4f44cc16...74c2 | Network
Logo
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: Trojan, Dropper

4f44cc16a1854f91e48261ccfebc5bbe8997215e50513bc3080c6127031774c2 (SHA256)

AQSZPL.exe

Windows Exe (x86-32)

Created at 2018-09-03 11:32:00

...

Notifications (1/1)

The overall sleep time of all monitored processes was truncated from "21 minutes" to "3 minutes, 30 seconds" to reveal dormant functionality.

Network Overview

Hosts (6)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
ewued.tk 104.24.103.63, 104.24.102.63 United States HTTP, TCP, UDP
Has Blacklisted URL
Show WHOIS
client-office365-tas.msedge.net, afdo-tas-offload.trafficmanager.net, vip5.afdorigin-prod-am02.afdogw.com 52.232.69.150 - TCP, UDP
Unknown
Show WHOIS
config.edge.skype.com, s-0001.s-msedge.net 13.107.3.128 - TCP, UDP
Unknown
Show WHOIS
—‹‹åð𚈊š›ñ‹”ð‘Š‹’š˜ð™šñ— - - -
Not Queried
Not Queried
- 157.56.120.207 - UDP
Not Queried
Not Queried
- 157.56.120.208 - UDP
Not Queried
Not Queried
DNS Queries (4)
»
Hostname Categories Names Source Reputation Status
ewued.tk Malware Mal/HTMLGen-A Function Log
Blacklisted
client-office365-tas.msedge.net - - PCAP
Unknown
config.edge.skype.com - - PCAP
Unknown
—‹‹åð𚈊š›ñ‹”ð‘Š‹’š˜ð™šñ— - - Function Log
Not Queried
URLs (1)
»
URL Categories Names Source HTTP Status Code Reputation Status
http://ewued.tk/nutmeg/fre.php Malware Mal/HTMLGen-A Function Log NOT_FOUND (404)
Blacklisted

Connections

DNS (50)
»
Operation Additional Information Success Count Logfile
Resolve Name host = ewued.tk, address_out = 104.24.103.63, 104.24.102.63, service = 80 True 5
Fn
Resolve Name service = 80 False 22
Fn
Resolve Name host = ewued.tk, address_out = 104.24.102.63, 104.24.103.63, service = 80 True 19
Fn
Resolve Name host = config.edge.skype.com, address_out = 13.107.3.128 True 1 -
Resolve Name host = ewued.tk, address_out = 104.24.102.63 True 1 -
Resolve Name host = client-office365-tas.msedge.net, address_out = 52.232.69.150 True 1 -
Resolve Name host = ewued.tk, address_out = 104.24.103.63 True 1 -
TCP Sessions (50)
»
Information Value
Total Data Sent 31.56 KB
Total Data Received 71.19 KB
Contacted Host Count 6
Contacted Hosts 104.24.103.63, 104.24.102.63, 52.232.69.150, 13.107.3.128, 104.24.103.63:80, 104.24.102.63:80
TCP Session #1
»
Information Value
Handle 0x26c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.103.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49426
Data Sent 0.42 KB
Data Received 0.34 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.103.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 190, size_out = 190 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 352 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #2
»
Information Value
Handle 0x26c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.103.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49426
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.103.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #3
»
Information Value
Handle 0x25c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.103.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49432
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.103.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #4
»
Information Value
Handle 0x294
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.103.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49433
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.103.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #5
»
Information Value
Handle 0x2a0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49434
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #6
»
Information Value
Handle 0x2a4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49435
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #7
»
Information Value
Handle 0x1f4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49436
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #8
»
Information Value
Handle 0x220
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49437
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #9
»
Information Value
Handle 0x2b0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49438
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #10
»
Information Value
Handle 0x2b4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49439
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #11
»
Information Value
Handle 0x2b8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49440
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #12
»
Information Value
Handle 0x2bc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49441
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #13
»
Information Value
Handle 0x2c0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49442
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #14
»
Information Value
Handle 0x298
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49443
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #15
»
Information Value
Handle 0x29c
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49444
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #16
»
Information Value
Handle 0x2c4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49445
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #17
»
Information Value
Handle 0x2c8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49446
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #18
»
Information Value
Handle 0x2cc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49447
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #19
»
Information Value
Handle 0x2d8
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49448
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #20
»
Information Value
Handle 0x2dc
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49451
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #21
»
Information Value
Handle 0x2e0
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49452
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #22
»
Information Value
Handle 0x2e4
Address Family AF_INET
Type SOCK_STREAM
Protocol IPPROTO_TCP
Remote Address 104.24.102.63
Remote Port 80
Local Address 0.0.0.0
Local Port 49453
Data Sent 0.39 KB
Data Received 0.35 KB
Operation Additional Information Success Count Logfile
Create protocol = IPPROTO_TCP, address_family = AF_INET, type = SOCK_STREAM True 1
Fn
Connect remote_address = 104.24.102.63, remote_port = 80 True 1
Fn
Send flags = NO_FLAG_SET, size = 235, size_out = 235 True 1
Fn
Data
Send flags = NO_FLAG_SET, size = 163, size_out = 163 True 1
Fn
Data
Receive flags = NO_FLAG_SET, size = 4048, size_out = 360 True 1
Fn
Data
Close type = SOCK_STREAM True 1
Fn
TCP Session #23
»
Information Value
Source PCAP
Stream ID 0
Remote Address 104.24.103.63
Remote Port 80
Local Address 192.168.0.219
Local Port 49426
Data Sent 0.81 KB
Data Received 0.62 KB
Time Highest Layer Additional Information Success
4.632137 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
4.650691 s TCP Data Sent: 0.05 KB, Data Received: 0.40 KB True
4.653013 s TCP Data Sent: 0.28 KB, Data Received: 0.05 KB True
4.677533 s HTTP Data Sent: 0.30 KB, Data Received: 0.05 KB True
8.058090 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
8.063425 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #24
»
Information Value
Source PCAP
Stream ID 1
Remote Address 104.24.103.63
Remote Port 80
Local Address 192.168.0.219
Local Port 49427
Data Sent 0.74 KB
Data Received 0.62 KB
Time Highest Layer Additional Information Success
8.221112 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
8.240539 s TCP Data Sent: 0.05 KB, Data Received: 0.40 KB True
8.242920 s TCP Data Sent: 0.28 KB, Data Received: 0.05 KB True
8.265574 s HTTP Data Sent: 0.24 KB, Data Received: 0.05 KB True
8.555457 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
8.616489 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
TCP Session #25
»
Information Value
Source PCAP
Stream ID 2
Remote Address 104.24.103.63
Remote Port 80
Local Address 192.168.0.219
Local Port 49428
Data Sent 0.72 KB
Data Received 0.68 KB
Time Highest Layer Additional Information Success
9.481759 s TCP Data Sent: 0.06 KB, Data Received: 0.06 KB True
9.501287 s TCP Data Sent: 0.05 KB, Data Received: 0.40 KB True
9.503515 s TCP Data Sent: 0.28 KB, Data Received: 0.05 KB True
9.525651 s HTTP Data Sent: 0.21 KB, Data Received: 0.05 KB True
9.821774 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
9.822712 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
The remaining 24 entries are omitted for performance reasons and can be found in glog.xml or analysis.pcap .
UDP Sessions (6)
»
Total Data Sent 1.21 KB
Total Data Received 1.85 KB
Contacted Host Count 3
Contacted Hosts 192.168.0.1, 157.56.120.207, 157.56.120.208
UDP Session #1
»
Information Value
Source PCAP
Stream ID 51
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.219
Local Port 59140
Data Sent 0.08 KB
Data Received 0.13 KB
Time Highest Layer Additional Information Success
191.816491 s DNS Data Sent: 0.08 KB, Data Received: 0.13 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 6
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.219
Local Port 62342
Data Sent 0.07 KB
Data Received 0.10 KB
Time Highest Layer Additional Information Success
4.485486 s DNS Data Sent: 0.07 KB, Data Received: 0.10 KB True
UDP Session #3
»
Information Value
Source PCAP
Stream ID 7
Remote Address 157.56.120.207
Remote Port 3544
Local Address 192.168.0.219
Local Port 52177
Data Sent 0.70 KB
Data Received 1.03 KB
Time Highest Layer Additional Information Success
12.563446 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
57.309059 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
57.351233 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
97.344712 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
131.722467 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
175.609530 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
207.563881 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #4
»
Information Value
Source PCAP
Stream ID 8
Remote Address 157.56.120.208
Remote Port 3544
Local Address 192.168.0.219
Local Port 52177
Data Sent 0.20 KB
Data Received 0.29 KB
Time Highest Layer Additional Information Success
12.620609 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
57.419462 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #5
»
Information Value
Source PCAP
Stream ID 50
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.219
Local Port 53282
Data Sent 0.09 KB
Data Received 0.20 KB
Time Highest Layer Additional Information Success
191.809145 s DNS Data Sent: 0.09 KB, Data Received: 0.20 KB True
UDP Session #6
»
Information Value
Source PCAP
Stream ID 29
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.219
Local Port 49861
Data Sent 0.07 KB
Data Received 0.10 KB
Time Highest Layer Additional Information Success
41.298377 s DNS Data Sent: 0.07 KB, Data Received: 0.10 KB True
HTTP Sessions (45)
»
Information Value
Total Data Sent 9.97 KB
Total Data Received 1.16 KB
Contacted Host Count 1
Contacted Hosts ewued.tk
HTTP Session #1
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 254, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #2
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 190, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #3
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #4
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #5
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #6
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #7
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #8
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #9
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #10
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #11
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #12
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #13
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #14
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #15
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #16
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #17
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #18
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #19
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #20
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #21
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #22
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #23
»
Information Value
Source Function Log
User Agent Mozilla/4.08 (Charon; Inferno)
Server Name ewued.tk
Server Port 80
Data Sent 0.23 KB
Data Received 0.00 KB
Operation Additional Information Success Count Logfile
Open Session user_agent = Mozilla/4.08 (Charon; Inferno), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS True 1
Fn
Open Connection protocol = http, server_name = ewued.tk, server_port = 80 True 1
Fn
Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php True 1
Fn
Send HTTP Request headers = content-length: 163, content-key: D8E3CC32, content-encoding: binary, connection: close, accept: */*, user-agent: Mozilla/4.08 (Charon; Inferno), host: ewued.tk, content-type: application/octet-stream, url = ewued.tk/nutmeg/fre.php True 1
Fn
Data
HTTP Session #24
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 1
Server Name ewued.tk
Server Port 80
Data Sent 0.24 KB
Data Received 0.05 KB
Time Operation Additional Information Success
8.265574 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
8.265574 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
8.265574 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 190, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
8.555347 s Read Response HTTP Status Code = 404 False
HTTP Session #25
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 2
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
9.525651 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
9.525651 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
9.525651 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
9.822493 s Read Response HTTP Status Code = 404 False
HTTP Session #26
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 6
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
19.915985 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
19.915985 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
19.915985 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
20.156779 s Read Response HTTP Status Code = 404 False
HTTP Session #27
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 7
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
30.991198 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
30.991198 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
30.991198 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
31.267910 s Read Response HTTP Status Code = 404 False
HTTP Session #28
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 9
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
41.600212 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
41.600212 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
41.600212 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
42.439852 s Read Response HTTP Status Code = 404 False
HTTP Session #29
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 10
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
52.550063 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
52.550063 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
52.550063 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
53.157445 s Read Response HTTP Status Code = 404 False
HTTP Session #30
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 11
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
63.244688 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
63.244688 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
63.244688 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
63.828335 s Read Response HTTP Status Code = 404 False
HTTP Session #31
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 12
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
73.919663 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
73.919663 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
73.919663 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
74.191615 s Read Response HTTP Status Code = 404 False
HTTP Session #32
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 13
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
84.324547 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
84.324547 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
84.324547 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
84.569271 s Read Response HTTP Status Code = 404 False
HTTP Session #33
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 14
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
94.954452 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
94.954452 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
94.954452 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
95.421156 s Read Response HTTP Status Code = 404 False
HTTP Session #34
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 15
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
105.584231 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
105.584231 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
105.584231 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
106.088956 s Read Response HTTP Status Code = 404 False
HTTP Session #35
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 16
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
116.204054 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
116.204054 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
116.204054 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
116.656479 s Read Response HTTP Status Code = 404 False
HTTP Session #36
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 17
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
126.752625 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
126.752625 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
126.752625 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
127.233727 s Read Response HTTP Status Code = 404 False
HTTP Session #37
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 18
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
137.384018 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
137.384018 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
137.384018 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
137.788508 s Read Response HTTP Status Code = 404 False
HTTP Session #38
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 19
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
147.878604 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
147.878604 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
147.878604 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
148.458384 s Read Response HTTP Status Code = 404 False
HTTP Session #39
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 20
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
158.538356 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
158.538356 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
158.538356 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
159.193168 s Read Response HTTP Status Code = 404 False
HTTP Session #40
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 21
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
169.323401 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
169.323401 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
169.323401 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
169.566897 s Read Response HTTP Status Code = 404 False
HTTP Session #41
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 22
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
179.673244 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
179.673244 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
179.673244 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
180.098847 s Read Response HTTP Status Code = 404 False
HTTP Session #42
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 23
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
190.183033 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
190.183033 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
190.183033 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
190.964561 s Read Response HTTP Status Code = 404 False
HTTP Session #43
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 26
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
201.092966 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
201.092966 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
201.092966 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
201.747642 s Read Response HTTP Status Code = 404 False
HTTP Session #44
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 27
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
211.817754 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
211.817754 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
211.817754 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
212.055550 s Read Response HTTP Status Code = 404 False
HTTP Session #45
»
Information Value
Source PCAP
User Agent Mozilla/4.08 (Charon; Inferno)
Stream ID 28
Server Name ewued.tk
Server Port 80
Data Sent 0.21 KB
Data Received 0.05 KB
Time Operation Additional Information Success
222.167467 s Open Connection protocol = http, server_name = ewued.tk, server_port = 80 False
222.167467 s Open HTTP Request http_verb = POST, http_version = HTTP/1.0, target_resource = /nutmeg/fre.php False
222.167467 s Send HTTP Request headers = host: ewued.tk, content_type: application/octet-stream, content_length: 163, accept: */*, user_agent: Mozilla/4.08 (Charon; Inferno), url = http://ewued.tk/nutmeg/fre.php False
222.443600 s Read Response HTTP Status Code = 404 False
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image