C79600C9E0B584E7BFFA2C4DC2B87BA&key=cms1 - CTU.339.1.Malicious 1455 1519460380.2705905 1519460380.2876537 17 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1A823898352D412517B569969470B9E732358682.840A2FA13C79600C9E0B584E7BFFA2C4DC2B87BA&key=cms1 690 11697 0 11028 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460382.0876265 1519460382.1196404 32 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 376 1532 0 692 264 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5F203A6721F3CF35F157044B3AD824D39E77E2AE.337DA18BAE5B0E600F1E44007768C08F762BA62F&key=cms1 - CTU.339.1.Malicious 1455 1519460382.3272943 1519460382.3377292 10 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5F203A6721F3CF35F157044B3AD824D39E77E2AE.337DA18BAE5B0E600F1E44007768C08F762BA62F&key=cms1 690 12268 0 11599 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460384.2655497 1519460384.295357 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 377 1532 0 692 265 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=70348B855DA12EFF096600EB099298FE27B870FC.70FE72A3C01D977EE151922B74F711556253B051&key=cms1 - CTU.339.1.Malicious 1455 1519460384.4970794 1519460384.5070412 10 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=70348B855DA12EFF096600EB099298FE27B870FC.70FE72A3C01D977EE151922B74F711556253B051&key=cms1 691 18185 0 17515 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460387.0364797 1519460387.0679712 31 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=714AA9971292BBC2E4F3BD7DF263BE5DB9E6D24A.0E66071BF9A88884E1467F9EB606304E7206AA14&key=cms1 - CTU.339.1.Malicious 1455 1519460387.2761872 1519460387.288815 13 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=714AA9971292BBC2E4F3BD7DF263BE5DB9E6D24A.0E66071BF9A88884E1467F9EB606304E7206AA14&key=cms1 692 15675 0 15004 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460389.7555196 1519460389.7857828 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460354&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=09C1E42B5B942CD9C53BCEACE620E8C5F421DAB1.053148A335F1C906BB2D397A3CA9300895DDB6C0&key=cms1 - CTU.339.1.Malicious 1455 1519460389.9853346 1519460389.995766 10 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460354&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=09C1E42B5B942CD9C53BCEACE620E8C5F421DAB1.053148A335F1C906BB2D397A3CA9300895DDB6C0&key=cms1 692 15204 0 14533 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460392.4462075 1519460392.4762795 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460354&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=348806BD3C3DC803698C6EAFFD110F04200093F7.1D959EC33F93B7F41FFF07EFF7D5937B0FA2578F&key=cms1 - CTU.339.1.Malicious 1455 1519460392.6758943 1519460392.6868382 11 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460354&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=348806BD3C3DC803698C6EAFFD110F04200093F7.1D959EC33F93B7F41FFF07EFF7D5937B0FA2578F&key=cms1 692 13170 0 12499 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460395.1334784 1519460395.1617112 28 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4621598ED659D1F9F2DA9C8D0D8547BCE28D56AD.623CF03D5BD227DAE665EEDE3786B762F99F1544&key=cms1 - CTU.339.1.Malicious 1455 1519460395.375638 1519460395.3907146 15 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4621598ED659D1F9F2DA9C8D0D8547BCE28D56AD.623CF03D5BD227DAE665EEDE3786B762F99F1544&key=cms1 692 11350 0 10679 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460397.6488018 1519460397.6789432 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7AA0755C926572EFA5284BD0D61D0D42692F2E36.FF45943B6BCC827745DD2274900078396E4E0B&key=cms1 - CTU.339.1.Malicious 1455 1519460397.8882337 1519460397.903868 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7AA0755C926572EFA5284BD0D61D0D42692F2E36.FF45943B6BCC827745DD2274900078396E4E0B&key=cms1 690 11784 0 11113 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460398.6926632 1519460398.7230532 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=430FA475F0465E2D58B32938C6BEE27ECBCA4B5F.77DF87D69BA1E3F4DD50DAB16775D4A46E4ED125&key=cms1 - CTU.339.1.Malicious 1455 1519460398.923639 1519460398.9397297 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=430FA475F0465E2D58B32938C6BEE27ECBCA4B5F.77DF87D69BA1E3F4DD50DAB16775D4A46E4ED125&key=cms1 692 11580 0 10909 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460399.737696 1519460399.762863 25 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2A6C1FBF896A961C003E0D5B85767CEB813482FA.095D83A4E2F333AD344682EC6CBA6480F83C9E07&key=cms1 - CTU.339.1.Malicious 1455 1519460399.9669092 1519460399.9827707 16 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=2A6C1FBF896A961C003E0D5B85767CEB813482FA.095D83A4E2F333AD344682EC6CBA6480F83C9E07&key=cms1 692 11361 0 10690 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460401.7939632 1519460401.825977 32 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=8366290B2C9E0EF1C4C350285359904FE5392263.52A2A50705CBEA8472FB28EA52BAB7DFE50D0060&key=cms1 - CTU.339.1.Malicious 1455 1519460402.0242498 1519460402.0416965 17 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=8366290B2C9E0EF1C4C350285359904FE5392263.52A2A50705CBEA8472FB28EA52BAB7DFE50D0060&key=cms1 692 12006 0 11335 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460403.3118303 1519460403.3372195 25 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=06469762299789AE0BE9D399C1DA85BA1FEFB162.6153734157DF69D26D1D2CD60D2D724B12932E0D&key=cms1 - CTU.339.1.Malicious 1455 1519460403.5418973 1519460403.5586433 17 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=06469762299789AE0BE9D399C1DA85BA1FEFB162.6153734157DF69D26D1D2CD60D2D724B12932E0D&key=cms1 692 10623 0 9953 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460405.3473442 1519460405.3775942 30 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=706E83CEB45139C46440A3D9E3E5CB4363244DD5.736AAD55011A809432BA07248CEF7FF76948663A&key=cms1 - CTU.339.1.Malicious 1455 1519460405.5873065 1519460405.6020427 15 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=706E83CEB45139C46440A3D9E3E5CB4363244DD5.736AAD55011A809432BA07248CEF7FF76948663A&key=cms1 692 19350 0 18679 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1454 1519460408.0653486 1519460408.0903845 25 192.168.1.119 - 51570 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3 378 1532 0 692 266 823 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474808&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4A463FDDC26F3D6D1D4A906E94C922D9A599A9EB.6002EDFF986363A1D4C79E73AEDB455C5BC4A333&key=cms1 - CTU.339.1.Malicious 1455 1519460408.2956777 1519460408.3083236 13 192.168.1.119 - 51571 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALXptp-LKgX8_4301/4301_all_crl-set-11223811111574410264.data.crx3?cms_redirect=yes&expire=1519474808&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519460299&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4A463FDDC26F3D6D1D4A906E94C922D9A599A9EB.6002EDFF986363A1D4C79E73AEDB455C5BC4A333&key=cms1 692 4358 0 3688 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1456 1519460411.6679542 1519460411.769434 101 192.168.1.119 - 51572 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 942 920 246 303 684 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1457 1519460456.7983778 1519460456.8315067 33 192.168.1.119 - 51573 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1458 1519460457.5343437 1519460457.5641541 30 192.168.1.119 - 51574 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1458 1519460457.7743576 1519460457.8060963 32 192.168.1.119 - 51574 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1459 1519461938.345523 1519461938.364669 19 192.168.1.119 - 51582 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1460 1519464058.5479515 1519464058.5868154 39 192.168.1.119 - 51595 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1461 1519464058.7028246 1519464058.733142 30 192.168.1.119 - 51596 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1461 1519464058.7687194 1519464058.8020818 33 192.168.1.119 - 51596 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1462 1519464219.496575 1519464219.5300417 33 192.168.1.119 - 51598 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.24%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1463 1519465539.198859 1519465539.2182698 19 192.168.1.119 - 51605 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1464 1519467659.4932296 1519467659.5278895 35 192.168.1.119 - 51618 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1464 1519467659.5370624 1519467659.5747778 38 192.168.1.119 - 51618 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1465 1519467660.5198207 1519467660.5518646 32 192.168.1.119 - 51619 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1466 1519469139.0673294 1519469139.0868022 19 192.168.1.119 - 51631 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1467 1519469357.9161758 1519469357.9778352 62 192.168.1.119 - 51633 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1468 1519471260.1891625 1519471260.2178552 29 192.168.1.119 - 51640 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1468 1519471260.4203458 1519471260.452281 32 192.168.1.119 - 51640 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1469 1519471260.8669717 1519471260.9048262 38 192.168.1.119 - 51642 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1470 1519472739.6364627 1519472739.6540015 18 192.168.1.119 - 51654 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1471 1519474501.355603 1519474501.76501 409 192.168.1.119 - 51662 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1472 1519474861.7222548 1519474861.7585952 36 192.168.1.119 - 51665 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1473 1519474862.702089 1519474862.735197 33 192.168.1.119 - 51663 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1473 1519474862.7390378 1519474862.7783806 39 192.168.1.119 - 51663 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1474 1519476341.1339664 1519476341.1529195 19 192.168.1.119 - 51677 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1475 1519478463.314419 1519478463.347015 33 192.168.1.119 - 51685 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1476 1519478463.435247 1519478463.4652932 30 192.168.1.119 - 51686 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1477 1519478463.3759377 1519478463.5840929 208 192.168.1.119 - 51687 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1478 1519479941.0970728 1519479941.1153316 18 192.168.1.119 - 51699 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1479 1519480517.807117 1519480517.8363435 29 192.168.1.119 - 51701 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.24%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1480 1519482066.1366115 1519482066.1688983 32 192.168.1.119 - 51708 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1481 1519482066.2676349 1519482066.3096004 42 192.168.1.119 - 51709 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1482 1519482066.268128 1519482066.3166306 49 192.168.1.119 - 51710 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1483 1519483541.7823176 1519483541.8265018 44 192.168.1.119 - 51722 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1484 1519485667.5372105 1519485667.5678337 31 192.168.1.119 - 51732 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1484 1519485667.6007311 1519485667.6305401 30 192.168.1.119 - 51732 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1485 1519485668.711253 1519485668.7451336 34 192.168.1.119 - 51731 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1486 1519487141.6781402 1519487141.6980126 20 192.168.1.119 - 51744 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1487 1519489268.7785852 1519489268.8129299 34 192.168.1.119 - 51752 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1487 1519489268.82153 1519489268.8519914 30 192.168.1.119 - 51752 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1488 1519489269.042302 1519489269.0692601 27 192.168.1.119 - 51754 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1489 1519490742.25577 1519490742.2976885 42 192.168.1.119 - 51765 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1490 1519490986.6679673 1519490986.6988335 31 192.168.1.119 - 51772 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1491 1519492378.192137 1519492378.405412 213 192.168.1.119 - 51778 174.129.255.167 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 414 232 193 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1492 1519492870.0924861 1519492870.1223574 30 192.168.1.119 - 51780 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1492 1519492870.1561346 1519492870.1847975 29 192.168.1.119 - 51780 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1493 1519492871.0540211 1519492871.0847113 31 192.168.1.119 - 51782 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1494 1519494342.1730566 1519494342.1930158 20 192.168.1.119 - 51790 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1495 1519496471.1359322 1519496471.1802597 44 192.168.1.119 - 51803 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1496 1519496471.1419637 1519496471.180855 39 192.168.1.119 - 51804 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1497 1519496471.3880758 1519496471.4251118 37 192.168.1.119 - 51806 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1498 1519497929.8163555 1519497930.0495868 233 192.168.1.119 - 51814 178.79.227.15 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 253 0 0 203 229 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1499 1519497929.8128076 1519497930.0845273 272 192.168.1.119 - 51813 178.79.242.147 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 205 0 0 203 181 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1500 1519497938.3470075 1519497938.5718875 225 192.168.1.119 - 51815 54.197.251.114 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 351 232 166 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1501 1519497942.8985488 1519497942.9402692 42 192.168.1.119 - 51816 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1502 1519498112.072635 1519498112.1904492 118 192.168.1.119 - 51825 82.221.103.246 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519497010&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=72&pc=37&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=86598&rsb=4&rtsb=2151738&view=win32&cmp=290&ocmp=290&db=other&plus=3&pupsell=1&adc=1&ch_up=1?fg=1442000&t_upP_=36633649&t_downP_=263268759&t_up=1443830&t_down=7143538&mt=824509&ssb=1265732&ssu=11645739331&xseq=4&cau_time=0 706 851 0 499 144 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1503 1519498112.5547817 1519498112.5879872 33 192.168.1.119 - 51827 52.85.184.208 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1504 1519498112.4036624 1519498112.6382666 235 192.168.1.119 - 51826 54.225.194.96 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1505 1519498113.317053 1519498113.5288048 212 192.168.1.119 - 51828 23.23.215.82 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1506 1519498114.5852575 1519498114.7899327 205 192.168.1.119 - 51829 54.225.194.96 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1507 1519498115.4950216 1519498115.7229981 228 192.168.1.119 - 51830 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1508 1519498115.7307746 1519498116.9798656 1249 192.168.1.119 - 51831 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 524 232 339 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1509 1519498140.93066 1519498141.0678926 137 192.168.1.119 - 51832 82.221.103.246 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519497010&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=72&pc=39&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=86627&rsb=4&rtsb=2151768&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=36633649&t_downP_=263268759&t_up=1443830&t_down=7143538&mt=829923&ssb=1265761&ssu=11645739360&xseq=5&cau_time=0 696 851 0 499 144 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1510 1519498141.5923789 1519498141.8146052 222 192.168.1.119 - 51834 23.23.215.82 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1511 1519498142.0949533 1519498142.1293259 34 192.168.1.119 - 51833 52.85.184.39 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1512 1519498141.8232586 1519498143.0307648 1208 192.168.1.119 - 51835 23.23.215.82 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1513 1519498143.0400405 1519498144.269008 1229 192.168.1.119 - 51836 23.23.215.82 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 543 232 358 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1514 1519498145.2947896 1519498145.5246289 230 192.168.1.119 - 51837 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1515 1519498146.5428205 1519498146.7572575 214 192.168.1.119 - 51838 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1516 1519498447.9691367 1519498447.9974933 28 192.168.1.119 - 51839 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.24%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1517 1519500073.6031024 1519500073.8528924 250 192.168.1.119 - 51850 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1518 1519500073.842731 1519500074.0902312 248 192.168.1.119 - 51849 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1517 1519500074.2697468 1519500074.2967072 27 192.168.1.119 - 51850 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1519 1519501542.8801417 1519501542.9169602 37 192.168.1.119 - 51857 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1520 1519503302.8687084 1519503303.029326 161 192.168.1.119 - 51869 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1521 1519503674.7847738 1519503674.8208847 36 192.168.1.119 - 51872 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1521 1519503675.0358157 1519503675.063175 27 192.168.1.119 - 51872 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1522 1519503676.0034559 1519503676.0370862 34 192.168.1.119 - 51871 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1523 1519505143.5855253 1519505143.6226192 37 192.168.1.119 - 51880 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1524 1519507277.896324 1519507277.948074 52 192.168.1.119 - 51893 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1525 1519507277.896727 1519507277.9525142 56 192.168.1.119 - 51895 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1526 1519507278.1975951 1519507278.227875 30 192.168.1.119 - 51894 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1527 1519508743.618329 1519508743.6520948 34 192.168.1.119 - 51904 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1528 1519510879.169714 1519510879.2026854 33 192.168.1.119 - 51917 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1528 1519510879.309334 1519510879.3369274 28 192.168.1.119 - 51917 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1529 1519510880.0947006 1519510880.1227145 28 192.168.1.119 - 51919 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1530 1519512345.148068 1519512345.1648724 17 192.168.1.119 - 51930 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1531 1519512616.983879 1519512617.0202467 36 192.168.1.119 - 51931 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1532 1519514357.6796057 1519514357.741227 62 192.168.1.119 - 51945 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2739445291&cup2hreq=e4d07bca38303eb9a2d4763878823458bd4f8e26f475d0e3dd6e4ef913c1de0f 1414 2479 986 1318 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1533 1519514359.8436134 1519514359.8731873 30 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 281 818 0 0 170 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D911E34F97E72E3FF5F1C2416E043A262DB6715.3B172E448B89680BA00CB060B91B1A126FAC2337&key=cms1 - CTU.339.1.Malicious 1534 1519514361.0708766 1519514361.0862675 15 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6D911E34F97E72E3FF5F1C2416E043A262DB6715.3B172E448B89680BA00CB060B91B1A126FAC2337&key=cms1 575 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1533 1519514363.8509934 1519514363.87591 25 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 369 1528 0 690 259 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5277235B0A40B468404A3170EDEB50D33BBBC42E.07457E69868ABB7EA66695ECC3E2771B557FD1F6&key=cms1 - CTU.339.1.Malicious 1534 1519514364.074899 1519514364.0858228 11 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528763&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=5277235B0A40B468404A3170EDEB50D33BBBC42E.07457E69868ABB7EA66695ECC3E2771B557FD1F6&key=cms1 683 3155 0 2492 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514366.0937912 1519514366.1184015 25 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 372 1528 0 690 262 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7836CFD8C7F4A10ED0495D7B1E5CEA44E7CEE5EA.411C76A925114FBC8A276021B36220662FB9120E&key=cms1 - CTU.339.1.Malicious 1534 1519514366.3227844 1519514366.33341 11 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7836CFD8C7F4A10ED0495D7B1E5CEA44E7CEE5EA.411C76A925114FBC8A276021B36220662FB9120E&key=cms1 686 3243 0 2577 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514367.2686105 1519514367.2985103 30 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 373 1484 0 666 263 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=444D8634DA080A3CDD7A313F2D9F57162C543BD7.4EF88A39887062898CBE1EBA239568647277ED55&key=cms1 - CTU.339.1.Malicious 1534 1519514367.5077631 1519514367.518432 11 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=444D8634DA080A3CDD7A313F2D9F57162C543BD7.4EF88A39887062898CBE1EBA239568647277ED55&key=cms1 667 12457 0 11789 272 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514369.2786944 1519514369.3090184 30 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3BB145018C8D3D1C344197F9D08E42E45A434922.159509C1893F4B8195A274FFD82340C77C362413&key=cms1 - CTU.339.1.Malicious 1534 1519514369.515009 1519514369.5314813 16 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3BB145018C8D3D1C344197F9D08E42E45A434922.159509C1893F4B8195A274FFD82340C77C362413&key=cms1 668 13610 0 12941 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514371.2930422 1519514371.3182428 25 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0F406744AE5A5559924EBC55023A67C43241342A.0AC641C9C469087DDE259C7CF21E67A12663ABF7&key=cms1 - CTU.339.1.Malicious 1534 1519514371.5231125 1519514371.538942 16 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0F406744AE5A5559924EBC55023A67C43241342A.0AC641C9C469087DDE259C7CF21E67A12663ABF7&key=cms1 688 8084 0 7416 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514373.3477988 1519514373.3723333 25 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 374 1524 0 688 264 819 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3533DE5A7FF4610EDD0B9CFB2823B15B3C8C9563.54C3DCB9F4B3D4EA8A88EFF3752AC9236C60ED&key=cms1 - CTU.339.1.Malicious 1534 1519514373.579376 1519514373.5917363 12 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3533DE5A7FF4610EDD0B9CFB2823B15B3C8C9563.54C3DCB9F4B3D4EA8A88EFF3752AC9236C60ED&key=cms1 686 16124 0 15455 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514375.8670096 1519514375.894104 27 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=10FFD5F8D6B86FB43C5A3E511E55F33A75068ADB.56FC65BB8B4797CA00C04D2215FCB5B9D3DB2CB6&key=cms1 - CTU.339.1.Malicious 1534 1519514376.0970123 1519514376.1114469 14 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=10FFD5F8D6B86FB43C5A3E511E55F33A75068ADB.56FC65BB8B4797CA00C04D2215FCB5B9D3DB2CB6&key=cms1 668 15774 0 15105 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514378.4673624 1519514378.4959996 29 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 374 1528 0 690 264 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=58D914C05DD80255FD2CB6B8E221DC70778A1316.7D809AA4CC6F8D99A3FF947996CBDEF373AF4969&key=cms1 - CTU.339.1.Malicious 1534 1519514378.6973598 1519514378.7076375 10 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=58D914C05DD80255FD2CB6B8E221DC70778A1316.7D809AA4CC6F8D99A3FF947996CBDEF373AF4969&key=cms1 688 14618 0 13949 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514381.117036 1519514381.1434975 26 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 374 1484 0 666 264 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=579365B9D987D92B365EDBBD8F3916E862164DD4.7AE224435663B7155A01BDFC51167FB67EE1A201&key=cms1 - CTU.339.1.Malicious 1534 1519514381.347199 1519514381.357713 11 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=579365B9D987D92B365EDBBD8F3916E862164DD4.7AE224435663B7155A01BDFC51167FB67EE1A201&key=cms1 668 13858 0 13189 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514383.7069902 1519514383.735977 29 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 375 1528 0 690 265 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0B5B4BC1BCD18CB514515771B197B681BB668B1B.6C8577343C7B2687C5C599BC70DDCA24AF579C80&key=cms1 - CTU.339.1.Malicious 1534 1519514383.9368696 1519514383.947705 11 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=0B5B4BC1BCD18CB514515771B197B681BB668B1B.6C8577343C7B2687C5C599BC70DDCA24AF579C80&key=cms1 689 13207 0 12537 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514385.336783 1519514385.3647826 28 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1A1DCCC9202642E321F648B26F0FA87AC5497DD3.3F9314C544645FE5A8F61684C4797A707BDCD0A9&key=cms1 - CTU.339.1.Malicious 1534 1519514385.5672925 1519514385.5776331 10 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1A1DCCC9202642E321F648B26F0FA87AC5497DD3.3F9314C544645FE5A8F61684C4797A707BDCD0A9&key=cms1 690 11532 0 10861 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514386.5319092 1519514386.7755466 244 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=735DFB08A1F383FF00D8942F081801957039B02B.60B3BBB1634040AB40CF9438831A53275D1FE7CA&key=cms1 - CTU.339.1.Malicious 1534 1519514386.9877014 1519514387.0037303 16 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528786&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=735DFB08A1F383FF00D8942F081801957039B02B.60B3BBB1634040AB40CF9438831A53275D1FE7CA&key=cms1 670 10999 0 10328 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514388.7587962 1519514388.8080401 49 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=22D232770B6CA8427EC912FD1E69DD25F8AC2DE0.581D4BD634B9583AE5251DDCB5C0C466F8C2D7A7&key=cms1 - CTU.339.1.Malicious 1534 1519514389.0190265 1519514389.0290961 10 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=22D232770B6CA8427EC912FD1E69DD25F8AC2DE0.581D4BD634B9583AE5251DDCB5C0C466F8C2D7A7&key=cms1 690 11427 0 10756 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514389.8020737 1519514389.8297026 28 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=611CC52F6DD6EFF282D19D064E5E4448D909B91E.7DCACA884233D9F971C313AA1159F64B0505CE12&key=cms1 - CTU.339.1.Malicious 1534 1519514390.050623 1519514390.0652494 15 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=611CC52F6DD6EFF282D19D064E5E4448D909B91E.7DCACA884233D9F971C313AA1159F64B0505CE12&key=cms1 670 11109 0 10438 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514391.85991 1519514391.9130661 53 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B3F831B0A21A65072C75D939C6095D75EFB3F08.0FE00BA70A328621C89BE6852E05D6C96535B0A5&key=cms1 - CTU.339.1.Malicious 1534 1519514392.1093366 1519514392.1243844 15 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3B3F831B0A21A65072C75D939C6095D75EFB3F08.0FE00BA70A328621C89BE6852E05D6C96535B0A5&key=cms1 670 21184 0 20513 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514394.7600844 1519514394.8139107 54 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514362&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=301EB2F011BFAA261501967F5ED1D0EE3E16D9FB.41573BCB99C14E249F152F4FA1DCDEBD3F3D803B&key=cms1 - CTU.339.1.Malicious 1534 1519514395.010092 1519514395.0253012 15 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514362&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=301EB2F011BFAA261501967F5ED1D0EE3E16D9FB.41573BCB99C14E249F152F4FA1DCDEBD3F3D803B&key=cms1 670 18035 0 17364 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514397.4391441 1519514397.4645734 25 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1528 0 690 266 821 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1A21492E53249C334663CD1EB7433D7A5D1259EF.61DCF2CDDE6C56C37763F844E476E740DCAD4EAE&key=cms1 - CTU.339.1.Malicious 1534 1519514397.6694205 1519514397.680461 11 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1A21492E53249C334663CD1EB7433D7A5D1259EF.61DCF2CDDE6C56C37763F844E476E740DCAD4EAE&key=cms1 690 17839 0 17168 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514399.0954525 1519514399.120855 25 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72585B8C0229CEB01327B684879625530C1FE27D.0694B172A33DCFD276E15AFF6EE6D73C20B23233&key=cms1 - CTU.339.1.Malicious 1534 1519514399.3244917 1519514399.3405783 16 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72585B8C0229CEB01327B684879625530C1FE27D.0694B172A33DCFD276E15AFF6EE6D73C20B23233&key=cms1 670 15618 0 14947 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1533 1519514401.131918 1519514401.158829 27 192.168.1.119 - 51946 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3 376 1484 0 666 266 801 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=218FF68900F81D86858E6386F9D0F2987BA69CC7.7E537B794016A8CA65032B13BF7ECBC563BFFC70&key=cms1 - CTU.339.1.Malicious 1534 1519514401.374306 1519514401.3905027 16 192.168.1.119 - 51947 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/MTA880NZxBk_4303/4303_all_crl-set-5260241671282853856.data.crx3?cms_redirect=yes&expire=1519528801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519514295&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=218FF68900F81D86858E6386F9D0F2987BA69CC7.7E537B794016A8CA65032B13BF7ECBC563BFFC70&key=cms1 670 20710 0 20039 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1535 1519514404.4909127 1519514404.7297225 239 192.168.1.119 - 51948 216.58.201.67 443 https://update.googleapis.com/service/update2 1251 944 918 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1536 1519514480.3797958 1519514480.4084241 29 192.168.1.119 - 51950 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1536 1519514480.4538758 1519514480.4854884 32 192.168.1.119 - 51950 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1537 1519514480.7414358 1519514480.7699637 29 192.168.1.119 - 51951 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1538 1519515945.0164614 1519515945.0341241 18 192.168.1.119 - 51958 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1539 1519516720.6123562 1519516720.6431556 31 192.168.1.119 - 51964 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.24%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1540 1519518064.7649057 1519518064.9990344 234 192.168.1.119 - 51972 54.235.208.27 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 365 232 144 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1541 1519518083.2901266 1519518083.3324 42 192.168.1.119 - 51975 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1542 1519518083.2945733 1519518083.3439095 49 192.168.1.119 - 51973 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1543 1519518083.3211136 1519518083.585896 265 192.168.1.119 - 51974 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1544 1519519545.6258965 1519519545.6598766 34 192.168.1.119 - 51982 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1545 1519521685.3059106 1519521685.3356805 30 192.168.1.119 - 51997 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1546 1519521685.7377539 1519521685.7659318 28 192.168.1.119 - 51996 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1547 1519521685.5520709 1519521685.7953672 243 192.168.1.119 - 51995 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1548 1519523145.58761 1519523145.6211035 33 192.168.1.119 - 52003 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1549 1519525286.7963154 1519525286.829599 33 192.168.1.119 - 52017 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1550 1519525286.818792 1519525286.8461165 27 192.168.1.119 - 52018 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1550 1519525287.0797486 1519525287.10885 29 192.168.1.119 - 52018 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1551 1519526746.245842 1519526746.2637248 18 192.168.1.119 - 52025 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1552 1519528889.1517346 1519528889.1965594 45 192.168.1.119 - 52040 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1553 1519528889.1395948 1519528889.1990733 59 192.168.1.119 - 52041 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1554 1519528889.1408148 1519528889.2045243 64 192.168.1.119 - 52039 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1555 1519530346.158665 1519530346.1769588 18 192.168.1.119 - 52049 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1556 1519532017.0379918 1519532017.0618968 24 192.168.1.119 - 52057 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1556 1519532017.2801456 1519532017.304148 24 192.168.1.119 - 52057 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6971 0 6690 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1556 1519532017.881717 1519532017.907212 25 192.168.1.119 - 52057 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6431 0 6136 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1557 1519532104.5212812 1519532104.664627 143 192.168.1.119 - 52060 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1558 1519532490.6859128 1519532490.712618 27 192.168.1.119 - 52069 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1558 1519532491.1277874 1519532491.1556683 28 192.168.1.119 - 52069 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1559 1519532491.9098935 1519532491.940856 31 192.168.1.119 - 52068 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1560 1519533946.9235556 1519533946.9421086 19 192.168.1.119 - 52079 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1561 1519534246.3235738 1519534246.3488293 25 192.168.1.119 - 52081 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1562 1519536092.5446787 1519536092.5871015 42 192.168.1.119 - 52095 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1563 1519536092.5510256 1519536092.5913563 40 192.168.1.119 - 52096 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1562 1519536092.8320973 1519536092.8564932 24 192.168.1.119 - 52095 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1564 1519536140.773889 1519536140.8049057 31 192.168.1.119 - 52097 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.24%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1565 1519536146.9708166 1519536146.99512 24 192.168.1.119 - 52098 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1566 1519537546.8688514 1519537546.8868136 18 192.168.1.119 - 52104 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1567 1519539694.2951086 1519539694.32355 28 192.168.1.119 - 52119 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1567 1519539694.3302977 1519539694.3579855 28 192.168.1.119 - 52119 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1568 1519539695.0927336 1519539695.1387784 46 192.168.1.119 - 52120 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1569 1519541148.4949381 1519541148.530558 36 192.168.1.119 - 52127 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1570 1519543295.2779474 1519543295.3145235 37 192.168.1.119 - 52141 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1570 1519543295.3932977 1519543295.4213696 28 192.168.1.119 - 52141 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1571 1519543295.7005787 1519543295.7329767 32 192.168.1.119 - 52143 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1572 1519544748.4724493 1519544748.5083628 36 192.168.1.119 - 52150 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1573 1519546896.8263001 1519546896.8610995 35 192.168.1.119 - 52165 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1574 1519546897.3277233 1519546897.356393 29 192.168.1.119 - 52163 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1574 1519546897.369874 1519546897.3948646 25 192.168.1.119 - 52163 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1575 1519548349.2226803 1519548349.2414877 19 192.168.1.119 - 52173 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1576 1519550500.0233428 1519550500.05414 31 192.168.1.119 - 52181 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1577 1519550500.3710165 1519550500.3981779 27 192.168.1.119 - 52183 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1577 1519550500.4976728 1519550500.529803 32 192.168.1.119 - 52183 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1578 1519551949.3242822 1519551949.3431487 19 192.168.1.119 - 52196 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1579 1519554101.916744 1519554101.9537635 37 192.168.1.119 - 52206 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1579 1519554102.0088081 1519554102.0382419 29 192.168.1.119 - 52206 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1580 1519554102.683127 1519554102.7181344 35 192.168.1.119 - 52204 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1581 1519554684.8756344 1519554684.9277616 52 192.168.1.119 - 52213 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.25%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1582 1519555550.014975 1519555550.0336814 19 192.168.1.119 - 52225 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1583 1519555875.9896755 1519555876.0419445 52 192.168.1.119 - 52227 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1584 1519557702.4073572 1519557702.6594455 252 192.168.1.119 - 52234 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1584 1519557702.6731129 1519557702.7050252 32 192.168.1.119 - 52234 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1585 1519557703.126662 1519557703.163527 37 192.168.1.119 - 52236 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1586 1519559149.9010613 1519559149.9204917 19 192.168.1.119 - 52248 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1587 1519560905.5929654 1519560905.7338736 141 192.168.1.119 - 52256 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1588 1519561303.1115289 1519561303.1404088 29 192.168.1.119 - 52258 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1589 1519561302.9974394 1519561303.2598808 262 192.168.1.119 - 52257 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1590 1519561303.5177867 1519561303.564881 47 192.168.1.119 - 52259 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1591 1519562750.53822 1519562750.558091 20 192.168.1.119 - 52271 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1592 1519564904.0102985 1519564904.044995 35 192.168.1.119 - 52280 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1592 1519564904.048629 1519564904.080679 32 192.168.1.119 - 52280 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1593 1519564905.0746856 1519564905.1047146 30 192.168.1.119 - 52281 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1594 1519566350.4944465 1519566350.5116456 17 192.168.1.119 - 52288 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1595 1519568358.097145 1519568358.1837044 87 192.168.1.119 - 52300 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:3310988236&cup2hreq=af33b651468244d772b9dbef16b96f4d364ab1fc42882fcd9dc411e7d1d80bc3 1414 2481 986 1324 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1596 1519568360.0866175 1519568360.1184864 32 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72C43B448B33DBE10A979681EEC01241DD03E59D.29C7278A97B8BC1E650BDBE4354FC08A9378271F&key=cms1 - CTU.339.1.Malicious 1597 1519568360.3056424 1519568360.3213735 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582760&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72C43B448B33DBE10A979681EEC01241DD03E59D.29C7278A97B8BC1E650BDBE4354FC08A9378271F&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1596 1519568362.4718645 1519568362.5017073 30 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 370 1530 0 691 259 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568242&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=04C598AACAAFF5971F8CD0C2C6C304E587227080.2724ADC4601B4AFBE4BEF0CBD76DBC2573AF7873&key=cms1 - CTU.339.1.Malicious 1597 1519568362.7070065 1519568362.722862 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582762&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568242&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=04C598AACAAFF5971F8CD0C2C6C304E587227080.2724ADC4601B4AFBE4BEF0CBD76DBC2573AF7873&key=cms1 684 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568364.688801 1519568364.7194781 31 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568242&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=745A41E78516DE359294766395354455AF8009F9.67D7038FC412CD24D04E7CBD0244DAB6539B34F1&key=cms1 - CTU.339.1.Malicious 1597 1519568364.9231617 1519568364.933533 10 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568242&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=745A41E78516DE359294766395354455AF8009F9.67D7038FC412CD24D04E7CBD0244DAB6539B34F1&key=cms1 667 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568365.8530302 1519568365.9391491 86 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 374 1530 0 691 263 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4EC5145FF5FA376FA6E104E481D4D71F55EBA386.8198A686756350759FBCD0C77E7C1E34114EAA36&key=cms1 - CTU.339.1.Malicious 1597 1519568366.1498327 1519568366.1712468 21 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582765&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4EC5145FF5FA376FA6E104E481D4D71F55EBA386.8198A686756350759FBCD0C77E7C1E34114EAA36&key=cms1 688 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568366.931887 1519568366.9604313 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7772AB10873D0470BFD89AD45591AB69B9283A9B.198A54D13574FE40FC02FCA9B34F33C34F23D11F&key=cms1 - CTU.339.1.Malicious 1597 1519568367.1674416 1519568367.1774027 10 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582766&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7772AB10873D0470BFD89AD45591AB69B9283A9B.198A54D13574FE40FC02FCA9B34F33C34F23D11F&key=cms1 689 6444 0 5776 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568368.0191267 1519568368.0438936 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=694272374A7F2F8E4F51CC72C7ED710A7EAF2EAD.0D28DC35056AD0B895EB8D74673C122F860EDEAD&key=cms1 - CTU.339.1.Malicious 1597 1519568368.2432826 1519568368.25874 15 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=694272374A7F2F8E4F51CC72C7ED710A7EAF2EAD.0D28DC35056AD0B895EB8D74673C122F860EDEAD&key=cms1 689 5698 0 5030 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568369.1122112 1519568369.1371305 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0CCF9BEFB2F68BBA4D7BBFB5BB8657CF3F4B1512.3B10691AC1A4BFCC5FF19396154F2F94CC2AB78E&key=cms1 - CTU.339.1.Malicious 1597 1519568369.3372674 1519568369.3520672 15 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582769&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0CCF9BEFB2F68BBA4D7BBFB5BB8657CF3F4B1512.3B10691AC1A4BFCC5FF19396154F2F94CC2AB78E&key=cms1 669 6304 0 5636 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568371.1972902 1519568371.2223716 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=442B2D8B6DDC7F9B0837547CB0B99FDEE156EEFB.7C5CC0D87AD293D7CFE5B7E5772F1BD0E0B00F74&key=cms1 - CTU.339.1.Malicious 1597 1519568371.4264395 1519568371.4410381 15 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582771&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=442B2D8B6DDC7F9B0837547CB0B99FDEE156EEFB.7C5CC0D87AD293D7CFE5B7E5772F1BD0E0B00F74&key=cms1 689 12566 0 11897 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568373.8844254 1519568373.9098022 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5F817C41047500D09BF05ADF332C9272E869DBFC.32A330CD2A179F28A76589E427CEDA51C7191501&key=cms1 - CTU.339.1.Malicious 1597 1519568374.1138823 1519568374.1281102 14 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5F817C41047500D09BF05ADF332C9272E869DBFC.32A330CD2A179F28A76589E427CEDA51C7191501&key=cms1 669 10811 0 10142 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568375.9417977 1519568375.9709556 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F6886D1D93C35DDBE0B09AD4D8C26645BFED812.15A4CFB09E39BB4DA9F90EA91EB309622F328698&key=cms1 - CTU.339.1.Malicious 1597 1519568376.171556 1519568376.1860716 15 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0F6886D1D93C35DDBE0B09AD4D8C26645BFED812.15A4CFB09E39BB4DA9F90EA91EB309622F328698&key=cms1 669 11313 0 10644 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568377.4541662 1519568377.4835153 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1482 0 665 264 800 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=C4DC168F11EF717CC6B1950F48481A91863E8A.211E4BB311FCAC7CD432B040A8D06BCD558B8F4D&key=cms1 - CTU.339.1.Malicious 1597 1519568377.687798 1519568377.702334 15 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=C4DC168F11EF717CC6B1950F48481A91863E8A.211E4BB311FCAC7CD432B040A8D06BCD558B8F4D&key=cms1 667 9975 0 9307 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568378.5024104 1519568378.5275235 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E39432B4B89C13A7F2B783B43A8F362575D6669.3955829929D030AD1C4EF81042662A047BD52906&key=cms1 - CTU.339.1.Malicious 1597 1519568378.73253 1519568378.743092 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582778&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5E39432B4B89C13A7F2B783B43A8F362575D6669.3955829929D030AD1C4EF81042662A047BD52906&key=cms1 669 10401 0 9733 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568379.5563204 1519568379.5861735 30 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=645D7DF13FD35CC535026AC790EF877DCF837DD0.1CE07EF3470573998A55F7A5C19966E56CBAEA4A&key=cms1 - CTU.339.1.Malicious 1597 1519568379.7863612 1519568379.8022888 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582779&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=645D7DF13FD35CC535026AC790EF877DCF837DD0.1CE07EF3470573998A55F7A5C19966E56CBAEA4A&key=cms1 689 10883 0 10214 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568381.6143334 1519568381.6437206 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 376 1530 0 691 265 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7E42F6C7F53E77BC7FB8585FEBEBFA45A0BD94E6.6B99CD9738ECCC24B8A901A74A5D6C405E9B9083&key=cms1 - CTU.339.1.Malicious 1597 1519568381.8433366 1519568381.8590596 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7E42F6C7F53E77BC7FB8585FEBEBFA45A0BD94E6.6B99CD9738ECCC24B8A901A74A5D6C405E9B9083&key=cms1 690 21723 0 21053 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568385.0546732 1519568385.0801187 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=710BC9B8DC737AFF44F81FB6664F2E3E007FAF01.7910A96D0CBEE921CF1EC986D5AF5540060B0217&key=cms1 - CTU.339.1.Malicious 1597 1519568385.2847867 1519568385.295294 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=710BC9B8DC737AFF44F81FB6664F2E3E007FAF01.7910A96D0CBEE921CF1EC986D5AF5540060B0217&key=cms1 691 17476 0 16805 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568387.7748458 1519568387.8036067 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=16DD9C70997757D5B4D4F80802E592870F3109A1.764266C7882ED3A728917A2D37D06FC1EF8869AA&key=cms1 - CTU.339.1.Malicious 1597 1519568388.004563 1519568388.0159345 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582787&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=16DD9C70997757D5B4D4F80802E592870F3109A1.764266C7882ED3A728917A2D37D06FC1EF8869AA&key=cms1 691 15136 0 14465 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568389.4420938 1519568389.4716482 30 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1F6740845EF7CC0AB00FAA40EC1404EB335F2B7E.6C523CE22D3CE59C8435221629B524DE4E6446DF&key=cms1 - CTU.339.1.Malicious 1597 1519568389.671233 1519568389.6823125 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582789&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1F6740845EF7CC0AB00FAA40EC1404EB335F2B7E.6C523CE22D3CE59C8435221629B524DE4E6446DF&key=cms1 691 13154 0 12483 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568391.5885966 1519568391.618144 30 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4E6CA897197FF09B020A3665C12E68336910CB44.2BDDF3AEB1F8980DFDE6B4FE481DD8E6ABB25FBB&key=cms1 - CTU.339.1.Malicious 1597 1519568391.8283715 1519568391.8397994 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582791&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4E6CA897197FF09B020A3665C12E68336910CB44.2BDDF3AEB1F8980DFDE6B4FE481DD8E6ABB25FBB&key=cms1 691 12871 0 12200 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568393.2339683 1519568393.2633905 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=32005E3E2DDB2A9AD7366C7D58585FC30EE36257.7A3168A0D95576F9C1EA3C97B8C3412FDD001526&key=cms1 - CTU.339.1.Malicious 1597 1519568393.4654763 1519568393.4814053 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582793&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=32005E3E2DDB2A9AD7366C7D58585FC30EE36257.7A3168A0D95576F9C1EA3C97B8C3412FDD001526&key=cms1 691 11171 0 10500 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568395.703181 1519568395.7323334 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E1805794C16CC71A56551F0F2077BD5D3A80600.4041F0B7080CE9F25130BA39563117100B995956&key=cms1 - CTU.339.1.Malicious 1597 1519568395.9331067 1519568395.9467695 14 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2E1805794C16CC71A56551F0F2077BD5D3A80600.4041F0B7080CE9F25130BA39563117100B995956&key=cms1 671 11924 0 11253 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568396.746154 1519568396.7753942 29 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0A1F86BAFDE0FEBA9752ADA0AF548E6AC7BA69EA.6DBD0EB763B9D58D0B2E37D5C2B65E611884B563&key=cms1 - CTU.339.1.Malicious 1597 1519568396.9773989 1519568396.9880493 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0A1F86BAFDE0FEBA9752ADA0AF548E6AC7BA69EA.6DBD0EB763B9D58D0B2E37D5C2B65E611884B563&key=cms1 671 11834 0 11163 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568398.190405 1519568398.2154257 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=484DFBF4EFE201A05C1128ADD67B633DCC6C717F.5552D216CAB3C4FE2FC95820F9DE1F5CC5A97566&key=cms1 - CTU.339.1.Malicious 1597 1519568398.4125435 1519568398.4233768 11 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=484DFBF4EFE201A05C1128ADD67B633DCC6C717F.5552D216CAB3C4FE2FC95820F9DE1F5CC5A97566&key=cms1 691 10601 0 9931 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568399.234381 1519568399.2610781 27 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568363&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=031C3C1228240A44F980F849C8C0897531FDE4F0.7FD8C1130A469863094FF26D0B9D71EF7FE49EB6&key=cms1 - CTU.339.1.Malicious 1597 1519568399.4666114 1519568399.4815757 15 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568363&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=031C3C1228240A44F980F849C8C0897531FDE4F0.7FD8C1130A469863094FF26D0B9D71EF7FE49EB6&key=cms1 671 10431 0 9761 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568401.2912161 1519568401.3210843 30 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=362356B4D83967B88D65534633F7366EEA0B5BBA.1E1B1874A7251D0C0CFE7B9F074C31776F0FAF32&key=cms1 - CTU.339.1.Malicious 1597 1519568401.5237045 1519568401.5396621 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582801&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=362356B4D83967B88D65534633F7366EEA0B5BBA.1E1B1874A7251D0C0CFE7B9F074C31776F0FAF32&key=cms1 671 11132 0 10461 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1596 1519568403.336812 1519568403.3620915 25 192.168.1.119 - 52301 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6FE3728CC82096A0D0A877B70167A2B960133D66.778E4E2B2734464C2ADA250024D4C4E8C88B949A&key=cms1 - CTU.339.1.Malicious 1597 1519568403.5626137 1519568403.578181 16 192.168.1.119 - 52302 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AL6oQAodYms0_4304/4304_all_crl-set-1129640547080362489.data.crx3?cms_redirect=yes&expire=1519582803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519568302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6FE3728CC82096A0D0A877B70167A2B960133D66.778E4E2B2734464C2ADA250024D4C4E8C88B949A&key=cms1 691 11202 0 10531 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1598 1519568408.1442065 1519568408.2145383 70 192.168.1.119 - 52303 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1599 1519568505.226806 1519568505.2553215 29 192.168.1.119 - 52305 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1599 1519568505.2636633 1519568505.29071 27 192.168.1.119 - 52305 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1600 1519568505.4086485 1519568505.4359016 27 192.168.1.119 - 52307 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1601 1519569951.1589468 1519569951.1815827 23 192.168.1.119 - 52314 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1602 1519571317.4296017 1519571317.4623122 33 192.168.1.119 - 52326 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.25%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1603 1519572106.7032073 1519572106.735456 32 192.168.1.119 - 52329 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1603 1519572106.7706826 1519572106.8036222 33 192.168.1.119 - 52329 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1604 1519572108.0959775 1519572108.131871 36 192.168.1.119 - 52330 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1605 1519573551.1381903 1519573551.1627853 25 192.168.1.119 - 52337 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1606 1519575707.671511 1519575707.7063272 35 192.168.1.119 - 52350 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1606 1519575707.7154663 1519575707.7586918 43 192.168.1.119 - 52350 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1607 1519575708.5460079 1519575708.5868394 41 192.168.1.119 - 52352 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1608 1519577152.6916378 1519577152.7104971 19 192.168.1.119 - 52363 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1609 1519577506.6167068 1519577506.6898186 73 192.168.1.119 - 52370 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1610 1519579308.6863763 1519579308.724116 38 192.168.1.119 - 52379 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1610 1519579308.7279458 1519579308.7577453 30 192.168.1.119 - 52379 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1611 1519579309.1757064 1519579309.2102525 35 192.168.1.119 - 52380 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1612 1519580752.6530616 1519580752.6891084 36 192.168.1.119 - 52387 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1613 1519582909.594026 1519582909.6277943 34 192.168.1.119 - 52401 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1614 1519582909.5931296 1519582909.6340628 41 192.168.1.119 - 52400 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1615 1519582909.8995905 1519582909.9354932 36 192.168.1.119 - 52402 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1616 1519584341.1682336 1519584341.1884847 20 192.168.1.119 - 52410 178.79.227.142 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 205 0 0 203 181 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1617 1519584341.1659763 1519584341.3962066 230 192.168.1.119 - 52409 178.79.227.15 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 251 0 0 203 227 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1618 1519584348.3629282 1519584348.5757456 213 192.168.1.119 - 52411 54.225.194.96 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 351 232 166 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1619 1519584353.248669 1519584353.2683976 20 192.168.1.119 - 52412 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1620 1519584635.137122 1519584635.2886803 152 192.168.1.119 - 52415 82.221.103.246 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519583421&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=144&pc=68&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=173111&rsb=4&rtsb=8425115&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=140079257&t_downP_=694690577&t_up=2860168&t_down=10769670&mt=1607052&ssb=1352255&ssu=11645825854&xseq=6&cau_time=0 701 851 0 499 144 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1621 1519584635.51126 1519584635.714939 204 192.168.1.119 - 52416 174.129.255.167 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1622 1519584635.6794088 1519584635.7275624 48 192.168.1.119 - 52417 54.239.168.81 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1623 1519584636.5263019 1519584636.7312267 205 192.168.1.119 - 52418 23.21.139.158 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1624 1519584637.4608796 1519584637.6926692 232 192.168.1.119 - 52419 174.129.255.167 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1625 1519584638.3743396 1519584638.5874753 213 192.168.1.119 - 52420 174.129.255.167 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1626 1519584639.5987294 1519584639.8118882 213 192.168.1.119 - 52421 174.129.255.167 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 524 232 339 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1627 1519584664.0478451 1519584664.1912427 143 192.168.1.119 - 52425 82.221.103.245 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519583421&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=144&pc=70&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=173140&rsb=4&rtsb=8425145&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=140079257&t_downP_=694690577&t_up=2860168&t_down=10769670&mt=1613272&ssb=1352284&ssu=11645825883&xseq=7&cau_time=0 701 851 0 499 144 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1628 1519584664.0280683 1519584664.2583616 230 192.168.1.119 - 52424 174.129.255.167 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1629 1519584665.198425 1519584665.2420933 44 192.168.1.119 - 52426 54.239.168.209 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1630 1519584664.2676735 1519584665.5240347 1256 192.168.1.119 - 52427 174.129.255.167 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1631 1519584666.5425875 1519584666.7621045 220 192.168.1.119 - 52428 174.129.255.167 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 543 232 358 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1632 1519584666.7716057 1519584667.9901965 1219 192.168.1.119 - 52429 174.129.255.167 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1633 1519584667.999403 1519584669.2203012 1221 192.168.1.119 - 52430 174.129.255.167 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1634 1519586511.1004846 1519586511.131547 31 192.168.1.119 - 52442 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1635 1519586511.894125 1519586511.9236248 29 192.168.1.119 - 52440 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1636 1519586512.1122427 1519586512.1445208 32 192.168.1.119 - 52441 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1637 1519587953.143447 1519587953.162873 19 192.168.1.119 - 52450 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1638 1519589008.9689178 1519589009.000797 32 192.168.1.119 - 52457 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.25%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1639 1519589707.5698667 1519589707.8238878 254 192.168.1.119 - 52464 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1640 1519590112.7029257 1519590112.7385335 36 192.168.1.119 - 52465 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1641 1519590112.7752929 1519590112.8069339 32 192.168.1.119 - 52467 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1641 1519590113.2586958 1519590113.2929933 34 192.168.1.119 - 52467 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1642 1519591553.7442553 1519591553.7648237 21 192.168.1.119 - 52475 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1643 1519593714.1555662 1519593714.1861286 31 192.168.1.119 - 52489 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1643 1519593714.1898575 1519593714.2229242 33 192.168.1.119 - 52489 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1644 1519593715.154954 1519593715.187955 33 192.168.1.119 - 52487 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1645 1519595153.6871204 1519595153.7056754 19 192.168.1.119 - 52497 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1646 1519597315.216571 1519597315.2474196 31 192.168.1.119 - 52510 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1646 1519597315.458076 1519597315.4935179 35 192.168.1.119 - 52510 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1647 1519597315.4959273 1519597315.5242848 28 192.168.1.119 - 52511 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1648 1519598755.2783306 1519598755.3245912 46 192.168.1.119 - 52523 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1649 1519599133.5653841 1519599133.5939925 29 192.168.1.119 - 52524 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1650 1519600916.6533673 1519600916.6801374 27 192.168.1.119 - 52536 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1650 1519600916.8899586 1519600916.9174168 27 192.168.1.119 - 52536 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1651 1519600917.8787217 1519600917.9100006 31 192.168.1.119 - 52537 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1652 1519602354.9943695 1519602355.037979 44 192.168.1.119 - 52547 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1653 1519604517.998664 1519604518.0245018 26 192.168.1.119 - 52560 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1653 1519604518.2410634 1519604518.2705188 29 192.168.1.119 - 52560 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1654 1519604518.498328 1519604518.5313354 33 192.168.1.119 - 52561 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1655 1519605442.225419 1519605442.2593207 34 192.168.1.119 - 52568 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.25%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1656 1519605449.063526 1519605449.085464 22 192.168.1.119 - 52569 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1657 1519605955.613863 1519605955.6303122 16 192.168.1.119 - 52571 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1658 1519608119.0810027 1519608119.1052463 24 192.168.1.119 - 52583 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1658 1519608119.1438563 1519608119.1700811 26 192.168.1.119 - 52583 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1659 1519608120.2858365 1519608120.3199635 34 192.168.1.119 - 52585 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1660 1519609555.59306 1519609555.61303 20 192.168.1.119 - 52593 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1661 1519611720.3002338 1519611720.3294551 29 192.168.1.119 - 52600 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1661 1519611720.536937 1519611720.57323 36 192.168.1.119 - 52600 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1662 1519611721.630445 1519611721.6646929 34 192.168.1.119 - 52602 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1663 1519613156.1629715 1519613156.1978447 35 192.168.1.119 - 52608 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1664 1519615321.7039342 1519615321.7291672 25 192.168.1.119 - 52621 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1664 1519615321.7424312 1519615321.7707539 28 192.168.1.119 - 52621 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1665 1519615321.9523778 1519615321.9802513 28 192.168.1.119 - 52623 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1666 1519616757.0791714 1519616757.1129093 34 192.168.1.119 - 52630 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1667 1519618418.7544155 1519618418.7781286 24 192.168.1.119 - 52638 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1667 1519618418.8029144 1519618418.826114 23 192.168.1.119 - 52638 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6969 0 6688 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1667 1519618419.3228796 1519618419.3479557 25 192.168.1.119 - 52638 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6431 0 6136 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1668 1519618509.6448343 1519618509.7704444 126 192.168.1.119 - 52641 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1669 1519618922.9582994 1519618922.992599 34 192.168.1.119 - 52648 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1669 1519618923.1975982 1519618923.2274547 30 192.168.1.119 - 52648 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1670 1519618924.2126007 1519618924.2386696 26 192.168.1.119 - 52649 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1671 1519620357.6537097 1519620357.6884778 35 192.168.1.119 - 52655 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1672 1519620763.93078 1519620763.9555163 25 192.168.1.119 - 52656 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1673 1519622357.8924575 1519622357.9509008 58 192.168.1.119 - 52664 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:1105476210&cup2hreq=8f3359c0e3d8f189e3ee564bcbdb640b6c44fa7b68f1b5cbaa371f2d5eb55d05 1414 2480 986 1319 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1674 1519622359.5796132 1519622359.6075299 28 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 282 819 0 0 170 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622236&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2CE1D90E73DB288AEA8D0633A97BBE4EDDD5A16B.4034A2D1467B12669D3096BE634CECFFD7C0E472&key=cms1 - CTU.339.1.Malicious 1675 1519622359.861268 1519622359.8719227 11 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636759&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622236&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2CE1D90E73DB288AEA8D0633A97BBE4EDDD5A16B.4034A2D1467B12669D3096BE634CECFFD7C0E472&key=cms1 576 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1674 1519622361.594544 1519622361.6233072 29 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 370 1486 0 667 259 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622236&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0233888C0CAAD5A0E2FD841129F5BB4C884D08EE.2067BB7D654A23FBE0C3B7AC1AC5A775C19A098F&key=cms1 - CTU.339.1.Malicious 1675 1519622361.8248808 1519622361.8409476 16 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622236&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0233888C0CAAD5A0E2FD841129F5BB4C884D08EE.2067BB7D654A23FBE0C3B7AC1AC5A775C19A098F&key=cms1 664 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622364.8403 1519622364.8699458 30 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 373 1486 0 667 262 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622236&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E43A0E6455ABA9915678BA3434A099022D83807.11C995421BAA65A960D7F68AB7A573BF99AADF2A&key=cms1 - CTU.339.1.Malicious 1675 1519622365.0754256 1519622365.088731 13 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622236&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3E43A0E6455ABA9915678BA3434A099022D83807.11C995421BAA65A960D7F68AB7A573BF99AADF2A&key=cms1 667 6855 0 6189 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622367.1273456 1519622367.1562 29 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0370428D1669F1D17EE61781E055E89534753FAF.1E7C973BBBCA82369AF2991F3D9BE0BF428BA288&key=cms1 - CTU.339.1.Malicious 1675 1519622367.353615 1519622367.3663166 13 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0370428D1669F1D17EE61781E055E89534753FAF.1E7C973BBBCA82369AF2991F3D9BE0BF428BA288&key=cms1 668 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622368.2117836 1519622368.2413766 30 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2282E1D9F205196C869BAC9F33B93657ADBCFEB5.5E06567CE8B38945D89D58EC10B66269162D3CCD&key=cms1 - CTU.339.1.Malicious 1675 1519622368.4487042 1519622368.485982 37 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636768&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2282E1D9F205196C869BAC9F33B93657ADBCFEB5.5E06567CE8B38945D89D58EC10B66269162D3CCD&key=cms1 669 5828 0 5160 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622370.3068476 1519622370.3401341 33 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7AC3CC32AB3BF7B1256696EFB9D6223DDC0BA12D.51E42CEE8D09E6E2FF459590A534BF15C3D43FA1&key=cms1 - CTU.339.1.Malicious 1675 1519622370.5466874 1519622370.5575235 11 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7AC3CC32AB3BF7B1256696EFB9D6223DDC0BA12D.51E42CEE8D09E6E2FF459590A534BF15C3D43FA1&key=cms1 669 11614 0 10945 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622372.7240605 1519622372.753225 29 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A2371A20F23B61E8C5BB87A1F56AC7E1A93610E.29C69471754E9568C5A506FC60FE55C5D483761F&key=cms1 - CTU.339.1.Malicious 1675 1519622372.954335 1519622372.965256 11 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=5A2371A20F23B61E8C5BB87A1F56AC7E1A93610E.29C69471754E9568C5A506FC60FE55C5D483761F&key=cms1 669 11559 0 10890 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622373.7679803 1519622373.792833 25 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7754769FA4597B711BDB71F78701C44F1ABACD1A.45979F06792BA18BD81BF2ECA4A769FC47F49B87&key=cms1 - CTU.339.1.Malicious 1675 1519622373.997506 1519622374.0133405 16 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7754769FA4597B711BDB71F78701C44F1ABACD1A.45979F06792BA18BD81BF2ECA4A769FC47F49B87&key=cms1 669 11578 0 10909 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622375.2140298 1519622375.2441807 30 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=80D9832FB67486AEF1A6A1D1276F12CFA72DC774.11EB1E22EB1D83520A99E594908945B14067BCB2&key=cms1 - CTU.339.1.Malicious 1675 1519622375.4441862 1519622375.4601865 16 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=80D9832FB67486AEF1A6A1D1276F12CFA72DC774.11EB1E22EB1D83520A99E594908945B14067BCB2&key=cms1 669 10363 0 9695 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622377.274393 1519622377.3044546 30 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8361744374C7BA2E422AB181C05B3E82E73D4832.07818811043F91B02BBDF66D8C70820316610924&key=cms1 - CTU.339.1.Malicious 1675 1519622377.5067306 1519622377.5225525 16 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=8361744374C7BA2E422AB181C05B3E82E73D4832.07818811043F91B02BBDF66D8C70820316610924&key=cms1 669 20545 0 19876 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622380.437794 1519622380.462929 25 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=826ADE1D76517A952385798E3D6864A12344197E.69BCAB1DC3FA423FDBDFE8E8B0117F817516F610&key=cms1 - CTU.339.1.Malicious 1675 1519622380.6673934 1519622380.680142 13 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636780&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=826ADE1D76517A952385798E3D6864A12344197E.69BCAB1DC3FA423FDBDFE8E8B0117F817516F610&key=cms1 669 16921 0 16252 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622382.1321514 1519622382.1591814 27 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 376 1486 0 667 265 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2F59BDE9FC9BCFDC9EEC6D30BC1222CFC7BC0A0D.68877BB8859B7418AC8BDB449BE556B5F95F923E&key=cms1 - CTU.339.1.Malicious 1675 1519622382.3739698 1519622382.390313 16 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636782&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2F59BDE9FC9BCFDC9EEC6D30BC1222CFC7BC0A0D.68877BB8859B7418AC8BDB449BE556B5F95F923E&key=cms1 670 14698 0 14028 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622383.7996445 1519622383.8245525 25 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=57A55F706C5CCA49D59AA59CE5BC89CC9E0E1EB9.702B80A22977E350C7C1EC5F69D799587E3A961C&key=cms1 - CTU.339.1.Malicious 1675 1519622384.0286772 1519622384.0443568 16 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636783&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=57A55F706C5CCA49D59AA59CE5BC89CC9E0E1EB9.702B80A22977E350C7C1EC5F69D799587E3A961C&key=cms1 671 12794 0 12123 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622385.956044 1519622385.9810712 25 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59BBC128EBA4E2093ED970F66566A6C0DCD8FE31.10B862879544EC01E6C1C7805011ECBAA7C8948F&key=cms1 - CTU.339.1.Malicious 1675 1519622386.1858938 1519622386.1988862 13 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pcm2cms=yes&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=59BBC128EBA4E2093ED970F66566A6C0DCD8FE31.10B862879544EC01E6C1C7805011ECBAA7C8948F&key=cms1 691 12550 0 11879 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622388.6761835 1519622388.7059686 30 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6EF3F507AB7826F88F294FE394D728E029CE8C96.3A99B7BCCE9C5F2D708A7E0586EEBB3014F7E601&key=cms1 - CTU.339.1.Malicious 1675 1519622388.9063573 1519622388.9216628 15 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=6EF3F507AB7826F88F294FE394D728E029CE8C96.3A99B7BCCE9C5F2D708A7E0586EEBB3014F7E601&key=cms1 671 10777 0 10106 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622390.7335622 1519622390.7615187 28 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=234B03BA683B9B81EF9DF55BCE22CB88170BDD1C.060389618D3FD4BC0A7777D38AA505DFC18694B9&key=cms1 - CTU.339.1.Malicious 1675 1519622390.980577 1519622390.9911683 11 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=234B03BA683B9B81EF9DF55BCE22CB88170BDD1C.060389618D3FD4BC0A7777D38AA505DFC18694B9&key=cms1 671 20980 0 20309 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622394.0036144 1519622394.0288363 25 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3FB8B879797520C2D8F68769E455613F97534C34.84B7DCACBBA13CBDB084579B553A7B8655A8C884&key=cms1 - CTU.339.1.Malicious 1675 1519622394.2331624 1519622394.2475896 14 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636794&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3FB8B879797520C2D8F68769E455613F97534C34.84B7DCACBBA13CBDB084579B553A7B8655A8C884&key=cms1 671 17126 0 16455 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622396.2006156 1519622396.2310624 30 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3F0928D8E570A4A3577F4B6D0D8647512EC4D066.72330E6825AF0679E65880B6F8A87CE7F7C573F5&key=cms1 - CTU.339.1.Malicious 1675 1519622396.4326463 1519622396.4432514 11 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636796&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3F0928D8E570A4A3577F4B6D0D8647512EC4D066.72330E6825AF0679E65880B6F8A87CE7F7C573F5&key=cms1 671 16714 0 16043 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622398.9109876 1519622398.9368463 26 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07E21E414923508AAEF4A31F653269CBBA8BEEFE.7C83D6CC8BA06BD6B13C65F0FB37BACD20DF9FB0&key=cms1 - CTU.339.1.Malicious 1675 1519622399.1310587 1519622399.1441212 13 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636798&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=07E21E414923508AAEF4A31F653269CBBA8BEEFE.7C83D6CC8BA06BD6B13C65F0FB37BACD20DF9FB0&key=cms1 671 14482 0 13811 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622400.5625787 1519622400.5943503 32 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2BB7A7F4433FE425CDB7B9D53C6D0F82612E9632.68F8DFC68E3534478AC0AF14A7913B15844D1311&key=cms1 - CTU.339.1.Malicious 1675 1519622400.7923694 1519622400.8089337 17 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=2BB7A7F4433FE425CDB7B9D53C6D0F82612E9632.68F8DFC68E3534478AC0AF14A7913B15844D1311&key=cms1 671 12578 0 11907 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622403.0296304 1519622403.0586963 29 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0192A5FECEC7F5F3E32AC9563A10306FB06A6D97.6509B1829E9C66941FFB896DC6699BAD9AC4D3FB&key=cms1 - CTU.339.1.Malicious 1675 1519622403.2694123 1519622403.2795382 10 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636803&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=0192A5FECEC7F5F3E32AC9563A10306FB06A6D97.6509B1829E9C66941FFB896DC6699BAD9AC4D3FB&key=cms1 671 12584 0 11913 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1674 1519622405.216966 1519622405.2455435 29 192.168.1.119 - 52665 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=504919096C023FE7DE70163E835AC05FF5EAD043.1BDF89CB28082B6CF5F3ACF95A834EFF05277A0E&key=cms1 - CTU.339.1.Malicious 1675 1519622405.4489043 1519622405.4635649 15 192.168.1.119 - 52666 195.113.214.206 80 http://r3---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/QcFdYMSS_r8_4305/4305_all_crl-set-14889325168811085601.data.crx3?cms_redirect=yes&expire=1519636805&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519622302&mv=m&pl=15&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=504919096C023FE7DE70163E835AC05FF5EAD043.1BDF89CB28082B6CF5F3ACF95A834EFF05277A0E&key=cms1 671 4313 0 3643 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1676 1519622407.6706676 1519622407.9043527 234 192.168.1.119 - 52667 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1677 1519622524.562993 1519622524.5890284 26 192.168.1.119 - 52675 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1678 1519622524.5383244 1519622524.7785747 240 192.168.1.119 - 52674 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1678 1519622524.8138337 1519622524.8460507 32 192.168.1.119 - 52674 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1679 1519623957.6563935 1519623957.6925647 36 192.168.1.119 - 52682 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1680 1519624369.7611113 1519624369.7923372 31 192.168.1.119 - 52683 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.26%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1681 1519626125.9699318 1519626126.0015874 32 192.168.1.119 - 52693 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1682 1519626127.0156634 1519626127.0414507 26 192.168.1.119 - 52691 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1683 1519626127.0566611 1519626127.0852726 29 192.168.1.119 - 52692 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1684 1519627101.390423 1519627101.5941296 204 192.168.1.119 - 52695 23.21.92.252 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 414 232 193 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1685 1519627558.2518017 1519627558.2935426 42 192.168.1.119 - 52701 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1686 1519629727.1038382 1519629727.137046 33 192.168.1.119 - 52709 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1687 1519629727.3810494 1519629727.4127939 32 192.168.1.119 - 52710 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1687 1519629728.3425002 1519629728.3707328 28 192.168.1.119 - 52710 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1688 1519631158.2197995 1519631158.238452 19 192.168.1.119 - 52722 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1689 1519633328.3043644 1519633328.3408449 36 192.168.1.119 - 52730 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1690 1519633328.476395 1519633328.5110853 35 192.168.1.119 - 52732 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1690 1519633328.5143275 1519633328.5552185 41 192.168.1.119 - 52732 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1691 1519634759.231063 1519634759.250111 19 192.168.1.119 - 52744 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1692 1519636929.6829245 1519636929.711439 29 192.168.1.119 - 52754 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1692 1519636929.7184918 1519636929.75083 32 192.168.1.119 - 52754 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1693 1519636930.8463194 1519636930.8777294 31 192.168.1.119 - 52753 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1694 1519638358.8637774 1519638358.8808677 17 192.168.1.119 - 52766 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1695 1519640530.853223 1519640530.884492 31 192.168.1.119 - 52774 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1695 1519640530.8917565 1519640530.9159968 24 192.168.1.119 - 52774 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1696 1519640531.2655172 1519640531.3000984 35 192.168.1.119 - 52776 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1697 1519641280.5099633 1519641280.542666 33 192.168.1.119 - 52782 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.26%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1698 1519641960.6864402 1519641960.7068155 20 192.168.1.119 - 52789 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1699 1519642392.495019 1519642392.542632 48 192.168.1.119 - 52795 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1700 1519644133.0108304 1519644133.0431225 32 192.168.1.119 - 52805 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1701 1519644133.2419734 1519644133.2744339 32 192.168.1.119 - 52803 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1701 1519644133.2780135 1519644133.3675413 90 192.168.1.119 - 52803 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1702 1519645560.624416 1519645560.6414063 17 192.168.1.119 - 52813 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1703 1519647311.6168401 1519647312.4446764 828 192.168.1.119 - 52826 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1704 1519647734.4628334 1519647734.4948204 32 192.168.1.119 - 52829 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1704 1519647734.5035152 1519647734.532666 29 192.168.1.119 - 52829 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1705 1519647735.660489 1519647735.6894202 29 192.168.1.119 - 52828 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1706 1519649161.3070817 1519649161.3265636 19 192.168.1.119 - 52836 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1707 1519651336.0403216 1519651336.08492 45 192.168.1.119 - 52852 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1708 1519651336.634429 1519651336.6627986 28 192.168.1.119 - 52850 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1709 1519651336.6063013 1519651336.8658614 260 192.168.1.119 - 52849 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1710 1519652761.1701386 1519652761.1902566 20 192.168.1.119 - 52859 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1711 1519654937.4718432 1519654937.5112338 39 192.168.1.119 - 52874 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1711 1519654937.5202568 1519654937.5511622 31 192.168.1.119 - 52874 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1712 1519654938.8246682 1519654938.855491 31 192.168.1.119 - 52872 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1713 1519656361.813683 1519656361.8497667 36 192.168.1.119 - 52881 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1714 1519657549.5406797 1519657549.5787206 38 192.168.1.119 - 52888 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.26%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1715 1519658539.146518 1519658539.1797884 33 192.168.1.119 - 52894 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1715 1519658539.201971 1519658539.2338111 32 192.168.1.119 - 52894 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1716 1519658539.5460808 1519658539.5838432 38 192.168.1.119 - 52896 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1717 1519659961.770983 1519659961.8042655 33 192.168.1.119 - 52904 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1718 1519662140.222055 1519662140.2737145 52 192.168.1.119 - 52911 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1718 1519662140.4860694 1519662140.5178907 32 192.168.1.119 - 52911 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1719 1519662141.4714062 1519662141.5090697 38 192.168.1.119 - 52913 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1720 1519663562.57565 1519663562.5977592 22 192.168.1.119 - 52925 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1721 1519664025.813085 1519664025.8940277 81 192.168.1.119 - 52931 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1722 1519665742.041806 1519665742.0761645 34 192.168.1.119 - 52939 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1723 1519665742.039127 1519665742.0840294 45 192.168.1.119 - 52940 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1724 1519665742.3469398 1519665742.3766239 30 192.168.1.119 - 52941 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1725 1519667162.3387558 1519667162.358527 20 192.168.1.119 - 52949 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1726 1519669342.6571054 1519669342.6845865 27 192.168.1.119 - 52962 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1727 1519669342.8540428 1519669342.892654 39 192.168.1.119 - 52961 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1728 1519669343.2412663 1519669343.2710528 30 192.168.1.119 - 52964 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1729 1519670752.008375 1519670752.23485 226 192.168.1.119 - 52973 178.79.227.142 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 252 0 0 203 228 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1730 1519670752.0061269 1519670752.2609153 255 192.168.1.119 - 52972 178.79.242.19 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 252 0 0 203 228 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1731 1519670758.6929307 1519670758.8971152 204 192.168.1.119 - 52974 54.225.194.96 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 351 232 166 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1732 1519670762.98481 1519670763.0219 37 192.168.1.119 - 52975 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1733 1519671155.7334304 1519671155.9449828 212 192.168.1.119 - 52979 23.21.92.252 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1734 1519671156.9844255 1519671157.1958404 211 192.168.1.119 - 52980 23.21.92.252 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1735 1519671158.2187579 1519671158.438706 220 192.168.1.119 - 52981 54.197.251.114 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1736 1519671159.1435983 1519671159.3702295 227 192.168.1.119 - 52982 174.129.255.167 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1737 1519671159.3785095 1519671160.6423233 1264 192.168.1.119 - 52983 174.129.255.167 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 524 232 339 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1738 1519671294.0377848 1519671294.2429516 205 192.168.1.119 - 52990 23.21.92.252 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1739 1519671294.5594394 1519671294.8822675 323 192.168.1.119 - 52992 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519669830&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=216&pc=99&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=259760&rsb=4&rtsb=18845829&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=310911866&t_downP_=1296402005&t_up=4228743&t_down=14213539&mt=2370493&ssb=1438914&ssu=11645912513&xseq=8&cau_time=0 704 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1740 1519671295.2105381 1519671295.2442732 34 192.168.1.119 - 52993 54.230.44.161 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1741 1519671294.2516356 1519671295.5078106 1256 192.168.1.119 - 52991 23.21.92.252 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1742 1519671296.5267136 1519671296.746066 219 192.168.1.119 - 52994 23.21.92.252 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1743 1519671297.7932549 1519671298.042701 249 192.168.1.119 - 52995 23.21.92.252 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1744 1519671298.0518436 1519671299.3176055 1266 192.168.1.119 - 52996 23.21.92.252 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1745 1519672943.5129542 1519672943.550127 37 192.168.1.119 - 53003 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1746 1519672943.7958791 1519672943.8337882 38 192.168.1.119 - 53005 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1745 1519672943.9115932 1519672943.9469743 35 192.168.1.119 - 53003 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1747 1519674363.0261276 1519674363.0695527 43 192.168.1.119 - 53013 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1748 1519676113.4574654 1519676113.6014519 144 192.168.1.119 - 53024 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1749 1519676148.7063758 1519676148.7427065 36 192.168.1.119 - 53026 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.26%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1750 1519676358.2748306 1519676358.3272915 52 192.168.1.119 - 53028 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:1421424584&cup2hreq=302293e4f4484ce63b55506dead8850ec698718c584c35431bbf06c2cdea8011 1414 2485 986 1324 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1751 1519676361.548567 1519676361.5792928 31 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 282 839 0 0 170 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7A70087EFAC06AAD9E6E6BB58F8EE5DDF8122859.13D688DC773D394A5ACBD3824FF4374A07E885E9&key=cms1 - CTU.339.1.Malicious 1752 1519676361.803983 1519676361.8154402 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690761&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7A70087EFAC06AAD9E6E6BB58F8EE5DDF8122859.13D688DC773D394A5ACBD3824FF4374A07E885E9&key=cms1 596 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1751 1519676364.0584738 1519676364.0873435 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 370 1530 0 691 259 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6603564D7247598E94815EACAD0C560ADB701FDB.07549918F554379C16E58EC6443B3425C8B5526B&key=cms1 - CTU.339.1.Malicious 1752 1519676364.2930748 1519676364.3049445 12 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690764&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6603564D7247598E94815EACAD0C560ADB701FDB.07549918F554379C16E58EC6443B3425C8B5526B&key=cms1 684 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676367.1286652 1519676367.1543183 26 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 374 1486 0 667 263 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=43311EB47C723895A0F9D68EC8FC97691D296402.17586107B9039549300E76FB179B7BD44B60A243&key=cms1 - CTU.339.1.Malicious 1752 1519676367.3543992 1519676367.3694384 15 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690767&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=43311EB47C723895A0F9D68EC8FC97691D296402.17586107B9039549300E76FB179B7BD44B60A243&key=cms1 668 11393 0 10725 272 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676370.8317962 1519676370.857257 25 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1877DF8104D17DC4791055EA3C1C514FF2151957.3F4B393D885BEB515FFE96199603AD3CB810CFA5&key=cms1 - CTU.339.1.Malicious 1752 1519676371.0671952 1519676371.0818377 15 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690770&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=1877DF8104D17DC4791055EA3C1C514FF2151957.3F4B393D885BEB515FFE96199603AD3CB810CFA5&key=cms1 689 7492 0 6824 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676372.1165957 1519676372.142608 26 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82FFBF3F1CF830EB57CD29A3115A92A780C3B304.22EB7A35DBEF8014A0EE78F4106E10E068691FD7&key=cms1 - CTU.339.1.Malicious 1752 1519676372.3839872 1519676372.3992364 15 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690772&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519676248&mv=m&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=82FFBF3F1CF830EB57CD29A3115A92A780C3B304.22EB7A35DBEF8014A0EE78F4106E10E068691FD7&key=cms1 669 14984 0 14315 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676373.7879317 1519676373.816826 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=847BC2799E1BB8F10890265B32A874BB1B8CAD00.4CE7C957531FFDE646CBD63D540BC0C6D82D24EE&key=cms1 - CTU.339.1.Malicious 1752 1519676374.017849 1519676374.0401642 22 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690773&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=847BC2799E1BB8F10890265B32A874BB1B8CAD00.4CE7C957531FFDE646CBD63D540BC0C6D82D24EE&key=cms1 689 11186 0 10517 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676374.841418 1519676374.8670263 26 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72916AA19111FF85ED010E922A5AC141140E6A8A.5463CB32D09D1399599F8E6B53BCD3C4C99E6AE9&key=cms1 - CTU.339.1.Malicious 1752 1519676375.061558 1519676375.0730085 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690774&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=72916AA19111FF85ED010E922A5AC141140E6A8A.5463CB32D09D1399599F8E6B53BCD3C4C99E6AE9&key=cms1 669 10947 0 10278 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676375.91011 1519676375.935507 25 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 375 1530 0 691 264 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3155D2FE0EDDE1DBA8B614B2BEA651D7B34A124A.460AC5192BC1B22B6E998477A2DDA08D3A3C2E0E&key=cms1 - CTU.339.1.Malicious 1752 1519676376.1348836 1519676376.1473577 12 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690775&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3155D2FE0EDDE1DBA8B614B2BEA651D7B34A124A.460AC5192BC1B22B6E998477A2DDA08D3A3C2E0E&key=cms1 689 10721 0 10052 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676377.9524214 1519676377.9822125 30 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 375 1486 0 667 264 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=62D11B8CA5549F01C70D968A953D4730E48A4ABA.280013CEDB3A44E0FAF10E1DC518B7B66BD01AAF&key=cms1 - CTU.339.1.Malicious 1752 1519676378.1821954 1519676378.1972234 15 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690777&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=62D11B8CA5549F01C70D968A953D4730E48A4ABA.280013CEDB3A44E0FAF10E1DC518B7B66BD01AAF&key=cms1 669 21397 0 20728 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676381.382077 1519676381.412123 30 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 376 1530 0 691 265 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7C5F218ADE08080CAB3DAF388C03E6DA6D55F0FB.1690EC2B055D017F1F0D9D6AF648E1EE45093897&key=cms1 - CTU.339.1.Malicious 1752 1519676381.6144726 1519676381.6300163 16 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690781&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=7C5F218ADE08080CAB3DAF388C03E6DA6D55F0FB.1690EC2B055D017F1F0D9D6AF648E1EE45093897&key=cms1 690 17813 0 17143 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676384.1309466 1519676384.1603665 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7E7907000692735A318FAB495FA474752C56335F.35D8E90320DA27A6F4CEB2760180D7206443771B&key=cms1 - CTU.339.1.Malicious 1752 1519676384.3827338 1519676384.3977761 15 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690784&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=7E7907000692735A318FAB495FA474752C56335F.35D8E90320DA27A6F4CEB2760180D7206443771B&key=cms1 671 15392 0 14721 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676385.8183296 1519676385.8433802 25 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3A814856560331FC994F60D4C30DF818484B79B4.717BFC6D3366E6E79221558A5F716F1CCCF45357&key=cms1 - CTU.339.1.Malicious 1752 1519676386.047543 1519676386.0637333 16 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690785&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=3A814856560331FC994F60D4C30DF818484B79B4.717BFC6D3366E6E79221558A5F716F1CCCF45357&key=cms1 691 13443 0 12772 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676388.2749882 1519676388.300645 26 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=01A0272C54E05A0DC432F41AADCADC7C56E870C8.63D6951976A11010EDA96EE6E43FA5150238E820&key=cms1 - CTU.339.1.Malicious 1752 1519676388.507398 1519676388.5183125 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690788&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=01A0272C54E05A0DC432F41AADCADC7C56E870C8.63D6951976A11010EDA96EE6E43FA5150238E820&key=cms1 691 13706 0 13035 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676390.4139342 1519676390.4430492 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82F55F415C1BF721BA6AC40419DC20D44A3853FD.589E167797FA1CB21E441BB529845FF333A95FAB&key=cms1 - CTU.339.1.Malicious 1752 1519676390.64447 1519676390.6603625 16 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690790&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=82F55F415C1BF721BA6AC40419DC20D44A3853FD.589E167797FA1CB21E441BB529845FF333A95FAB&key=cms1 691 13488 0 12817 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676392.9233942 1519676392.9526076 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3EC172F7DF903683CF50FF8600E2B6A766A6DD06.682E819EDA07959216431BC8FCD90C60889FC9E6&key=cms1 - CTU.339.1.Malicious 1752 1519676393.153331 1519676393.1664875 13 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690792&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=3EC172F7DF903683CF50FF8600E2B6A766A6DD06.682E819EDA07959216431BC8FCD90C60889FC9E6&key=cms1 671 11637 0 10966 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676395.4425833 1519676395.471563 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1963D0DBE592B9FF14A9BA3002C9660732F2BA29.30DF60B015C9F3DC7C3E7CC823AB88C26B30E441&key=cms1 - CTU.339.1.Malicious 1752 1519676395.6726103 1519676395.6844075 12 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690795&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=1963D0DBE592B9FF14A9BA3002C9660732F2BA29.30DF60B015C9F3DC7C3E7CC823AB88C26B30E441&key=cms1 671 12019 0 11348 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676397.970417 1519676397.9995615 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=13042B4231BB4F7705376EFA5144130058F0A392.1F6ADBB32F36F784C9BD8E64EA12B8CC6939A6E2&key=cms1 - CTU.339.1.Malicious 1752 1519676398.2001915 1519676398.2109385 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690797&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=13042B4231BB4F7705376EFA5144130058F0A392.1F6ADBB32F36F784C9BD8E64EA12B8CC6939A6E2&key=cms1 691 12287 0 11616 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676399.502199 1519676399.5311759 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=355E6ED956A89D3B0D6ADC319AAC00965557238D.4300C576C3AFBE6D717162C589136E145D4AE4B8&key=cms1 - CTU.339.1.Malicious 1752 1519676399.734285 1519676399.745076 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690799&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=355E6ED956A89D3B0D6ADC319AAC00965557238D.4300C576C3AFBE6D717162C589136E145D4AE4B8&key=cms1 691 10834 0 10163 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676400.5484118 1519676400.5776527 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6053DF20084593FFDCA1036FEFF9D5AB72F0522C.7B95975A644C2F28A3DDDC27435159FAF8654FEB&key=cms1 - CTU.339.1.Malicious 1752 1519676400.7814295 1519676400.7924204 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690800&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=6053DF20084593FFDCA1036FEFF9D5AB72F0522C.7B95975A644C2F28A3DDDC27435159FAF8654FEB&key=cms1 691 11126 0 10455 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676402.605693 1519676402.6348932 29 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1530 0 691 266 822 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4F3A442537C09481A0AD3666ABF2E1C6D621028C.13CDBB52BA7E70C0C6D3A67347A3E28CAAE9BF0F&key=cms1 - CTU.339.1.Malicious 1752 1519676402.8356042 1519676402.846777 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690802&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pcm2cms=yes&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pcm2cms,pl,shardbypass&signature=4F3A442537C09481A0AD3666ABF2E1C6D621028C.13CDBB52BA7E70C0C6D3A67347A3E28CAAE9BF0F&key=cms1 691 16743 0 16072 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1751 1519676404.8128557 1519676404.843062 30 192.168.1.119 - 53029 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3 377 1486 0 667 266 802 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=501F4D74F9D13BB738CBAD75D5B3143690A3DB85.107257449363034AC10B9CF3777447CDB4892F79&key=cms1 - CTU.339.1.Malicious 1752 1519676405.0424595 1519676405.0533552 11 192.168.1.119 - 53030 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ALv-RDlIS9Na_4306/4306_all_crl-set-3012373002303828586.data.crx3?cms_redirect=yes&expire=1519690804&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519675767&mv=u&pl=20&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,pl,shardbypass&signature=501F4D74F9D13BB738CBAD75D5B3143690A3DB85.107257449363034AC10B9CF3777447CDB4892F79&key=cms1 671 14078 0 13407 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1753 1519676408.6305165 1519676408.715376 85 192.168.1.119 - 53031 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1754 1519676545.2508266 1519676545.2831616 32 192.168.1.119 - 53032 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1754 1519676545.357708 1519676545.389401 32 192.168.1.119 - 53032 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1755 1519676546.45489 1519676546.482817 28 192.168.1.119 - 53034 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1756 1519677964.7122452 1519677964.731432 19 192.168.1.119 - 53043 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1757 1519680148.1433723 1519680148.179416 36 192.168.1.119 - 53056 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1758 1519680148.1477375 1519680148.18674 39 192.168.1.119 - 53055 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1759 1519680148.5574515 1519680148.590339 33 192.168.1.119 - 53057 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1760 1519681564.704608 1519681564.7222161 18 192.168.1.119 - 53066 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1761 1519683749.7704191 1519683749.7990377 29 192.168.1.119 - 53078 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1761 1519683749.8098261 1519683749.8368585 27 192.168.1.119 - 53078 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1762 1519683750.811546 1519683750.8404691 29 192.168.1.119 - 53080 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1763 1519685165.4224615 1519685165.439414 17 192.168.1.119 - 53092 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1764 1519685654.701549 1519685654.7297845 28 192.168.1.119 - 53093 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1765 1519687350.417009 1519687350.6381028 221 192.168.1.119 - 53105 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1765 1519687350.641082 1519687350.8830314 242 192.168.1.119 - 53105 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1766 1519687351.3524835 1519687351.383662 31 192.168.1.119 - 53107 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1767 1519688765.2590342 1519688765.2777872 19 192.168.1.119 - 53114 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1768 1519690951.4848685 1519690951.508778 24 192.168.1.119 - 53126 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1769 1519690951.4905381 1519690951.5154715 25 192.168.1.119 - 53127 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1770 1519690952.7587156 1519690952.7928956 34 192.168.1.119 - 53128 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1771 1519692366.0135498 1519692366.0315983 18 192.168.1.119 - 53136 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1772 1519694552.373091 1519694552.4045334 31 192.168.1.119 - 53148 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1772 1519694552.4081733 1519694552.4461462 38 192.168.1.119 - 53148 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1773 1519694553.1522226 1519694553.1867385 35 192.168.1.119 - 53150 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1774 1519695103.6573656 1519695103.6889539 32 192.168.1.119 - 53152 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.26%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1775 1519695109.5825198 1519695109.6249118 42 192.168.1.119 - 53153 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1776 1519695965.868944 1519695965.9039745 35 192.168.1.119 - 53160 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1777 1519698153.6410134 1519698153.669833 29 192.168.1.119 - 53173 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1777 1519698154.0804667 1519698154.1090672 29 192.168.1.119 - 53173 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1778 1519698154.9190335 1519698154.9443166 25 192.168.1.119 - 53174 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1779 1519699566.5229175 1519699566.539955 17 192.168.1.119 - 53182 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1780 1519701755.830905 1519701755.8632436 32 192.168.1.119 - 53197 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1781 1519701755.9396904 1519701755.9681604 28 192.168.1.119 - 53195 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1781 1519701756.1777933 1519701756.2073371 30 192.168.1.119 - 53195 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1782 1519703167.3458223 1519703167.3624456 17 192.168.1.119 - 53204 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1783 1519704819.6903164 1519704819.7134137 23 192.168.1.119 - 53213 185.26.182.112 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1783 1519704819.7537897 1519704819.778479 25 192.168.1.119 - 53213 185.26.182.112 443 https://exchange.opera.com/api/v1/cmc/ 283 6958 0 6677 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1784 1519704819.99915 1519704820.0198145 21 192.168.1.119 - 53214 185.26.182.112 443 https://exchange.opera.com/api/v1/nbu/ 283 6428 0 6133 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1785 1519704914.7134278 1519704914.937055 224 192.168.1.119 - 53215 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1786 1519705357.9462745 1519705357.975053 29 192.168.1.119 - 53216 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1786 1519705358.0015628 1519705358.029569 28 192.168.1.119 - 53216 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1787 1519705358.9408076 1519705358.966315 26 192.168.1.119 - 53218 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1788 1519706768.1087766 1519706768.1430974 34 192.168.1.119 - 53234 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1789 1519707285.1623602 1519707285.191735 29 192.168.1.119 - 53235 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1790 1519708959.1473224 1519708959.1795561 32 192.168.1.119 - 53243 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1791 1519708959.3748977 1519708959.4104037 36 192.168.1.119 - 53245 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1790 1519708959.389863 1519708959.4186583 29 192.168.1.119 - 53243 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1792 1519710368.0159714 1519710368.0330522 17 192.168.1.119 - 53257 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1793 1519712560.5950782 1519712560.6285503 33 192.168.1.119 - 53267 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1794 1519712561.7393954 1519712561.7710907 32 192.168.1.119 - 53265 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1795 1519712561.5708869 1519712561.8157737 245 192.168.1.119 - 53266 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1796 1519713844.167927 1519713844.1965685 29 192.168.1.119 - 53274 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.27%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1797 1519713968.7674038 1519713968.8114386 44 192.168.1.119 - 53280 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1798 1519716163.0334437 1519716163.082221 49 192.168.1.119 - 53289 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1799 1519716163.028961 1519716163.0851352 56 192.168.1.119 - 53288 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1800 1519716163.0491548 1519716163.0914743 42 192.168.1.119 - 53290 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1801 1519717568.5346515 1519717568.5542257 20 192.168.1.119 - 53301 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1802 1519719765.6956515 1519719765.7307613 35 192.168.1.119 - 53311 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1802 1519719765.7402885 1519719765.7744124 34 192.168.1.119 - 53311 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1803 1519719765.9209268 1519719765.9489956 28 192.168.1.119 - 53312 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1804 1519721169.046827 1519721169.0881224 41 192.168.1.119 - 53319 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1805 1519722156.5129216 1519722156.7327175 220 192.168.1.119 - 53326 23.21.139.158 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 414 232 193 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1806 1519723366.916218 1519723366.9465299 30 192.168.1.119 - 53335 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1807 1519723367.0728056 1519723367.1013458 29 192.168.1.119 - 53334 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1807 1519723367.108549 1519723367.1391459 31 192.168.1.119 - 53334 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1808 1519724769.9498441 1519724769.991269 41 192.168.1.119 - 53342 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1809 1519726968.27088 1519726968.3121035 41 192.168.1.119 - 53357 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1810 1519726969.4311485 1519726969.4665256 35 192.168.1.119 - 53355 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1811 1519726969.4305174 1519726969.4720726 42 192.168.1.119 - 53356 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3460 0 3080 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1812 1519728370.5974758 1519728370.61645 19 192.168.1.119 - 53368 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1813 1519728919.0929992 1519728919.139975 47 192.168.1.119 - 53374 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1814 1519730359.7473295 1519730359.8256698 78 192.168.1.119 - 53383 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2435109501&cup2hreq=14e301951964c366960e724c5d1054cf99e2a9e3394beccfb8e8947804d7c131 1414 2490 986 1325 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1815 1519730363.1451194 1519730363.173551 28 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 283 649 0 0 170 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730363.4152012 1519730363.4259267 11 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes 406 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1815 1519730366.4891098 1519730366.5165768 27 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 371 1130 0 481 259 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730366.7120109 1519730366.7250783 13 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes 494 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730369.7340336 1519730369.762827 29 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 374 1130 0 481 262 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730369.959884 1519730369.9727957 13 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes 497 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730371.9012773 1519730371.9292295 28 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 375 1130 0 481 263 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730372.1272447 1519730372.13945 12 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes 498 6442 0 5775 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730372.9850283 1519730373.0157762 31 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730373.2104743 1519730373.2245977 14 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 499 12844 0 12175 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730374.5824463 1519730374.6110218 29 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730374.8172739 1519730374.830935 14 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 499 11263 0 10594 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730376.0461967 1519730376.0742779 28 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730376.2710757 1519730376.2859764 15 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes 499 10033 0 9365 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730378.0984223 1519730378.1271653 29 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730378.3282456 1519730378.3418887 14 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730247&mv=m&pl=20&shardbypass=yes 499 19154 0 18485 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730380.7968283 1519730380.825559 29 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730381.0225103 1519730381.0366273 14 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 499 18775 0 18106 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730383.1906035 1519730383.2143059 24 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 377 1130 0 481 265 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730383.412463 1519730383.42567 13 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 500 22201 0 21531 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730385.5791085 1519730385.6068883 28 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730385.8091168 1519730385.8222148 13 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 501 26819 0 26148 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730388.665117 1519730388.6907396 26 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730388.8945193 1519730388.9038687 9 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 501 23431 0 22760 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730391.0273993 1519730391.0535195 26 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730374&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730391.257783 1519730391.2668579 9 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730374&mv=m&pl=20&shardbypass=yes 501 30540 0 29869 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730395.193596 1519730395.221102 28 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730395.4257364 1519730395.4349768 9 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 501 24024 0 23353 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730398.1135583 1519730398.139654 26 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730398.3430653 1519730398.3523517 9 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 501 21517 0 20846 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1815 1519730400.4853697 1519730400.5163927 31 192.168.1.119 - 53384 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1816 1519730400.7144206 1519730400.7246497 10 192.168.1.119 - 53385 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AP5oViCKHkfE_4308/4308_all_crl-set-16417660691639466833.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519730314&mv=m&pl=20&shardbypass=yes 501 17148 0 16477 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1817 1519730407.1252112 1519730407.320033 195 192.168.1.119 - 53386 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1818 1519730569.967284 1519730570.001365 34 192.168.1.119 - 53387 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1819 1519730570.1206906 1519730570.1491265 28 192.168.1.119 - 53388 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1819 1519730570.356647 1519730570.3924499 36 192.168.1.119 - 53388 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1820 1519731970.6033611 1519731970.6449287 42 192.168.1.119 - 53396 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1821 1519732312.9383745 1519732312.9687471 30 192.168.1.119 - 53402 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.27%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1822 1519733716.0940328 1519733716.4444015 350 192.168.1.119 - 53410 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1823 1519734172.0008674 1519734172.0514424 51 192.168.1.119 - 53413 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1824 1519734172.0015843 1519734172.0588791 57 192.168.1.119 - 53411 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1823 1519734172.3747213 1519734172.40707 32 192.168.1.119 - 53413 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1825 1519735571.1713104 1519735571.1881783 17 192.168.1.119 - 53420 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1826 1519737773.5535858 1519737773.593538 40 192.168.1.119 - 53435 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1827 1519737774.5238352 1519737774.5598576 36 192.168.1.119 - 53434 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1828 1519737774.7386632 1519737774.7760596 37 192.168.1.119 - 53433 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1829 1519739170.9556 1519739170.9729578 17 192.168.1.119 - 53442 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1830 1519741374.8847032 1519741374.917655 33 192.168.1.119 - 53455 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1831 1519741375.0715396 1519741375.1017103 30 192.168.1.119 - 53456 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1831 1519741375.3069332 1519741375.3445845 38 192.168.1.119 - 53456 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1832 1519742771.5913663 1519742771.9347453 343 192.168.1.119 - 53464 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1833 1519743433.7152085 1519743433.932988 218 192.168.1.119 - 53470 54.225.194.96 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 365 232 144 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1834 1519744980.1462386 1519744980.1964233 50 192.168.1.119 - 53478 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1835 1519744980.103435 1519744980.2033572 100 192.168.1.119 - 53479 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1836 1519744980.7656162 1519744980.7953627 30 192.168.1.119 - 53480 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1837 1519746371.6205776 1519746371.6731248 53 192.168.1.119 - 53489 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1838 1519748583.2104075 1519748583.2530959 43 192.168.1.119 - 53501 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1839 1519748583.2314925 1519748583.2611923 30 192.168.1.119 - 53502 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1840 1519748584.0438426 1519748584.0913684 48 192.168.1.119 - 53503 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1841 1519749973.2334454 1519749973.2779665 45 192.168.1.119 - 53514 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1842 1519750547.6498582 1519750547.6806917 31 192.168.1.119 - 53521 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1843 1519751808.012473 1519751808.057572 45 192.168.1.119 - 53529 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.27%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1844 1519752184.4682035 1519752184.5198767 52 192.168.1.119 - 53530 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1844 1519752184.5697098 1519752184.6024516 33 192.168.1.119 - 53530 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1845 1519752184.8155732 1519752184.8503313 35 192.168.1.119 - 53532 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1846 1519753573.0418146 1519753573.0592957 17 192.168.1.119 - 53540 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1847 1519755785.7543244 1519755785.7866828 32 192.168.1.119 - 53553 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1847 1519755785.821427 1519755785.8557088 34 192.168.1.119 - 53553 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1848 1519755786.9348655 1519755786.9614599 27 192.168.1.119 - 53554 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1849 1519757163.6781693 1519757163.9336228 255 192.168.1.119 - 53564 178.79.242.19 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 253 0 0 203 229 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1850 1519757163.6752267 1519757163.9381049 263 192.168.1.119 - 53563 178.79.242.19 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 253 0 0 203 229 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1851 1519757168.7628777 1519757169.0124838 250 192.168.1.119 - 53565 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 351 232 166 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1852 1519757173.601656 1519757173.6357834 34 192.168.1.119 - 53566 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1853 1519757767.621954 1519757767.9557848 334 192.168.1.119 - 53569 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519756240&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=289&pc=127&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=346223&rsb=4&rtsb=33413555&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=548332320&t_downP_=2064913881&t_up=5625577&t_down=17742625&mt=3148044&ssb=1525387&ssu=11645998986&xseq=9&cau_time=0 705 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1854 1519757768.086287 1519757768.3120677 226 192.168.1.119 - 53570 54.225.194.96 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1855 1519757768.2824607 1519757768.3238943 41 192.168.1.119 - 53571 13.32.145.129 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1856 1519757769.2359116 1519757769.4844708 249 192.168.1.119 - 53572 23.23.85.1 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1857 1519757770.1562383 1519757770.3687358 212 192.168.1.119 - 53573 23.23.85.1 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1858 1519757771.111828 1519757771.3447208 233 192.168.1.119 - 53574 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1859 1519757772.3663433 1519757772.5771954 211 192.168.1.119 - 53575 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 524 232 339 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1860 1519757796.4490376 1519757796.6533785 204 192.168.1.119 - 53579 23.23.85.1 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1861 1519757796.4668496 1519757796.7954965 329 192.168.1.119 - 53580 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519756240&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=289&pc=129&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=346252&rsb=4&rtsb=33413585&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=548332320&t_downP_=2064913881&t_up=5625577&t_down=17742625&mt=3156095&ssb=1525417&ssu=11645999016&xseq=10&cau_time=0 706 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1862 1519757797.8065782 1519757797.8583534 52 192.168.1.119 - 53582 13.32.145.179 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1863 1519757797.6787739 1519757797.9064872 228 192.168.1.119 - 53581 23.23.85.1 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1864 1519757798.9263382 1519757799.1384752 212 192.168.1.119 - 53583 23.23.85.1 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1865 1519757799.1470664 1519757800.3896484 1243 192.168.1.119 - 53584 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1866 1519757801.4228022 1519757801.650162 227 192.168.1.119 - 53586 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1867 1519759386.9063923 1519759387.1327796 226 192.168.1.119 - 53595 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1867 1519759387.1403432 1519759387.1682775 28 192.168.1.119 - 53595 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1868 1519759387.5169902 1519759387.5493343 32 192.168.1.119 - 53597 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1869 1519760773.6889913 1519760773.731726 43 192.168.1.119 - 53605 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1870 1519762519.7709184 1519762520.0874445 317 192.168.1.119 - 53612 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1871 1519762988.8680913 1519762988.9057786 38 192.168.1.119 - 53621 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1872 1519762989.9301493 1519762989.9724 42 192.168.1.119 - 53619 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1873 1519762989.9297905 1519762989.9727705 43 192.168.1.119 - 53620 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1874 1519764374.4348176 1519764374.4541836 19 192.168.1.119 - 53629 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1875 1519766593.6389508 1519766593.666773 28 192.168.1.119 - 53642 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1876 1519766593.670418 1519766593.7073252 37 192.168.1.119 - 53643 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1877 1519766593.669733 1519766593.7131917 43 192.168.1.119 - 53641 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1878 1519767974.3212233 1519767974.3470476 26 192.168.1.119 - 53653 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1879 1519768449.2830284 1519768449.3110144 28 192.168.1.119 - 53654 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.27%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1880 1519770195.484918 1519770195.5127194 28 192.168.1.119 - 53668 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1881 1519770196.2215655 1519770196.2494817 28 192.168.1.119 - 53667 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1882 1519770196.4390106 1519770196.4682443 29 192.168.1.119 - 53666 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1883 1519771575.0446978 1519771575.061118 16 192.168.1.119 - 53676 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1884 1519772178.9686563 1519772178.9991903 31 192.168.1.119 - 53681 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1885 1519773796.81018 1519773796.8427598 33 192.168.1.119 - 53693 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1886 1519773797.0165133 1519773797.0480938 32 192.168.1.119 - 53694 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1886 1519773797.4934578 1519773797.522149 29 192.168.1.119 - 53694 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1887 1519775174.9213266 1519775174.9402456 19 192.168.1.119 - 53703 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1888 1519777398.2075562 1519777398.4322367 225 192.168.1.119 - 53716 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1888 1519777398.64218 1519777398.6706743 28 192.168.1.119 - 53716 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1889 1519777399.2198694 1519777399.2490418 29 192.168.1.119 - 53715 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1890 1519778776.5877333 1519778776.6224523 35 192.168.1.119 - 53725 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1891 1519780999.8073366 1519780999.8390875 32 192.168.1.119 - 53738 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1891 1519780999.8430307 1519780999.872166 29 192.168.1.119 - 53738 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1892 1519781000.7955523 1519781000.8318496 36 192.168.1.119 - 53739 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1893 1519782376.5393734 1519782376.582683 43 192.168.1.119 - 53747 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1894 1519783689.7492907 1519783689.9695594 220 192.168.1.119 - 53753 23.23.215.82 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 414 232 193 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1895 1519784361.7611964 1519784361.8475657 86 192.168.1.119 - 53755 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:3845635635&cup2hreq=82001298a0ac95f4df9462f971bcb851a9aea8c751e775364fdfa98bc8ff7994 1414 2486 986 1325 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1896 1519784366.0745058 1519784366.103714 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 283 661 0 0 170 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784366.593862 1519784366.6078138 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 418 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1896 1519784370.5600934 1519784370.5875895 27 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 371 1158 0 497 259 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784370.798174 1519784370.8116233 13 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 506 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784372.6621087 1519784372.68939 27 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 375 1158 0 497 263 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784372.896919 1519784372.9104743 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 510 10640 0 9973 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784376.1334422 1519784376.1624465 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 376 1158 0 497 264 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784376.3804817 1519784376.3947747 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 511 10880 0 10211 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784379.0293584 1519784379.0575771 28 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 376 1158 0 497 264 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784379.2684639 1519784379.2822824 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 511 22801 0 22132 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784382.344772 1519784382.3727193 28 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 376 1158 0 497 264 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784382.575856 1519784382.5892675 13 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 511 23537 0 22868 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784384.7240481 1519784384.7514894 27 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 376 1158 0 497 264 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784384.9529998 1519784384.9662313 13 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 511 11781 0 11112 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784386.8908238 1519784386.9201298 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 376 1158 0 497 264 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784387.1203873 1519784387.1340315 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 511 17381 0 16712 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784388.0653546 1519784388.3100662 245 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 377 1158 0 497 265 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784388.5169022 1519784388.5315397 15 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 512 17083 0 16413 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784391.0051665 1519784391.0340812 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784391.2349818 1519784391.2479591 13 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 14498 0 13827 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784393.6660066 1519784393.6963005 30 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784393.895259 1519784393.9094138 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 13701 0 13030 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784396.3171656 1519784396.3454463 28 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784396.548744 1519784396.5625324 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 12890 0 12219 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784398.5267866 1519784398.5538785 27 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784398.756641 1519784398.7679858 11 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 10390 0 9720 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784400.583783 1519784400.612423 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784400.8139515 1519784400.8294985 16 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 19804 0 19133 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784403.5304072 1519784403.5602472 30 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784403.765283 1519784403.7793272 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 17222 0 16551 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784405.235611 1519784405.2628877 27 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784405.4677608 1519784405.482158 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 14959 0 14288 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784407.9362202 1519784407.9647825 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784408.1660051 1519784408.180888 15 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 12942 0 12271 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784410.6261957 1519784410.6547751 29 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784410.8562107 1519784410.8701866 14 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 11968 0 11297 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1896 1519784412.1421795 1519784412.1851993 43 192.168.1.119 - 53757 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3 378 1158 0 497 266 644 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes - CTU.339.1.Malicious 1897 1519784412.3908715 1519784412.4038374 13 192.168.1.119 - 53758 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AIK47gXwF1h5_4310/4310_all_crl-set-13888780193653714557.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519784175&mv=u&pcm2cms=yes&pl=20&shardbypass=yes 513 9945 0 9275 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1898 1519784417.8765092 1519784417.9654078 89 192.168.1.119 - 53759 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1899 1519784601.534234 1519784601.5682316 34 192.168.1.119 - 53760 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1899 1519784601.899719 1519784601.9301353 30 192.168.1.119 - 53760 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1900 1519784602.0012438 1519784602.0363889 35 192.168.1.119 - 53762 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1901 1519784866.1921463 1519784866.2256057 33 192.168.1.119 - 53768 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.27%26uc 676 710 0 466 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1902 1519784876.0269055 1519784876.0515392 25 192.168.1.119 - 53769 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 1903 1519785976.5616238 1519785976.5850935 23 192.168.1.119 - 53777 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1904 1519788203.0874877 1519788203.1217842 34 192.168.1.119 - 53786 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1905 1519788204.0250804 1519788204.0548854 30 192.168.1.119 - 53784 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1906 1519788204.345825 1519788204.4088967 63 192.168.1.119 - 53785 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1907 1519789577.3558967 1519789577.3919106 36 192.168.1.119 - 53799 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1908 1519791220.6122503 1519791220.6381419 26 192.168.1.119 - 53806 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 1908 1519791220.7588122 1519791220.782152 23 192.168.1.119 - 53806 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6956 0 6675 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1909 1519791220.9254024 1519791220.9500916 25 192.168.1.119 - 53808 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6429 0 6134 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 1910 1519791321.84833 1519791321.9268146 78 192.168.1.119 - 53810 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1911 1519791804.4387853 1519791804.4703076 32 192.168.1.119 - 53811 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1912 1519791804.5480797 1519791804.580999 33 192.168.1.119 - 53812 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1912 1519791804.592822 1519791804.6219847 29 192.168.1.119 - 53812 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1913 1519793178.024038 1519793178.0678637 44 192.168.1.119 - 53824 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1914 1519793810.0763965 1519793810.121619 45 192.168.1.119 - 53829 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1915 1519795405.6947207 1519795405.7260895 31 192.168.1.119 - 53838 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1916 1519795406.8569863 1519795406.8902786 33 192.168.1.119 - 53839 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1916 1519795406.899791 1519795406.92746 28 192.168.1.119 - 53839 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1917 1519796777.856502 1519796777.900698 44 192.168.1.119 - 53846 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1918 1519799009.5576193 1519799009.5953631 38 192.168.1.119 - 53861 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1919 1519799009.5565906 1519799009.601136 45 192.168.1.119 - 53860 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1920 1519799009.6081936 1519799009.641081 33 192.168.1.119 - 53859 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1921 1519800378.6326826 1519800378.6667142 34 192.168.1.119 - 53869 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1922 1519802611.204428 1519802611.2437916 39 192.168.1.119 - 53882 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1923 1519802612.1305792 1519802612.1585274 28 192.168.1.119 - 53883 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1924 1519802612.3421006 1519802612.377807 36 192.168.1.119 - 53884 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1925 1519803224.074841 1519803224.1083531 34 192.168.1.119 - 53891 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.28%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1926 1519803978.3137949 1519803978.3363624 23 192.168.1.119 - 53892 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1927 1519806212.291976 1519806212.3347554 43 192.168.1.119 - 53905 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1928 1519806212.6836405 1519806212.7172818 34 192.168.1.119 - 53906 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1928 1519806213.1761143 1519806213.21183 36 192.168.1.119 - 53906 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1929 1519807578.9450386 1519807578.981625 37 192.168.1.119 - 53913 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1930 1519809813.30812 1519809813.3500657 42 192.168.1.119 - 53927 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1931 1519809813.3052764 1519809813.3565443 51 192.168.1.119 - 53926 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1932 1519809813.5892534 1519809813.6174402 28 192.168.1.119 - 53928 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1933 1519811178.9018059 1519811178.9460864 44 192.168.1.119 - 53935 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1934 1519813421.0260093 1519813421.0617378 36 192.168.1.119 - 53949 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1935 1519813421.002841 1519813421.0691226 66 192.168.1.119 - 53950 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1936 1519813421.0034585 1519813421.0694942 66 192.168.1.119 - 53948 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1937 1519814779.6944237 1519814779.7301404 36 192.168.1.119 - 53959 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1938 1519815440.5161488 1519815440.5534306 37 192.168.1.119 - 53969 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1939 1519817023.0134861 1519817023.049871 36 192.168.1.119 - 53979 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1939 1519817023.8914058 1519817023.9264925 35 192.168.1.119 - 53979 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1940 1519817024.2358613 1519817024.2741609 38 192.168.1.119 - 53980 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1941 1519818379.8624675 1519818379.898687 36 192.168.1.119 - 53987 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1942 1519820123.2548609 1519820123.6976366 443 192.168.1.119 - 53999 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1943 1519820625.4002852 1519820625.4374468 37 192.168.1.119 - 54003 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1944 1519820626.3358142 1519820626.5888114 253 192.168.1.119 - 54001 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1945 1519820626.5717225 1519820626.6016498 30 192.168.1.119 - 54002 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1946 1519821748.3078942 1519821748.3418808 34 192.168.1.119 - 54009 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.28%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1947 1519821980.3913863 1519821980.4376915 46 192.168.1.119 - 54012 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1948 1519824227.2100408 1519824227.244195 34 192.168.1.119 - 54025 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1949 1519824228.1253872 1519824228.1556954 30 192.168.1.119 - 54027 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1950 1519824228.3457344 1519824228.3860455 40 192.168.1.119 - 54026 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1951 1519825580.3103406 1519825580.3335183 23 192.168.1.119 - 54034 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1952 1519827828.2126997 1519827828.2499988 37 192.168.1.119 - 54047 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1953 1519827828.5055368 1519827828.5379212 32 192.168.1.119 - 54048 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1953 1519827828.9859958 1519827829.0202675 34 192.168.1.119 - 54048 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1954 1519829181.048289 1519829181.0726318 24 192.168.1.119 - 54054 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1955 1519831374.102175 1519831374.130981 29 192.168.1.119 - 54068 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1956 1519831429.530761 1519831429.5707529 40 192.168.1.119 - 54070 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1957 1519831429.9895759 1519831430.037214 48 192.168.1.119 - 54071 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1958 1519832780.8004096 1519832780.8207345 20 192.168.1.119 - 54077 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1959 1519835031.974637 1519835032.0020187 27 192.168.1.119 - 54090 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1960 1519835150.7522047 1519835150.7807822 29 192.168.1.119 - 54091 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1961 1519835331.7888145 1519835331.8218787 33 192.168.1.119 - 54092 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1962 1519836382.5087235 1519836382.5287676 20 192.168.1.119 - 54099 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1963 1519837070.453466 1519837070.4834318 30 192.168.1.119 - 54110 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1964 1519838359.0261292 1519838359.090607 64 192.168.1.119 - 54117 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2388985678&cup2hreq=6eab28be580c62de319f6ebc994ef60b8ae7dc4df8a039b6a44485a1a52e8e2d 1414 2481 986 1324 303 1145 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1965 1519838360.983424 1519838361.0161188 33 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 282 648 0 0 170 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838361.3429813 1519838361.3556433 13 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 405 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 1965 1519838362.9635053 1519838362.9933183 30 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 370 1128 0 480 259 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838363.1997106 1519838363.2134907 14 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 493 3159 0 2496 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838366.201327 1519838366.229612 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 373 1128 0 480 262 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838366.4385695 1519838366.4523559 14 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 496 3242 0 2576 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838368.3531702 1519838368.380702 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 374 1128 0 480 263 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838368.5858862 1519838368.598546 13 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 497 6443 0 5776 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838369.444873 1519838369.4720423 27 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 375 1128 0 480 264 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838369.6796246 1519838369.6934464 14 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 498 11799 0 11130 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838370.6219785 1519838370.649926 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 375 1128 0 480 264 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838370.853088 1519838370.8670614 14 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 498 54139 0 53470 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838375.390521 1519838375.419016 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 376 1128 0 480 265 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838375.6193614 1519838375.632526 13 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 499 41504 0 40834 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838378.4299467 1519838378.4577985 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838378.660428 1519838378.675043 15 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838246&mv=m&pl=20&shardbypass=yes 500 50134 0 49463 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838382.0327954 1519838382.2760277 243 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838382.474215 1519838382.487574 13 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 500 16105 0 15434 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838384.9622803 1519838384.9895039 27 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838385.1929624 1519838385.2056298 13 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 500 16669 0 15998 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838386.613883 1519838386.641189 27 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838386.8430598 1519838386.866768 24 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 500 13446 0 12775 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838387.7978551 1519838387.8251107 27 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838388.0267253 1519838388.042485 16 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 500 13046 0 12375 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838389.9836729 1519838390.0115142 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838390.2141397 1519838390.2291806 15 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 500 10613 0 9943 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1965 1519838392.0422475 1519838392.070716 28 192.168.1.119 - 54118 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3 377 1128 0 480 266 631 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes - CTU.339.1.Malicious 1966 1519838392.272075 1519838392.2856429 14 192.168.1.119 - 54119 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/AKZGxNoORcUm_4311/4311_all_crl-set-5414125636782868688.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519838317&mv=m&pl=20&shardbypass=yes 500 11928 0 11257 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 1967 1519838397.3877761 1519838397.4896262 102 192.168.1.119 - 54120 216.58.201.67 443 https://update.googleapis.com/service/update2 1252 944 919 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 1968 1519838633.2391498 1519838633.2689943 30 192.168.1.119 - 54121 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1969 1519838888.9329164 1519838888.9631243 30 192.168.1.119 - 54122 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1970 1519838932.1455941 1519838932.183742 38 192.168.1.119 - 54123 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1971 1519839982.0765328 1519839982.0984218 22 192.168.1.119 - 54130 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1972 1519841267.073731 1519841267.1215363 48 192.168.1.119 - 54138 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.28%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 1973 1519842234.6037853 1519842234.6325324 29 192.168.1.119 - 54144 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1974 1519842409.042856 1519842409.082364 40 192.168.1.119 - 54145 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1975 1519842534.0306668 1519842534.0634289 33 192.168.1.119 - 54146 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1976 1519843573.569082 1519843573.8048978 236 192.168.1.119 - 54153 178.79.227.142 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 252 0 0 203 228 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1977 1519843573.57426 1519843573.809336 235 192.168.1.119 - 54154 178.79.227.142 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 253 0 0 203 229 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 1978 1519843577.9291983 1519843578.1634417 234 192.168.1.119 - 54155 23.23.215.82 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 351 232 166 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1979 1519843582.6189687 1519843582.638805 20 192.168.1.119 - 54156 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1980 1519844288.277671 1519844288.506254 229 192.168.1.119 - 54160 54.197.251.114 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1981 1519844288.7803462 1519844289.1082466 328 192.168.1.119 - 54161 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519842649&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=361&pc=156&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=432734&rsb=4&rtsb=52128530&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=852512887&t_downP_=3002982117&t_up=7014296&t_down=21262137&mt=3936723&ssb=1611908&ssu=11646085507&xseq=11&cau_time=0 706 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1982 1519844289.5742033 1519844289.6151664 41 192.168.1.119 - 54163 52.85.245.28 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1983 1519844289.5719812 1519844289.7832146 211 192.168.1.119 - 54162 23.23.215.82 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1984 1519844290.927327 1519844291.1332216 206 192.168.1.119 - 54164 54.197.251.114 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1985 1519844291.800535 1519844292.0362298 236 192.168.1.119 - 54165 54.197.251.114 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1986 1519844293.0708773 1519844293.276623 206 192.168.1.119 - 54166 54.197.251.114 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 524 232 339 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1987 1519844316.4899278 1519844316.7035065 214 192.168.1.119 - 54168 54.197.251.114 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1988 1519844316.4786568 1519844316.810799 332 192.168.1.119 - 54167 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519842649&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=361&pc=158&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=432763&rsb=4&rtsb=52128560&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=852512887&t_downP_=3002982117&t_up=7014296&t_down=21262137&mt=3939550&ssb=1611937&ssu=11646085536&xseq=12&cau_time=0 706 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 1989 1519844317.8390534 1519844317.880691 42 192.168.1.119 - 54170 52.85.245.72 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 1990 1519844317.7434397 1519844317.9781606 235 192.168.1.119 - 54169 54.197.251.114 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1991 1519844317.987616 1519844319.2226276 1235 192.168.1.119 - 54171 54.197.251.114 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1992 1519844319.232102 1519844320.4598982 1228 192.168.1.119 - 54172 54.197.251.114 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1993 1519844321.4868972 1519844321.6997492 213 192.168.1.119 - 54173 54.197.251.114 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 1994 1519845835.882239 1519845835.9209414 39 192.168.1.119 - 54185 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1995 1519846077.287244 1519846077.3177693 31 192.168.1.119 - 54186 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1996 1519846134.395324 1519846134.4302442 35 192.168.1.119 - 54187 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1997 1519847182.4780126 1519847182.521409 43 192.168.1.119 - 54194 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4340 0 3811 147 515 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 1998 1519848925.5420253 1519848925.6702805 128 192.168.1.119 - 54202 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 1999 1519849436.3927083 1519849436.4217262 29 192.168.1.119 - 54208 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2000 1519849709.7993689 1519849709.8318818 33 192.168.1.119 - 54209 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2001 1519849734.751989 1519849734.7806854 29 192.168.1.119 - 54210 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2002 1519850783.1133568 1519850783.1497688 36 192.168.1.119 - 54217 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2003 1519853042.4232912 1519853042.4543293 31 192.168.1.119 - 54230 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2004 1519853206.5286186 1519853206.6293502 101 192.168.1.119 - 54232 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2005 1519853502.7694724 1519853502.8060534 37 192.168.1.119 - 54234 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2006 1519854382.8905914 1519854382.9274013 37 192.168.1.119 - 54241 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2007 1519856644.2119064 1519856644.240704 29 192.168.1.119 - 54254 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2008 1519856775.9483373 1519856775.9816287 33 192.168.1.119 - 54255 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2009 1519857288.187537 1519857288.2210755 34 192.168.1.119 - 54257 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2010 1519857984.5605035 1519857985.6136072 1053 192.168.1.119 - 54263 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2011 1519858703.0018303 1519858703.0449524 43 192.168.1.119 - 54269 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2012 1519859438.6251552 1519859438.6625695 37 192.168.1.119 - 54275 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.28%26uc 676 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2013 1519860245.523796 1519860245.5516868 28 192.168.1.119 - 54282 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2014 1519860343.4792504 1519860343.5112815 32 192.168.1.119 - 54283 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2015 1519860889.430953 1519860889.462731 32 192.168.1.119 - 54285 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2016 1519861584.035411 1519861584.055722 20 192.168.1.119 - 54291 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4341 0 3811 147 516 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2017 1519863794.7473745 1519863794.7784748 31 192.168.1.119 - 54299 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2018 1519863845.77627 1519863845.802683 26 192.168.1.119 - 54300 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2019 1519864528.3878665 1519864528.4218764 34 192.168.1.119 - 54306 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2020 1519865184.7687476 1519865184.788852 20 192.168.1.119 - 54312 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2021 1519867447.1130857 1519867447.1412504 28 192.168.1.119 - 54320 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2022 1519867490.8713226 1519867490.9039466 33 192.168.1.119 - 54321 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2023 1519868353.7342105 1519868353.7694464 35 192.168.1.119 - 54328 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2024 1519868784.5373652 1519868784.576873 40 192.168.1.119 - 54335 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2025 1519871047.9050162 1519871047.9345672 30 192.168.1.119 - 54343 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2026 1519871181.7565656 1519871181.7872293 31 192.168.1.119 - 54347 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2027 1519872181.0673325 1519872181.0997424 32 192.168.1.119 - 54351 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2028 1519872385.1396968 1519872385.1813128 42 192.168.1.119 - 54352 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2029 1519874603.3359122 1519874603.3654907 30 192.168.1.119 - 54365 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2030 1519874648.2337124 1519874648.2651358 31 192.168.1.119 - 54366 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2031 1519875781.7616823 1519875781.7947943 33 192.168.1.119 - 54373 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2032 1519875984.9796054 1519875985.024838 45 192.168.1.119 - 54374 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2033 1519877622.0353682 1519877622.0651116 30 192.168.1.119 - 54388 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 2034 1519877622.0559652 1519877622.091558 36 192.168.1.119 - 54386 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6968 0 6687 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2035 1519877622.0819259 1519877622.1125686 31 192.168.1.119 - 54387 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6431 0 6136 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 2036 1519877726.642247 1519877726.7380655 96 192.168.1.119 - 54389 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 2037 1519878094.5851007 1519878094.616231 31 192.168.1.119 - 54391 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2038 1519878225.592782 1519878225.625748 33 192.168.1.119 - 54392 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.2.28%26uc 676 709 0 465 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2039 1519878232.3197358 1519878232.3562732 37 192.168.1.119 - 54393 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 2040 1519878249.3602772 1519878249.3909447 31 192.168.1.119 - 54394 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2041 1519879585.8346555 1519879585.8707676 36 192.168.1.119 - 54401 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2042 1519879649.3871846 1519879649.420442 33 192.168.1.119 - 54402 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2043 1519880336.4398453 1519880336.4909577 51 192.168.1.119 - 54413 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2044 1519881736.898786 1519881736.9314754 33 192.168.1.119 - 54421 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2045 1519881850.5897677 1519881850.6272545 37 192.168.1.119 - 54422 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2046 1519883185.7206824 1519883185.7400405 19 192.168.1.119 - 54429 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2047 1519883250.9295955 1519883250.9623692 33 192.168.1.119 - 54430 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2048 1519885388.1153386 1519885388.1458635 31 192.168.1.119 - 54443 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2049 1519885451.8059578 1519885451.8376517 32 192.168.1.119 - 54444 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2050 1519886787.012866 1519886787.0587308 46 192.168.1.119 - 54451 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2051 1519887111.5949774 1519887111.6295907 35 192.168.1.119 - 54457 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2052 1519889053.1755633 1519889053.203651 28 192.168.1.119 - 54465 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2053 1519889159.2742019 1519889159.31042 36 192.168.1.119 - 54466 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2054 1519890386.951627 1519890386.9886854 37 192.168.1.119 - 54473 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2055 1519890934.3773944 1519890934.409653 32 192.168.1.119 - 54479 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2056 1519892359.2933667 1519892359.3335125 40 192.168.1.119 - 54487 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:4040269079&cup2hreq=e76325e9d894e0b1db26714bc2b95e1080b731e6394e9a698e44b8faf2ce183f 1414 2477 986 1317 303 1148 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 2057 1519892361.8578644 1519892361.8879433 30 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 281 647 0 0 170 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892240&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892362.138147 1519892362.1526563 15 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892240&mv=m&pl=15&shardbypass=yes 404 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 2057 1519892365.4192655 1519892365.4483428 29 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 369 1126 0 479 259 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892240&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892365.6534894 1519892365.6669917 14 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892240&mv=m&pl=15&shardbypass=yes 492 3155 0 2492 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892367.5819347 1519892367.6096444 28 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 373 1126 0 479 263 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892367.8168466 1519892367.831265 14 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 496 8819 0 8152 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892370.4894736 1519892370.5206604 31 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 374 1126 0 479 264 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892370.7227519 1519892370.7357955 13 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 497 13652 0 12983 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892373.3369052 1519892373.3658063 29 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 374 1126 0 479 264 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892373.5637283 1519892373.5891764 25 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 497 30302 0 29633 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892376.4347358 1519892376.4644825 30 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 374 1126 0 479 264 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892376.6946027 1519892376.708889 14 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 497 26706 0 26037 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892379.796081 1519892379.8256252 30 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 375 1126 0 479 265 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892380.0254707 1519892380.0400271 15 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 498 33416 0 32746 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892383.2822294 1519892383.3122149 30 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 376 1126 0 479 266 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892383.512091 1519892383.543453 31 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 499 33878 0 33207 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892385.9598072 1519892385.990653 31 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 376 1126 0 479 266 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892386.1900458 1519892386.2044523 14 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 499 39320 0 38649 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892389.9344714 1519892389.9631839 29 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 376 1126 0 479 266 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892390.1690297 1519892390.182129 13 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 499 21537 0 20866 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892391.8996432 1519892391.927845 28 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 376 1126 0 479 266 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892392.1391363 1519892392.1527421 14 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 499 39239 0 38568 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2057 1519892395.6011832 1519892395.6293566 28 192.168.1.119 - 54488 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3 376 1126 0 479 266 630 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2058 1519892395.829725 1519892395.844312 15 192.168.1.119 - 54489 195.113.214.205 80 http://r2---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/bGnMOvgxbDY_4312/4312_all_crl-set-2028561206162088310.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519892303&mv=m&pl=15&shardbypass=yes 499 2114 0 1444 275 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2059 1519892397.8696678 1519892398.047533 178 192.168.1.119 - 54490 216.58.201.67 443 https://update.googleapis.com/service/update2 1251 942 918 246 303 684 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 2060 1519892654.519202 1519892654.5587125 40 192.168.1.119 - 54491 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2061 1519892774.4406943 1519892774.4709888 30 192.168.1.119 - 54492 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2062 1519893987.7819934 1519893987.8184798 36 192.168.1.119 - 54499 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2063 1519894535.5005696 1519894535.53887 38 192.168.1.119 - 54505 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2064 1519896255.8166215 1519896255.8546393 38 192.168.1.119 - 54513 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2065 1519896413.2094088 1519896413.2486005 39 192.168.1.119 - 54514 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2066 1519897143.0044348 1519897143.0363243 32 192.168.1.119 - 54521 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.3.1%26uc 675 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2067 1519897587.341152 1519897587.3610823 20 192.168.1.119 - 54522 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2068 1519898123.5331173 1519898123.752682 220 192.168.1.119 - 54528 174.129.255.167 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 365 232 144 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2069 1519898382.1304462 1519898382.1679096 37 192.168.1.119 - 54529 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2070 1519899846.934219 1519899846.9731975 39 192.168.1.119 - 54537 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2071 1519899856.112626 1519899856.145641 33 192.168.1.119 - 54539 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2072 1519901188.1928825 1519901188.2301245 37 192.168.1.119 - 54546 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2073 1519901969.28267 1519901969.3403015 58 192.168.1.119 - 54555 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2074 1519902084.9909306 1519902085.0249796 34 192.168.1.119 - 54557 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2075 1519903457.4556942 1519903457.4946556 39 192.168.1.119 - 54565 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2076 1519903581.1071138 1519903581.1499832 43 192.168.1.119 - 54566 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2077 1519904787.9849954 1519904788.0212445 36 192.168.1.119 - 54572 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2078 1519905686.4741771 1519905686.511302 37 192.168.1.119 - 54579 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2079 1519906527.5955398 1519906527.8480947 253 192.168.1.119 - 54581 185.26.182.122 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 2080 1519907046.1359522 1519907046.1701548 34 192.168.1.119 - 54588 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2081 1519907057.6140351 1519907057.649318 35 192.168.1.119 - 54589 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2082 1519908389.5315793 1519908389.5519063 20 192.168.1.119 - 54595 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2083 1519909287.826034 1519909287.8637016 38 192.168.1.119 - 54602 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2084 1519910658.8427694 1519910658.8729062 30 192.168.1.119 - 54610 185.26.182.103 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2085 1519910938.9247458 1519910938.954102 29 192.168.1.119 - 54611 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2086 1519911989.449529 1519911989.4689903 19 192.168.1.119 - 54617 178.79.227.142 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2087 1519912888.8787925 1519912888.9145284 36 192.168.1.119 - 54624 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2088 1519914259.8374627 1519914259.867023 30 192.168.1.119 - 54632 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2089 1519914591.0542448 1519914591.0837471 30 192.168.1.119 - 54633 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2090 1519914731.8211954 1519914731.8530946 32 192.168.1.119 - 54634 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.3.1%26uc 675 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2091 1519915590.0569844 1519915590.1012936 44 192.168.1.119 - 54640 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2092 1519916666.4150755 1519916666.4550118 40 192.168.1.119 - 54647 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2093 1519917861.0223393 1519917861.0531723 31 192.168.1.119 - 54655 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2094 1519918408.9605813 1519918408.9915836 31 192.168.1.119 - 54656 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2095 1519919190.0125408 1519919190.0331957 21 192.168.1.119 - 54658 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2096 1519920269.482387 1519920269.5212846 39 192.168.1.119 - 54665 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2097 1519921462.5505855 1519921462.5831783 33 192.168.1.119 - 54673 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2098 1519921877.730886 1519921877.7834678 53 192.168.1.119 - 54674 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2099 1519922790.632272 1519922790.6525118 20 192.168.1.119 - 54680 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2100 1519923052.9768727 1519923053.0341432 57 192.168.1.119 - 54685 23.51.123.27 80 http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D 366 2182 0 1754 232 414 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 2101 1519923603.5233686 1519923603.5790668 56 192.168.1.119 - 54688 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2102 1519924026.619982 1519924026.6536548 34 192.168.1.119 - 54693 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2103 1519925063.60768 1519925063.6475463 40 192.168.1.119 - 54699 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2104 1519925446.4490483 1519925446.4786484 30 192.168.1.119 - 54700 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2105 1519926389.9629133 1519926389.9824417 20 192.168.1.119 - 54707 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2106 1519927920.3303478 1519927920.590912 261 192.168.1.119 - 54715 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2107 1519928664.7249498 1519928664.7529962 28 192.168.1.119 - 54721 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2108 1519929095.6324308 1519929095.6696024 37 192.168.1.119 - 54722 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2109 1519929983.5263038 1519929983.7632256 237 192.168.1.119 - 54729 178.79.227.142 80 http://apps.bittorrent.com/utorrent-onboarding/player.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 313 251 0 0 203 227 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 2110 1519929983.5299177 1519929983.7671113 237 192.168.1.119 - 54730 178.79.227.142 80 http://apps.bittorrent.com/utorrent-onboarding/welcome-upsell.btapp?h=FO0CO33h8rP5vbFH&v=111652166&ol=en&ul=&tk=stable34&c=uTorrent 321 252 0 0 203 228 'BTWebClient/353S(44358)' binary/octet-stream GET 304 - - - - - - - CTU.339.1.Malicious 2111 1519929986.5028644 1519929986.7300165 227 192.168.1.119 - 54731 23.21.139.158 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 351 232 166 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2112 1519929991.4340732 1519929991.4756348 42 192.168.1.119 - 54732 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2113 1519930815.1265116 1519930815.4766796 350 192.168.1.119 - 54736 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519929058&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=432&pc=184&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=519253&rsb=4&rtsb=74990712&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=1224415942&t_downP_=4110852926&t_up=8452133&t_down=24822373&mt=4714264&ssb=1698435&ssu=11646172034&xseq=13&cau_time=0 707 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 2114 1519930815.5140352 1519930815.7265534 213 192.168.1.119 - 54737 54.225.194.96 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2115 1519930815.8389547 1519930815.8779027 39 192.168.1.119 - 54738 52.85.245.149 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 2116 1519930816.7871816 1519930817.000223 213 192.168.1.119 - 54739 23.21.139.158 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2117 1519930818.0436795 1519930818.2787676 235 192.168.1.119 - 54740 54.225.194.96 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2118 1519930819.169766 1519930819.395981 226 192.168.1.119 - 54741 23.21.92.252 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2119 1519930820.4349692 1519930820.668782 234 192.168.1.119 - 54742 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 524 232 339 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2120 1519930843.0818906 1519930843.3018425 220 192.168.1.119 - 54743 23.23.85.1 80 http://i-29.b-44358.ut.bench.utorrent.com/e?i=29 383 232 198 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2121 1519930843.0967937 1519930843.44487 348 192.168.1.119 - 54744 67.215.246.203 80 http://update.utorrent.com/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519929058&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=432&pc=186&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=519281&rsb=4&rtsb=74990742&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=1224415942&t_downP_=4110852926&t_up=8452133&t_down=24822373&mt=4717092&ssb=1698464&ssu=11646172063&xseq=14&cau_time=0 707 851 0 499 145 338 'BTWebClient/353S(44358)' text/html GET 200 - - - - - - - CTU.339.1.Malicious 2122 1519930844.4633431 1519930844.5017674 38 192.168.1.119 - 54746 52.85.245.149 80 http://utclient.utorrent.com/images/mobile-icon.png 241 462 0 0 205 438 'BTWebClient/353S(44358)' - GET 304 - - - - - - - CTU.339.1.Malicious 2123 1519930843.3114557 1519930844.5570257 1246 192.168.1.119 - 54745 23.23.85.1 80 http://i-139.b-44358.ut.bench.utorrent.com/e?i=139 344 232 157 21 165 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2124 1519930845.583164 1519930845.8103423 227 192.168.1.119 - 54747 23.23.85.1 80 http://i-32.b-44358.ut.bench.utorrent.com/e?i=32 559 232 374 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2125 1519930845.8196692 1519930847.0591624 1239 192.168.1.119 - 54748 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 361 232 176 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2126 1519930848.0789597 1519930848.2914321 212 192.168.1.119 - 54749 23.23.85.1 80 http://i-43.b-44358.ut.bench.utorrent.com/e?i=43 520 232 335 21 164 197 'ut_core BenchHttp (ver:44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2127 1519931525.0392725 1519931525.138465 99 192.168.1.119 - 54756 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.3.1%26uc 675 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2128 1519931580.6085637 1519931580.648519 40 192.168.1.119 - 54757 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2129 1519932265.9318585 1519932265.96043 29 192.168.1.119 - 54763 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2130 1519932826.4161344 1519932826.44936 33 192.168.1.119 - 54764 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2131 1519933591.4169936 1519933591.4535751 37 192.168.1.119 - 54771 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2132 1519935181.7533553 1519935181.7934024 40 192.168.1.119 - 54779 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2133 1519935328.891128 1519935329.209738 319 192.168.1.119 - 54780 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 2134 1519935866.8075573 1519935866.8390977 32 192.168.1.119 - 54786 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2135 1519936315.5903232 1519936315.621064 31 192.168.1.119 - 54787 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2136 1519937192.0750406 1519937192.1281984 53 192.168.1.119 - 54794 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2137 1519938783.1103318 1519938783.1447868 34 192.168.1.119 - 54802 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2138 1519939468.1107633 1519939468.1431458 32 192.168.1.119 - 54809 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2139 1519939672.1711602 1519939672.2078843 37 192.168.1.119 - 54810 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2140 1519940791.8939526 1519940791.9307787 37 192.168.1.119 - 54817 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2141 1519942384.4454572 1519942384.4788163 33 192.168.1.119 - 54825 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2142 1519943035.4547603 1519943035.4866934 32 192.168.1.119 - 54826 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2143 1519943068.4828606 1519943068.5126204 30 192.168.1.119 - 54828 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2144 1519944393.2839928 1519944393.320823 37 192.168.1.119 - 54840 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2145 1519944685.283227 1519944685.3338373 51 192.168.1.119 - 54846 23.51.123.27 80 http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEAzzU2mpcQdiw29oBfyeRdY%3D 366 2038 0 1610 232 414 'Microsoft-CryptoAPI/6.1' application/ocsp-response GET 200 - - - - - - - CTU.339.1.Malicious 2146 1519945235.3999732 1519945235.4291499 29 192.168.1.119 - 54847 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2147 1519946117.159005 1519946117.1994147 40 192.168.1.119 - 54854 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2148 1519946359.577794 1519946359.649159 71 192.168.1.119 - 54855 216.58.201.67 443 https://update.googleapis.com/service/update2?cup2key=7:2370454001&cup2hreq=ad2ea2e7a9d8248da0a31d7f143bab88e4fafea8d6f70ce3e213cbe961b37066 1414 2490 986 1325 303 1153 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 2149 1519946361.188571 1519946361.2397883 51 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 283 649 0 0 170 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 HEAD 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946361.4873593 1519946361.5011485 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes 406 608 0 0 179 594 'Microsoft BITS/7.5' application/octet-stream HEAD 200 - - - - - - - CTU.339.1.Malicious 2149 1519946362.1641338 1519946362.2156267 51 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 371 1130 0 481 259 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946362.4125004 1519946362.4263463 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes 494 3163 0 2500 268 636 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946365.3263047 1519946365.3779414 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 374 1130 0 481 262 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946365.5830882 1519946365.597152 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes 497 3241 0 2575 271 639 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946367.4859395 1519946367.537664 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 375 1130 0 481 263 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946367.7408288 1519946367.7546177 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes 498 6442 0 5775 272 640 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946369.5710971 1519946369.622938 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946369.8260474 1519946369.8399963 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 499 10609 0 9941 273 641 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946371.6265492 1519946371.6781385 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946371.8832083 1519946371.8971415 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946249&mv=m&pl=15&shardbypass=yes 499 21177 0 20508 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946375.0343304 1519946375.0856156 51 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946375.2844086 1519946375.298454 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 499 17721 0 17052 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946377.754787 1519946377.8067331 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946378.0045836 1519946378.0186045 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 499 15414 0 14745 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946380.4047675 1519946380.4558897 51 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 376 1130 0 481 264 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946380.6547184 1519946380.6698375 15 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 499 14157 0 13488 273 642 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946382.451965 1519946382.5042057 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 377 1130 0 481 265 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946382.7018418 1519946382.7161555 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 500 28272 0 27602 274 643 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946386.1135302 1519946386.1659389 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946386.385839 1519946386.401306 15 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 501 22880 0 22209 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946389.597146 1519946389.6490693 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946389.8571372 1519946389.8712685 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 501 19368 0 18697 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946391.7867815 1519946391.837542 51 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946392.0462525 1519946392.059829 14 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 501 29366 0 28695 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946394.9174001 1519946394.9684803 51 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946395.177068 1519946395.189989 13 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 501 25826 0 25155 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946397.8276336 1519946397.8797417 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946398.0875878 1519946398.1023057 15 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946309&mv=m&pl=15&shardbypass=yes 501 24208 0 23537 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2149 1519946400.7903125 1519946400.8422062 52 192.168.1.119 - 54856 216.58.201.78 80 http://redirector.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3 378 1130 0 481 266 632 'Microsoft BITS/7.5' text/html; charset=UTF-8 GET 302 - - - - - http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946370&mv=m&pl=15&shardbypass=yes - CTU.339.1.Malicious 2150 1519946401.0406988 1519946401.0554626 15 192.168.1.119 - 54857 195.113.214.204 80 http://r1---sn-jxnoxu-2gbe.gvt1.com/edgedl/release2/chrome_component/ANJMq0eH-6km_4314/4314_all_crl-set-12672057094980592619.data.crx3?cms_redirect=yes&ip=147.32.83.56&ipbits=0&mm=28&mn=sn-jxnoxu-2gbe&ms=nvh&mt=1519946370&mv=m&pl=15&shardbypass=yes 501 14414 0 13743 275 644 'Microsoft BITS/7.5' application/octet-stream GET 206 - - - - - - - CTU.339.1.Malicious 2151 1519946406.0764432 1519946406.315628 239 192.168.1.119 - 54858 216.58.201.67 443 https://update.googleapis.com/service/update2 1253 944 920 247 303 685 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 2152 1519946669.816815 1519946669.844435 28 192.168.1.119 - 54860 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2153 1519946813.5161564 1519946813.5467217 31 192.168.1.119 - 54866 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2154 1519947992.8659196 1519947992.9010084 35 192.168.1.119 - 54871 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2155 1519948409.8059082 1519948409.8400943 34 192.168.1.119 - 54875 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.3.1%26uc 675 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2156 1519949719.376256 1519949719.4070706 31 192.168.1.119 - 54881 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2157 1519950271.2174146 1519950271.2489316 32 192.168.1.119 - 54883 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2158 1519950653.9504173 1519950653.9805574 30 192.168.1.119 - 54889 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2159 1519951593.130443 1519951593.1542776 24 192.168.1.119 - 54891 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2160 1519953320.958519 1519953320.990188 32 192.168.1.119 - 54903 185.26.182.111 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2161 1519953872.523922 1519953872.5535984 30 192.168.1.119 - 54905 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2162 1519954146.1384418 1519954146.166926 28 192.168.1.119 - 54910 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2163 1519955192.99257 1519955193.0131292 21 192.168.1.119 - 54912 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2164 1519957032.915973 1519957032.947524 32 192.168.1.119 - 54924 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2165 1519957473.891774 1519957473.9233265 32 192.168.1.119 - 54926 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2166 1519957868.805564 1519957868.832701 27 192.168.1.119 - 54932 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2167 1519958794.635384 1519958794.680103 45 192.168.1.119 - 54934 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2168 1519960688.5514705 1519960688.591799 40 192.168.1.119 - 54946 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2169 1519961074.781783 1519961074.8111653 29 192.168.1.119 - 54948 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2170 1519961275.1344848 1519961275.1632326 29 192.168.1.119 - 54949 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2171 1519962394.5925648 1519962394.6116333 19 192.168.1.119 - 54956 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2172 1519964023.5756686 1519964023.6381936 63 192.168.1.119 - 54968 185.26.182.111 443 https://exchange.opera.com/api/v1/ecb/ 283 1938 0 1665 258 259 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml GET 200 - - - - - - - CTU.339.1.Malicious 2172 1519964023.7307217 1519964023.7552574 25 192.168.1.119 - 54968 185.26.182.111 443 https://exchange.opera.com/api/v1/cmc/ 283 6966 0 6685 258 267 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2173 1519964024.300198 1519964024.324111 24 192.168.1.119 - 54970 185.26.182.111 443 https://exchange.opera.com/api/v1/nbu/ 283 6430 0 6135 258 281 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json;charset=UTF-8 GET 200 - - - - - - - CTU.339.1.Malicious 2174 1519964131.466829 1519964131.5923266 125 192.168.1.119 - 54972 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 2175 1519964404.4946406 1519964404.551122 56 192.168.1.119 - 54973 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2176 1519964662.1388383 1519964662.3877816 249 192.168.1.119 - 54975 54.225.194.96 80 http://i-45.b-44358.bench.utorrent.com/e?i=FO0CO33h8rP5vbFH 365 232 144 21 186 197 'BTWebClient/353S(44358)' text/html POST 200 - - - - - - - CTU.339.1.Malicious 2177 1519964675.3922894 1519964675.4222107 30 192.168.1.119 - 54976 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2178 1519964824.659191 1519964824.6923256 33 192.168.1.119 - 54977 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2179 1519965182.9022753 1519965182.9332287 31 192.168.1.119 - 54983 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.3.1%26uc 675 709 0 465 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2180 1519965191.6619995 1519965191.686924 25 192.168.1.119 - 54984 82.145.215.85 443 https://extension-updates.opera.com/static/omaha/blacklist.336465243e0d1996705f69bb3937b0f2f815a8bcc9737b5323ca77ebd70dd6b7.txt 413 6582 0 6336 308 232 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/plain GET 200 - - - - - - - CTU.339.1.Malicious 2181 1519965995.23607 1519965995.2723753 36 192.168.1.119 - 54986 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2182 1519966868.4215653 1519966868.4494116 28 192.168.1.119 - 54997 185.26.182.122 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2183 1519968185.0102797 1519968185.0440347 34 192.168.1.119 - 55004 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2184 1519968278.533135 1519968278.5684774 35 192.168.1.119 - 55005 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2185 1519968429.4841049 1519968429.5128849 29 192.168.1.119 - 55007 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2186 1519969595.1918018 1519969595.2363446 45 192.168.1.119 - 55014 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2187 1519971786.8257906 1519971786.8582952 33 192.168.1.119 - 55027 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2188 1519971880.1525953 1519971880.1842072 32 192.168.1.119 - 55028 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2189 1519971901.9303863 1519971901.9622335 32 192.168.1.119 - 55029 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2190 1519973195.8957388 1519973195.9395576 44 192.168.1.119 - 55036 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2191 1519975481.203203 1519975481.2343292 31 192.168.1.119 - 55049 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2192 1519975600.960116 1519975600.9964538 36 192.168.1.119 - 55050 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2193 1519975752.0913734 1519975752.121681 30 192.168.1.119 - 55051 185.26.182.112 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2194 1519976795.781418 1519976795.8253996 44 192.168.1.119 - 55059 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4340 0 3811 147 515 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2195 1519979087.641138 1519979087.678295 37 192.168.1.119 - 55072 185.26.182.104 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2196 1519979203.5676682 1519979203.6087043 41 192.168.1.119 - 55074 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2197 1519979521.4778538 1519979521.5085573 31 192.168.1.119 - 55075 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2198 1519980396.3452728 1519980396.3656578 20 192.168.1.119 - 55082 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2199 1519982689.3613 1519982689.3981123 37 192.168.1.119 - 55095 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2200 1519982727.5206947 1519982727.553842 33 192.168.1.119 - 55096 82.145.215.85 443 https://extension-updates.opera.com/api/omaha/update/?os=win&arch=x86&nacl_arch=x86-32&prod=chromiumcrx&prodchannel=Stable&prodversion=64.0.3282.119&lang=en-US&acceptformat=crx2,crx3&x=id%3Dcom.opera.crx.blacklist%26v%3D2018.3.2%26uc 675 478 0 234 464 230 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/xhtml+xml; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2201 1519983048.045924 1519983048.0858176 40 192.168.1.119 - 55097 185.26.182.103 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2202 1519983067.2961712 1519983067.3302438 34 192.168.1.119 - 55098 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2203 1519983995.83443 1519983995.8539438 20 192.168.1.119 - 55105 178.79.227.15 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2204 1519986290.7893648 1519986290.8266907 37 192.168.1.119 - 55118 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2205 1519986478.2259815 1519986478.2557852 30 192.168.1.119 - 55119 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2206 1519986798.484214 1519986798.5181863 34 192.168.1.119 - 55120 185.26.182.103 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2207 1519987598.1570828 1519987598.361221 204 192.168.1.119 - 55127 69.164.0.128 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2208 1519988500.1674025 1519988500.221822 54 192.168.1.119 - 55137 185.26.182.117 443 https://autoupdate.geo.opera.com//api/verify?product=Opera&version=51.0.2830.26 324 512 0 114 264 384 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json; charset=utf-8 GET 200 - - - - - - - CTU.339.1.Malicious 2209 1519989891.9565628 1519989891.986712 30 192.168.1.119 - 55145 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2210 1519989999.9516294 1519989999.9832942 32 192.168.1.119 - 55146 185.26.182.111 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2211 1519990399.7606966 1519990399.8048534 44 192.168.1.119 - 55147 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2212 1519991197.2760916 1519991197.486463 210 192.168.1.119 - 55154 69.164.0.128 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4342 0 3811 147 517 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2213 1519992932.452676 1519992932.6538882 201 192.168.1.119 - 55162 185.26.182.117 443 https://autoupdate.geo.opera.com/ 1843 621 1477 230 351 377 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=utf-8 POST 200 - - - - - - - CTU.339.1.Malicious 2214 1519993345.3830068 1519993345.414632 32 192.168.1.119 - 55168 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2215 1519993492.683273 1519993492.7135766 30 192.168.1.119 - 55170 185.26.182.112 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2216 1519994098.9601684 1519994098.9956236 35 192.168.1.119 - 55171 185.26.182.104 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2217 1519994798.0073633 1519994798.0440643 37 192.168.1.119 - 55177 178.79.242.147 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2218 1519996664.521856 1519996664.5507789 29 192.168.1.119 - 55185 185.26.182.104 443 https://speeddials.opera.com/api/v2/suggestions?country=us&language=en-US&uuid=663221bb-1bfb-4a2f-a9bb-834a038c02df&type=desktop-suggestions 385 3024 0 2644 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2219 1519997093.4048538 1519997093.4340656 29 192.168.1.119 - 55191 185.26.182.111 443 https://speeddials.opera.com/api/v2/partner-content?country=us&edition=&uuid=6d7349b8-3387-4624-b38d-b3c393db0c9f 358 3309 0 2929 260 366 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2220 1519997945.3059146 1519997945.361106 55 192.168.1.119 - 55192 185.26.182.112 443 https://speeddials.opera.com/api/v1/keywords?country=us&language=en-US&uuid=a66e162e-82fd-4285-bd46-3636227bfc2f 773 394 0 16 676 364 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2221 1519998397.8615396 1519998397.9052646 44 192.168.1.119 - 55198 178.79.242.19 80 http://cdn.ap.bittorrent.com/control/feature/tags/ut.json 189 4343 0 3811 147 518 'BTWebClient/353S(44358)' application/json GET 200 - - - - - - - CTU.339.1.Malicious 2222 1519411562.1213965 0.0 0 192.168.1.119 - 51192 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2223 1519410439.5427387 0.0 0 192.168.1.119 - 50973 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/351S(44332)' - GET - - - - - - - CTU.339.1.Malicious 2224 1519498081.7495391 0.0 0 192.168.1.119 - 51818 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2225 1519584574.8359437 0.0 0 192.168.1.119 - 52413 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2226 1519757707.82819 0.0 0 192.168.1.119 - 53567 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2227 1519584604.307532 0.0 0 192.168.1.119 - 52414 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2228 1519844257.387308 0.0 0 192.168.1.119 - 54159 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2229 1519671155.4526181 0.0 0 192.168.1.119 - 52978 82.221.103.246 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519669830&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=216&pc=98&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=259621&rsb=4&rtsb=18845689&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=310911866&t_downP_=1296402005&t_up=4228743&t_down=14213539&mt=2359918&ssb=1438775&ssu=11645912374&xseq=8&cau_time=0 703 0 0 0 144 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2230 1519930754.1292782 0.0 0 192.168.1.119 - 54734 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2231 1519671125.254879 0.0 0 192.168.1.119 - 52977 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2232 1518848356.1090002 1518848356.1545978 46 192.168.1.119 - 50215 172.217.23.195 443 https://update.googleapis.com/service/update2?cup2key=7:2176082644&cup2hreq=bca7377be93f2f13b76e7a2ad21de2537ca591dfaf58acc180d036d7840784b0 1414 1161 986 0 303 1149 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.119 Safari/537.36 OPR/51.0.2830.26' text/xml; charset=UTF-8 POST 200 - - - - - - - CTU.339.1.Malicious 2233 1519757737.2500522 0.0 0 192.168.1.119 - 53568 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2234 1519930783.5948284 0.0 0 192.168.1.119 - 54735 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2235 1519411483.2800436 0.0 0 192.168.1.119 - 51091 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/351S(44332)' - GET - - - - - - - CTU.339.1.Malicious 2236 1519411527.5771575 0.0 0 192.168.1.119 - 51112 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2237 1519671095.8103416 0.0 0 192.168.1.119 - 52976 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2238 1519498052.3188689 0.0 0 192.168.1.119 - 51817 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2239 1519671164.249846 0.0 0 192.168.1.119 - 52984 82.221.103.245 80 http://update.utorrent.li/checkupdate.php?s=1&cl=uTorrent&v=111652166&qv=111652166&i=1&l=en&svp=4&svn_revno=44358&tk=stable34&cmp=290&ocmp=290&period=8&tendP=1519669830&sids=0,0,0,0,0&lv=0_0_&c=US&w=1DB00106&h=FO0CO33h8rP5vbFH&mts=31&gnc=1442&nat_state=255&it=216&pc=98&sctl=1&shdi=1&def_tor=1&doainstalled=0&ie=8.0.7600.16385&xim=1&insvr=111389996&sss=259621&rsb=4&rtsb=18845689&view=win32&cmp=290&ocmp=290&db=other&plus=3&adc=1&ch_up=1?fg=1442000&t_upP_=310911866&t_downP_=1296402005&t_up=4228743&t_down=14213539&mt=2359918&ssb=1438775&ssu=11645912374&xseq=8&cau_time=0 703 0 0 0 144 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious 2240 1519410405.8127074 0.0 0 192.168.1.119 - 50953 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/351S(44332)' - GET - - - - - - - CTU.339.1.Malicious 2241 1519844227.9547188 0.0 0 192.168.1.119 - 54158 173.254.195.58 80 http://update.bittorrent.com/time.php 169 0 0 0 147 0 'BTWebClient/353S(44358)' - GET - - - - - - - CTU.339.1.Malicious