Description

• Probable Name: Normal access to https://www.facebook.com without a middle proxy
• MD5: -
• SHA1: -
• SHA256: -
• Password of zip file: -
• Duration: 00:04:16

Files

• .capinfos
  • Capinfos file
• .dnstop
  • DNS top file
• .mitm
  • Mitm proxy interception file of http and https
• .passivedns
  • Passive DNS file
• .pcap
  • Original pcap file
• .rrd
  • RRD file for graphs
• .weblogng
  • WEB log of http traffic
• .exe.zip
  • Original malware file
• bro
  • Folder with all the bro output files
• .biargus
  • Argus binary file with all the flows
• .binetflow
  • Argus text file with bidirectional flows. Report time 3600 secs.

IP Addresses

- Normal host: 192.168.1.126
    - Windows 7, Internet Explorer browser.
- Default GW: 192.168.1.2

Timeline

Tue Sep 13 17:14:06 CEST 2016

started win16

Tue Sep 13 17:15:36 CEST 2016

Opened IE

Tue Sep 13 17:16:36 CEST 2016

Access https://www.facebook.com without a middle proxy

Tue Sep 13 17:17:58 CEST 2016

Closed IE

Tue Sep 13 17:18:22 CEST 2016

power off