2c5729e1...d7c6 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Downloader

2c5729e17b64cd4e905ccfeabbc913ed945e17625c35ec1d6932194aae83d7c6 (SHA256)

DOC_443353149786_10082018.pdf

PDF Document

Created at 2018-08-10 12:36:00

...

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "20 minutes, 15 seconds" to "2 minutes" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Network Overview

Hosts (5)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
i86h.com 217.182.53.69 France HTTP, TCP, UDP
Unknown
Show WHOIS
o5zinuqxjzk 192.168.0.181 - -
Unknown
Show WHOIS
www.download.windowsupdate.com - - TCP
Not Queried
Not Queried
185.68.93.18 185.68.93.18 Russian Federation HTTP, TCP
Unknown
Not Queried
89.223.92.202 89.223.92.202 Saint Petersburg (Russian Federation) HTTP, TCP
Unknown
Not Queried
DNS Queries (2)
»
Hostname Categories Names Source Reputation Status
i86h.com - - Function Log
Unknown
o5zinuqxjzk - - Function Log
Unknown
URLs (6)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://i86h.com/data2.dat - - Function Log OK (200)
Unknown
http://i86h.com/data3.dat - - Function Log OK (200)
Unknown
http://i86h.com/ - - PCAP OK (200)
Unknown
http://i86h.com/data1.dat - - PCAP OK (200)
Unknown
http://185.68.93.18/dot.php - - PCAP OK (200)
Unknown
http://89.223.92.202/mo.enc - - PCAP OK (200)
Unknown

Connections

DNS (4)
»
Operation Additional Information Success Count Logfile
Get Hostname name_out = o5zInUQXjZk True 1
Fn
Resolve Name host = i86h.com, address_out = 217.182.53.69 True 1
Fn
Resolve Name host = o5zInUQXjZk, address_out = 192.168.0.181 True 1
Fn
Resolve Name host = i86h.com, address_out = 217.182.53.69 True 1 -
TCP Sessions (9)
»
Information Value
Total Data Sent 10.85 KB
Total Data Received 79.96 KB
Contacted Host Count 3
Contacted Hosts 217.182.53.69, 185.68.93.18, 89.223.92.202
TCP Session #1
»
Information Value
Source PCAP
Stream ID 0
Remote Address 217.182.53.69
Remote Port 80
Local Address 192.168.0.181
Local Port 49158
Data Sent 0.92 KB
Data Received 0.89 KB
Time Highest Layer Additional Information Success
21.594944 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
21.616939 s TCP Data Sent: 0.05 KB, Data Received: 0.27 KB True
21.617381 s HTTP Data Sent: 0.18 KB, Data Received: 0.05 KB True
21.815923 s URLENCODED-FORM Data Sent: 0.46 KB, Data Received: 0.46 KB True
22.045133 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
26.847523 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
27.976335 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #2
»
Information Value
Source PCAP
Stream ID 1
Remote Address 217.182.53.69
Remote Port 80
Local Address 192.168.0.181
Local Port 49159
Data Sent 2.74 KB
Data Received 59.86 KB
Time Highest Layer Additional Information Success
49.300258 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
49.321392 s TCP Data Sent: 0.05 KB, Data Received: 0.60 KB True
49.331929 s HTTP Data Sent: 0.12 KB, Data Received: 0.05 KB True
49.564913 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.608287 s HTTP Data Sent: 0.09 KB, Data Received: 1.48 KB True
53.655455 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.656023 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.656440 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.656916 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.657356 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.680004 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680043 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680069 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680090 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680110 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680130 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680149 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680170 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680190 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680211 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680231 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680251 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680271 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680291 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680311 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680332 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680352 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.680374 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.697002 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.697042 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.697066 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
53.697690 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.697719 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.697992 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.698222 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.712438 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.716076 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.716309 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.731226 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.735397 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.735591 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.735853 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.736347 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
53.748620 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
54.277447 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #3
»
Information Value
Source PCAP
Stream ID 5
Remote Address 185.68.93.18
Remote Port 80
Local Address 192.168.0.181
Local Port 49159
Data Sent 0.82 KB
Data Received 0.66 KB
Time Highest Layer Additional Information Success
193.571968 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
193.632557 s TCP Data Sent: 0.05 KB, Data Received: 0.39 KB True
193.633967 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
193.634411 s URLENCODED-FORM Data Sent: 0.12 KB, Data Received: 0.05 KB True
194.032205 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
198.841191 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
198.841673 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #4
»
Information Value
Source PCAP
Stream ID 6
Remote Address 89.223.92.202
Remote Port 80
Local Address 192.168.0.181
Local Port 49160
Data Sent 1.18 KB
Data Received 15.01 KB
Time Highest Layer Additional Information Success
193.839006 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
193.894713 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
193.896058 s HTTP Data Sent: 0.42 KB, Data Received: 0.05 KB True
193.958375 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
193.960639 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.011883 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.012207 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.012401 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.063569 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.063904 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.115472 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.168334 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
194.488271 s TCP Data Sent: 0.06 KB, Data Received: 0.05 KB True
199.071499 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
199.075419 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #5
»
Information Value
Source PCAP
Stream ID 8
Remote Address 185.68.93.18
Remote Port 80
Local Address 192.168.0.181
Local Port 49161
Data Sent 1.94 KB
Data Received 1.00 KB
Time Highest Layer Additional Information Success
205.680050 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
205.729057 s TCP Data Sent: 0.05 KB, Data Received: 0.32 KB True
205.729526 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
205.729672 s URLENCODED-FORM Data Sent: 0.63 KB, Data Received: 0.05 KB True
205.927111 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
205.927328 s URLENCODED-FORM Data Sent: 0.12 KB, Data Received: 0.05 KB True
206.372154 s TCP Data Sent: 0.05 KB, Data Received: 0.31 KB True
206.417623 s TCP Data Sent: 0.06 KB, Data Received: 0.05 KB True
211.139495 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
211.139640 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #6
»
Information Value
Source PCAP
Stream ID 9
Remote Address 185.68.93.18
Remote Port 80
Local Address 192.168.0.181
Local Port 49162
Data Sent 0.82 KB
Data Received 0.58 KB
Time Highest Layer Additional Information Success
216.138758 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
216.325361 s TCP Data Sent: 0.05 KB, Data Received: 0.31 KB True
216.325667 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
216.325792 s URLENCODED-FORM Data Sent: 0.12 KB, Data Received: 0.05 KB True
216.714591 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
221.518565 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
221.518744 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #7
»
Information Value
Source PCAP
Stream ID 10
Remote Address 185.68.93.18
Remote Port 80
Local Address 192.168.0.181
Local Port 49163
Data Sent 0.89 KB
Data Received 0.89 KB
Time Highest Layer Additional Information Success
226.513092 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
226.571563 s TCP Data Sent: 0.05 KB, Data Received: 0.31 KB True
226.571892 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
226.572014 s URLENCODED-FORM Data Sent: 0.12 KB, Data Received: 0.05 KB True
226.979381 s TCP Data Sent: 0.05 KB, Data Received: 0.31 KB True
227.299366 s TCP Data Sent: 0.06 KB, Data Received: 0.05 KB True
231.771578 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
231.771715 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #8
»
Information Value
Source PCAP
Stream ID 11
Remote Address 185.68.93.18
Remote Port 80
Local Address 192.168.0.181
Local Port 49164
Data Sent 0.82 KB
Data Received 0.58 KB
Time Highest Layer Additional Information Success
236.778319 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
236.833829 s TCP Data Sent: 0.05 KB, Data Received: 0.31 KB True
236.834596 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
236.834787 s URLENCODED-FORM Data Sent: 0.12 KB, Data Received: 0.05 KB True
237.228585 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
242.028490 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
242.028645 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #9
»
Information Value
Source PCAP
Stream ID 12
Remote Address 185.68.93.18
Remote Port 80
Local Address 192.168.0.181
Local Port 49165
Data Sent 0.72 KB
Data Received 0.48 KB
Time Highest Layer Additional Information Success
247.026863 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
247.088414 s TCP Data Sent: 0.05 KB, Data Received: 0.31 KB True
247.088876 s TCP Data Sent: 0.42 KB, Data Received: 0.05 KB True
247.089104 s URLENCODED-FORM Data Sent: 0.12 KB, Data Received: 0.05 KB True
247.493380 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (1)
»
Total Data Sent 0.13 KB
Total Data Received 0.16 KB
Contacted Host Count 1
Contacted Hosts 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 26
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.181
Local Port 61328
Data Sent 0.13 KB
Data Received 0.16 KB
Time Highest Layer Additional Information Success
20.582711 s DNS Data Sent: 0.07 KB, Data Received: 0.08 KB True
21.592479 s DNS Data Sent: 0.07 KB, Data Received: 0.08 KB True
HTTP Sessions (13)
»
Information Value
Total Data Sent 2.69 KB
Total Data Received 105.94 KB
Contacted Host Count 5
Contacted Hosts i86h.com, www.msftncsi.com, 185.68.93.18, 89.223.92.202, www.download.windowsupdate.com
HTTP Session #1
»
Information Value
Source Function Log
Server Name i86h.com
Server Port 80
Data Sent 0.07 KB
Data Received 0.55 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = i86h.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /data2.dat True 1
Fn
Send HTTP Request headers = host: i86h.com, connection: Keep-Alive, url = i86h.com/data2.dat True 1
Fn
Data
Read Response size = 4096, size_out = 562 True 1
Fn
Data
HTTP Session #2
»
Information Value
Source Function Log
Server Name i86h.com
Server Port 80
Data Sent 0.04 KB
Data Received 101.81 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = i86h.com, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /data3.dat True 1
Fn
Send HTTP Request headers = host: i86h.com, url = i86h.com/data3.dat True 1
Fn
Data
Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Read Response size = 65536, size_out = 3204 True 1
Fn
Data
Read Response size = 65536, size_out = 7300 True 1
Fn
Data
Read Response size = 65536, size_out = 32120 True 1
Fn
Data
Read Response size = 57537, size_out = 14600 True 1
Fn
Data
Read Response size = 42937, size_out = 1460 True 1
Fn
Data
Read Response size = 41477, size_out = 10220 True 1
Fn
Data
Read Response size = 31257, size_out = 5840 True 1
Fn
Data
Read Response size = 25417, size_out = 25417 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #3
»
Information Value
Source PCAP
User Agent Microsoft Office Protocol Discovery
Stream ID 0
Server Name i86h.com
Server Port 80
Data Sent 0.64 KB
Data Received 0.72 KB
Time Operation Additional Information Success
21.617381 s Open Connection protocol = http, server_name = i86h.com, server_port = 80 True
21.617381 s Open HTTP Request http_verb = OPTIONS, http_version = HTTP/1.1, target_resource = / True
21.617381 s Send HTTP Request - True
21.642130 s Read Response HTTP Status Code = 200 True
21.815923 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /data1.dat True
21.815923 s Send HTTP Request headers = host: i86h.com, content_type: application/x-www-form-urlencoded, content_length: 1, accept: text/html, text/plain, text/xml, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; ms-office), url = http://i86h.com/data1.dat True
21.841808 s Read Response HTTP Status Code = 200 True
HTTP Session #4
»
Information Value
Source PCAP
User Agent Microsoft Office Protocol Discovery
Stream ID 0
Server Name i86h.com
Server Port 80
Data Sent 0.64 KB
Data Received 0.72 KB
Time Operation Additional Information Success
21.617381 s Open Connection protocol = http, server_name = i86h.com, server_port = 80 True
21.617381 s Open HTTP Request http_verb = OPTIONS, http_version = HTTP/1.1, target_resource = / True
21.617381 s Send HTTP Request - True
21.642130 s Read Response HTTP Status Code = 200 True
21.815923 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /data1.dat True
21.815923 s Send HTTP Request headers = host: i86h.com, content_type: application/x-www-form-urlencoded, content_length: 1, accept: text/html, text/plain, text/xml, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E; ms-office), url = http://i86h.com/data1.dat True
21.841808 s Read Response HTTP Status Code = 200 True
HTTP Session #5
»
Information Value
Source PCAP
User Agent Microsoft NCSI
Stream ID 3
Server Name www.msftncsi.com
Server Port 80
Data Sent 0.15 KB
Data Received 0.23 KB
Time Operation Additional Information Success
179.954672 s Open Connection protocol = http, server_name = www.msftncsi.com, server_port = 80 True
179.954672 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /ncsi.txt True
179.954672 s Send HTTP Request headers = host: www.msftncsi.com, user_agent: Microsoft NCSI, url = http://www.msftncsi.com/ncsi.txt True
179.979209 s Read Response HTTP Status Code = 200 True
HTTP Session #6
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 5
Server Name 185.68.93.18
Server Port 80
Data Sent 0.12 KB
Data Received 0.39 KB
Time Operation Additional Information Success
193.634411 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
193.634411 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
193.634411 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
193.834076 s Read Response HTTP Status Code = 200 True
HTTP Session #7
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 6
Server Name 89.223.92.202
Server Port 80
Data Sent 0.42 KB
Data Received 0.39 KB
Time Operation Additional Information Success
193.896058 s Open Connection protocol = http, server_name = 89.223.92.202, server_port = 80 True
193.896058 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /mo.enc True
193.896058 s Send HTTP Request headers = host: 89.223.92.202, content_type: application/x-www-form-urlencoded, content_length: 0, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://89.223.92.202/mo.enc True
194.167842 s Read Response HTTP Status Code = 200 True
HTTP Session #8
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 8
Server Name 185.68.93.18
Server Port 80
Data Sent 0.76 KB
Data Received 0.62 KB
Time Operation Additional Information Success
205.729672 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
205.729672 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
205.729672 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 596, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
205.925054 s Read Response HTTP Status Code = 200 True
205.927328 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
205.927328 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
206.131956 s Read Response HTTP Status Code = 200 True
HTTP Session #9
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 8
Server Name 185.68.93.18
Server Port 80
Data Sent 0.76 KB
Data Received 0.62 KB
Time Operation Additional Information Success
205.729672 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
205.729672 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
205.729672 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 596, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
205.925054 s Read Response HTTP Status Code = 200 True
205.927328 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
205.927328 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
206.131956 s Read Response HTTP Status Code = 200 True
HTTP Session #10
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 9
Server Name 185.68.93.18
Server Port 80
Data Sent 0.12 KB
Data Received 0.31 KB
Time Operation Additional Information Success
216.325792 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
216.325792 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
216.325792 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
216.511352 s Read Response HTTP Status Code = 200 True
HTTP Session #11
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 10
Server Name 185.68.93.18
Server Port 80
Data Sent 0.12 KB
Data Received 0.31 KB
Time Operation Additional Information Success
226.572014 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
226.572014 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
226.572014 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
226.768549 s Read Response HTTP Status Code = 200 True
HTTP Session #12
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 11
Server Name 185.68.93.18
Server Port 80
Data Sent 0.12 KB
Data Received 0.31 KB
Time Operation Additional Information Success
236.834787 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
236.834787 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
236.834787 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
237.019873 s Read Response HTTP Status Code = 200 True
HTTP Session #13
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 12
Server Name 185.68.93.18
Server Port 80
Data Sent 0.12 KB
Data Received 0.31 KB
Time Operation Additional Information Success
247.089104 s Open Connection protocol = http, server_name = 185.68.93.18, server_port = 80 True
247.089104 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = /dot.php True
247.089104 s Send HTTP Request headers = host: 185.68.93.18, content_type: application/x-www-form-urlencoded, content_length: 72, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://185.68.93.18/dot.php True
247.282341 s Read Response HTTP Status Code = 200 True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image