#Fields: id timestamp timestamp_end time-taken c-ip cs-username c-port r-ip r-port cs-uri cs-bytes sc-bytes cs-bodylength sc-bodylength cs-headerlength sc-headerlength cs(User-Agent) rs(Content-Type) cs-method sc-status cs(Referer) N/A N/A N/A x-risk-score rs(Location) s-action label 1 1519669238.987428 1519669239.0325367 45 192.168.1.120 - 49165 5.8.88.175 80 http://5.8.88.175/ 487 2419 0 2102 473 303 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 1 1519669239.2539065 1519669239.5001745 246 192.168.1.120 - 49165 5.8.88.175 80 http://5.8.88.175/icons/blank.gif 397 512 0 148 368 350 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://5.8.88.175/ - - - - - - CTU.344.1.Malicious 2 1519669239.2630053 1519669239.5350473 272 192.168.1.120 - 49166 5.8.88.175 80 http://5.8.88.175/icons/binary.gif 398 611 0 246 368 351 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://5.8.88.175/ - - - - - - CTU.344.1.Malicious 3 1519669239.2681103 1519669239.5352728 267 192.168.1.120 - 49167 5.8.88.175 80 http://5.8.88.175/icons/folder.gif 398 590 0 225 368 351 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' image/gif GET 200 http://5.8.88.175/ - - - - - - CTU.344.1.Malicious 1 1519669239.8459466 1519669239.8678026 22 192.168.1.120 - 49165 5.8.88.175 80 http://5.8.88.175/favicon.ico 324 614 0 285 299 308 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 404 - - - - - - - CTU.344.1.Malicious 2 1519669248.520623 1519669248.8917043 371 192.168.1.120 - 49166 5.8.88.175 80 http://5.8.88.175/Skype.exe 533 500100 0 499712 510 374 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/x-msdos-program GET 200 http://5.8.88.175/ - - - - - - CTU.344.1.Malicious 4 1519669367.5625718 1519669368.044085 482 192.168.1.120 - 49168 204.79.197.229 80 http://www.bing.com/ 313 83184 0 81892 299 1278 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 5 1519669373.2774777 1519669373.6013167 324 192.168.1.120 - 49169 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 6 1519669374.1897154 1519669374.5259027 336 192.168.1.120 - 49170 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 7 1519669374.9275756 1519669375.1366594 209 192.168.1.120 - 49171 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 8 1519669384.3311365 1519669384.3411384 10 192.168.1.120 - 49172 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 8 1519669384.342764 1519669384.546127 203 192.168.1.120 - 49172 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 9 1519669384.7780018 1519669384.8156278 38 192.168.1.120 - 49173 23.4.253.171 443 https://java.com/en/ 312 9161 0 8568 295 579 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 5 1519669388.9641228 1519669389.320133 356 192.168.1.120 - 49169 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 6 1519669389.5211518 1519669389.8324926 311 192.168.1.120 - 49170 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 10 1519669393.1522186 1519669393.2379234 86 192.168.1.120 - 49174 5.8.88.175 80 http://5.8.88.175/two/index.php 473 5638 63 5331 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 5 1519669393.6502392 1519669393.9989903 349 192.168.1.120 - 49169 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 6 1519669394.2075255 1519669394.5319521 324 192.168.1.120 - 49170 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 5 1519669398.9172618 1519669399.2784224 361 192.168.1.120 - 49169 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 6 1519669399.4855716 1519669399.844541 359 192.168.1.120 - 49170 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 7 1519669400.0453672 1519669400.094482 49 192.168.1.120 - 49171 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 5 1519669405.778572 1519669405.7857432 7 192.168.1.120 - 49169 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 6 1519669405.984183 1519669405.997649 13 192.168.1.120 - 49170 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 11 1519670019.7858047 1519670019.7958343 10 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 11 1519670020.0052805 1519670020.015466 10 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 12 1519670020.4541428 1519670020.4808998 27 192.168.1.120 - 49176 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 11 1519670024.5767133 1519670024.5873618 11 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 11 1519670024.588954 1519670024.5988913 10 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 12 1519670024.6009357 1519670024.615355 14 192.168.1.120 - 49176 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 11 1519670028.713697 1519670028.7215977 8 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 11 1519670028.7231612 1519670028.7308712 8 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 12 1519670028.732296 1519670028.7432446 11 192.168.1.120 - 49176 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 13 1519670033.9912596 1519670034.3108065 320 192.168.1.120 - 49177 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 14 1519670034.5497534 1519670035.098715 549 192.168.1.120 - 49178 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 11 1519670038.8379064 1519670038.845629 8 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 11 1519670038.8471277 1519670038.8546073 7 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 12 1519670038.8566785 1519670038.8698618 13 192.168.1.120 - 49176 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 15 1519670043.2469695 1519670043.3299973 83 192.168.1.120 - 49179 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 11 1519670043.5344718 1519670043.5452654 11 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 11 1519670043.5472457 1519670043.5578315 11 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 12 1519670043.5593064 1519670043.5741901 15 192.168.1.120 - 49176 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 16 1519670048.0159705 1519670048.3179197 302 192.168.1.120 - 49180 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 17 1519670048.5593805 1519670049.5212696 962 192.168.1.120 - 49181 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 13 1519670053.430139 1519670053.4387043 9 192.168.1.120 - 49177 104.127.48.95 80 http://www.adobe.com/ 314 574 0 230 300 315 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 14 1519670053.6454968 1519670053.681749 36 192.168.1.120 - 49178 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 11 1519670066.0383246 1519670066.0511172 13 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 11 1519670066.05267 1519670066.0627718 10 192.168.1.120 - 49175 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 12 1519670066.0643265 1519670066.0782971 14 192.168.1.120 - 49176 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 18 1519670672.1389227 1519670672.4491942 310 192.168.1.120 - 49182 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 19 1519670672.6881323 1519670673.320337 632 192.168.1.120 - 49183 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 20 1519670673.8305476 1519670674.0284998 198 192.168.1.120 - 49184 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 21 1519670679.4033816 1519670679.4127293 9 192.168.1.120 - 49185 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 21 1519670679.414339 1519670679.6163445 202 192.168.1.120 - 49185 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 22 1519670679.8412595 1519670679.8718805 31 192.168.1.120 - 49186 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 18 1519670683.9244697 1519670683.933934 9 192.168.1.120 - 49182 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 19 1519670684.131949 1519670684.1661632 34 192.168.1.120 - 49183 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 18 1519670696.6547139 1519670696.9994268 345 192.168.1.120 - 49182 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 19 1519670697.2010694 1519670697.5307648 330 192.168.1.120 - 49183 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 20 1519670697.7315953 1519670697.7735462 42 192.168.1.120 - 49184 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 23 1519670703.6491094 1519670703.949907 301 192.168.1.120 - 49187 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 24 1519670704.1830182 1519670705.2426875 1060 192.168.1.120 - 49188 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 25 1519670709.5234401 1519670709.602113 79 192.168.1.120 - 49189 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 18 1519670709.812521 1519670710.1649492 352 192.168.1.120 - 49182 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 19 1519670710.3700056 1519670710.7114537 341 192.168.1.120 - 49183 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 18 1519670714.7310588 1519670715.0853262 354 192.168.1.120 - 49182 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 19 1519670715.2865 1519670715.6219409 335 192.168.1.120 - 49183 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 20 1519670715.8276498 1519670715.871134 43 192.168.1.120 - 49184 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 21 1519670722.422032 1519670722.430212 8 192.168.1.120 - 49185 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 21 1519670722.432239 1519670722.4408505 9 192.168.1.120 - 49185 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 22 1519670722.4424598 1519670722.4532332 11 192.168.1.120 - 49186 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 23 1519670726.6670878 1519670726.9697294 303 192.168.1.120 - 49187 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 24 1519670727.1741385 1519670728.5870574 1413 192.168.1.120 - 49188 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 21 1519670732.9974685 1519670733.007954 10 192.168.1.120 - 49185 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 21 1519670733.0094976 1519670733.0190895 10 192.168.1.120 - 49185 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 22 1519670733.020627 1519670733.030454 10 192.168.1.120 - 49186 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 26 1519671339.162152 1519671339.1716216 9 192.168.1.120 - 49190 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 27 1519671339.6206114 1519671339.7078824 87 192.168.1.120 - 49191 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 28 1519671355.1092014 1519671355.1210139 12 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 28 1519671355.3293765 1519671355.340199 11 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 29 1519671355.7950745 1519671355.822456 27 192.168.1.120 - 49193 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 28 1519671359.7580395 1519671359.7668462 9 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 28 1519671359.7695425 1519671359.7775874 8 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 29 1519671359.7795641 1519671359.7900481 10 192.168.1.120 - 49193 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 28 1519671363.8225322 1519671363.8324811 10 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 28 1519671363.8340771 1519671363.8435018 9 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 29 1519671363.8627906 1519671363.8771105 14 192.168.1.120 - 49193 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 30 1519671368.0307329 1519671368.1132355 83 192.168.1.120 - 49194 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 28 1519671368.320542 1519671368.3307788 10 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 28 1519671368.3328667 1519671368.3430996 10 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 29 1519671368.3451734 1519671368.3598666 15 192.168.1.120 - 49193 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 26 1519671372.736858 1519671372.7445464 8 192.168.1.120 - 49190 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 27 1519671372.942389 1519671372.9661293 24 192.168.1.120 - 49191 104.127.48.95 443 https://www.adobe.com/ 314 112545 0 111949 300 582 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 28 1519671383.8610132 1519671383.8717322 11 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 28 1519671383.8733387 1519671383.8828616 10 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 29 1519671383.884385 1519671383.898873 14 192.168.1.120 - 49193 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 28 1519671391.9524794 1519671391.9629269 10 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 28 1519671391.9649615 1519671391.9748328 10 192.168.1.120 - 49192 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 29 1519671391.9768293 1519671391.9908931 14 192.168.1.120 - 49193 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 31 1519671997.4972587 1519671997.50701 10 192.168.1.120 - 49195 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 31 1519671997.5085452 1519671997.7110403 202 192.168.1.120 - 49195 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 32 1519671997.926113 1519671997.9636965 38 192.168.1.120 - 49196 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 33 1519672012.3977773 1519672012.4782453 80 192.168.1.120 - 49197 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 34 1519672012.7496562 1519672013.0714917 322 192.168.1.120 - 49198 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 35 1519672013.3075829 1519672014.2867851 979 192.168.1.120 - 49199 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 36 1519672018.8870401 1519672018.896616 10 192.168.1.120 - 49200 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 37 1519672019.315627 1519672019.3959384 80 192.168.1.120 - 49201 104.127.48.95 443 https://www.adobe.com/ 314 112545 0 111949 300 582 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 34 1519672031.8740835 1519672032.2137296 340 192.168.1.120 - 49198 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 35 1519672032.4107149 1519672033.5611396 1150 192.168.1.120 - 49199 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 31 1519672037.532926 1519672037.5426576 10 192.168.1.120 - 49195 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 31 1519672037.5442715 1519672037.5534997 9 192.168.1.120 - 49195 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 32 1519672037.5550296 1519672037.565635 11 192.168.1.120 - 49196 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 36 1519672041.8694923 1519672042.1808517 311 192.168.1.120 - 49200 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 37 1519672042.3853385 1519672042.7239158 339 192.168.1.120 - 49201 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 38 1519672043.4183939 1519672043.6103764 192 192.168.1.120 - 49202 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 39 1519672650.9927363 1519672651.001634 9 192.168.1.120 - 49203 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 40 1519672651.4240706 1519672651.508023 84 192.168.1.120 - 49204 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 39 1519672662.4194634 1519672662.749786 330 192.168.1.120 - 49203 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 40 1519672662.9570568 1519672663.4455602 489 192.168.1.120 - 49204 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 41 1519672663.9926417 1519672664.2680411 275 192.168.1.120 - 49205 23.7.207.201 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 42 1519672669.461932 1519672669.7985094 337 192.168.1.120 - 49206 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 43 1519672670.0289676 1519672671.1659293 1137 192.168.1.120 - 49207 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 39 1519672675.4698095 1519672675.7956378 326 192.168.1.120 - 49203 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 40 1519672675.9967995 1519672676.3164992 320 192.168.1.120 - 49204 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 41 1519672676.5169244 1519672676.540121 23 192.168.1.120 - 49205 23.7.207.201 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 44 1519672682.5020208 1519672682.5917206 90 192.168.1.120 - 49208 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 39 1519672682.799042 1519672682.8074512 8 192.168.1.120 - 49203 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 40 1519672683.0055864 1519672683.0276778 22 192.168.1.120 - 49204 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 39 1519672693.9648159 1519672694.2812881 316 192.168.1.120 - 49203 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 40 1519672694.482213 1519672694.792178 310 192.168.1.120 - 49204 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 41 1519672694.9934566 1519672695.012028 19 192.168.1.120 - 49205 23.7.207.201 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 45 1519672701.6094198 1519672701.6187692 9 192.168.1.120 - 49209 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 45 1519672701.8252764 1519672701.8465443 21 192.168.1.120 - 49209 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 46 1519672702.0691855 1519672702.1044774 35 192.168.1.120 - 49210 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 47 1519673307.326402 1519673307.3372962 11 192.168.1.120 - 49211 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 48 1519673307.5797455 1519673307.907237 327 192.168.1.120 - 49212 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 49 1519673318.6556442 1519673318.989939 334 192.168.1.120 - 49213 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 50 1519673319.2144682 1519673320.2838235 1069 192.168.1.120 - 49214 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 51 1519673324.2798214 1519673324.288588 9 192.168.1.120 - 49215 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 51 1519673324.2899911 1519673324.492344 202 192.168.1.120 - 49215 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 52 1519673324.7316241 1519673324.7565498 25 192.168.1.120 - 49216 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 51 1519673329.0401652 1519673329.050272 10 192.168.1.120 - 49215 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 51 1519673329.0519402 1519673329.0609 9 192.168.1.120 - 49215 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 52 1519673329.0623531 1519673329.0767887 14 192.168.1.120 - 49216 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 47 1519673332.6845162 1519673332.9153335 231 192.168.1.120 - 49211 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 48 1519673333.11098 1519673333.502056 391 192.168.1.120 - 49212 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 53 1519673334.0636966 1519673334.2813573 218 192.168.1.120 - 49217 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 54 1519673339.7286658 1519673339.8362508 108 192.168.1.120 - 49218 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 47 1519673340.0334945 1519673340.3668566 333 192.168.1.120 - 49211 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 48 1519673340.5613523 1519673340.9114094 350 192.168.1.120 - 49212 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 53 1519673341.1123083 1519673341.162813 51 192.168.1.120 - 49217 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 47 1519673346.9153562 1519673347.261886 347 192.168.1.120 - 49211 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 48 1519673347.4610975 1519673347.7744632 313 192.168.1.120 - 49212 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 47 1519673351.3701472 1519673351.3769786 7 192.168.1.120 - 49211 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 48 1519673351.5768316 1519673351.605896 29 192.168.1.120 - 49212 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 55 1519673966.8991075 1519673967.2335951 334 192.168.1.120 - 49219 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 56 1519673967.45423 1519673967.9476728 493 192.168.1.120 - 49220 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 55 1519673971.7948008 1519673971.803907 9 192.168.1.120 - 49219 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 56 1519673972.008858 1519673972.0423431 33 192.168.1.120 - 49220 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 57 1519673983.4400823 1519673983.450586 11 192.168.1.120 - 49221 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 57 1519673983.4527164 1519673983.462807 10 192.168.1.120 - 49221 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 58 1519673983.699249 1519673983.7433887 44 192.168.1.120 - 49222 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 55 1519673988.0871494 1519673988.4204872 333 192.168.1.120 - 49219 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 56 1519673988.6257334 1519673989.0717275 446 192.168.1.120 - 49220 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 59 1519673990.0026715 1519673990.2280362 225 192.168.1.120 - 49223 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 55 1519673995.507622 1519673995.5164714 9 192.168.1.120 - 49219 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 56 1519673995.7136824 1519673995.7438254 30 192.168.1.120 - 49220 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 60 1519674007.9371014 1519674008.023718 87 192.168.1.120 - 49224 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 61 1519674008.4156594 1519674008.715711 300 192.168.1.120 - 49225 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 62 1519674008.944176 1519674009.9494996 1004 192.168.1.120 - 49226 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 57 1519674017.779335 1519674017.7893522 10 192.168.1.120 - 49221 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 57 1519674017.791504 1519674017.801421 10 192.168.1.120 - 49221 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 58 1519674017.803535 1519674017.8183007 15 192.168.1.120 - 49222 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 63 1519674626.568542 1519674626.8991053 331 192.168.1.120 - 49227 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 64 1519674627.1329358 1519674627.5955884 463 192.168.1.120 - 49228 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 65 1519674628.001533 1519674628.1905982 189 192.168.1.120 - 49229 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 63 1519674633.4531503 1519674633.6812463 228 192.168.1.120 - 49227 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 64 1519674633.9113176 1519674634.3468688 436 192.168.1.120 - 49228 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 65 1519674634.5416396 1519674634.583834 42 192.168.1.120 - 49229 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 63 1519674640.8343554 1519674641.064508 230 192.168.1.120 - 49227 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 64 1519674641.2613552 1519674641.7032707 442 192.168.1.120 - 49228 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 65 1519674641.9028156 1519674641.9447381 42 192.168.1.120 - 49229 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 66 1519674651.8233323 1519674651.9089656 86 192.168.1.120 - 49230 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 67 1519674652.16807 1519674652.1777282 10 192.168.1.120 - 49231 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 67 1519674652.1797605 1519674652.3831687 203 192.168.1.120 - 49231 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 68 1519674652.6210759 1519674652.6469915 26 192.168.1.120 - 49232 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 67 1519674656.4079812 1519674656.4181507 10 192.168.1.120 - 49231 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 67 1519674656.4202566 1519674656.428023 8 192.168.1.120 - 49231 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 68 1519674656.4300663 1519674656.4401238 10 192.168.1.120 - 49232 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 63 1519674660.6646347 1519674660.889187 225 192.168.1.120 - 49227 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 64 1519674661.1005974 1519674661.536306 436 192.168.1.120 - 49228 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 65 1519674661.7312183 1519674661.7782288 47 192.168.1.120 - 49229 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 63 1519674667.5828235 1519674667.5914133 9 192.168.1.120 - 49227 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 64 1519674667.799722 1519674667.8459964 46 192.168.1.120 - 49228 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 63 1519674680.341136 1519674680.3498802 9 192.168.1.120 - 49227 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 64 1519674680.558082 1519674680.5884082 30 192.168.1.120 - 49228 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 69 1519675293.2927082 1519675293.301726 9 192.168.1.120 - 49233 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 69 1519675293.3036685 1519675293.505554 202 192.168.1.120 - 49233 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 70 1519675293.746573 1519675293.7814946 35 192.168.1.120 - 49234 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 71 1519675297.4290674 1519675297.7552793 326 192.168.1.120 - 49235 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 72 1519675297.9778073 1519675298.4235635 446 192.168.1.120 - 49236 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 69 1519675301.6948054 1519675301.7056234 11 192.168.1.120 - 49233 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 69 1519675301.70724 1519675301.7166944 9 192.168.1.120 - 49233 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 70 1519675301.7182634 1519675301.7318938 14 192.168.1.120 - 49234 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 71 1519675306.081687 1519675306.4035401 322 192.168.1.120 - 49235 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 72 1519675306.6083126 1519675307.041898 434 192.168.1.120 - 49236 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 71 1519675310.7772818 1519675310.7838902 7 192.168.1.120 - 49235 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 72 1519675310.984635 1519675311.0119214 27 192.168.1.120 - 49236 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 73 1519675323.2775304 1519675323.3715277 94 192.168.1.120 - 49237 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 71 1519675327.1922193 1519675327.1986644 6 192.168.1.120 - 49235 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 72 1519675327.4076526 1519675327.4195983 12 192.168.1.120 - 49236 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 71 1519675338.0879145 1519675338.4132414 325 192.168.1.120 - 49235 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 72 1519675338.6140072 1519675339.047245 433 192.168.1.120 - 49236 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 71 1519675342.8547573 1519675342.8625803 8 192.168.1.120 - 49235 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 72 1519675343.0604944 1519675343.0738122 13 192.168.1.120 - 49236 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 74 1519675957.1867652 1519675957.5002725 314 192.168.1.120 - 49238 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 75 1519675957.733979 1519675958.3166654 583 192.168.1.120 - 49239 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 76 1519675959.0829673 1519675959.3681958 285 192.168.1.120 - 49240 23.7.207.201 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 77 1519675964.7542467 1519675964.7656186 11 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 77 1519675964.9733372 1519675964.9829593 10 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 78 1519675965.4187403 1519675965.4537544 35 192.168.1.120 - 49242 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 74 1519675969.9565296 1519675970.274781 318 192.168.1.120 - 49238 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 75 1519675970.4724107 1519675970.8366098 364 192.168.1.120 - 49239 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 76 1519675971.0338016 1519675971.0882165 54 192.168.1.120 - 49240 23.7.207.201 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 74 1519675977.1269135 1519675977.1352336 8 192.168.1.120 - 49238 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 75 1519675977.332591 1519675977.3636632 31 192.168.1.120 - 49239 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 79 1519675989.9672437 1519675990.0524273 85 192.168.1.120 - 49243 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 77 1519675990.2556033 1519675990.2643175 9 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 77 1519675990.2664092 1519675990.275966 10 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 78 1519675990.2777581 1519675990.2886279 11 192.168.1.120 - 49242 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 77 1519675994.041528 1519675994.0510473 10 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 77 1519675994.0525773 1519675994.061667 9 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 78 1519675994.0632257 1519675994.078149 15 192.168.1.120 - 49242 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 74 1519675998.186776 1519675998.19346 7 192.168.1.120 - 49238 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 75 1519675998.3928697 1519675998.407837 15 192.168.1.120 - 49239 104.127.48.95 443 https://www.adobe.com/ 314 112545 0 111949 300 582 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 77 1519676010.2044933 1519676010.2144334 10 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 77 1519676010.2165418 1519676010.2238772 7 192.168.1.120 - 49241 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 78 1519676010.2258859 1519676010.256866 31 192.168.1.120 - 49242 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 80 1519676616.3089652 1519676616.7611482 452 192.168.1.120 - 49244 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 81 1519676616.991309 1519676617.6310608 640 192.168.1.120 - 49245 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 82 1519676618.775183 1519676618.9993334 224 192.168.1.120 - 49246 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 83 1519676624.6709812 1519676624.680452 9 192.168.1.120 - 49247 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 83 1519676624.6819136 1519676624.8860002 204 192.168.1.120 - 49247 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 84 1519676625.117088 1519676625.150691 34 192.168.1.120 - 49248 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 83 1519676629.084568 1519676629.103782 19 192.168.1.120 - 49247 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 83 1519676629.105851 1519676629.1142592 8 192.168.1.120 - 49247 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 84 1519676629.1162424 1519676629.1267133 10 192.168.1.120 - 49248 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 80 1519676636.7953107 1519676637.1409624 346 192.168.1.120 - 49244 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 81 1519676637.3412497 1519676637.6662571 325 192.168.1.120 - 49245 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 82 1519676637.8624747 1519676637.9116933 49 192.168.1.120 - 49246 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 85 1519676643.3456445 1519676643.426622 81 192.168.1.120 - 49249 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 80 1519676643.6256878 1519676643.646217 21 192.168.1.120 - 49244 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 81 1519676643.8404272 1519676643.8967028 56 192.168.1.120 - 49245 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 80 1519676655.3904598 1519676655.7479951 358 192.168.1.120 - 49244 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 81 1519676655.9579024 1519676656.5711987 613 192.168.1.120 - 49245 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 80 1519676660.189251 1519676660.1980653 9 192.168.1.120 - 49244 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 81 1519676660.4047904 1519676660.4452248 40 192.168.1.120 - 49245 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 86 1519677274.0334294 1519677274.3881528 355 192.168.1.120 - 49250 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 87 1519677274.6183054 1519677275.15987 542 192.168.1.120 - 49251 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 88 1519677275.8668103 1519677276.0989816 232 192.168.1.120 - 49252 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 86 1519677281.3711152 1519677281.725521 354 192.168.1.120 - 49250 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 87 1519677281.9284616 1519677282.2759893 348 192.168.1.120 - 49251 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 88 1519677282.47892 1519677282.5282483 49 192.168.1.120 - 49252 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34136 0 33733 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 89 1519677292.2595072 1519677292.2704325 11 192.168.1.120 - 49253 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 89 1519677292.2725017 1519677292.4758687 203 192.168.1.120 - 49253 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 90 1519677292.7095106 1519677292.7360613 27 192.168.1.120 - 49254 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 86 1519677296.8744283 1519677297.2194605 345 192.168.1.120 - 49250 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 87 1519677297.420831 1519677298.147453 727 192.168.1.120 - 49251 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 91 1519677301.3937054 1519677301.482944 89 192.168.1.120 - 49255 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 86 1519677301.6899657 1519677302.0215662 332 192.168.1.120 - 49250 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 87 1519677302.2273066 1519677302.5376086 310 192.168.1.120 - 49251 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 86 1519677305.745449 1519677305.7546544 9 192.168.1.120 - 49250 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 87 1519677305.9529772 1519677305.9801972 27 192.168.1.120 - 49251 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 89 1519677317.9954982 1519677318.0059807 10 192.168.1.120 - 49253 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 89 1519677318.007567 1519677318.0175984 10 192.168.1.120 - 49253 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 90 1519677318.0191615 1519677318.0293765 10 192.168.1.120 - 49254 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 92 1519677923.4029436 1519677923.4109952 8 192.168.1.120 - 49256 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 93 1519677923.6389985 1519677923.7526426 114 192.168.1.120 - 49257 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 92 1519677934.6410122 1519677934.9464924 305 192.168.1.120 - 49256 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 93 1519677935.1471384 1519677935.5039356 357 192.168.1.120 - 49257 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 92 1519677942.9924839 1519677943.3453534 353 192.168.1.120 - 49256 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 93 1519677943.5492592 1519677943.8961704 347 192.168.1.120 - 49257 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 94 1519677944.657191 1519677944.8729172 216 192.168.1.120 - 49258 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 95 1519677950.1852627 1519677950.2702234 85 192.168.1.120 - 49259 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 96 1519677950.5084589 1519677950.5180595 10 192.168.1.120 - 49260 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 96 1519677950.5201774 1519677950.7218688 202 192.168.1.120 - 49260 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 97 1519677950.9533157 1519677950.9797716 26 192.168.1.120 - 49261 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 92 1519677955.0496538 1519677955.0584893 9 192.168.1.120 - 49256 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 93 1519677955.2662864 1519677955.2866263 20 192.168.1.120 - 49257 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 98 1519677967.9017828 1519677968.1982808 296 192.168.1.120 - 49262 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 99 1519677968.4370475 1519677969.5968573 1160 192.168.1.120 - 49263 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 96 1519677973.5857062 1519677973.5968359 11 192.168.1.120 - 49260 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 96 1519677973.5989292 1519677973.6064968 8 192.168.1.120 - 49260 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 97 1519677973.6084 1519677973.619133 11 192.168.1.120 - 49261 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 96 1519677978.50347 1519677978.5137687 10 192.168.1.120 - 49260 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 96 1519677978.5158463 1519677978.5243437 8 192.168.1.120 - 49260 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 97 1519677978.5262477 1519677978.5403976 14 192.168.1.120 - 49261 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 100 1519678583.6052575 1519678583.907822 303 192.168.1.120 - 49264 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 101 1519678584.1220016 1519678585.1176476 996 192.168.1.120 - 49265 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 100 1519678588.9827008 1519678589.2865882 304 192.168.1.120 - 49264 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 101 1519678589.4879653 1519678589.8715303 384 192.168.1.120 - 49265 137.254.60.32 443 https://www.virtualbox.org/ 319 10381 0 9630 305 737 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 102 1519678594.0618026 1519678594.408772 347 192.168.1.120 - 49266 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 103 1519678594.648123 1519678595.0350263 387 192.168.1.120 - 49267 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 102 1519678598.6056736 1519678598.6192784 14 192.168.1.120 - 49266 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 103 1519678598.8212976 1519678598.8490067 28 192.168.1.120 - 49267 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 102 1519678609.8717291 1519678609.8821983 10 192.168.1.120 - 49266 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 103 1519678610.08734 1519678610.1006382 13 192.168.1.120 - 49267 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 104 1519678622.7606413 1519678622.8456755 85 192.168.1.120 - 49268 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 102 1519678623.049611 1519678623.4135325 364 192.168.1.120 - 49266 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 103 1519678623.617347 1519678623.9706788 353 192.168.1.120 - 49267 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 105 1519678624.3014886 1519678624.5103357 209 192.168.1.120 - 49269 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 102 1519678630.13168 1519678630.4373963 306 192.168.1.120 - 49266 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 103 1519678630.636965 1519678630.9915743 355 192.168.1.120 - 49267 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 105 1519678631.1980603 1519678631.2446814 47 192.168.1.120 - 49269 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 106 1519678637.7304757 1519678637.7400591 10 192.168.1.120 - 49270 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 106 1519678637.9492743 1519678637.9593809 10 192.168.1.120 - 49270 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 107 1519678638.4043872 1519678638.4375129 33 192.168.1.120 - 49271 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 108 1519679243.9888883 1519679244.3105433 322 192.168.1.120 - 49272 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 109 1519679244.55103 1519679245.1376085 587 192.168.1.120 - 49273 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 110 1519679248.8025587 1519679248.8124049 10 192.168.1.120 - 49274 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 110 1519679248.8139493 1519679249.01831 204 192.168.1.120 - 49274 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 111 1519679249.2422764 1519679249.2741425 32 192.168.1.120 - 49275 23.4.253.171 443 https://java.com/en/ 312 9160 0 8567 295 579 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 108 1519679253.3871274 1519679253.8330386 446 192.168.1.120 - 49272 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 109 1519679254.0339315 1519679254.4378104 404 192.168.1.120 - 49273 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 112 1519679254.7814877 1519679255.0330958 252 192.168.1.120 - 49276 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 113 1519679268.5112348 1519679268.6047313 93 192.168.1.120 - 49277 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 108 1519679268.809562 1519679287.2161028 18407 192.168.1.120 - 49272 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 109 1519679287.4121673 1519679287.4258096 14 192.168.1.120 - 49273 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 110 1519679299.523673 1519679299.532072 8 192.168.1.120 - 49274 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 110 1519679299.534064 1519679299.5423133 8 192.168.1.120 - 49274 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 111 1519679299.5442955 1519679299.5665586 22 192.168.1.120 - 49275 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 110 1519679304.2602732 1519679304.2711985 11 192.168.1.120 - 49274 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 110 1519679304.2732687 1519679304.2809412 8 192.168.1.120 - 49274 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 111 1519679304.2828848 1519679304.2944982 12 192.168.1.120 - 49275 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 114 1519679910.298558 1519679910.612239 314 192.168.1.120 - 49278 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 115 1519679910.8387105 1519679911.3967202 558 192.168.1.120 - 49279 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 116 1519679914.7989397 1519679914.8138163 15 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 116 1519679914.8160253 1519679915.0302958 214 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 117 1519679915.0636425 1519679915.3004897 237 192.168.1.120 - 49281 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 118 1519679919.230529 1519679919.5655525 335 192.168.1.120 - 49282 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 119 1519679919.7919307 1519679920.813533 1022 192.168.1.120 - 49283 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 118 1519679924.9630487 1519679925.2659504 303 192.168.1.120 - 49282 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 119 1519679925.4690967 1519679926.5344303 1065 192.168.1.120 - 49283 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 116 1519679930.4804506 1519679930.4912634 11 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 116 1519679930.4933789 1519679930.5031717 10 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 117 1519679930.5052192 1519679930.855892 351 192.168.1.120 - 49281 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 120 1519679934.9495676 1519679935.0361114 87 192.168.1.120 - 49284 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 114 1519679935.2377377 1519679935.2468393 9 192.168.1.120 - 49278 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 115 1519679935.4430768 1519679935.6836615 241 192.168.1.120 - 49279 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 114 1519679946.5336597 1519679946.5402248 7 192.168.1.120 - 49278 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 115 1519679946.7495434 1519679946.8635268 114 192.168.1.120 - 49279 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 114 1519679958.7511752 1519679959.0546196 303 192.168.1.120 - 49278 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 115 1519679959.257542 1519679959.5879219 330 192.168.1.120 - 49279 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 121 1519679960.0840862 1519679960.3143628 230 192.168.1.120 - 49285 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 116 1519679965.3504658 1519679965.358394 8 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 116 1519679965.3604124 1519679965.3679097 7 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 117 1519679965.369849 1519679965.3802063 10 192.168.1.120 - 49281 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 116 1519679969.9354284 1519679969.944599 9 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 116 1519679969.9460788 1519679969.9537582 8 192.168.1.120 - 49280 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 117 1519679969.9551418 1519679969.9690561 14 192.168.1.120 - 49281 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 122 1519680574.9497857 1519680574.9597974 10 192.168.1.120 - 49286 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 122 1519680575.1692913 1519680575.1800196 11 192.168.1.120 - 49286 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 123 1519680575.617303 1519680575.6425571 25 192.168.1.120 - 49287 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 122 1519680579.9128778 1519680579.9234946 11 192.168.1.120 - 49286 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 122 1519680579.9251099 1519680579.9349782 10 192.168.1.120 - 49286 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 123 1519680579.9365973 1519680579.9511554 15 192.168.1.120 - 49287 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 124 1519680585.1125073 1519680585.1225636 10 192.168.1.120 - 49288 104.127.48.95 80 http://www.adobe.com/ 314 574 0 230 300 315 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 125 1519680585.3603995 1519680585.6546555 294 192.168.1.120 - 49289 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 122 1519680597.0492108 1519680597.0569038 8 192.168.1.120 - 49286 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 122 1519680597.0589752 1519680597.0683777 9 192.168.1.120 - 49286 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 123 1519680597.0703464 1519680597.0805151 10 192.168.1.120 - 49287 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 126 1519680601.55713 1519680601.6496968 93 192.168.1.120 - 49290 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 127 1519680601.9562306 1519680602.2577574 302 192.168.1.120 - 49291 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 128 1519680602.4839382 1519680603.4427264 959 192.168.1.120 - 49292 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 124 1519680607.1838214 1519680607.5039184 320 192.168.1.120 - 49288 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 125 1519680607.7098649 1519680608.060544 351 192.168.1.120 - 49289 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 127 1519680615.5939643 1519680615.8996854 306 192.168.1.120 - 49291 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 128 1519680616.101597 1519680617.0669172 965 192.168.1.120 - 49292 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 124 1519680620.7634041 1519680621.0693796 306 192.168.1.120 - 49288 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 125 1519680621.2796886 1519680621.5910606 311 192.168.1.120 - 49289 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 129 1519680622.055138 1519680622.2457466 191 192.168.1.120 - 49293 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 130 1519681232.972306 1519681232.9814603 9 192.168.1.120 - 49294 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 131 1519681233.224214 1519681233.5108225 287 192.168.1.120 - 49295 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 130 1519681245.2098193 1519681245.556933 347 192.168.1.120 - 49294 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 131 1519681245.7572963 1519681246.1000147 343 192.168.1.120 - 49295 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 132 1519681246.4732893 1519681246.666039 193 192.168.1.120 - 49296 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 130 1519681251.6208096 1519681251.9726336 352 192.168.1.120 - 49294 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 131 1519681252.176682 1519681252.52271 346 192.168.1.120 - 49295 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 133 1519681256.107051 1519681256.191733 85 192.168.1.120 - 49297 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 134 1519681256.6149552 1519681256.9170783 302 192.168.1.120 - 49298 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 135 1519681257.1352398 1519681258.2926886 1157 192.168.1.120 - 49299 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 130 1519681261.7561724 1519681261.7623582 6 192.168.1.120 - 49294 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 131 1519681261.9607017 1519681261.980865 20 192.168.1.120 - 49295 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 134 1519681274.842803 1519681275.1520684 309 192.168.1.120 - 49298 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 135 1519681275.3597014 1519681276.4365506 1077 192.168.1.120 - 49299 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 130 1519681279.7910383 1519681279.7976587 7 192.168.1.120 - 49294 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 131 1519681279.9967916 1519681280.2111382 214 192.168.1.120 - 49295 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 136 1519681291.7966127 1519681291.8068194 10 192.168.1.120 - 49300 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 136 1519681292.013213 1519681292.0208952 8 192.168.1.120 - 49300 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 137 1519681292.250685 1519681292.2856977 35 192.168.1.120 - 49301 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 138 1519681897.2436495 1519681897.2545772 11 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 138 1519681897.4613295 1519681897.4699125 9 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 139 1519681897.6913147 1519681897.725825 35 192.168.1.120 - 49303 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 138 1519681902.115236 1519681902.1248546 10 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 138 1519681902.1265087 1519681902.1361382 10 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 139 1519681902.1377742 1519681902.1490395 11 192.168.1.120 - 49303 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 140 1519681906.5670114 1519681906.8864412 319 192.168.1.120 - 49304 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 141 1519681907.1200554 1519681908.1509085 1031 192.168.1.120 - 49305 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 142 1519681912.7714708 1519681912.7798772 8 192.168.1.120 - 49306 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 143 1519681913.0161052 1519681913.3111184 295 192.168.1.120 - 49307 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 142 1519681923.544621 1519681923.553807 9 192.168.1.120 - 49306 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 143 1519681923.7522264 1519681923.7742069 22 192.168.1.120 - 49307 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 144 1519681936.3952096 1519681936.4737308 79 192.168.1.120 - 49308 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 142 1519681936.6763957 1519681937.0181687 342 192.168.1.120 - 49306 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 143 1519681937.2213943 1519681937.5753918 354 192.168.1.120 - 49307 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 145 1519681938.0111618 1519681938.1824837 171 192.168.1.120 - 49309 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 138 1519681943.3532085 1519681943.3636074 10 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 138 1519681943.3656428 1519681943.3753638 10 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 139 1519681943.3774776 1519681943.391311 14 192.168.1.120 - 49303 23.4.253.171 443 https://java.com/en/ 312 9161 0 8568 295 579 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 142 1519681947.8701231 1519681948.1873739 317 192.168.1.120 - 49306 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 143 1519681948.3879275 1519681948.7198381 332 192.168.1.120 - 49307 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 145 1519681948.9283512 1519681948.9704912 42 192.168.1.120 - 49309 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 138 1519681955.1658127 1519681955.1750538 9 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 138 1519681955.177104 1519681955.1862147 9 192.168.1.120 - 49302 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 139 1519681955.1881642 1519681955.2027962 15 192.168.1.120 - 49303 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 142 1519681959.8185437 1519681960.1833932 365 192.168.1.120 - 49306 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 143 1519681960.3856761 1519681960.7122307 327 192.168.1.120 - 49307 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 146 1519682565.2564042 1519682565.615808 359 192.168.1.120 - 49310 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 147 1519682565.850203 1519682566.75679 907 192.168.1.120 - 49311 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 148 1519682570.6725643 1519682570.681926 9 192.168.1.120 - 49312 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 148 1519682570.6839902 1519682570.885962 202 192.168.1.120 - 49312 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 149 1519682571.1191854 1519682571.1457534 27 192.168.1.120 - 49313 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 146 1519682574.871402 1519682575.2249837 354 192.168.1.120 - 49310 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 147 1519682575.4295292 1519682575.797888 368 192.168.1.120 - 49311 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 148 1519682579.6080558 1519682579.6180012 10 192.168.1.120 - 49312 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 148 1519682579.62008 1519682579.6306446 11 192.168.1.120 - 49312 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 149 1519682579.632724 1519682579.6471086 14 192.168.1.120 - 49313 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 146 1519682583.6736717 1519682584.0337605 360 192.168.1.120 - 49310 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 147 1519682584.2320683 1519682584.560338 328 192.168.1.120 - 49311 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 150 1519682584.8144395 1519682585.023078 209 192.168.1.120 - 49314 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 151 1519682589.9363213 1519682590.03329 97 192.168.1.120 - 49315 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 146 1519682590.2331893 1519682590.2409403 8 192.168.1.120 - 49310 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 147 1519682590.44037 1519682590.469343 29 192.168.1.120 - 49311 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 146 1519682603.0919197 1519682603.4112267 319 192.168.1.120 - 49310 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 147 1519682603.6196983 1519682603.9695337 350 192.168.1.120 - 49311 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 150 1519682604.1701796 1519682604.2159493 46 192.168.1.120 - 49314 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 146 1519682610.5139241 1519682610.884804 371 192.168.1.120 - 49310 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 147 1519682611.0805027 1519682611.4408169 360 192.168.1.120 - 49311 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 150 1519682611.641115 1519682611.6871703 46 192.168.1.120 - 49314 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 152 1519683219.5851502 1519683219.5954528 10 192.168.1.120 - 49316 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 153 1519683220.021681 1519683220.1089075 87 192.168.1.120 - 49317 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 154 1519683232.3630009 1519683232.373595 11 192.168.1.120 - 49318 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 154 1519683232.3749943 1519683232.5793567 204 192.168.1.120 - 49318 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 155 1519683232.800503 1519683232.8373137 37 192.168.1.120 - 49319 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 152 1519683236.764109 1519683236.770867 7 192.168.1.120 - 49316 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 153 1519683236.970516 1519683236.9839103 13 192.168.1.120 - 49317 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 152 1519683249.7738419 1519683249.7810752 7 192.168.1.120 - 49316 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 153 1519683249.9895713 1519683249.9984453 9 192.168.1.120 - 49317 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 156 1519683263.1035783 1519683263.1873543 84 192.168.1.120 - 49320 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 157 1519683263.710257 1519683264.01277 303 192.168.1.120 - 49321 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 158 1519683264.2521014 1519683265.1701913 918 192.168.1.120 - 49322 137.254.60.32 443 https://www.virtualbox.org/ 319 10337 0 9630 305 693 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 152 1519683268.479953 1519683268.827701 348 192.168.1.120 - 49316 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 153 1519683269.026048 1519683269.3837464 358 192.168.1.120 - 49317 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 159 1519683271.8101156 1519683271.965566 155 192.168.1.120 - 49323 2.19.63.249 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 152 1519683277.5613952 1519683277.5712786 10 192.168.1.120 - 49316 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 153 1519683277.778975 1519683277.793228 14 192.168.1.120 - 49317 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 152 1519683289.8208191 1519683290.1732557 352 192.168.1.120 - 49316 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 153 1519683290.377413 1519683290.7270422 350 192.168.1.120 - 49317 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 159 1519683290.927728 1519683290.9661226 38 192.168.1.120 - 49323 2.19.63.249 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 160 1519683898.1956944 1519683898.2052214 10 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 160 1519683898.2068129 1519683898.4101741 203 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 161 1519683898.6277173 1519683898.664067 36 192.168.1.120 - 49325 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 160 1519683902.2400224 1519683902.2502584 10 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 160 1519683902.2519317 1519683902.2623703 10 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 161 1519683902.2645361 1519683902.2798672 15 192.168.1.120 - 49325 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 162 1519683909.6552527 1519683909.664187 9 192.168.1.120 - 49326 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 163 1519683909.900553 1519683910.0047705 104 192.168.1.120 - 49327 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 160 1519683921.439123 1519683921.4470866 8 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 160 1519683921.4491065 1519683921.4563031 7 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 161 1519683921.4582593 1519683921.4733164 15 192.168.1.120 - 49325 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 164 1519683925.386055 1519683925.4665627 81 192.168.1.120 - 49328 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 160 1519683925.6631434 1519683925.6714582 8 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 160 1519683925.672988 1519683925.6840482 11 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 161 1519683925.6869338 1519683925.7023158 15 192.168.1.120 - 49325 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 160 1519683932.5536478 1519683932.5634978 10 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 160 1519683932.5651705 1519683932.5738668 9 192.168.1.120 - 49324 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 161 1519683932.5753286 1519683932.5898185 14 192.168.1.120 - 49325 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 165 1519684538.4971237 1519684538.8243284 327 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 166 1519684539.0536005 1519684539.6283925 575 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 167 1519684539.9831853 1519684540.1907458 208 192.168.1.120 - 49331 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 165 1519684545.3458176 1519684545.355655 10 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 166 1519684545.5534675 1519684545.5878525 34 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 165 1519684556.7929316 1519684556.7994606 7 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 166 1519684557.0081878 1519684557.04442 36 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 165 1519684569.6193209 1519684569.9616845 342 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 166 1519684570.1669939 1519684570.4829497 316 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 167 1519684570.6878824 1519684570.737328 49 192.168.1.120 - 49331 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 168 1519684577.4729214 1519684577.4832623 10 192.168.1.120 - 49332 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 168 1519684577.7093418 1519684577.7170339 8 192.168.1.120 - 49332 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 169 1519684577.9433196 1519684577.9751189 32 192.168.1.120 - 49333 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 170 1519684581.9298866 1519684582.0173016 87 192.168.1.120 - 49334 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 165 1519684582.220101 1519684582.2267535 7 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 166 1519684582.4245257 1519684582.438643 14 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 165 1519684594.5466504 1519684594.895095 348 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 166 1519684595.09343 1519684595.4351406 342 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 167 1519684595.6338646 1519684595.6817043 48 192.168.1.120 - 49331 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 165 1519684602.2780895 1519684602.5913248 313 192.168.1.120 - 49329 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 166 1519684602.7943275 1519684603.120632 326 192.168.1.120 - 49330 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 167 1519684603.3245215 1519684603.3718302 47 192.168.1.120 - 49331 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 171 1519685211.078778 1519685211.0866747 8 192.168.1.120 - 49335 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 172 1519685211.339112 1519685211.4406397 102 192.168.1.120 - 49336 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 171 1519685223.2892141 1519685223.2979176 9 192.168.1.120 - 49335 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 172 1519685223.4963703 1519685223.5097823 13 192.168.1.120 - 49336 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 173 1519685236.620197 1519685236.6297274 10 192.168.1.120 - 49337 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 173 1519685236.63172 1519685236.8341339 202 192.168.1.120 - 49337 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 174 1519685237.072339 1519685237.1030896 31 192.168.1.120 - 49338 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 173 1519685244.3505728 1519685244.3589542 8 192.168.1.120 - 49337 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 173 1519685244.3610442 1519685244.368746 8 192.168.1.120 - 49337 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 174 1519685244.3707824 1519685244.8492022 478 192.168.1.120 - 49338 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 175 1519685249.2800052 1519685249.364657 85 192.168.1.120 - 49339 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 171 1519685249.5672455 1519685249.9194405 352 192.168.1.120 - 49335 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 172 1519685250.1250036 1519685250.4691298 344 192.168.1.120 - 49336 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 173 1519685253.3640914 1519685253.3741086 10 192.168.1.120 - 49337 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 173 1519685253.376218 1519685253.3861618 10 192.168.1.120 - 49337 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 174 1519685253.3882074 1519685253.4017775 14 192.168.1.120 - 49338 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 171 1519685257.4500027 1519685257.7980359 348 192.168.1.120 - 49335 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 172 1519685258.0059707 1519685258.3750463 369 192.168.1.120 - 49336 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 171 1519685262.2158196 1519685262.559223 343 192.168.1.120 - 49335 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 172 1519685262.7629888 1519685263.1618984 399 192.168.1.120 - 49336 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 171 1519685266.7428992 1519685266.7519388 9 192.168.1.120 - 49335 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 172 1519685266.959093 1519685266.978631 20 192.168.1.120 - 49336 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 176 1519685879.8258553 1519685880.1282713 302 192.168.1.120 - 49340 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 177 1519685880.3522627 1519685882.5021462 2150 192.168.1.120 - 49341 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 178 1519685887.065351 1519685887.4196928 354 192.168.1.120 - 49342 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 179 1519685887.6528516 1519685888.2328188 580 192.168.1.120 - 49343 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 180 1519685888.6045632 1519685888.8117714 207 192.168.1.120 - 49344 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 178 1519685894.05529 1519685894.365897 311 192.168.1.120 - 49342 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 179 1519685894.5609596 1519685894.880789 320 192.168.1.120 - 49343 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 181 1519685898.7458801 1519685898.755205 9 192.168.1.120 - 49345 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 181 1519685898.9773 1519685898.9858186 9 192.168.1.120 - 49345 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 182 1519685899.2216802 1519685899.2556202 34 192.168.1.120 - 49346 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 183 1519685903.2206068 1519685903.3284206 108 192.168.1.120 - 49347 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 181 1519685903.5379612 1519685903.5476577 10 192.168.1.120 - 49345 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 181 1519685903.5492215 1519685903.5583868 9 192.168.1.120 - 49345 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 182 1519685903.559957 1519685903.5745764 15 192.168.1.120 - 49346 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 178 1519685908.115156 1519685908.1227891 8 192.168.1.120 - 49342 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 179 1519685908.3210342 1519685908.3519003 31 192.168.1.120 - 49343 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 178 1519685920.8124788 1519685921.123271 311 192.168.1.120 - 49342 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 179 1519685921.3296163 1519685921.6445863 315 192.168.1.120 - 49343 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 180 1519685921.8408577 1519685921.888263 47 192.168.1.120 - 49344 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 178 1519685927.84203 1519685927.8514128 9 192.168.1.120 - 49342 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 179 1519685928.0592253 1519685928.0837643 25 192.168.1.120 - 49343 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 178 1519685940.5621483 1519685940.895398 333 192.168.1.120 - 49342 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 179 1519685941.098186 1519685941.412153 314 192.168.1.120 - 49343 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 184 1519686546.4330273 1519686546.7575822 325 192.168.1.120 - 49348 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 185 1519686546.9934723 1519686547.5368643 543 192.168.1.120 - 49349 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 186 1519686548.3609493 1519686548.6103618 249 192.168.1.120 - 49350 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 184 1519686554.4443529 1519686554.79865 354 192.168.1.120 - 49348 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 185 1519686555.0007122 1519686555.3409972 340 192.168.1.120 - 49349 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 186 1519686555.5417402 1519686555.6001327 58 192.168.1.120 - 49350 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 184 1519686561.3644829 1519686561.6986346 334 192.168.1.120 - 49348 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 185 1519686561.9011228 1519686562.2492988 348 192.168.1.120 - 49349 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 184 1519686565.370381 1519686565.7177083 347 192.168.1.120 - 49348 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 185 1519686565.916815 1519686566.2457201 329 192.168.1.120 - 49349 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 187 1519686570.0572026 1519686570.1381657 81 192.168.1.120 - 49351 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 184 1519686570.336101 1519686570.3453066 9 192.168.1.120 - 49348 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 185 1519686570.5432053 1519686570.5849152 42 192.168.1.120 - 49349 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 188 1519686581.6402164 1519686581.6509056 11 192.168.1.120 - 49352 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 188 1519686581.6524577 1519686581.6613615 9 192.168.1.120 - 49352 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 189 1519686581.9015632 1519686581.9466126 45 192.168.1.120 - 49353 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 184 1519686585.909228 1519686586.2206743 311 192.168.1.120 - 49348 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 185 1519686586.4261746 1519686586.7577255 332 192.168.1.120 - 49349 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 188 1519686589.9154124 1519686589.9232318 8 192.168.1.120 - 49352 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 188 1519686589.9252436 1519686589.932503 7 192.168.1.120 - 49352 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 189 1519686589.9344184 1519686589.9497468 15 192.168.1.120 - 49353 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 190 1519687195.5587475 1519687195.5689025 10 192.168.1.120 - 49354 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 190 1519687195.5703783 1519687195.7724762 202 192.168.1.120 - 49354 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 191 1519687196.0096574 1519687196.036541 27 192.168.1.120 - 49355 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 192 1519687199.7430887 1519687200.0542126 311 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 193 1519687200.2935748 1519687200.8683653 575 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 192 1519687205.3486369 1519687205.355239 7 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 193 1519687205.5559938 1519687205.5852056 29 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 192 1519687217.7885375 1519687218.1337385 345 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 193 1519687218.3342967 1519687218.6908233 357 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 194 1519687219.1049275 1519687219.3557513 251 192.168.1.120 - 49358 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 195 1519687224.8497 1519687224.9311717 81 192.168.1.120 - 49359 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 192 1519687225.1388516 1519687225.1453457 6 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 193 1519687225.3445146 1519687225.3579895 13 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 192 1519687238.5181413 1519687238.8604562 342 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 193 1519687239.0645094 1519687239.4231613 359 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 194 1519687239.6250043 1519687239.6802738 55 192.168.1.120 - 49358 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 192 1519687246.1890376 1519687246.5089076 320 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 193 1519687246.7155309 1519687247.0719573 356 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 194 1519687247.2759883 1519687247.3348157 59 192.168.1.120 - 49358 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 192 1519687254.1406653 1519687254.441613 301 192.168.1.120 - 49356 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 193 1519687254.6469243 1519687255.0023644 355 192.168.1.120 - 49357 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 194 1519687255.207664 1519687255.261851 54 192.168.1.120 - 49358 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 196 1519687862.131858 1519687862.4396489 308 192.168.1.120 - 49360 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 197 1519687862.662182 1519687863.2291512 567 192.168.1.120 - 49361 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 196 1519687866.9616735 1519687866.9691412 7 192.168.1.120 - 49360 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 197 1519687867.1770415 1519687867.2052803 28 192.168.1.120 - 49361 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 198 1519687877.3366184 1519687877.6600904 323 192.168.1.120 - 49362 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 199 1519687877.8832297 1519687878.8465173 963 192.168.1.120 - 49363 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 200 1519687886.2665253 1519687886.2769303 10 192.168.1.120 - 49364 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 200 1519687886.4852304 1519687886.495176 10 192.168.1.120 - 49364 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 201 1519687886.9289203 1519687886.9813619 52 192.168.1.120 - 49365 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 202 1519687891.3385737 1519687891.4200637 81 192.168.1.120 - 49366 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 196 1519687891.6260116 1519687891.9650419 339 192.168.1.120 - 49360 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 197 1519687892.1635308 1519687892.5091789 346 192.168.1.120 - 49361 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 203 1519687893.7222846 1519687893.9892983 267 192.168.1.120 - 49367 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 196 1519687899.1159852 1519687899.124984 9 192.168.1.120 - 49360 104.127.48.95 80 http://www.adobe.com/ 314 574 0 230 300 315 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 197 1519687899.3234248 1519687899.3433695 20 192.168.1.120 - 49361 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 200 1519687911.4853263 1519687911.4931855 8 192.168.1.120 - 49364 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 200 1519687911.4951475 1519687911.5030372 8 192.168.1.120 - 49364 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 201 1519687911.5050697 1519687911.515365 10 192.168.1.120 - 49365 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 204 1519688517.0364358 1519688517.3391495 303 192.168.1.120 - 49368 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 205 1519688517.5771506 1519688518.1613016 584 192.168.1.120 - 49369 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 204 1519688521.6244142 1519688521.6307528 6 192.168.1.120 - 49368 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 205 1519688521.8386197 1519688521.9115977 73 192.168.1.120 - 49369 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 206 1519688534.2915308 1519688534.3038535 12 192.168.1.120 - 49370 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 206 1519688534.5132422 1519688534.5232315 10 192.168.1.120 - 49370 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 207 1519688534.953489 1519688534.979331 26 192.168.1.120 - 49371 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 204 1519688538.0466936 1519688538.0560043 9 192.168.1.120 - 49368 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 205 1519688538.2518122 1519688538.2947972 43 192.168.1.120 - 49369 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 204 1519688550.9440444 1519688550.9555607 12 192.168.1.120 - 49368 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 205 1519688551.151045 1519688551.1706667 20 192.168.1.120 - 49369 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 208 1519688562.2371264 1519688562.3208904 84 192.168.1.120 - 49372 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 206 1519688562.5303013 1519688562.5406413 10 192.168.1.120 - 49370 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 206 1519688562.5421882 1519688562.551745 10 192.168.1.120 - 49370 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 207 1519688562.5533464 1519688562.567769 14 192.168.1.120 - 49371 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 204 1519688566.5072587 1519688566.8594232 352 192.168.1.120 - 49368 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 205 1519688567.0635579 1519688567.4212966 358 192.168.1.120 - 49369 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 206 1519688571.3638623 1519688571.3737864 10 192.168.1.120 - 49370 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 206 1519688571.3759153 1519688571.3850753 9 192.168.1.120 - 49370 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 207 1519688571.3871453 1519688571.3995843 12 192.168.1.120 - 49371 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 208 1519688575.3093135 1519688575.3952117 86 192.168.1.120 - 49372 5.8.88.175 80 http://5.8.88.175/two/index.php 473 346 63 39 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 208 1519688575.5992475 1519688576.391358 792 192.168.1.120 - 49372 5.8.88.175 80 http://5.8.88.175/svc.exe 318 844163 0 843776 297 373 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' application/x-msdos-program GET 200 - - - - - - - CTU.344.1.Malicious 208 1519688639.4719105 1519688639.5506725 79 192.168.1.120 - 49372 5.8.88.175 80 http://5.8.88.175/two/index.php 473 718 63 411 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 209 1519689241.1972063 1519689241.2070916 10 192.168.1.120 - 49373 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 210 1519689241.6294036 1519689241.719764 90 192.168.1.120 - 49374 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 211 1519689252.8422945 1519689252.8520503 10 192.168.1.120 - 49375 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 211 1519689253.0612733 1519689253.0717616 10 192.168.1.120 - 49375 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 212 1519689253.3040853 1519689253.3315678 27 192.168.1.120 - 49376 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 209 1519689257.2499301 1519689257.262294 12 192.168.1.120 - 49373 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 210 1519689257.4660888 1519689257.49089 25 192.168.1.120 - 49374 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 211 1519689270.228353 1519689270.2386408 10 192.168.1.120 - 49375 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 211 1519689270.2402897 1519689270.2499042 10 192.168.1.120 - 49375 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 212 1519689270.251699 1519689270.2614963 10 192.168.1.120 - 49376 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 213 1519689274.767716 1519689274.8525372 85 192.168.1.120 - 49377 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 209 1519689275.056592 1519689275.4062061 350 192.168.1.120 - 49373 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 210 1519689275.602044 1519689275.9553292 353 192.168.1.120 - 49374 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 214 1519689276.3476114 1519689276.5175204 170 192.168.1.120 - 49378 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 215 1519689282.1823566 1519689282.4811523 299 192.168.1.120 - 49379 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 216 1519689282.7038076 1519689283.7790158 1075 192.168.1.120 - 49380 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 209 1519689288.265928 1519689288.6076887 342 192.168.1.120 - 49373 104.127.48.95 80 http://www.adobe.com/support/shockwave 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/shockwave - CTU.344.1.Malicious 210 1519689288.811222 1519689289.170447 359 192.168.1.120 - 49374 104.127.48.95 443 https://www.adobe.com/support/shockwave 331 713 0 247 300 437 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - http://www.adobe.com/support/shockwave/ - CTU.344.1.Malicious 213 1519689296.837858 1519689297.6365817 799 192.168.1.120 - 49377 5.8.88.175 80 http://5.8.88.175/two/index.php 473 624930 63 624623 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 213 1519689343.8516653 1519689343.9389825 87 192.168.1.120 - 49377 5.8.88.175 80 http://5.8.88.175/two/index.php 473 718 63 411 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 217 1519689350.0033994 1519689350.4171548 414 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Un.dll 96 1160007 0 1159680 71 313 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519689434.9991765 1519689435.278738 280 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Deux.dll 66 30973 0 30720 39 239 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519689437.6985002 1519689443.434475 5736 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Trois.dll 67 19580160 0 19579904 39 242 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 218 1519689946.1260912 1519689946.3414717 215 192.168.1.120 - 49382 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 219 1519689946.9827638 1519689947.0689132 86 192.168.1.120 - 49383 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 220 1519689958.3679874 1519689958.3804007 12 192.168.1.120 - 49384 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 220 1519689958.5893347 1519689958.599358 10 192.168.1.120 - 49384 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 221 1519689958.8219054 1519689958.8561394 34 192.168.1.120 - 49385 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 220 1519689962.934447 1519689962.944018 10 192.168.1.120 - 49384 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 220 1519689962.9457142 1519689962.9537902 8 192.168.1.120 - 49384 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 221 1519689962.955406 1519689962.966333 11 192.168.1.120 - 49385 23.4.253.171 443 https://java.com/en/ 312 9161 0 8568 295 579 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 218 1519689967.2516167 1519689967.5672615 316 192.168.1.120 - 49382 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 219 1519689967.7678378 1519689968.094709 327 192.168.1.120 - 49383 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 222 1519689968.866069 1519689969.0948188 229 192.168.1.120 - 49386 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 223 1519689974.7052956 1519689974.7862673 81 192.168.1.120 - 49387 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 218 1519689982.9641669 1519689982.9731445 9 192.168.1.120 - 49382 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 219 1519689983.1796954 1519689983.2047813 25 192.168.1.120 - 49383 104.127.48.95 443 https://www.adobe.com/ 314 112545 0 111949 300 582 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 218 1519689995.9632082 1519689996.3017628 339 192.168.1.120 - 49382 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 219 1519689996.5089061 1519689996.8594065 351 192.168.1.120 - 49383 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 222 1519689997.0695271 1519689997.1213171 52 192.168.1.120 - 49386 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 224 1519690003.80127 1519690004.101132 300 192.168.1.120 - 49388 137.254.60.32 80 http://www.virtualbox.org/ 319 796 0 262 305 505 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.virtualbox.org/ - CTU.344.1.Malicious 225 1519690004.344382 1519690005.3267977 982 192.168.1.120 - 49389 137.254.60.32 443 https://www.virtualbox.org/ 319 10382 0 9630 305 738 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html;charset=utf-8 GET 200 - - - - - - - CTU.344.1.Malicious 226 1519690610.6714382 1519690610.9829903 312 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/go/getflashplayer 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/go/getflashplayer - CTU.344.1.Malicious 227 1519690611.214953 1519690611.5616658 347 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/go/getflashplayer 331 465 0 0 300 436 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 301 - - - - - http://get.adobe.com/flashplayer - CTU.344.1.Malicious 226 1519690615.2135372 1519690615.220061 7 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 227 1519690615.4286246 1519690615.4571242 28 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 226 1519690629.363464 1519690629.3716507 8 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 227 1519690629.5787714 1519690629.6054757 27 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 228 1519690641.3908243 1519690641.4013479 11 192.168.1.120 - 49392 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 228 1519690641.4034007 1519690641.6072543 204 192.168.1.120 - 49392 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 229 1519690641.8436363 1519690641.878753 35 192.168.1.120 - 49393 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 226 1519690646.2163303 1519690646.560033 344 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/support 321 589 0 237 300 323 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support - CTU.344.1.Malicious 227 1519690646.7640426 1519690647.42971 666 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/support 321 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 230 1519690648.0121384 1519690648.2188377 207 192.168.1.120 - 49394 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 231 1519690654.0191858 1519690654.1000292 81 192.168.1.120 - 49395 5.8.88.175 80 http://5.8.88.175/two/index.php 503 454 93 147 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 226 1519690654.3096378 1519690654.3193555 10 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 227 1519690654.5246398 1519690654.5440698 19 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 226 1519690666.116527 1519690666.1250174 8 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 227 1519690666.3215897 1519690666.333589 12 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 226 1519690677.8126562 1519690678.1241424 311 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 227 1519690678.3295128 1519690678.6869864 357 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 230 1519690678.8897135 1519690678.9370444 47 192.168.1.120 - 49394 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 226 1519690685.9134548 1519690685.922991 10 192.168.1.120 - 49390 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 227 1519690686.1201017 1519690686.1708953 51 192.168.1.120 - 49391 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 217 1519690895.065643 1519690896.963029 1897 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Quatre.dll 68 367926 0 367672 39 240 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519690922.483178 1519690922.9411497 458 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Cinq.dll 66 1646847 0 1646592 39 241 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691039.1508915 1519691041.8850386 2734 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Six.dll 65 660382 0 660128 39 240 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691091.0660064 1519691095.4653242 4399 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Sept.dll 66 963486 0 963232 39 240 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691166.9960613 1519691169.929609 2934 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Huit.dll 66 65277 0 65024 39 239 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691174.1654196 1519691176.578393 2413 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Neuf.dll 66 3925247 0 3924992 39 241 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 232 1519691299.9332502 1519691300.1467748 214 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 232 1519691300.1484845 1519691300.1578512 9 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 233 1519691301.1865506 1519691301.231006 44 192.168.1.120 - 49397 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 234 1519691306.2648726 1519691306.272227 7 192.168.1.120 - 49398 104.127.48.95 80 http://www.adobe.com/ 314 575 0 230 300 316 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/ - CTU.344.1.Malicious 235 1519691306.9064453 1519691307.1671002 261 192.168.1.120 - 49399 104.127.48.95 443 https://www.adobe.com/ 314 111439 0 110934 300 491 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 234 1519691318.6355953 1519691318.9920745 356 192.168.1.120 - 49398 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 235 1519691319.1912553 1519691319.5164244 325 192.168.1.120 - 49399 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 236 1519691320.2093878 1519691320.4313304 222 192.168.1.120 - 49400 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 232 1519691325.4645824 1519691325.475036 10 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 232 1519691325.476676 1519691325.486328 10 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 233 1519691325.4884212 1519691325.5023823 14 192.168.1.120 - 49397 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 237 1519691333.2975893 1519691333.3786535 81 192.168.1.120 - 49401 5.8.88.175 80 http://5.8.88.175/two/index.php 503 314 93 7 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 232 1519691333.5844362 1519691333.5947895 10 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 232 1519691333.5968647 1519691333.6044374 8 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 233 1519691333.6064012 1519691333.616463 10 192.168.1.120 - 49397 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 234 1519691337.3208072 1519691337.6757772 355 192.168.1.120 - 49398 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 235 1519691337.8775313 1519691338.2342238 357 192.168.1.120 - 49399 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 236 1519691338.4381902 1519691338.7339282 296 192.168.1.120 - 49400 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 232 1519691346.2756317 1519691346.2833154 8 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/ 309 237 0 0 295 208 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 302 - - - - - http://java.com/en/ - CTU.344.1.Malicious 232 1519691346.284861 1519691346.293164 8 192.168.1.120 - 49396 23.4.253.171 80 http://java.com/en/ 312 238 0 0 295 209 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' - GET 301 - - - - - https://java.com/en/ - CTU.344.1.Malicious 233 1519691346.2947304 1519691346.305973 11 192.168.1.120 - 49397 23.4.253.171 443 https://java.com/en/ 312 8098 0 7553 295 531 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 234 1519691350.7493098 1519691351.1029987 354 192.168.1.120 - 49398 104.127.48.95 80 http://www.adobe.com/support/main.html 331 609 0 247 300 333 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://www.adobe.com/support/main.html - CTU.344.1.Malicious 235 1519691351.3066711 1519691351.6266954 320 192.168.1.120 - 49399 104.127.48.95 443 https://www.adobe.com/support/main.html 331 653 0 244 300 380 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=iso-8859-1 GET 301 - - - - - https://helpx.adobe.com/support.html - CTU.344.1.Malicious 236 1519691351.8273687 1519691351.878474 51 192.168.1.120 - 49400 2.18.33.30 443 https://helpx.adobe.com/support.html 328 34138 0 33735 302 389 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=UTF-8 GET 200 - - - - - - - CTU.344.1.Malicious 237 1519691361.7375755 1519691362.549547 812 192.168.1.120 - 49401 5.8.88.175 80 http://5.8.88.175/two/index.php 473 500023 63 499716 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 237 1519691404.786907 1519691405.0923817 305 192.168.1.120 - 49401 5.8.88.175 80 http://5.8.88.175/two/index.php 473 718 63 411 382 286 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)' text/html; charset=windows-1251 POST 404 - - - - - - - CTU.344.1.Malicious 217 1519691469.5421114 1519691479.3578608 9816 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Dix.dll 65 1070847 0 1070592 39 241 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691557.7171314 1519691558.8204865 1103 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Onze.dll 66 135934 0 135680 39 240 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691570.0344412 1519691582.3886323 12354 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Douze.dll 67 5462271 0 5462016 39 241 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519691980.025388 1519691981.1708827 1145 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Treize.dll 68 342270 0 342016 39 240 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519692005.4432056 1519692005.5819435 139 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Quatorze.dll 70 356782 0 356528 39 240 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious 217 1519692030.946862 1519692032.299745 1353 192.168.1.120 - 49381 212.8.242.157 80 http://xmr-services.net/file/Quinze.dll 68 5552895 0 5552640 39 241 'None' application/x-msdownload GET 200 - - - - - - - CTU.344.1.Malicious