06330LT.939084.4194c5f47fe738f2d6ce898c2e3ec11e.pcap

MD5815b0000c4441bac742a13cd89260a47
Submission Date2019-08-19 12:05:24
Tags(not set)
Alert 14
Showing 1-14 of 14 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-19T10:04:33.684534-0700192.168.1.8023.10.249.49ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))*
2
2019-08-19T10:04:33.816618-0700192.168.1.8023.10.249.49ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))*
3
2019-08-19T10:04:50.944430-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
4
2019-08-19T10:04:51.024764-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
5
2019-08-19T10:04:51.556199-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
6
2019-08-19T10:04:47.084592-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
7
2019-08-19T10:04:48.300408-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
8
2019-08-19T10:04:49.284751-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
9
2019-08-19T10:04:49.636341-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
10
2019-08-19T10:04:49.916606-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
11
2019-08-19T10:04:51.620934-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
12
2019-08-19T10:04:40.491220-070023.10.249.49192.168.1.80ET POLICY PE EXE or DLL Windows file download HTTP*
13
2019-08-19T10:04:51.556199-0700192.168.1.8082.80.204.14ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
14
2019-08-19T10:04:51.556199-0700192.168.1.8082.80.204.14ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
DNS 32
Showing 1-20 of 32 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-19T10:04:36.389943-0700192.168.1.808.8.8.8querylocation.services.mozilla.comA(not set)
2
2019-08-19T10:04:36.414170-07008.8.8.8192.168.1.80answerlocation.services.mozilla.com(not set)(not set)
3
2019-08-19T10:04:37.464970-0700192.168.1.808.8.8.8querywww.google.comA(not set)
4
2019-08-19T10:04:37.494094-07008.8.8.8192.168.1.80answerwww.google.com(not set)(not set)
5
2019-08-19T10:04:33.455027-0700192.168.1.808.8.8.8querywww5l.incredimail.comA(not set)
6
2019-08-19T10:04:33.492887-07008.8.8.8192.168.1.80answerwww5l.incredimail.com(not set)(not set)
7
2019-08-19T10:04:36.056375-0700192.168.1.808.8.8.8querytiles.services.mozilla.comA(not set)
8
2019-08-19T10:04:36.078037-07008.8.8.8192.168.1.80answertiles.services.mozilla.com(not set)(not set)
9
2019-08-19T10:04:37.942842-0700192.168.1.808.8.8.8querysnippets.cdn.mozilla.netA(not set)
10
2019-08-19T10:04:23.382263-0700192.168.1.808.8.8.8queryctldl.windowsupdate.comA(not set)
11
2019-08-19T10:04:23.408706-07008.8.8.8192.168.1.80answerctldl.windowsupdate.com(not set)(not set)
12
2019-08-19T10:04:37.958338-07008.8.8.8192.168.1.80answersnippets.cdn.mozilla.net(not set)(not set)
13
2019-08-19T10:04:35.671126-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
14
2019-08-19T10:04:35.696272-07008.8.8.8192.168.1.80answerdownload.mozilla.org(not set)(not set)
15
2019-08-19T10:04:36.663895-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
16
2019-08-19T10:04:36.679193-07008.8.8.8192.168.1.80answerdownload.mozilla.org(not set)(not set)
17
2019-08-19T10:04:37.407695-0700192.168.1.808.8.8.8querywww.mozilla.orgA(not set)
18
2019-08-19T10:04:37.430314-07008.8.8.8192.168.1.80answerwww.mozilla.org(not set)(not set)
19
2019-08-19T10:04:37.663318-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
20
2019-08-19T10:04:37.678052-07008.8.8.8192.168.1.80answerdownload.mozilla.org(not set)(not set)
TLS 5
Showing 1-5 of 5 items.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-08-19T10:04:36.577582-0700192.168.1.8034.252.111.173TLS 1.2C=US, ST=California, L=San Francisco, O=The Universe Security Company Ltd, CN=The Universe Security Company Ltd
2
2019-08-19T10:04:36.800661-0700192.168.1.8052.33.147.163TLS 1.2C=US, ST=California, L=San Francisco, O=The Universe Security Company Ltd, CN=The Universe Security Company Ltd
3
2019-08-19T10:04:37.628598-0700192.168.1.80216.58.213.196TLS 1.2C=US, ST=California, L=San Francisco, O=The Universe Security Company Ltd, CN=The Universe Security Company Ltd
4
2019-08-19T10:04:38.349206-0700192.168.1.8099.86.240.58TLS 1.2C=US, ST=California, L=San Francisco, O=The Universe Security Company Ltd, CN=The Universe Security Company Ltd
5
2019-08-19T10:04:42.988116-0700192.168.1.80172.217.16.78TLS 1.2C=US, ST=California, L=San Francisco, O=The Universe Security Company Ltd, CN=The Universe Security Company Ltd
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 13
Showing 1-13 of 13 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-19T10:04:33.684534-0700192.168.1.80www5l.incredimail.com80GET/incredibar/skywalker/update_tail/Config_File/5086/Config.bin404
2
2019-08-19T10:04:50.944430-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SW*SW_5086_Active)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
3
2019-08-19T10:04:51.024764-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SkyWalker*SkyWalker_0_InActive)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
4
2019-08-19T10:04:51.556199-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SW*SW_5086_Active)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
5
2019-08-19T10:04:47.156398-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={481D24FD-EDA2-4DFC-905F-8DC9AEF9FE74}&productId=41500
6
2019-08-19T10:04:48.300408-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={5B37629F-234D-4FD6-8939-58559DCA817E}&productId=41500
7
2019-08-19T10:04:49.284751-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={C16B18D9-A948-4687-AA91-A239EB8E3505}&productId=41500
8
2019-08-19T10:04:49.636341-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={02FE90EF-69D2-4203-9D40-CF3B06455426}&productId=41500
9
2019-08-19T10:04:49.916606-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={118A134D-7FDF-4FDB-99DE-0E001D2E9675}&productId=41500
10
2019-08-19T10:04:51.620934-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SkyWalker*SkyWalker_0_InActive)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
11
2019-08-19T10:04:52.556538-0700192.168.1.80www5l.incredimail.com80GET/incredibar/skywalker/update_tail/Unified/5086/SkywalkerSetup.exe200
12
2019-08-19T10:04:51.556199-0700192.168.1.80s4.perion.com80POST/AppServer/ceb.aspx(not set)
13
2019-08-19T10:04:51.556199-0700192.168.1.80s4.perion.com80POST/AppServer/ceb.aspx(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 25
Showing 1-20 of 25 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-19T10:04:23.408706-0700816949330516042flow192.168.1.80492068.8.8.853UDPpcapanalyzer
2
2019-08-19T10:04:33.549034-0700959310316302707flow192.168.1.80555268.8.8.853UDPpcapanalyzer
3
2019-08-19T10:04:33.565142-0700702720380296247flow192.168.1.80543978.8.8.853UDPpcapanalyzer
4
2019-08-19T10:04:51.556199-07001548146038206736flow192.168.1.8049169172.217.16.78443TCPpcapanalyzer
5
2019-08-19T10:04:51.556199-0700424526758566543flow192.168.1.804916634.252.111.173443TCPpcapanalyzer
6
2019-08-19T10:04:51.556199-0700146504936211500flow192.168.1.804917082.80.204.580TCPpcapanalyzer
7
2019-08-19T10:04:51.556199-07001417991349736674flow192.168.1.80561678.8.8.853UDPpcapanalyzer
8
2019-08-19T10:04:51.556199-0700866921274743046flow192.168.1.804916223.10.249.4980TCPpcapanalyzer
9
2019-08-19T10:04:51.556199-0700170238924980151flow192.168.1.804916899.86.240.58443TCPpcapanalyzer
10
2019-08-19T10:04:51.556199-07001299239798137594flow192.168.1.80603688.8.8.853UDPpcapanalyzer
11
2019-08-19T10:04:51.556199-0700462021822987670flow192.168.1.80513658.8.8.853UDPpcapanalyzer
12
2019-08-19T10:04:51.556199-07002010675360930782flow192.168.1.801900239.255.255.2501900UDPpcapanalyzer
13
2019-08-19T10:04:51.556199-0700323096811859643flow192.168.1.8049173216.58.213.20680TCPpcapanalyzer
14
2019-08-19T10:04:51.556199-07001029387002901303flow192.168.1.80505468.8.8.853UDPpcapanalyzer
15
2019-08-19T10:04:51.556199-0700765199270408080flow192.168.1.804917282.80.204.1480TCPpcapanalyzer
16
2019-08-19T10:04:51.556199-07002040585513984570flow192.168.1.804917182.80.204.1480TCPpcapanalyzer
17
2019-08-19T10:04:51.556199-07001642820001960055flow192.168.1.8049167216.58.213.196443TCPpcapanalyzer
18
2019-08-19T10:04:51.556199-0700238786603866310flow192.168.1.8049174216.58.213.20680TCPpcapanalyzer
19
2019-08-19T10:04:51.556199-0700101841570673776flow192.168.1.804916552.33.147.163443TCPpcapanalyzer
20
2019-08-19T10:04:51.556199-07001088361199448772flow192.168.1.80579678.8.8.853UDPpcapanalyzer
File 13
Showing 1-13 of 13 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-19T10:04:33.684534-070023.10.249.49192.168.1.80/incredibar/skywalker/update_tail/Config_File/5086/Config.binHTML document, ASCII text, with CRLF line terminators169
2
2019-08-19T10:04:50.944430-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
3
2019-08-19T10:04:51.024764-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
4
2019-08-19T10:04:51.556199-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
5
2019-08-19T10:04:47.156398-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
6
2019-08-19T10:04:48.300408-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
7
2019-08-19T10:04:49.284751-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
8
2019-08-19T10:04:49.636341-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
9
2019-08-19T10:04:49.818257-0700192.168.1.8082.80.204.14/AppServer/ceb.aspxASCII text, with no line terminators262
10
2019-08-19T10:04:49.916606-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
11
2019-08-19T10:04:51.620934-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
12
2019-08-19T10:04:49.602111-0700192.168.1.8082.80.204.14/AppServer/ceb.aspxASCII text, with very long lines, with no line terminators354
13
2019-08-19T10:04:52.556538-070023.10.249.49192.168.1.80/incredibar/skywalker/update_tail/Unified/5086/SkywalkerSetup.exePE32 executable (GUI) Intel 80386, for MS Windows3610400

Comments(not set)

Update Download PCAP Delete