81f1a5fa...beee | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Backdoor, Dropper, Downloader

81f1a5faaa792952e49c477f54c75beec7fd03d3a1c250db2b863ec2b669beee (SHA256)

Dokumente-UOM36417800369487.doc

Word Document

Created at 2018-08-01 10:16:00

...

Notifications (1/1)

The maximum number of reputation URL requests (10 per analysis) was exceeded. As a result, the reputation status could not be queried for all contacted URLs. In order to get the reputation status for all contacted URLs, please increase the 'Max URL Requests' setting in the system configurations.

Remarks

The maximum number of reputation URL requests (10 per analysis) was exceeded. As a result, the reputation status could not be queried for all contacted URLs. In order to get the reputation status for all contacted URLs, please increase the 'Max URL Requests' setting in the system configurations.

Network Overview

Hosts (5)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
vdtogt.nl 62.204.93.18 Den Haag (Netherlands) HTTP, TCP, UDP
Has Suspicious URL
Show WHOIS
181.142.74.233 181.142.74.233 Medellin (Colombia) HTTP, TCP
Unknown
Not Queried
204.184.25.164:443 204.184.25.164 Ballwin (United States) HTTPS, TCP
Unknown
Not Queried
74.141.205.116:443 74.141.205.116 Bowling Green (United States) HTTP, HTTPS, TCP
Unknown
Not Queried
239.255.255.250 239.255.255.250 - UDP
Unknown
Show WHOIS
DNS Queries (2)
»
Hostname Categories Names Source Reputation Status
vdtogt.nl - - Function Log
Suspicious
239.255.255.250 - - Function Log
Unknown
URLs (9)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://vdtogt.nl/amyQ Spam - Function Log MOVED (301)
Suspicious
http://vdtogt.nl/amyQ/ Spam - Function Log MOVED (301)
Suspicious
HTTP://181.142.74.233 - - Function Log -
Unknown
http://181.142.74.233/ - - PCAP -
Unknown
HTTP://204.184.25.164 - - Function Log -
Unknown
http://204.184.25.164:443/ - - PCAP -
Unknown
http://74.141.205.116:443/whoami.php - - Function Log OK (200)
Unknown
HTTP://74.141.205.116 - - Function Log -
Unknown
http://74.141.205.116:443/ - - PCAP OK (200)
Unknown

Connections

DNS (5)
»
Operation Additional Information Success Count Logfile
Resolve Name host = vdtogt.nl, address_out = 62.204.93.18 True 1
Fn
Resolve Name host = 239.255.255.250, address_out = 239.255.255.250, service = 1900 True 4
Fn
TCP Sessions (4)
»
Information Value
Total Data Sent 16.67 KB
Total Data Received 274.71 KB
Contacted Host Count 4
Contacted Hosts 62.204.93.18, 181.142.74.233, 204.184.25.164, 74.141.205.116
TCP Session #1
»
Information Value
Source PCAP
Stream ID 0
Remote Address 62.204.93.18
Remote Port 80
Local Address 192.168.0.220
Local Port 49158
Data Sent 1.72 KB
Data Received 36.71 KB
Time Highest Layer Additional Information Success
36.253494 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
36.287669 s TCP Data Sent: 0.05 KB, Data Received: 0.60 KB True
36.288914 s HTTP Data Sent: 0.11 KB, Data Received: 0.05 KB True
36.540921 s TCP Data Sent: 0.05 KB, Data Received: 0.60 KB True
36.547255 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
36.562340 s HTTP Data Sent: 0.09 KB, Data Received: 1.48 KB True
36.596078 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.605853 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.617209 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.640326 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.640627 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.641394 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.641581 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.662203 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.662432 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.662620 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.662888 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663031 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663197 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663265 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663422 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663533 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663676 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.663753 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.683332 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.683549 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.683785 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
36.683957 s TCP Data Sent: 0.05 KB, Data Received: 1.38 KB True
36.763486 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
37.755136 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
TCP Session #2
»
Information Value
Source PCAP
Stream ID 3
Remote Address 181.142.74.233
Remote Port 80
Local Address 192.168.0.220
Local Port 49159
Data Sent 5.52 KB
Data Received 59.26 KB
Time Highest Layer Additional Information Success
65.445020 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
65.655837 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
65.656756 s HTTP Data Sent: 1.00 KB, Data Received: 1.48 KB True
66.322416 s TCP Data Sent: 1.00 KB, Data Received: 1.48 KB True
67.587376 s TCP Data Sent: 1.00 KB, Data Received: 1.48 KB True
70.221333 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
70.650641 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
70.753287 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
71.201703 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
73.556011 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
74.090603 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
74.627229 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
75.153492 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
76.037560 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
76.638401 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
80.735734 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
81.260623 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
81.260705 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
81.791118 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
81.794395 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
83.539824 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
84.077515 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
84.609414 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
85.129562 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
85.649478 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
88.194656 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
88.730393 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
89.275826 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
91.057287 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
91.599902 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
95.718579 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
96.260251 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
98.056984 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
98.592992 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
98.595719 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
100.390258 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
102.189774 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
102.725156 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
102.729498 s TCP Data Sent: 0.07 KB, Data Received: 1.48 KB True
103.977534 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
104.513309 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
113.399048 s TCP Data Sent: 0.06 KB, Data Received: 0.00 KB False
144.431176 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #3
»
Information Value
Source PCAP
Stream ID 4
Remote Address 204.184.25.164
Remote Port 443
Local Address 192.168.0.220
Local Port 49160
Data Sent 7.67 KB
Data Received 177.55 KB
Time Highest Layer Additional Information Success
144.506988 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
144.669574 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
144.669867 s HTTP Data Sent: 1.02 KB, Data Received: 0.05 KB True
145.205682 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.369053 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.525968 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.683436 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
145.691162 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.855291 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.855359 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.855386 s TCP Data Sent: 0.06 KB, Data Received: 1.48 KB True
145.856516 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.016767 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.174772 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.175202 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.332807 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.491493 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.648236 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.648533 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.649075 s TCP Data Sent: 0.05 KB, Data Received: 1.32 KB True
146.824237 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.979278 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.979726 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
146.981880 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.138189 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.138635 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.293683 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.301366 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.449127 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.456163 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.458245 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.815715 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.816667 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.974671 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.974903 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.976444 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.977242 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
147.977513 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.134397 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.138807 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.292296 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.295068 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.295524 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.296660 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.447954 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.448330 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.449420 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.604248 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.604728 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.604952 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.605218 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.605705 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.606816 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.607571 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.765589 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
148.921825 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.086653 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.092971 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.093170 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.251567 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.251839 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.251925 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.420176 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.578384 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.578634 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.735428 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.747887 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.750920 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.906757 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
149.907061 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.063964 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.064095 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.220789 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.221392 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.221643 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.221889 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
150.222176 s TCP Data Sent: 0.05 KB, Data Received: 1.48 KB True
The remaining entries of this session are omitted for performance reasons and can be found in analysis.pcap .
UDP Sessions (2)
»
Total Data Sent 0.56 KB
Total Data Received 0.08 KB
Contacted Host Count 3
Contacted Hosts 192.168.0.1, 239.255.255.250:1900, 239.255.255.250:None
UDP Session #1
»
Information Value
Source Function Log
Handle 0x448
Address Family AF_INET
Type SOCK_DGRAM
Protocol IPPROTO_UDP
Local Address 192.168.0.220
Local Port 63296
Data Sent 0.49 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_UDP, address_family = AF_INET, type = SOCK_DGRAM True 1
Fn
Bind local_address = 192.168.0.220, local_port = 63296, hint = OS assigned a local port from the dynamic client port range True 1
Fn
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 137, size_out = 137 True 1
Fn
Data
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 132, size_out = 132 True 1
Fn
Data
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 133, size_out = 133 True 1
Fn
Data
Send remote_address = 239.255.255.250, remote_port = 1900, flags = NO_FLAG_SET, size = 101, size_out = 101 True 1
Fn
Data
Close type = SOCK_DGRAM True 1
Fn
UDP Session #2
»
Information Value
Source PCAP
Stream ID 59
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.220
Local Port 57642
Data Sent 0.07 KB
Data Received 0.08 KB
Time Highest Layer Additional Information Success
35.852718 s DNS Data Sent: 0.07 KB, Data Received: 0.08 KB True
UDP Server (1)
»
Operation Additional Information Success Count Logfile
Bind local_address = 192.168.0.220, local_port = 63296, hint = OS assigned a local port from the dynamic client port range True 1
Fn
HTTP Sessions (10)
»
Information Value
Total Data Sent 3.93 KB
Total Data Received 759.38 KB
Contacted Host Count 6
Contacted Hosts 204.184.25.164:443, 74.141.205.116:443, vdtogt.nl, 181.142.74.233, 204.184.25.164, 74.141.205.116
HTTP Session #1
»
Information Value
Source Function Log
Server Name vdtogt.nl
Server Port 80
Data Sent 0.06 KB
Data Received 0.55 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = vdtogt.nl, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /amyQ True 1
Fn
Send HTTP Request headers = host: vdtogt.nl, connection: Keep-Alive, url = vdtogt.nl/amyQ True 1
Fn
Data
Read Response size = 4096, size_out = 564 True 1
Fn
Data
HTTP Session #2
»
Information Value
Source Function Log
Server Name vdtogt.nl
Server Port 80
Data Sent 0.04 KB
Data Received 152.46 KB
Operation Additional Information Success Count Logfile
Open Session access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = vdtogt.nl, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = /amyQ/ True 1
Fn
Send HTTP Request headers = host: vdtogt.nl, url = vdtogt.nl/amyQ/ True 1
Fn
Data
Read Response size = 4096, size_out = 4096 True 1
Fn
Data
Read Response size = 65536, size_out = 9044 True 1
Fn
Data
Read Response size = 65536, size_out = 3752 True 1
Fn
Data
Read Response size = 65536, size_out = 6468 True 1
Fn
Data
Read Response size = 65536, size_out = 11680 True 1
Fn
Data
Read Response size = 65536, size_out = 24820 True 1
Fn
Data
Read Response size = 65536, size_out = 3752 True 1
Fn
Data
Read Response size = 65536, size_out = 61948 True 1
Fn
Data
Read Response size = 30547, size_out = 30547 True 1
Fn
Data
Read Response size = 2, size_out = 2 True 1
Fn
Data
Read Response size = 1, size_out = 1 True 3
Fn
Data
Read Response size = 2, size_out = 2 True 1
Fn
Data
Close Session - True 1
Fn
HTTP Session #3
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Server Name 181.142.74.233
Server Port 80
Data Sent 0.34 KB
Data Received 0.01 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 181.142.74.233, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 17080=CWZZ8xG+qimIs4JLmfCTD8uEaAAPQ5uW5m/3/sEOJGiHx9WsJW/6vXHOVcYA4Tp9G1iOlk8QteuyaOY955LortwZ32jIs3Zh7vGJ+kBCA98Ce4ZD3W+h28Q8Sae74gZvJJCoRdG80JakNA+RZOtlmOiQyr5IMX3lXtiuQqwqdtenVipv1C+ouqApb7FW7L83aGRTc5V+WdEXQKfx+SpeVULEhQUtR9duN5nVPk9Xe9Jq9wad0ISWPHFXqrk2gSOZMvWc05zuC/Pf1Vtqp8l6rCVoQZow/3YHKVTtHu43t1DnurhDQyPyGgzfep2Jmr8hIBdUJwXwDbhlEscAxxa74DXoeC70G2hieetAkJKX6gsU1lwQTqPZycCN2QoRxlwT3lT9FFud7uXTWcGlcz9AuZBQOgp1vU0UzEvkwyKx/ARcU7iCSNF9XKeqo4w7t8h+q1h8SVqTQQ3+uD6kIzcaXU1kURHDyZ3ht+znkfQwPJcZwV2ubP7jDSI3DE4jap3FlUHDdj5Ls0OE5HMgh9K6GrgaTUK4lbJDDSH5qZv3Mw85L6XFuTS5ubDXXZGLQd/pPE4DVnsrHqnGJCmCEghj/8uOThxYoFhF4+Q1L58lWRzvZbXkDS8lTa50KUTZPTMoPOy13KmR/N96nH9mTUCT3tFLDRY=, url = 181.142.74.233 True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 618356 False 1
Fn
Close Session - True 5
Fn
HTTP Session #4
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Server Name 204.184.25.164
Server Port 443
Data Sent 0.34 KB
Data Received 603.87 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 204.184.25.164, server_port = 443 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = Cookie: 33851=phfTzCKW4Tl/BW16W5kFXWvBkxgO+gzFE/vhBHTF43KTJuoA3Q2E5wpNa43Z8BAfTR1e20qtPY8fdfKyfgtU2CG9lT7HzmUoAXq71Mb93C80V3xF7HCdxpwckxOE5ZR2+/tuP4rJa7epXUt3HFFRepUNUfQnRZO5tZ/1+OyRJHjBiaV1cGIC3k2fQETnHfyBxPXhf56zmE+2CE6/CP78GawxyaW3aRsjO+ihGmBllyioMuK/V8HiAn95oHbs6LjIZJOK7Dum5szlhNl9nAWWjWr1nhnBY2VHFAeigJq7IN19x+tuNfZl8t9YiBcnPjPqRzqEA39/M66p8ok0yWRh2VIoFY+QsGfWKhtwa9B3ibo+q8vwomMhd8plGFEA5O9rizFcUzWX/L0dPk+jXrCd90pIdwUJ3nK4wzJX9xByICHPyJ4NszT3JogD1sZxf1ptaebJvU1vMOAC8w5h7qQf/ZJaFLsFw6XCc6GnCWCC2+2MTZPwTAva5op7JvWb/9TN5RfgzbBCMdTjmZg4uj5ZfTitOWLHhrn3hnfydNQJHEHL9IgByTV/m7w2MZpF6+kvac+NMZdWKVN0RAzxjEFc1SelyNzLKq+FCPiQQ/53ZbG/s/5yZZkD5VgGwkU0Sfem3d+Kq+d+3h/RV6rzt+DgwyA0y6EsQODD3BWu8YUHtYYkUfyj, url = 204.184.25.164 True 1
Fn
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 618356, size_out = 618356 True 1
Fn
Data
Close Session - True 5
Fn
HTTP Session #5
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Server Name 74.141.205.116
Server Port 80
Data Sent 0.35 KB
Data Received 0.01 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = http, server_name = 74.141.205.116, server_port = 80 True 1
Fn
Open HTTP Request http_verb = GET, http_version = HTTP 1.1, target_resource = /whoami.php, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://74.141.205.116:443/whoami.php True 1
Fn
Read Response size = 64, size_out = 13 True 1
Fn
Data
Close Session - True 5
Fn
HTTP Session #6
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Server Name 74.141.205.116
Server Port 443
Data Sent 0.34 KB
Data Received 0.15 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 74.141.205.116, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 74.141.205.116 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 148, size_out = 148 True 1
Fn
Data
Close Session - True 5
Fn
HTTP Session #7
»
Information Value
Source Function Log
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Server Name 74.141.205.116
Server Port 443
Data Sent 0.34 KB
Data Received 0.15 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), access_type = INTERNET_OPEN_TYPE_PRECONFIG True 1
Fn
Open Connection protocol = HTTP, server_name = 74.141.205.116, server_port = 443 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP 1.1, accept_types = 0, flags = INTERNET_FLAG_PRAGMA_NOCACHE, INTERNET_FLAG_NO_UI, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP, INTERNET_FLAG_NO_AUTH, INTERNET_FLAG_NO_COOKIES, INTERNET_FLAG_KEEP_CONNECTION, INTERNET_FLAG_NO_CACHE_WRITE, INTERNET_FLAG_RELOAD True 1
Fn
Send HTTP Request headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = 74.141.205.116 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_STATUS_CODE, size_out = 4 True 1
Fn
Data
Query HTTP Info flags = HTTP_QUERY_FLAG_NUMBER, HTTP_QUERY_CONTENT_LENGTH, size_out = 4 True 1
Fn
Data
Read Response size = 148, size_out = 148 True 1
Fn
Data
Close Session - True 5
Fn
HTTP Session #8
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 4
Server Name 204.184.25.164:443
Server Port 443
Data Sent 1.02 KB
Data Received 1.48 KB
Time Operation Additional Information Success
144.669867 s Open Connection protocol = http, server_name = 204.184.25.164:443, server_port = 443 True
144.669867 s Open HTTP Request http_verb = GET, http_version = HTTP/1.1, target_resource = / True
144.669867 s Send HTTP Request headers = host: 204.184.25.164:443, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://204.184.25.164:443/ True
145.205523 s Read Response HTTP Status Code = None True
HTTP Session #9
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 5
Server Name 74.141.205.116:443
Server Port 443
Data Sent 1.42 KB
Data Received 0.92 KB
Time Operation Additional Information Success
160.409729 s Open Connection protocol = http, server_name = 74.141.205.116:443, server_port = 443 True
160.409729 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = / True
160.409729 s Send HTTP Request headers = host: 74.141.205.116:443, content_length: 164, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://74.141.205.116:443/ True
160.787573 s Read Response HTTP Status Code = 200 True
161.509155 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = / True
161.509155 s Send HTTP Request headers = host: 74.141.205.116:443, content_length: 228, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://74.141.205.116:443/ True
161.883194 s Read Response HTTP Status Code = 200 True
HTTP Session #10
»
Information Value
Source PCAP
User Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Stream ID 5
Server Name 74.141.205.116:443
Server Port 443
Data Sent 1.42 KB
Data Received 0.92 KB
Time Operation Additional Information Success
160.409729 s Open Connection protocol = http, server_name = 74.141.205.116:443, server_port = 443 True
160.409729 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = / True
160.409729 s Send HTTP Request headers = host: 74.141.205.116:443, content_length: 164, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://74.141.205.116:443/ True
160.787573 s Read Response HTTP Status Code = 200 True
161.509155 s Open HTTP Request http_verb = POST, http_version = HTTP/1.1, target_resource = / True
161.509155 s Send HTTP Request headers = host: 74.141.205.116:443, content_length: 228, user_agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E), url = http://74.141.205.116:443/ True
161.883194 s Read Response HTTP Status Code = 200 True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image