Edit tour

Windows Analysis Report
7J4bYHR4n3.exe

Overview

General Information

Sample Name:	7J4bYHR4n3.exe
Original Sample Name:	2EDB2224339E3562069277B1820851D8.exe
Analysis ID:	1344472
MD5:	2edb2224339e3562069277b1820851d8
SHA1:	325a9e3a7c452350e2adc1aa33195e50c812909a
SHA256:	ba9eb3c1f2bd625039366009e6b764353bf52ec388a9816aed97bd71971bcf3b
Tags:	exeN-W0rm
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

System process connects to network (likely due to code injection or exploit)

Antivirus detection for URL or domain

Writes to foreign memory regions

Connects to many ports of the same IP (likely port scanning)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Allocates memory in foreign processes

Injects a PE file into a foreign processes

Deletes itself after installation

Tries to detect virtualization through RDTSC time measurements

PE file contains section with special chars

Uses 32bit PE files

Found decision node followed by non-executed suspicious APIs

Queries the volume information (name, serial number etc) of a device

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Entry point lies outside standard sections

May check the online IP address of the machine

Abnormal high CPU Usage

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Allocates memory with a write watch (potentially for evading sandboxes)

Uses a known web browser user agent for HTTP communication

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Creates a window with clipboard capturing capabilities

Queries disk information (often used to detect virtual machines)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

7J4bYHR4n3.exe (PID: 3536 cmdline: C:\Users\user\Desktop\7J4bYHR4n3.exe MD5: 2EDB2224339E3562069277B1820851D8)

svchost.exe (PID: 3396 cmdline: c:\windows\syswow64\svchost.exe MD5: 1ED18311E3DA35942DB37D15FA40CC5B)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000003.2018955730.0000000005100000.00000004.00000020.00020000.00000000.sdmp	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x440d4:$s1: blackmoon 0x49530:$s1: blackmoon 0x44114:$s2: BlackMoon RunTime Error: 0x49570:$s2: BlackMoon RunTime Error:

Unpacked PEs

Source	Rule	Description	Author	Strings
2.3.svchost.exe.5142484.1.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x1c50:$s1: blackmoon 0x70ac:$s1: blackmoon 0x1c90:$s2: BlackMoon RunTime Error: 0x70ec:$s2: BlackMoon RunTime Error:
2.3.svchost.exe.513427c.2.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0xfe58:$s1: blackmoon 0xfe98:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.3253284.2.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0xfe58:$s1: blackmoon 0xfe98:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.520e208.5.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x1c50:$s1: blackmoon 0x1c90:$s2: BlackMoon RunTime Error:
2.3.svchost.exe.513427c.2.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0xfe58:$s1: blackmoon 0x152b4:$s1: blackmoon 0xfe98:$s2: BlackMoon RunTime Error: 0x152f4:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.5200000.4.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0xfe58:$s1: blackmoon 0xfe98:$s2: BlackMoon RunTime Error:
2.3.svchost.exe.5100000.0.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x440d4:$s1: blackmoon 0x49530:$s1: blackmoon 0x44114:$s2: BlackMoon RunTime Error: 0x49570:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.326148c.3.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x1c50:$s1: blackmoon 0x70ac:$s1: blackmoon 0x1c90:$s2: BlackMoon RunTime Error: 0x70ec:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.3253284.2.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0xfe58:$s1: blackmoon 0x152b4:$s1: blackmoon 0xfe98:$s2: BlackMoon RunTime Error: 0x152f4:$s2: BlackMoon RunTime Error:
2.3.svchost.exe.5142484.1.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x1c50:$s1: blackmoon 0x70ac:$s1: blackmoon 0x1c90:$s2: BlackMoon RunTime Error: 0x70ec:$s2: BlackMoon RunTime Error:
2.3.svchost.exe.5100000.0.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x440d4:$s1: blackmoon 0x49530:$s1: blackmoon 0x44114:$s2: BlackMoon RunTime Error: 0x49570:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.321f008.1.raw.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x440d4:$s1: blackmoon 0x49530:$s1: blackmoon 0x44114:$s2: BlackMoon RunTime Error: 0x49570:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.321f008.1.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x440d4:$s1: blackmoon 0x49530:$s1: blackmoon 0x44114:$s2: BlackMoon RunTime Error: 0x49570:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.520e208.5.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x1c50:$s1: blackmoon 0x1c90:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.326148c.3.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x1c50:$s1: blackmoon 0x70ac:$s1: blackmoon 0x1c90:$s2: BlackMoon RunTime Error: 0x70ec:$s2: BlackMoon RunTime Error:
0.2.7J4bYHR4n3.exe.400000.0.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x30c9e:$s1: blackmoon 0x30cde:$s2: BlackMoon RunTime Error:
2.2.svchost.exe.400000.0.unpack	MALWARE_Win_BlackMoon	Detects executables using BlackMoon RunTime	ditekSHen	0x30c9e:$s1: blackmoon 0x30cde:$s2: BlackMoon RunTime Error:
Click to see the 12 entries

HTTP traffic detected: POST /img.gif HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: text/html, application/xhtml+xml, */*Accept-Encoding: identityAccept-Language: zh-cnUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Content-Length: 20Host: 202.189.4.141:9000

Source: unknown

DNS traffic detected: queries for: www.ip138.com

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_05221862 setsockopt,GlobalFree,GlobalAlloc,WSARecv,WSAGetLastError,

2_2_05221862

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36Accept: /Referer: http://www.ip138.comAccept-Language: zh-cnCache-Control: no-cacheHost: www.ip138.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newxueshuicon-a5314d5c83.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/img/qrcode/qrcode@2x-daf987ad02.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/img/qrcode/qrcode-hover@2x-f9b106a848.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newbaike-889054f349.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newwenku-d8c9b7b0fb.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/font/iconfont-cdfecb8456.eot? HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHOrigin: http://www.baidu.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/css/ubase_sync-d600f57804.css?v=md5 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/lib/jquery-1-edb203c114.10.2.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/lib/esl-d776bfb1aa.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhidao-da1cf444b0.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newjiankang-f03b804b4b.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/yingxiaoicon-612169cc36.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhibo-a6a0831ecd.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/amd_modules/tslib-c95383af0c.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newyinyue-03ecd1e9b9.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: dss0.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/sbase-65630eb62e.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/s_super_index-3fffae8d60.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/min_super-f2d67e59b3.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/hotsearch-5af0f864cf.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=nodepv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.13573291357195194 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sp1.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=showpv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.8813057572175726 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sp1.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /static/superman/js/super_load-8301698f5e.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/tips-e2ceadd14d.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/qrcode-0e4b67354f.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/advert-064271ed9b.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /-L-Ysjip0QIZ8tyhnq/v.gif?mod=superman%3Acomponents&submod=hotsearch&utype=undefined&superver=supernewplus&portrait=undefined&logPortrait=undefined&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.7297529188846449&m=superman%3Acomponents_hotsearchShow&showType=hotword&words=%5B%22%E4%B9%A0%E8%BF%91%E5%B9%B3%E5%9C%A8APEC%E9%A2%86%E5%AF%BC%E4%BA%BA%E4%BC%9A%E8%AE%AE%E4%B8%8A%E7%9A%84%E8%AE%B2%E8%AF%9D%22%2C%22%E4%B8%AD%E5%9B%BD%E6%8C%81%E7%BB%AD%E6%B7%B1%E5%8C%96%E4%B8%8EAPEC%E7%BB%8F%E6%B5%8E%E4%BD%93%E7%BB%8F%E8%B4%B8%E5%90%88%E4%BD%9C%22%2C%22%E4%B8%AD%E6%97%A5%E5%85%B3%E7%B3%BB%EF%BC%8C%E6%9C%80%E8%BF%91%E5%87%BA%E7%8E%B0%E4%B8%89%E4%B8%AA%E5%BE%AE%E5%A6%99%E5%8F%98%E5%8C%96%22%2C%22%E4%B8%AD%E5%9B%BD%E2%80%9C%E9%9C%B8%E6%80%BB%E2%80%9D%E7%88%BD%E5%89%A7%E5%9C%A8%E6%B5%B7%E5%A4%96%E6%9D%80%E7%96%AF%E4%BA%86%22%2C%22%E9%9F%A9%E5%9B%BD%E4%BB%8E2027%E5%B9%B4%E5%BC%80%E5%A7%8B%E7%A6%81%E9%A3%9F%E7%8B%97%E8%82%89%22%2C%22%E5%90%9E%E5%89%91%E8%A1%A8%E6%BC%94%E5%A4%A7%E5%9E%8B%E5%A4%B1%E8%AF%AF%E7%8E%B0%E5%9C%BA%22%5D&pagenum=0 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sp2.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/video-meet-7833028d86.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/login_guide-4fba3971ce.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/content-info-12dbf9fb6d.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/ai-talk-switch-c2572e6a36.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/top-right-operate/operate-827e19fac1.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/aging-tools-35648b2e67.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/invoke-97e9694cb9.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/ubase-dddde7cd4e.js?v=md5 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/amd_modules/@baidu/video-meeting-1be7f62dac.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/js/components/guide_tips-d9e617f782.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman/css/ubase-89d6b96e41.css?v=md5 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/superman//amd_modules/@baidu/ai-search-box-entry-ea20fec552.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /5bU_dTmfKgQFm2e88IuM_a/w.gif?q=&rsv_ct=175&rsv_cst=2&rsv_clk_extra={"text":"AI"}&rsv_sid=&cid=&qid=&t=1700295903338&rsv_iorr=0&rsv_tn=baidu&rsv_ssl=0&path=http%3A%2F%2Fwww.baidu.com%2F&rsv_did=8c2bd1e9a3ee0934a50ab37d4ec9c37b HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sp1.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Source: global traffic	HTTP traffic detected: GET /5bU_dTmfKgQFm2e88IuM_a/w.gif?q=&rsv_ct=175&rsv_cst=4&rsv_clk_extra={"text":"AI"}&rsv_sid=&cid=&qid=&t=1700295903347&rsv_iorr=0&rsv_tn=baidu&rsv_ssl=0&path=http%3A%2F%2Fwww.baidu.com%2F&rsv_did=8c2bd1e9a3ee0934a50ab37d4ec9c37b HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sp1.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Source: global traffic	HTTP traffic detected: GET /basics/pc_operate/light_new_1698989816000.json HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHOrigin: http://www.baidu.comAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: psstatic.cdn.bcebos.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /static/h.gif?type=jsError&product=pcSearchResult&t=1700294901401 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hector.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36Accept: /Referer: http://www.ip138.comAccept-Language: zh-cnHost: www.ip138.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: /Referer: http://2023.ip138.com/Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)Host: 2023.ip138.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, /Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /img/PCfb_5bf082d29588c07f842ccde3f97243ea.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /img/flexible/logo/pc/result@2.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /img/flexible/logo/pc/peak-result.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /cd37ed75a9387c5b.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hectorstatic.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /img/flexible/logo/pc/result.png HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/bundles/es6-polyfill_388d059.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/bundles/polyfill_9354efa.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/global/js/all_async_search_d3cea19.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/plugins/every_cookie_4644b13.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/plugins/bzPopper_7bc4f0e.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/home/js/nu_instant_search_62c9c51.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/amd_modules/@baidu/search-sug_947981a.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cache/fpid/lib_1_0.js?_=1700294000842 HTTP/1.1Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01Ps-Dataurlconfigqid: 0xfecfa60d001d8f36X-Requested-With: XMLHttpRequestReferer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: www.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r; BD_UPN=1122314751
Source: global traffic	HTTP traffic detected: GET /96c9c06653ba892e.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: hectorstatic.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Source: global traffic	HTTP traffic detected: GET /passApi/js/wrapper.js?cdnversion=1700294981516&_=1700294000843 HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: passport.baidu.comConnection: Keep-AliveCookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/amd_modules/lottie-web/build/player/lottie_ad9c879.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /r/www/cache/static/amd_modules/@baidu/aging-tools-pc_63487d8.js HTTP/1.1Accept: /Referer: http://www.baidu.com/Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pss.bdstatic.comConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 157.185.145.100:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.193.90.87:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.193.90.87:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.193.88.112:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.193.88.112:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.193.88.112:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.193.88.112:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.235.46.40:443 -> 192.168.2.5:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.235.46.40:443 -> 192.168.2.5:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.235.47.7:443 -> 192.168.2.5:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 124.239.243.38:443 -> 192.168.2.5:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 39.156.68.81:443 -> 192.168.2.5:49760 version: TLS 1.2

Source: C:\Windows\SysWOW64\svchost.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.3.svchost.exe.5142484.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.3.svchost.exe.513427c.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.3253284.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.520e208.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.3.svchost.exe.513427c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.5200000.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.3.svchost.exe.5100000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.326148c.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.3253284.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.3.svchost.exe.5142484.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.3.svchost.exe.5100000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.321f008.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.321f008.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.520e208.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.326148c.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 0.2.7J4bYHR4n3.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
Source: 00000002.00000003.2018955730.0000000005100000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables using BlackMoon RunTime Author: ditekSHen

PE file contains section with special chars

Source: 7J4bYHR4n3.exe	Static PE information: section name: .(n(
Source: 7J4bYHR4n3.exe	Static PE information: section name: .%pv

Source: 7J4bYHR4n3.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 2.3.svchost.exe.5142484.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.3.svchost.exe.513427c.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.3253284.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.520e208.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.3.svchost.exe.513427c.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.5200000.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.3.svchost.exe.5100000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.326148c.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.3253284.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.3.svchost.exe.5142484.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.3.svchost.exe.5100000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.321f008.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.321f008.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.520e208.5.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.326148c.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 0.2.7J4bYHR4n3.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
Source: 00000002.00000003.2018955730.0000000005100000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_05208F30	2_2_05208F30
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_05209B00	2_2_05209B00
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0520AB50	2_2_0520AB50
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_05209D80	2_2_05209D80
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_052093D0	2_2_052093D0
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0520B0D0	2_2_0520B0D0

Source: C:\Windows\SysWOW64\svchost.exe

Process Stats: CPU usage > 49%

Source: 7J4bYHR4n3.exe	ReversingLabs: Detection: 60%
Source: 7J4bYHR4n3.exe	Virustotal: Detection: 76%

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe

File read: C:\Users\user\Desktop\7J4bYHR4n3.exe

Jump to behavior

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\7J4bYHR4n3.exe C:\Users\user\Desktop\7J4bYHR4n3.exe
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Process created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Process created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\WTZT0LE4

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/61@11/12

Source: 7J4bYHR4n3.exe

Static file information: File size 4054104 > 1048576

Source: 7J4bYHR4n3.exe

Static PE information: Raw size of .%pv is bigger than: 0x100000 < 0x3b6200

Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_0520B730 push eax; ret		2_2_0520B75E
Source: C:\Windows\SysWOW64\svchost.exe	Code function: 2_2_05203F18 push E8000001h; iretd		2_2_05203F1D

Source: 7J4bYHR4n3.exe	Static PE information: section name: .pn0
Source: 7J4bYHR4n3.exe	Static PE information: section name: .(n(
Source: 7J4bYHR4n3.exe	Static PE information: section name: .%pv

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_05202190 LoadLibraryA,GetProcAddress,

2_2_05202190

Source: initial sample

Static PE information: section where entry point is pointing to: .%pv

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 9000
Source: unknown	Network traffic detected: HTTP traffic on port 9000 -> 49709

Deletes itself after installation

Source: C:\Windows\SysWOW64\svchost.exe

File deleted: c:\users\user\desktop\7j4byhr4n3.exe

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	RDTSC instruction interceptor: First address: 00000000009226C1 second address: 00000000009226C9 instructions: 0x00000000 rdtsc 0x00000002 dec cl 0x00000004 cmc 0x00000005 sal eax, FFFFFFC2h 0x00000008 rdtsc
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	RDTSC instruction interceptor: First address: 00000000009226C9 second address: 00000000009226CE instructions: 0x00000000 rdtsc 0x00000002 xor cl, FFFFFF98h 0x00000005 rdtsc
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	RDTSC instruction interceptor: First address: 0000000000608308 second address: 0000000000608320 instructions: 0x00000000 rdtsc 0x00000002 add ebp, 00000001h 0x00000008 ror ah, cl 0x0000000a xor cl, bl 0x0000000c cwde 0x0000000d mov ax, cx 0x00000010 rol cl, 1 0x00000012 mov ax, 2175h 0x00000016 dec cl 0x00000018 rdtsc
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	RDTSC instruction interceptor: First address: 000000000099F2B8 second address: 000000000099F2CC instructions: 0x00000000 rdtsc 0x00000002 inc cl 0x00000004 sal dx, 0057h 0x00000008 bt edx, FFFFFFC3h 0x0000000c bt edx, eax 0x0000000f xor cl, FFFFFFC7h 0x00000012 shl eax, cl 0x00000014 rdtsc
Source: C:\Windows\SysWOW64\svchost.exe	RDTSC instruction interceptor: First address: 00000000009226C1 second address: 00000000009226C9 instructions: 0x00000000 rdtsc 0x00000002 dec cl 0x00000004 cmc 0x00000005 sal eax, FFFFFFC2h 0x00000008 rdtsc
Source: C:\Windows\SysWOW64\svchost.exe	RDTSC instruction interceptor: First address: 00000000009226C9 second address: 00000000009226CE instructions: 0x00000000 rdtsc 0x00000002 xor cl, FFFFFF98h 0x00000005 rdtsc
Source: C:\Windows\SysWOW64\svchost.exe	RDTSC instruction interceptor: First address: 0000000000608308 second address: 0000000000608320 instructions: 0x00000000 rdtsc 0x00000002 add ebp, 00000001h 0x00000008 ror ah, cl 0x0000000a xor cl, bl 0x0000000c cwde 0x0000000d mov ax, cx 0x00000010 rol cl, 1 0x00000012 mov ax, 2175h 0x00000016 dec cl 0x00000018 rdtsc
Source: C:\Windows\SysWOW64\svchost.exe	RDTSC instruction interceptor: First address: 000000000099F2B8 second address: 000000000099F2CC instructions: 0x00000000 rdtsc 0x00000002 inc cl 0x00000004 sal dx, 0057h 0x00000008 bt edx, FFFFFFC3h 0x0000000c bt edx, eax 0x0000000f xor cl, FFFFFFC7h 0x00000012 shl eax, cl 0x00000014 rdtsc

Source: C:\Windows\SysWOW64\svchost.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_2-3312

Source: C:\Windows\SysWOW64\svchost.exe TID: 4268	Thread sleep time: -33700000s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe TID: 4268	Thread sleep time: -149160000s >= -30000s			Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 1685			Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Window / User API: threadDelayed 7458			Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: 6BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: B3C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: B740000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: B760000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: BA00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: B7A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: B7E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: BB20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: BF00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C430000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CBC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C780000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C7E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C820000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C840000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C860000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C8A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C8E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C920000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C940000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C980000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C9A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C9C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: C9E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CA00000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CA40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CA60000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CA80000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CAA0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CB10000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: CB30000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D0C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D160000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D2C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D2E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D300000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D320000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D340000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D360000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D380000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D3A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D3C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D400000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D420000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D440000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D460000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D480000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D4E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D500000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D520000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D540000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D4A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D560000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D580000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D5A0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D5C0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D5E0000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D600000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D620000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D640000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D660000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Memory allocated: D000000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3214
Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3528
Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3585
Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3589
Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3127
Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3460
Source: C:\Windows\SysWOW64\svchost.exe	API call chain: ExitProcess graph end node	graph_2-3477

Source: svchost.exe, 00000002.00000002.4467617649.00000000032BE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4467490030.00000000032AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 7J4bYHR4n3.exe, 00000000.00000002.2017097949.0000000000442000.00000020.00000001.01000000.00000003.sdmp, svchost.exe, 00000002.00000002.4465668449.0000000000442000.00000020.00000400.00020000.00000000.sdmp	Binary or memory string: {hGFSS
Source: svchost.exe, 00000002.00000002.4467162438.000000000326E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(l,

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_05202190 LoadLibraryA,GetProcAddress,

2_2_05202190

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_05206180 GetProcessHeap,HeapAlloc,MessageBoxA,

2_2_05206180

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 45.125.46.159 8712	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 111.225.213.38 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.193.90.87 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 124.239.243.38 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 103.235.46.40 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 202.189.4.141 9000	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 104.193.88.112 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 138.113.102.96 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 157.185.145.100 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 103.235.46.9 80	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 103.235.47.7 443	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Network Connect: 39.156.68.81 443	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 412000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 414000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 442000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 5E9000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 5EA000	Jump to behavior
Source: C:\Users\user\Desktop\7J4bYHR4n3.exe	Memory written: C:\Windows\SysWOW64\svchost.exe base: 2C21008	Jump to behavior

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe

Memory allocated: C:\Windows\SysWOW64\svchost.exe base: 400000 protect: page read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe

Memory written: C:\Windows\SysWOW64\svchost.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\7J4bYHR4n3.exe

Process created: C:\Windows\SysWOW64\svchost.exe c:\windows\syswow64\svchost.exe

Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\svchost.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_05207AB0 cpuid

2_2_05207AB0

Source: C:\Windows\SysWOW64\svchost.exe

Code function: 2_2_05221000 CreateEventW,WSASocketW,setsockopt,CreateIoCompletionPort,closesocket,inet_addr,inet_addr,htons,bind,inet_addr,htons,ioctlsocket,connect,select,setsockopt,setsockopt,setsockopt,GlobalAlloc,inet_addr,htons,ioctlsocket,connect,select,closesocket,setsockopt,setsockopt,setsockopt,GlobalAlloc,PostQueuedCompletionStatus,

2_2_05221000

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	1 Native API	Path Interception	411 Process Injection	1 Masquerading	OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	3 Virtualization/Sandbox Evasion	LSASS Memory	3 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Clipboard Data	Exfiltration Over Bluetooth	11 Non-Standard Port	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Ingress Tool Transfer			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	411 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	4 Non-Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Scheduled Transfer	15 Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 File Deletion	Cached Domain Credentials	131 System Information Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	Multiband Communication			Service Stop	Botnet	Domain Properties

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
7J4bYHR4n3.exe	61%	ReversingLabs	Win32.Trojan.Kelios
7J4bYHR4n3.exe	76%	Virustotal		Browse
7J4bYHR4n3.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
sslbaidu.gshifen.com	0%	Virustotal	Browse
www.wshifen.com	0%	Virustotal	Browse
opencdnbd.jomodns.com	0%	Virustotal	Browse
passport.n.shifen.com	0%	Virustotal	Browse
www.ip138.com.lxdns.com	0%	Virustotal	Browse
opencdnglobal.gshifen.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://beian.miit.gov.cn	0%	Avira URL Cloud	safe
http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001	0%	Avira URL Cloud	safe
https://beian.miit.gov.cn	0%	Virustotal		Browse
https://ym.zhongjie.com/	0%	Avira URL Cloud	safe
https://icplishi.com/	100%	Avira URL Cloud	malware
https://www.chashudi.com/	0%	Avira URL Cloud	safe
http://www.baidu.com$)	0%	Avira URL Cloud	safe
http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001	0%	Virustotal		Browse
http://www.baoxianshichang.com/	0%	Avira URL Cloud	safe
http://www.daguzhe.com/	0%	Avira URL Cloud	safe
https://www.chashudi.com/	0%	Virustotal		Browse
http://202.189.4.141:9000/img.gif	0%	Avira URL Cloud	safe
https://www.hao86.com/	0%	Avira URL Cloud	safe
http://fontello.comCreated	0%	Avira URL Cloud	safe
https://www.ipshudi.com/count/	0%	Avira URL Cloud	safe
https://icplishi.com/	1%	Virustotal		Browse
http://www.baoxianshichang.com/	0%	Virustotal		Browse
https://www.275.com/	0%	Avira URL Cloud	safe
http://www.daguzhe.com/	1%	Virustotal		Browse
http://202.189.4.141:9000/img.gif	1%	Virustotal		Browse
https://www.hao86.com/	0%	Virustotal		Browse
https://api.cn/	0%	Avira URL Cloud	safe
https://www.ipshudi.com/	0%	Avira URL Cloud	safe
https://ym.zhongjie.com/	0%	Virustotal		Browse
https://www.275.com/	0%	Virustotal		Browse
https://www.ipshudi.com/	0%	Virustotal		Browse
https://api.cn/	0%	Virustotal		Browse
https://www.ipshudi.com/count/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
sslbaidu.gshifen.com	104.193.90.87	true	true	0%, Virustotal, Browse	unknown
www.wshifen.com	103.235.47.7	true	true	0%, Virustotal, Browse	unknown
opencdnbd.jomodns.com	111.225.213.38	true	true	0%, Virustotal, Browse	unknown
hector.baidu.com	39.156.68.81	true	false		high
passport.n.shifen.com	103.235.46.9	true	true	0%, Virustotal, Browse	unknown
opencdnglobal.gshifen.com	104.193.88.112	true	true	0%, Virustotal, Browse	unknown
www.ip138.com.lxdns.com	157.185.145.100	true	true	0%, Virustotal, Browse	unknown
2023.ip138.com.wsglb0.com	138.113.102.96	true	true		unknown
dss0.bdstatic.com	unknown	unknown	false		high
pss.bdstatic.com	unknown	unknown	false		high
2023.ip138.com	unknown	unknown	false		high
sp2.baidu.com	unknown	unknown	false		high
hectorstatic.baidu.com	unknown	unknown	false		high
www.baidu.com	unknown	unknown	false		high
psstatic.cdn.bcebos.com	unknown	unknown	false		high
www.ip138.com	unknown	unknown	false		high
sp1.baidu.com	unknown	unknown	false		high
passport.baidu.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pss.bdstatic.com/static/superman/js/super_load-8301698f5e.js	false		high
https://pss.bdstatic.com/static/superman/js/components/top-right-operate/operate-827e19fac1.js	false		high
https://pss.bdstatic.com/static/superman/amd_modules/tslib-c95383af0c.js	false		high
https://pss.bdstatic.com/static/superman/js/components/login_guide-4fba3971ce.js	false		high
https://pss.bdstatic.com/static/superman/js/components/hotsearch-5af0f864cf.js	false		high
http://www.baidu.com/img/flexible/logo/pc/peak-result.png	false		high
https://sp1.baidu.com/-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=showpv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.8813057572175726	false		high
http://202.189.4.141:9000/img.gif	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pss.bdstatic.com/static/superman/js/components/invoke-97e9694cb9.js	false		high
http://www.baidu.com/img/flexible/logo/pc/result.png	false		high
https://sp2.baidu.com/-L-Ysjip0QIZ8tyhnq/v.gif?mod=superman%3Acomponents&submod=hotsearch&utype=undefined&superver=supernewplus&portrait=undefined&logPortrait=undefined&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.7297529188846449&m=superman%3Acomponents_hotsearchShow&showType=hotword&words=%5B%22%E4%B9%A0%E8%BF%91%E5%B9%B3%E5%9C%A8APEC%E9%A2%86%E5%AF%BC%E4%BA%BA%E4%BC%9A%E8%AE%AE%E4%B8%8A%E7%9A%84%E8%AE%B2%E8%AF%9D%22%2C%22%E4%B8%AD%E5%9B%BD%E6%8C%81%E7%BB%AD%E6%B7%B1%E5%8C%96%E4%B8%8EAPEC%E7%BB%8F%E6%B5%8E%E4%BD%93%E7%BB%8F%E8%B4%B8%E5%90%88%E4%BD%9C%22%2C%22%E4%B8%AD%E6%97%A5%E5%85%B3%E7%B3%BB%EF%BC%8C%E6%9C%80%E8%BF%91%E5%87%BA%E7%8E%B0%E4%B8%89%E4%B8%AA%E5%BE%AE%E5%A6%99%E5%8F%98%E5%8C%96%22%2C%22%E4%B8%AD%E5%9B%BD%E2%80%9C%E9%9C%B8%E6%80%BB%E2%80%9D%E7%88%BD%E5%89%A7%E5%9C%A8%E6%B5%B7%E5%A4%96%E6%9D%80%E7%96%AF%E4%BA%86%22%2C%22%E9%9F%A9%E5%9B%BD%E4%BB%8E2027%E5%B9%B4%E5%BC%80%E5%A7%8B%E7%A6%81%E9%A3%9F%E7%8B%97%E8%82%89%22%2C%22%E5%90%9E%E5%89%91%E8%A1%A8%E6%BC%94%E5%A4%A7%E5%9E%8B%E5%A4%B1%E8%AF%AF%E7%8E%B0%E5%9C%BA%22%5D&pagenum=0	false		high
https://pss.bdstatic.com/static/superman/js/min_super-f2d67e59b3.js	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png	false		high
https://pss.bdstatic.com/static/superman/js/components/video-meet-7833028d86.js	false		high
http://www.ip138.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://beian.miit.gov.cn	PEEPV5GT.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://zhidao.baidu.com/q?ct=17&pn=0&tn=ikaslist&rn=10&fr=wwwt	PEEPV5GT.htm.2.dr	false		high
https://baike.baidu.com	PEEPV5GT.htm.2.dr	false		high
https://www.chashudi.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://pss.bdstatic.com/r/www/cache/static/amd_modules/lottie-web/build/player/lottie_ad9c879https:/	svchost.exe, 00000002.00000003.2317815324.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323984735.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333703049.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://news.4399.com/yssy/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false		high
https://ym.zhongjie.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11000002000001	PEEPV5GT.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://icplishi.com/	IKR5FVEW.htm.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://pss.bdstatic.com/r/www/cache/static/plugins/bzPopper_7bc4f0e.jsa	svchost.exe, 00000002.00000003.2280700925.000000000D719000.00000004.00000800.00020000.00000000.sdmp	false		high
http://s.share.baidu.com?	ubase-dddde7cd4e[1].js.2.dr	false		high
http://www.4399.cn/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false		high
http://www.baidu.com/img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.pngq	svchost.exe, 00000002.00000003.2290062071.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309353936.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317496998.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334351336.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323923917.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280700925.000000000D719000.00000004.00000800.00020000.00000000.sdmp	false		high
https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F&sms=5	PEEPV5GT.htm.2.dr	false		high
http://passport.baidu.com/ubrwsbas	svchost.exe, 00000002.00000003.2208025983.000000000338C000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
http://www.baidu.com$)	svchost.exe, 00000002.00000003.2309126506.000000000C716000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333580175.000000000C716000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324177990.000000000C716000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290386988.000000000C716000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.baoxianshichang.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pss.bdstatic.com/static/superman/img/guide_new/arrow-top-d81f5f8843.png	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4471967501.000000000643F000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
http://www.daguzhe.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wappass.qatest.baidu.com/passport/?login&u=	bzPopper_7bc4f0e[1].js.2.dr	false		high
http://s.share.baidu.com	all_async_search_d3cea19[1].js.2.dr	false		high
https://photo.baidu.com/app/scheme?&scheme=	all_async_search_d3cea19[1].js.2.dr	false		high
http://www.1zhe.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false		high
https://www.hao86.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pss.bdstatic.com/static/superman/font/iconfont-cdfecb8456.eot?#iefix)	svchost.exe, 00000002.00000002.4467403242.000000000329E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://fontello.comCreated	iconfont-cdfecb8456[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
https://haokan.baidu.com/?sfrom=baidu-top	PEEPV5GT.htm.2.dr	false		high
https://ip.cn/api/index?ip=&type=0	svchost.exe, 00000002.00000003.2018935476.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2018955730.0000000005100000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4467162438.0000000003212000.00000004.00000020.00020000.00000000.sdmp	false		high
http://click.hm.baidu.com/app.gif?ap=1801081&ch=47556	all_async_search_d3cea19[1].js.2.dr	false		high
https://pss.bdstatic.com/static/superman/font/iconfont-cdfecb8456.eot);g	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/static/superman/img/qrcode/qrcode	svchost.exe, 00000002.00000003.2317898395.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290062071.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317815324.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324010995.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324074185.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308985236.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280788423.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308923168.000000000D6E2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290626128.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290482105.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333786539.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323984735.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333703049.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309011375.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290692148.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280752584.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317950954.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308953313.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280700925.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333862069.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
http://passport.baidu.com/ubrwsbasdss1.bdstatic.com/k4oTfnSm1A5BphGlnYGdss1.bdstatic.com/-0U0bXSm1A5	svchost.exe, 00000002.00000003.2281009542.000000000B263000.00000004.00000800.00020000.00000000.sdmp	false		high
https://user.ip138.com/ip/	FDKIT3IR.htm.2.dr	false		high
http://velocity.baidu.com/sp	all_async_search_d3cea19[1].js.2.dr	false		high
https://www.ipshudi.com/count/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pss.bdstatic.com/static/superman/js/components/tips-e2ceadd14d.js~	svchost.exe, 00000002.00000003.2290482105.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://sclick.baidu.com/w.gif	svchost.exe, 00000002.00000003.2317815324.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308923168.000000000D6E2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290482105.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323984735.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333703049.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280752584.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308953313.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, min_super-f2d67e59b3[1].js.2.dr	false		high
https://pss.bdstatic.com/static/superman/font/iconfont-cdfecb8456.eot?#iefixB	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp	false		high
https://vv.baidu.com/feedvideoui/ulink?scheme=	all_async_search_d3cea19[1].js.2.dr	false		high
https://jiankang.baidu.com/scheme?scheme=	all_async_search_d3cea19[1].js.2.dr	false		high
https://pss.bdstatic.com/static/superman/img/icons-441e82fb11.pngH	svchost.exe, 00000002.00000002.4472530160.000000000646A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/w_cur-d41911290d.cur	aging-tools-pc_63487d8[1].js.2.dr	false		high
http://www.baidu.com/t.prototype.resumeai-search-box-entry	svchost.exe, 00000002.00000003.2371001493.000000000FFB5000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2371105763.000000000FFB7000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/static/superman/img/searchbox/nicon-2x-6258e1cf13.png	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
https://www.275.com/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://nourl.ubs.baidu.com	svchost.exe, 00000002.00000003.2280837594.000000000C7A3000.00000004.00000800.00020000.00000000.sdmp, all_async_search_d3cea19[1].js.2.dr	false		high
https://psstatic.cdn.bcebos.com/	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4472530160.000000000646A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://baozhang.baidu.com/guarantee/?from=ps	bzPopper_7bc4f0e[1].js.2.dr	false		high
http://sestat.baidu.com/webb.gif	all_async_search_d3cea19[1].js.2.dr, min_super-f2d67e59b3[1].js.2.dr	false		high
http://ss.bdimg.com/cdn/testedge.js	min_super-f2d67e59b3[1].js.2.dr	false		high
https://mbd.baidu.com/ztbox?action=zpblog	all_async_search_d3cea19[1].js.2.dr	false		high
https://pss.bdstatic.com/static/superman/js/components/tips-e2ceadd14d.jsdvert-064271ed9b.js	svchost.exe, 00000002.00000002.4467300731.000000000327F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sensearch.baidu.com/sensearch/selecttext	svchost.exe, 00000002.00000003.2280837594.000000000C7A3000.00000004.00000800.00020000.00000000.sdmp, all_async_search_d3cea19[1].js.2.dr	false		high
http://www.baidu.com/http://www.baidu.com/http://www.baidu.com/BD_PS_C1700295903338http://www.baidu.	svchost.exe, 00000002.00000003.2362025904.000000000FF10000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362220604.000000000FF16000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362156573.000000000FF14000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362095310.000000000FF12000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362126223.000000000FF13000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362187946.000000000FF15000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362249225.000000000FF17000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2362062629.000000000FF11000.00000004.00000800.00020000.00000000.sdmp	false		high
http://sestat.baidu.com/mwb2.gif	all_async_search_d3cea19[1].js.2.dr, min_super-f2d67e59b3[1].js.2.dr	false		high
https://wakeup.baidu.com/tomas/scheme?scheme=	all_async_search_d3cea19[1].js.2.dr	false		high
https://pss.bdstatic.com/sp1.baidu.com/9foIbT3kAMgDnd_http:	svchost.exe, 00000002.00000003.2281009542.000000000B263000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.cn/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://sclick.baidu.com/w.gif?fm=suggestion&title=%B9%D8%B1%D5&t=	min_super-f2d67e59b3[1].js.2.dr	false		high
http://v.baidu.com	all_async_search_d3cea19[1].js.2.dr, nu_instant_search_62c9c51[1].js.2.dr	false		high
http://jubao.baidu.com	all_async_search_d3cea19[1].js.2.dr	false		high
https://sp0.baidu.com/6r1_czmhAB63otqbppnN2DJv/sp	all_async_search_d3cea19[1].js.2.dr	false		high
https://pss.bdstatic.com/static/superman/img/hot_search/pop_tri-a656a7d535.png	svchost.exe, 00000002.00000002.4473170796.0000000006499000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
http://app.4399.cn/	svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	false		high
http://map.baidu.com	PEEPV5GT.htm.2.dr	false		high
https://pss.bdstatic.com/static/superman/font/iconfont-cdfecb8456.eot?#iefixk	svchost.exe, 00000002.00000003.2317898395.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317815324.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324010995.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324074185.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308985236.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280788423.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308923168.000000000D6E2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290626128.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290482105.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333786539.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323984735.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333703049.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309011375.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290692148.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280752584.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317950954.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308953313.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333862069.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pss.bdstatic.com/r/www/cache/static/bundles/es6-polyfill_388d059.jsk	svchost.exe, 00000002.00000003.2317898395.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317815324.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324010995.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2324074185.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308985236.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280788423.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308923168.000000000D6E2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290626128.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290482105.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333786539.000000000D6F1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323984735.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333703049.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309011375.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290692148.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280752584.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317950954.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308953313.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2333862069.000000000D6F3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/static/superman/img/logos/fengyunbang-1986a40079.png	svchost.exe, 00000002.00000002.4473170796.0000000006499000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
http://bjyz-mco-searchbox201609-m12xi3-044.bjyz.baidu.com:8080/ztbox?action=zpblog	all_async_search_d3cea19[1].js.2.dr	false		high
http://open.baidu.com/stat/al_e.gif?ajax_err_url=#	all_async_search_d3cea19[1].js.2.dr	false		high
http://suggestion.baidu.com/su	svchost.exe, 00000002.00000003.2281009542.000000000B263000.00000004.00000800.00020000.00000000.sdmp, search-sug_947981a[1].js.2.dr, min_super-f2d67e59b3[1].js.2.dr	false		high
https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/mwb2.gif	svchost.exe, 00000002.00000003.2281009542.000000000B263000.00000004.00000800.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr, all_async_search_d3cea19[1].js.2.dr, min_super-f2d67e59b3[1].js.2.dr	false		high
https://srf.baidu.com/?from=1024129m&c=apple&e=imehd&native_url=	all_async_search_d3cea19[1].js.2.dr	false		high
https://passport.qatest.baidu.com/v2/?login&u=	bzPopper_7bc4f0e[1].js.2.dr	false		high
https://pss.bdstatic.com/static/superman/img/qrcode/qrcode-hover	svchost.exe, 00000002.00000003.2290062071.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308923168.000000000D6E2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2290482105.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309353936.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317496998.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280752584.000000000D6EB000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334351336.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308953313.000000000D6E7000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323923917.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280700925.000000000D719000.00000004.00000800.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
https://pss.bdstatic.com/static/superman/img/logos/qqjt-9809ca806e.png	svchost.exe, 00000002.00000002.4473170796.0000000006499000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
https://www.baidu.com/search/aging-tools.html	aging-tools-pc_63487d8[1].js.2.dr	false		high
https://www.ipshudi.com/	FDKIT3IR.htm.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://yiyan.baidu.com/?from=baidu_pc_index"	svchost.exe, 00000002.00000003.2541870349.000000000DB17000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2541870349.000000000DB09000.00000004.00000020.00020000.00000000.sdmp	false		high
http://pss.bdstatic.com/r/www/cache/static/amd_modules/	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2309353936.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2317496998.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2334351336.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2323923917.000000000D719000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280700925.000000000D719000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/static/superman/img/searchbox/nicon-10750f3f7d.png	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	false		high
https://pss.bdstatic.com/static/superman/js/components/top-right-operate/operate-827e19fac1	svchost.exe, 00000002.00000003.2280549010.000000000D0F1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://pss.bdstatic.com/static/superman/img/logos/qqjt-9809ca806e.pngg	svchost.exe, 00000002.00000002.4471574035.0000000006400000.00000004.00000020.00020000.00000000.sdmp	false		high
http://news.baidu.com	PEEPV5GT.htm.2.dr	false		high
http://wenku.baidu.com	nu_instant_search_62c9c51[1].js.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
45.125.46.159	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	true
104.193.88.112	opencdnglobal.gshifen.com	United States	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	true
111.225.213.38	opencdnbd.jomodns.com	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	true
138.113.102.96	2023.ip138.com.wsglb0.com	United States	54994	QUANTILNETWORKSUS	true
104.193.90.87	sslbaidu.gshifen.com	United States	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	true
157.185.145.100	www.ip138.com.lxdns.com	United States	54994	QUANTILNETWORKSUS	true
103.235.46.9	passport.n.shifen.com	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	true
124.239.243.38	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	true
103.235.47.7	www.wshifen.com	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	true
103.235.46.40	unknown	Hong Kong	55967	BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	true
202.189.4.141	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	true
39.156.68.81	hector.baidu.com	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1344472
Start date and time:	2023-11-18 07:51:08 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	7J4bYHR4n3.exe renamed because original name is a hash value
Original Sample Name:	2EDB2224339E3562069277B1820851D8.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/61@11/12
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 7J4bYHR4n3.exe, PID 3536 because there are no executed function
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:51:57	API Interceptor	1502087x Sleep call for process: svchost.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.193.88.112	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	pss.bdstatic.com/r/www/cache/static/amd_modules/@baidu/aging-tools-pc_63487d8.js
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	pss.bdstatic.com/r/www/cache/static/amd_modules/@baidu/aging-tools-pc_63487d8.js
	winaudio.exe	Get hash	malicious	Unknown	Browse	pic.rmb.bdstatic.com/bjh/3c7bec031bab48d4084b19b5f2a8b07b.jpeg
	jlhcJUOvD.exe	Get hash	malicious	Unknown	Browse	/bjh/50c7074ae9b3089bc603a515cf6c05b5.jpeg
104.193.90.87	http://www.baidu.com	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse
	kernelbase_32.dll.dll	Get hash	malicious	Unknown	Browse
	test_restart.exe	Get hash	malicious	Unknown	Browse
	https://www.baidu.com/?Open=normal&BaiduPartner=360&BaiduVIP=e0r45hdwela@bs-dsya@bcom	Get hash	malicious	Unknown	Browse
	104723298.exe	Get hash	malicious	Unknown	Browse
	http://14.215.177.38	Get hash	malicious	Unknown	Browse
	http://www.baidu.com/	Get hash	malicious	Unknown	Browse
157.185.145.100	q7M2hE0WMb.exe	Get hash	malicious	Gh0stCringe, GhostRat, Nitol, RunningRAT	Browse	www.ip138.com/
103.235.46.9	SecuriteInfo.com.FileRepMalware.639.15215.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.Trojan.Kryptik.HK@susp.11565.26013.exe	Get hash	malicious	Unknown	Browse
	http://www.baidu.com	Get hash	malicious	Unknown	Browse
	ShuDepb.Loader.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
opencdnbd.jomodns.com	http://www.baidu.com	Get hash	malicious	Unknown	Browse	183.131.118.38
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	58.42.14.38
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	125.74.110.38
	kernelbase_32.dll.dll	Get hash	malicious	Unknown	Browse	110.185.186.38
	test_restart.exe	Get hash	malicious	Unknown	Browse	182.140.225.38
	http://china.cn	Get hash	malicious	Unknown	Browse	125.74.110.38
	https://www.baidu.com/?Open=normal&BaiduPartner=360&BaiduVIP=e0r45hdwela@bs-dsya@bcom	Get hash	malicious	Unknown	Browse	118.180.40.38
	104723298.exe	Get hash	malicious	Unknown	Browse	183.136.216.38
	http://14.215.177.38	Get hash	malicious	Unknown	Browse	183.56.138.38
	http://104.193.88.123	Get hash	malicious	Unknown	Browse	113.105.172.38
	http://www.baidu.com/	Get hash	malicious	Unknown	Browse	113.105.172.38
	SecuriteInfo.com.Trojan.GenericKD.36134277.347.exe	Get hash	malicious	Unknown	Browse	110.185.186.38
hector.baidu.com	http://www.baidu.com	Get hash	malicious	Unknown	Browse	39.156.68.81
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	39.156.68.81
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	39.156.68.81
	test_restart.exe	Get hash	malicious	Unknown	Browse	39.156.68.81
	104723298.exe	Get hash	malicious	Unknown	Browse	39.156.68.81
	http://14.215.177.38	Get hash	malicious	Unknown	Browse	39.156.68.81
sslbaidu.gshifen.com	http://www.baidu.com	Get hash	malicious	Unknown	Browse	104.193.90.87
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	104.193.90.87
	SecuriteInfo.com.Win32.Packed.NoobyProtect.B.6251.20806.exe	Get hash	malicious	Unknown	Browse	104.193.90.87
	kernelbase_32.dll.dll	Get hash	malicious	Unknown	Browse	104.193.90.87
	test_restart.exe	Get hash	malicious	Unknown	Browse	104.193.90.87
	https://www.baidu.com/?Open=normal&BaiduPartner=360&BaiduVIP=e0r45hdwela@bs-dsya@bcom	Get hash	malicious	Unknown	Browse	180.76.5.106
	104723298.exe	Get hash	malicious	Unknown	Browse	104.193.90.87
	http://14.215.177.38	Get hash	malicious	Unknown	Browse	104.193.90.87
	http://104.193.88.123	Get hash	malicious	Unknown	Browse	104.193.90.87
	http://www.baidu.com/	Get hash	malicious	Unknown	Browse	104.193.90.87
	SecuriteInfo.com.Trojan.GenericKD.36134277.347.exe	Get hash	malicious	Unknown	Browse	185.10.104.109
	soft-install.exe	Get hash	malicious	Unknown	Browse	185.10.104.109
www.wshifen.com	https://strava.app.link/69975S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com/link?url=UbcHBOKK7Y4gqxVzNd-QKUOphfIsBqn4bVRPqa0MNPU-0eELDTX3X3PjZBdc7Pt5&wd#.am9obi5zbWl0aEBlY2xlY3RpY2JhcnMuY28udWs=	Get hash	malicious	HTMLPhisher	Browse	103.235.46.40
	https://strava.app.link/38598S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.ZXR1emFpdGVAYmlvbGVnZW5kLmNvbQ==	Get hash	malicious	Fake Captcha	Browse	103.235.47.103
	https://strava.app.link/66876S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.cnZhbGVudGluQGJpb2xlZ2VuZC5jb20=	Get hash	malicious	Fake Captcha	Browse	103.235.46.40
	https://strava.app.link/6350S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8&wd#.cGV0ZXJzLmJhcnRAZGVtZS1ncm91cC5jb20=	Get hash	malicious	Unknown	Browse	103.235.47.102
	https://baidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8	Get hash	malicious	HTMLPhisher	Browse	103.235.47.103
	https://strava.app.link/3921S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8&wd#.bm9yYnJ1aXMuam9yaXNAZGVtZS1ncm91cC5jb20=	Get hash	malicious	Unknown	Browse	103.235.47.7
	https://strava.app.link/3921S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8&wd#.bm9yYnJ1aXMuam9yaXNAZGVtZS1ncm91cC5jb20=	Get hash	malicious	Unknown	Browse	103.235.46.40
	https://www.baidu.com/link?url=es3dTXQdd_l0_QNoDZLcIrKQdOWxepez0sEEC_-T7jTwG_yTt6H6TlbYQxiOKd2T-VpbZt55m2UBZUfswQLE5_&wd#YW15Lmh1YmJhcmRAemVobmRlcmdyb3VwLmNvbQ	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	103.235.46.40
	https://strava.app.link/67425S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=AXBu2hVQj1drnQ_tmwlLlvnRMSEyoZNmzfiyQQFAgve&wd#.dmlvbGV0YS5ib2xhbm9zQHNlYWJvYXJkbWFyaW5lLmNvbQ==	Get hash	malicious	Unknown	Browse	103.235.47.103
	https://baidu.com///link?url=AXBu2hVQj1drnQ_tmwlLlvnRMSEyoZNmzfiyQQFAgve	Get hash	malicious	Unknown	Browse	103.235.47.103
	https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LRgb7EaJr&clk=https%3A%2F%2Fbaidu.com/link?url=M_paI8wUUhyFFyYOfkv0BtRO2tYeocT9NZ8JuKTMQbfhljTSzkN9oa0taRuW8_fW&wd#.ZGlyay5kb25hdGhAYWltYXJhY2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse	103.235.47.102
	https://strava.app.link/9961S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=3r7jv_qeggaGkYzFPph84R_2dH14eJYSt-HHsiM_MNm&wd#.ZW1tYW51ZWxlLnB1cmljZWxsaUBjZXJ0YXJhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	103.235.47.7
	https://strava.app.link/3166S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=3r7jv_qeggaGkYzFPph84R_2dH14eJYSt-HHsiM_MNm&wd#.cHJhbW9kaW5pLmdvdmluZGFyYWp1QGtwcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	103.235.47.7
	https://strava.app.link/7187S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP&wd#.bGVzbHllLmxvc2FkYUB5YXNtYXJpbmEuYWU=	Get hash	malicious	Unknown	Browse	103.235.46.40
	https://strava.app.link/8248S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP&wd#.eWhhbl9oZW5kcmlja3NAc2VhYm9hcmRtYXJpbmUuY29t	Get hash	malicious	Unknown	Browse	104.193.88.123
	https://baidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP	Get hash	malicious	Unknown	Browse	104.193.88.77
	https://strava.app.link/5183S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP&wd#.bmV6aHV2YW50aG9kaS5yaXlhc0BkZW1lLWdyb3VwLmNvbQ==	Get hash	malicious	Unknown	Browse	104.193.88.123
	https://strava.app.link/6081S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=IfxtBBaTSEw-I9YZV5haltd77j0OKxi6fDBQUTWqjzEgt2jTS8KiPd57rhjKio1h&wd#.ZGViYmllLnN0dWJic0B0YWZlcWxkLmVkdS5hdQ==	Get hash	malicious	Unknown	Browse	103.235.47.103
	http://www.baidu.com/link?url=BhRTSVC1qq45nBgga7PQWLcShI_8kVTw9lwKfL1U5ldlkD_b_nU7TnECIFHzwKOv&wd#Y2F0YXJpbmEuaGVucmlxdWVzQG5vdm9iYW5jby5wdA==	Get hash	malicious	HTMLPhisher	Browse	104.193.88.123
	https://www.baidu.com/link?url=1lhG03pRsAWnND8Y7o3PDcjRR2k2RhpZ6FrMiAcj1hNFLUqhRVubSUVSeNdHJ4qg#WW5OaFpXNWxia0JzWldkaGJXRnpkR1Z5TG1OdmJRPT0=	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	104.193.88.77

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CHINANET-BACKBONENo31Jin-rongStreetCN	https://guide.amex-corporate.de/	Get hash	malicious	Unknown	Browse	63.140.36.197
	0XslZyQiG0.elf	Get hash	malicious	Mirai	Browse	114.237.107.134
	I6LOSz3ntW.exe	Get hash	malicious	Glupteba, LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig	Browse	63.140.36.139
	DHL_INFO.exe	Get hash	malicious	FormBook	Browse	202.91.248.226
	https://acrobat.adobe.com/id/urn:aaid:sc:US:31f22342-5e5e-454d-93c8-160d80b62dcf	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	63.140.36.14
	http://dalinoxin.de	Get hash	malicious	Unknown	Browse	63.140.36.104
	https://international.standardbank.com/	Get hash	malicious	Unknown	Browse	63.140.36.117
	https://international.standardbank.com/	Get hash	malicious	Unknown	Browse	63.140.36.138
	DHL_INFO.exe	Get hash	malicious	FormBook	Browse	202.91.248.226
	VfMVlDMUYO.elf	Get hash	malicious	Mirai	Browse	61.157.167.119
	5eFmWG76zz.elf	Get hash	malicious	Mirai	Browse	123.181.143.181
	IDBcD0M2UK.elf	Get hash	malicious	Mirai	Browse	14.125.148.122
	GiRCyG58ws.elf	Get hash	malicious	Mirai	Browse	36.104.221.94
	xpQJmpNCvU.elf	Get hash	malicious	Unknown	Browse	116.54.228.155
	u3FxQf1X9v.elf	Get hash	malicious	Mirai	Browse	222.222.205.82
	4q7s5U3OBR.elf	Get hash	malicious	Mirai	Browse	114.105.89.129
	5M39t65C7q.elf	Get hash	malicious	Mirai	Browse	221.235.96.8
	FzczI0Y6Dk.elf	Get hash	malicious	Mirai	Browse	110.85.188.66
	0KsZkcNqWz.elf	Get hash	malicious	Mirai	Browse	106.89.82.248
	22iXhC1ACX.elf	Get hash	malicious	Mirai	Browse	182.134.172.63
CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	0XslZyQiG0.elf	Get hash	malicious	Mirai	Browse	112.239.113.199
	https://strava.app.link/69975S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com/link?url=UbcHBOKK7Y4gqxVzNd-QKUOphfIsBqn4bVRPqa0MNPU-0eELDTX3X3PjZBdc7Pt5&wd#.am9obi5zbWl0aEBlY2xlY3RpY2JhcnMuY28udWs=	Get hash	malicious	HTMLPhisher	Browse	110.242.68.66
	https://strava.app.link/38598S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.ZXR1emFpdGVAYmlvbGVnZW5kLmNvbQ==	Get hash	malicious	Fake Captcha	Browse	110.242.68.66
	https://baidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8	Get hash	malicious	HTMLPhisher	Browse	110.242.68.66
	VfMVlDMUYO.elf	Get hash	malicious	Mirai	Browse	218.67.235.142
	5eFmWG76zz.elf	Get hash	malicious	Mirai	Browse	121.16.90.149
	efnSwssCwK.elf	Get hash	malicious	Unknown	Browse	123.139.215.112
	wIv2iUofVo.elf	Get hash	malicious	Mirai	Browse	60.23.147.82
	GiRCyG58ws.elf	Get hash	malicious	Mirai	Browse	175.169.124.229
	xpQJmpNCvU.elf	Get hash	malicious	Unknown	Browse	221.193.171.32
	u3FxQf1X9v.elf	Get hash	malicious	Mirai	Browse	218.69.208.20
	4q7s5U3OBR.elf	Get hash	malicious	Mirai	Browse	27.10.111.85
	5M39t65C7q.elf	Get hash	malicious	Mirai	Browse	120.3.42.154
	FzczI0Y6Dk.elf	Get hash	malicious	Mirai	Browse	175.160.7.16
	0KsZkcNqWz.elf	Get hash	malicious	Mirai	Browse	139.213.64.173
	22iXhC1ACX.elf	Get hash	malicious	Mirai	Browse	119.167.80.243
	FScObW8Ubr.elf	Get hash	malicious	Mirai	Browse	153.64.92.183
	https://www.zzziuvqwnickncvlk.com/funccode.php	Get hash	malicious	Unknown	Browse	123.58.210.155
	https://strava.app.link/67425S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=AXBu2hVQj1drnQ_tmwlLlvnRMSEyoZNmzfiyQQFAgve&wd#.dmlvbGV0YS5ib2xhbm9zQHNlYWJvYXJkbWFyaW5lLmNvbQ==	Get hash	malicious	Unknown	Browse	110.242.68.66
	https://baidu.com///link?url=AXBu2hVQj1drnQ_tmwlLlvnRMSEyoZNmzfiyQQFAgve	Get hash	malicious	Unknown	Browse	110.242.68.66
BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd	https://strava.app.link/69975S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com/link?url=UbcHBOKK7Y4gqxVzNd-QKUOphfIsBqn4bVRPqa0MNPU-0eELDTX3X3PjZBdc7Pt5&wd#.am9obi5zbWl0aEBlY2xlY3RpY2JhcnMuY28udWs=	Get hash	malicious	HTMLPhisher	Browse	103.235.46.40
	https://strava.app.link/38598S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.ZXR1emFpdGVAYmlvbGVnZW5kLmNvbQ==	Get hash	malicious	Fake Captcha	Browse	103.235.47.103
	https://strava.app.link/66876S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=neMQr9azEt--a_UsVGmVNYkDEUPjN_x4zDzsSLNy7lC&wd#.cnZhbGVudGluQGJpb2xlZ2VuZC5jb20=	Get hash	malicious	Fake Captcha	Browse	103.235.46.40
	https://strava.app.link/6350S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8&wd#.cGV0ZXJzLmJhcnRAZGVtZS1ncm91cC5jb20=	Get hash	malicious	Unknown	Browse	103.235.47.102
	https://baidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8	Get hash	malicious	HTMLPhisher	Browse	103.235.47.103
	https://strava.app.link/3921S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8&wd#.bm9yYnJ1aXMuam9yaXNAZGVtZS1ncm91cC5jb20=	Get hash	malicious	Unknown	Browse	103.235.47.7
	https://strava.app.link/3921S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=G-H7pkaCeuWCeE5MGEkhkT1f0faX5yg6SEapW3aYPzEN4lwPiBNpWcyD-uDeRMX8&wd#.bm9yYnJ1aXMuam9yaXNAZGVtZS1ncm91cC5jb20=	Get hash	malicious	Unknown	Browse	103.235.46.40
	http://103.30.76.56:8000	Get hash	malicious	GhostRat, Quasar	Browse	106.12.126.136
	https://www.baidu.com/link?url=es3dTXQdd_l0_QNoDZLcIrKQdOWxepez0sEEC_-T7jTwG_yTt6H6TlbYQxiOKd2T-VpbZt55m2UBZUfswQLE5_&wd#YW15Lmh1YmJhcmRAemVobmRlcmdyb3VwLmNvbQ	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	103.235.46.40
	https://strava.app.link/67425S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=AXBu2hVQj1drnQ_tmwlLlvnRMSEyoZNmzfiyQQFAgve&wd#.dmlvbGV0YS5ib2xhbm9zQHNlYWJvYXJkbWFyaW5lLmNvbQ==	Get hash	malicious	Unknown	Browse	103.235.47.103
	https://baidu.com///link?url=AXBu2hVQj1drnQ_tmwlLlvnRMSEyoZNmzfiyQQFAgve	Get hash	malicious	Unknown	Browse	103.235.47.103
	https://apiservices.krxd.net/click_tracker/track?kx_event_uid=LRgb7EaJr&clk=https%3A%2F%2Fbaidu.com/link?url=M_paI8wUUhyFFyYOfkv0BtRO2tYeocT9NZ8JuKTMQbfhljTSzkN9oa0taRuW8_fW&wd#.ZGlyay5kb25hdGhAYWltYXJhY2FwaXRhbC5jb20=	Get hash	malicious	HTMLPhisher	Browse	103.235.47.102
	https://strava.app.link/9961S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=3r7jv_qeggaGkYzFPph84R_2dH14eJYSt-HHsiM_MNm&wd#.ZW1tYW51ZWxlLnB1cmljZWxsaUBjZXJ0YXJhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	103.235.47.7
	https://strava.app.link/3166S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=3r7jv_qeggaGkYzFPph84R_2dH14eJYSt-HHsiM_MNm&wd#.cHJhbW9kaW5pLmdvdmluZGFyYWp1QGtwcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	103.235.47.7
	https://strava.app.link/7187S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP&wd#.bGVzbHllLmxvc2FkYUB5YXNtYXJpbmEuYWU=	Get hash	malicious	Unknown	Browse	103.235.46.40
	https://strava.app.link/8248S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP&wd#.eWhhbl9oZW5kcmlja3NAc2VhYm9hcmRtYXJpbmUuY29t	Get hash	malicious	Unknown	Browse	104.193.88.123
	https://baidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP	Get hash	malicious	Unknown	Browse	104.193.88.77
	https://strava.app.link/5183S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=eEJw-jSeXqaZnv4G7prDi_2zCJ1YOpb2bTUT8LziaQ6m2IDLreOTF9-04UnO9UwP&wd#.bmV6aHV2YW50aG9kaS5yaXlhc0BkZW1lLWdyb3VwLmNvbQ==	Get hash	malicious	Unknown	Browse	104.193.88.123
	https://strava.app.link/6081S3p?%243p=e_et&%24original_url=https%3A%2F%2Fbaidu.com///link?url=IfxtBBaTSEw-I9YZV5haltd77j0OKxi6fDBQUTWqjzEgt2jTS8KiPd57rhjKio1h&wd#.ZGViYmllLnN0dWJic0B0YWZlcWxkLmVkdS5hdQ==	Get hash	malicious	Unknown	Browse	103.235.47.103
	file.None.0x85cd09a0.AnyConnectInstaller.exe.exe	Get hash	malicious	Unknown	Browse	180.76.254.120

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	4sDRR9DLgz.exe	Get hash	malicious	Vidar	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	zxmv6yvGsK.exe	Get hash	malicious	Vidar	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	YI72qY8m9z.exe	Get hash	malicious	Vidar	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	URYmWe54UY.exe	Get hash	malicious	DCRat	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	file.exe	Get hash	malicious	Djvu, Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	Cheat_Lab_2.7.2.msi	Get hash	malicious	LummaC Stealer	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	U6SJBLxT2Z.exe	Get hash	malicious	FormBook, GuLoader	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	enelfacturanopagada.msi	Get hash	malicious	Unknown	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	https://manowebsm1.s3.amazonaws.com/PaymentProof31332.url	Get hash	malicious	Amadey	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	I6LOSz3ntW.exe	Get hash	malicious	Glupteba, LummaC Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	file.exe	Get hash	malicious	Glupteba, LummaC Stealer, Meduza Stealer, RedLine, SmokeLoader	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	SecuriteInfo.com.Trojan.GenericKD.70423744.25397.14383.exe	Get hash	malicious	LummaC Stealer	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	file.exe	Get hash	malicious	Vidar	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	BoletoNF0014217112023.pdf.msi	Get hash	malicious	Unknown	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	SecuriteInfo.com.Win64.PWSX-gen.15914.1593.exe	Get hash	malicious	Vidar, zgRAT	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	ud704TETEP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRAT	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	Yi5cWfHZhf.exe	Get hash	malicious	Vidar	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	XtDhwVrVKn.exe	Get hash	malicious	Unknown	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81
	file.exe	Get hash	malicious	Vidar	Browse	104.193.88.112 104.193.90.87 157.185.145.100 124.239.243.38 103.235.47.7 103.235.46.40 39.156.68.81

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (62184), with no line terminators
Category:	dropped
Size (bytes):	62206
Entropy (8bit):	5.688953164734178
Encrypted:	false
SSDEEP:	768:qHMNEvweSZRW219E1WeZOeMO1NXtgdbq5lwlw:qsNZI219E1WeZ8O1NX2dbklh
MD5:	6AF1FF72306CCB3FDEAC53C688CE7818
SHA1:	94E8EEE2EBB017A955A21B877FD4CA38AD803A25
SHA-256:	3B89ED206A41E65A5145EA32B45CDF52ECF87CD8ED18D7FDDC65259A4C59D048
SHA-512:	44F6512F3975DDE143E00FC398E1C2E1A4D71FFD72DAA2163A1DBA03E4E9B68CC349099A1D010F2DE4E08D4761E7638685F5117855CBB7B653F8EEC234BC0BB6
Malicious:	false
Reputation:	low
Preview:	<root><item name="CVObj" value="" ltime="3486314432" htime="31070708" /><item name="CVStringTimestamp" value="1700380620981" ltime="3486314432" htime="31070708" /><item name="BIDUPSID" value="145E27E221F282D0BD0487E5415FCD62" ltime="3486314432" htime="31070708" /><item name="wwwPassLogout" value="0" ltime="392377136" htime="31070709" /><item name="safeIconHis" value="" ltime="3794447136" htime="31070709" /><item name="pcSpyLocalCache" value="{"group":"resLoadSlow","from":"index","ts":1700294721333,"info":[{"info":{"msg":"https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png","connectT":0,"domainLookupT":0,"duration":260030.15519999998,"requestT":0,"responseT":619989.2002,"startT":359959.045,"waitingT":-359959.045,"connectEnd":0,"requestStart":0,"fetchStart":35

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	49120
Entropy (8bit):	0.0017331682157558962
Encrypted:	false
SSDEEP:	3:Ztt:T
MD5:	0392ADA071EB68355BED625D8F9695F3
SHA1:	777253141235B6C6AC92E17E297A1482E82252CC
SHA-256:	B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
SHA-512:	EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FDKIT3IR.htm

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	921
Entropy (8bit):	5.811523019984101
Encrypted:	false
SSDEEP:	24:hYimPNcdU9A/9klRz7owIQcvvSSq2PK5j+Zq2PTNj50Y:kcMbLzJzjxQtmY
MD5:	F6F1CA717D82D9F442F1FD5CBA066961
SHA1:	E6FABF4410F95BB0665E6E5A4B98A69B290B17A7
SHA-256:	17B39E70DC1414D4380EAA4093BD55701F54CB71235A74319B60DF2CBAE7913C
SHA-512:	83FC72DEEDBCB95CD100DBEA4067DC68A7CDB81DA9432F132B3A81A9643862B39FC45A7DFE4D2D1067CF81513F1972495A260EBB8791B79B183469741B1DDED1
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8"/>.<title>..IP....156.146.49.168</title>.<link rel="canonical" href="http://www.ip138.com/" />.<style type="text/css">.body{margin:0;padding:0;}.p{margin: 0;line-height: 26px;font-size: 16px;}.</style>.</head>.<body>.<p align="center">...iP....[<a href="https://www.ip138.com/iplookup.php?ip=156.146.49.168&action=2" target="_blank">156.146.49.168</a> <a href="https://www.ipshudi.com/" target="_blank"><img src="https://6.ipchaxun.net/156.146.49.168.gif" border="0"/></a>] ........... .</p>.<br/>.<br/>.<br/>.<p align="center">.<a href="https://user.ip138.com/ip/" target="_blank"><font color="red">ip..api..</font>.1.1......</a>.</p>.<br/><br/>.<p align="center">.<a href="https://sdk.ip138.com/" target="_blank"><font color="green">..SDK</font>.2023....</a>.</p>.</body>.</html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\advert-064271ed9b[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (679)
Category:	dropped
Size (bytes):	4256
Entropy (8bit):	5.505598126962859
Encrypted:	false
SSDEEP:	48:aKVqq/DwOCVoDIL29Tr40YR6PjR2f8PtZHEaM54C4Aw5xUd61oV9EuTaQvbLyX5q:aKoxrQbEkPtZyP5XUAdP/ui
MD5:	064271ED9B70CBF13C1E7737B490408E
SHA1:	35C1ED5A44A4AD9A312CF06EF1060559CA62EC26
SHA-256:	19356784C8CCAED118396513B2C7E4981352470B6866A49AB378BE0488CD5FC0
SHA-512:	A361713D023FFACC5CC0E094CD9129CDABA57E521096F70C52D2BD51010B7A4CD78A6EC6804C9994C608739F6096FBB85325B6A2E55A3151BC7FA39D005CF5FD
Malicious:	false
Reputation:	low
Preview:	F.module("superman:components/advert",function(require,exports,ctx){var $davertWrap=$("#s_popup_advert");var data=bds.comm&&bds.comm.popUpAdvert;var timer=null;var fadeTime=600;var showStyle={transition:"all 0.5s","-webkit-transition":"all 0.5s","-moz-transition":"all 0.5s","-o-transition":"all 0.5s",transform:"scale(1)","-ms-transform":"scale(1)","-moz-transform":"scale(1)","-webkit-transform":"scale(1)","-o-transform":"scale(1)",opacity:1};var hideStyle={transition:"all 0.5s",."-webkit-transition":"all 0.5s","-moz-transition":"all 0.5s","-o-transition":"all 0.5s",transform:"scale(0)","-ms-transform":"scale(0)","-moz-transform":"scale(0)","-webkit-transform":"scale(0)","-o-transform":"scale(0)",opacity:0};var TAG=data.tag;var KEY_PREFIX="advert_";var KEY_SHOWTIMES=KEY_PREFIX+TAG;var KEY_CLOSEADVERT=KEY_SHOWTIMES+"_close";function initDom(){var countDownBg=data.countDownBg\|\|"rgba(251,251,251,0.8)";var replayBg=data.replayBg\|\|"rgba(216,216,216,0.15)".;var shrinkClass="advert-shrink adve

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\ai-search-box-entry-ea20fec552[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (318)
Category:	dropped
Size (bytes):	286094
Entropy (8bit):	3.4865693614261817
Encrypted:	false
SSDEEP:	6144:6a0JT9/lMLNd9sKvJ3vHrX2sMfhgaKfdX4AIMlF:6a0JT9/lMLNd9sKvJ3vHrX2sMfhgaKfp
MD5:	EA20FEC552336A16019EA4941114639C
SHA1:	B01470E1F42C24BAB0636BDADFC6AEC1C92EE73D
SHA-256:	EBA0622FC935D3376040A1AF96AE26E90B677C5C68A6C2D25EE82E4A37B645AE
SHA-512:	9E97882645DD8935A8CAC7CF17796EFAF075861C4161183F52286BF895F30B296D55BAD903285438038D8D8D8E6C968912FFA42CE41548224D6FAFB63E811EFA
Malicious:	false
Reputation:	low
Preview:	define('ai-search-box-entry', ['require'], function (require) {. return function (t) {. var e = {};. function n(i) {. if (e[i]). return e[i].exports;. var s = e[i] = {. i: i,. l: !1,. exports: {}. };. return t[i].call(s.exports, s, s.exports, n), s.l = !0, s.exports;. }. return n.m = t, n.c = e, n.d = function (t, e, i) {. n.o(t, e) \|\| Object.defineProperty(t, e, {. enumerable: !0,. get: i. });. }, n.r = function (t) {. 'undefined' != typeof Symbol && Symbol.toStringTag && Object.defineProperty(t, Symbol.toStringTag, { value: 'Module' }), Object.defineProperty(t, '__esModule', { value: !0 });. }, n.t = function (t, e) {. if (1 & e && (t = n(t)), 8 & e). return t;. if (4 & e && 'object' == typeof t && t && t.__esModule). return

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\content-info-12dbf9fb6d[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (500)
Category:	dropped
Size (bytes):	6451
Entropy (8bit):	5.151269431237994
Encrypted:	false
SSDEEP:	192:sF9Nmh5w/9GqXGFkO1pH4iOA8Z20lY5/ay4:sF92gvE/p43rKwy4
MD5:	12DBF9FB6D608609F31753654D61B30A
SHA1:	432EE3032501BB0830ADDF2AED05A936F8B1C093
SHA-256:	FD7678FC3006B4F158D4F05778F379CB8D7E7B614EAF5EDDDD2FFED00E400B0D
SHA-512:	C3B33F57FC2A79B3DC54792CF36221E968B873FC73911CDFF88198B066D6F3098A64B41DCFC40E83DDDB56ECBC19EFC8EA709712F12DD35144FA40820A374526
Malicious:	false
Reputation:	low
Preview:	define("superman/components/content-info",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.ContentInfo=void 0;function _classCallCheck(instance,Constructor){if(!(instance instanceof Constructor)){throw new TypeError("Cannot call a class as a function")}}function _defineProperties(target,props){for(var i=0;i<props.length;i++){var descriptor=props[i];descriptor.enumerable=descriptor.enumerable\|\|false.;descriptor.configurable=true;if("value"in descriptor)descriptor.writable=true;Object.defineProperty(target,descriptor.key,descriptor)}}function _createClass(Constructor,protoProps,staticProps){if(protoProps)_defineProperties(Constructor.prototype,protoProps);if(staticProps)_defineProperties(Constructor,staticProps);return Constructor}function _defineProperty(obj,key,value){if(key in obj){Object.defineProperty(obj,key,{value:value,enumerable:true,configurable:true,writable:true})}else{.obj[key]=value}return obj}v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\invoke-97e9694cb9[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (500)
Category:	dropped
Size (bytes):	3567
Entropy (8bit):	5.15536673282653
Encrypted:	false
SSDEEP:	48:FL9WHQNGbkf4EiyB6aJF9Mu6gf1fw73ll4QdjcwEx24jgYldG7sDbY4DzFyVRdYc:o+5agF9DU2J2a7vlM4NC83YCf6x
MD5:	97E9694CB9C9FF941D905A4D765F6937
SHA1:	503210B9DA9EEEE8FE9045722A4CC9A1A3275F6E
SHA-256:	1B9FEAB4627851071B3C459481831FC9F1CC8B745B11C7C35A70116147BB9810
SHA-512:	83986608756F87EEE2D3BE2EDB26F9C0CA965183A6338E60625E9CF5AD963F9FAC7F7FCB23309DC880BFA28C1D82D0B07A0A6D2AA075D6BC080FC1D36A6627F5
Malicious:	false
Preview:	define("superman/components/invoke",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.init=init;function _classCallCheck(instance,Constructor){if(!(instance instanceof Constructor)){throw new TypeError("Cannot call a class as a function")}}function _defineProperties(target,props){for(var i=0;i<props.length;i++){var descriptor=props[i];descriptor.enumerable=descriptor.enumerable\|\|false;descriptor.configurable=true;if(."value"in descriptor)descriptor.writable=true;Object.defineProperty(target,descriptor.key,descriptor)}}function _createClass(Constructor,protoProps,staticProps){if(protoProps)_defineProperties(Constructor.prototype,protoProps);if(staticProps)_defineProperties(Constructor,staticProps);return Constructor}function _defineProperty(obj,key,value){if(key in obj){Object.defineProperty(obj,key,{value:value,enumerable:true,configurable:true,writable:true})}else{obj[key]=value}return obj}.var InvokeServic

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lottie_ad9c879[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (1553)
Category:	dropped
Size (bytes):	281451
Entropy (8bit):	5.272371541237849
Encrypted:	false
SSDEEP:	3072:BMRylAwQz2kj+EzwNPSIoPaHvXQWrubsZ9UMWRcdXyH7:BtLkj+EzwNPSIoPaHvXVi5RS4
MD5:	AD9C879ABEEE53D70329B394DD30486F
SHA1:	76DED3C173BC236268BEAF0E04109B59E1F94D54
SHA-256:	DDA4CE67BA962A49238625419C7574B16C7B6379584EAA62B82D15634FCD26A2
SHA-512:	0E019347AF16D6A5DD791740A485B0EDA2C869D3D95D5E32DFDE2734B0B7F4AABC5BC6E5747AEBDB49BA86E87B1AEF7010DCA3CA82E1CE1FFEE6F92FF3836889
Malicious:	false
Preview:	"undefined"!=typeof navigator&&function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("lottie-web",[],e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self,t.lottie=e())}(this,function(){"use strict";function createTag(t){return document.createElement(t)}function extendPrototype(t,e){var r,i,s=t.length;for(r=0;s>r;r+=1){i=t[r].prototype;for(var a in i)Object.prototype.hasOwnProperty.call(i,a)&&(e.prototype[a]=i[a])}}function getDescriptor(t,e){return Object.getOwnPropertyDescriptor(t,e).}function createProxyFunction(t){function e(){}return e.prototype=t,e}function createSizedArray(t){return Array.apply(null,{length:t})}function _typeof$6(t){"@babel/helpers - typeof";return(_typeof$6="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t})(t)}function ProjectInterfac

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newjiankang-f03b804b4b[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2746
Entropy (8bit):	7.863005005976925
Encrypted:	false
SSDEEP:	48:1nNUmfi5N3luiEKmZdXuh+LD4A7HyIO8cDZgFZq2SrDvi8mm+Ya:1n2mfkYfrZ9xLUiSIObe9SrDvXC
MD5:	F03B804B4BFB627D871D88C47D53913F
SHA1:	DD0380C72A85E732DBDA718DFE672603C9AA1AA1
SHA-256:	58D230E3F23C1A31EE8C8CE64FCA8EC67F7C560B4C56B1DD8FE18BE2B0192631
SHA-512:	ACF31AF4D83CD40299F9C1ECEC555706E625707904BDD079D9CA2DD388C58DE5ACB965DF79354143061FEBD28292689CCD42CE935A913A9143256170D7340644
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H....$IDATx..Zkl\G.....k{.;....I..I..R..W#UU.B......!QD.....U..?@E.B..."...!....MUE...7uU..&.I....c{.\|.9s.{..^..]o.d=w..s...wff.&.J.,.XV..A...0L....p..>#\|F..p".3...F.....D.g........3....'....3....._..O..[V...R\...+@..i....>?..VU(tGee........kj..P_.....r.K'.h:$...$v......H...B.B..3t....H..m..[.E...' .'Nf.j./...(D..!M...\|..E\|.,w....D?........."Q..Rf.>..._X&`.+rb...(...lSl...1Ts.....XXx...C...35AIi.W ..F...@x.L..L<..q%\|jN}...!.G.+..3.}.../.v#. :E...!.L?%.E..aGjQ.@.r.iK. .a0.-.....h...6hD.B.Vb........Y1+o@.9.4.K.&..i..fz...}..3.m.M-.0f[...].?.L~..+.F?...s...}.......P..1...x.&.H..Y:G.C.`.JGX.A...g...(V.t..'d...8e.`pw.z....8.3<....o.....1.P..$...U.aF.....Q.;.o....7 .m.7.H8oY...^8.Y.S.Tjba...K.N'.0...1.&...!.~_w{.........Sjd.Ege.d.3.=S+G;...+*.....>..}.=..f.J..\.V....$...x.B....t.8.]......g..n...t.k(....cg.................9...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newzhibo-a6a0831ecd[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4085
Entropy (8bit):	7.925373772243591
Encrypted:	false
SSDEEP:	96:1nk8POydIDRiMV0Gva+ddXdJztYk5Yl7kkvcgmvJquw:sy+DRiMnvJ/tVYHMK
MD5:	A6A0831ECD5FDF11B86C9AE6EA945E65
SHA1:	FBA2C5E03C08835A45F50D955FCA6029064FB690
SHA-256:	382F836892F0F4FBE80511D48E87DDF49E21FD85B824EF85D2716E97EDD3E9C4
SHA-512:	EE9F3179E7B48028E4981C3748734F27B958CABFD2A7E8D9D6B141D0E4D17141DD3340BA2BDDE3F798BE12D24B24B9342B7F83A97C3ABDAF5B09B1DE6C46642B
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H...._IDATx..Z...Y....:...h...8..681.b.\.R.J.(..U._...o..y...T.......<.".P.d%..c..f4.Y...w.n..~...=..X......S]}O.>}.\|...-..e.....HA..H.h3!."...)..H..2......x.>"eD.n.RFt.....)#..H..G.#.xX.<.WA.P...Wo..{.P.{\|.../.'..e.....o.y..]........>Q@..]s...+..../.O,.R .?.z.}oV].c.Z6...d..5..MV..P.f../:_}...`..FP.......6~r.\.X.4.H.JX..3k. ..\|.`........12{wyO..~...^PW..7....l.....e.=<.".V.4.#v...o.....n...I..!.V.)y?.g.=k...0..<m.Z..!....b...`Y...%q..B.....-.o..wVsuO....7.z.P...T.?FE_.M.3..jPk....NQ......!.oz.\|...u...5.n.<.E...#9Q......s!n.}.....l=\....D=>....~......K..=..r.......t,..Q.U..........@..2_8Nv<T....D...........Ff.)...W.Z\|!v.B..HB..8.....LJ.^.=\S.bL.H<a bPw....qy..j6$.Q.....ah......r..WvqA.....8.....Z!d...'....wW..uu..[.ncNa......F.....C...ww..t...@.Y......Dc...-..../......T.....}.bl6...-.&y..![..:...............Jd....x?...3.hy

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nu_instant_search_62c9c51[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (4622)
Category:	dropped
Size (bytes):	24747
Entropy (8bit):	5.548048811426169
Encrypted:	false
SSDEEP:	384:K2E/6qrdxhYoFhYBoElabaXMbiqR1vESz7lShr:Kh/7dUozYB18PS5
MD5:	62C9C513BDE8D5CE8F8DC0192901261F
SHA1:	94287A92071142FFB5F21704246E5FD73CBE7796
SHA-256:	14143F986E767D00D03CC278C1EBAB774D9F11E0CA2CEA1A79069EA3376A8D11
SHA-512:	19052CC4C4556C99D56B57C8D5896FD2A16771D7C5343B2016BFB8AB0467D1555724C09E939EC27BBFF2D989FE5A4E70F2C6F218EB4EC20072F5EDE2A771836A
Malicious:	false
Preview:	function toast(e){var s='<div class="toast-for-result"><span></span></div>';$("body").append(s),$(".toast-for-result").fadeIn(300).find("span").text(e),setTimeout(function(){$(".toast-for-result").fadeOut(300),$(".toast-for-result").remove()},2e3)}$(function(){function e(e){var s=new RegExp("^\\s+\|\\s+$"),t=$("#kw").val().replace(s,"");ns_c({fm:"behs",tab:e,query:encodeURIComponent(t),un:encodeURIComponent(bds.comm.user\|\|"")})}function s(e,s){var t,a=S;e.mouseover(function(){s.show(),u&&u.hide(),n(I),t&&(clearTimeout(t),t=!1).}),e.mouseout(function(){t&&(clearTimeout(t),t=!1),t=setTimeout(function(){s.hide()},a)}),s.mouseover(function(){u&&u.hide(),n(I),t&&(clearTimeout(t),t=!1)}),s.mouseout(function(){t&&(clearTimeout(t),t=!1),t=setTimeout(function(){s.hide()},a)})}function t(){return bds.comm&&bds.comm.ishome&&bds.comm.sIndex}function n(){I&&clearTimeout(I),T&&clearTimeout(T),y&&clearTimeout(y)}function a(e,s){var t=56;t+=bds.comm.username?$("#s-top-username").width():$("#s-top-login

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\peak-result[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 404 x 132, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	7707
Entropy (8bit):	7.913591496975338
Encrypted:	false
SSDEEP:	192:NiTvI+Oa+mwj9o5ZaAEbufq08hBUndKV4jJJ:NiLHpnaAJq08hB0Hjf
MD5:	17079C6AA820DC5400F39DEAF09573DA
SHA1:	3260F2B87C0079A5C7C0D332EFA05627E51B8E20
SHA-256:	EF5567584E1F1B541B76BCDAD11CC1A151EA9392F39803775C26371650375447
SHA-512:	716EE27B422C5015E2AF92DEC2FF27E497C00B8D210E5F6829934550AE63DB758213FDF61E2746FF38CB0E9A2E029FAE06EF0AD575949EC275C8496BD1A133EF
Malicious:	false
Preview:	.PNG........IHDR..............d.....tEXtSoftware.Adobe ImageReadyq.e<...%iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:709387F9E92511EA8F22E951255463F7" xmpMM:DocumentID="xmp.did:709387FAE92511EA8F22E951255463F7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:709387F7E92511EA8F22E951255463F7" stRef:documentID="xmp.did:709387F8E92511EA8F22E951255463F7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>+.......IDATx.........J...a.(`.5.bC...{..5.b.Qc..Y.5......{/...K4.. FED..D..fA.\|.w.}.+...........=.yL.......9sJ...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\polyfill_9354efa[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1053)
Category:	dropped
Size (bytes):	41984
Entropy (8bit):	5.367959391693683
Encrypted:	false
SSDEEP:	768:VNDDy7vIfSEqrF6TuSkLFcyM1Ywnf9jftQBl0/uyZwACPVD:bvybkSEq1zG1YgjftWl0/uyZbcD
MD5:	9354EFAD5C9F5519F606C3C39434B9EC
SHA1:	29F1C62B0B8B4DD8344E028AE8AFB3F52FECDFBC
SHA-256:	D8367DDE9AF087C48A1552CEB2E92311B409E9FDB4C245285188E92F1D372632
SHA-512:	C6150F0AC6F8B8C1CDE94FBA1B2836F8C60FEF9F994991DF2651E089480C314BAC99210BDBB9C4DDC835D6C726DF638C11423759E78AA4A76D4D1CE420230598
Malicious:	false
Preview:	!function(){var t,e,r=Array,n=r.prototype,o=Object,i=o.prototype,a=Function,u=a.prototype,s=String,f=s.prototype,c=Number,l=c.prototype,h=n.slice,p=n.splice,g=n.push,d=n.unshift,y=n.concat,v=n.join,b=u.call,m=u.apply,w=Math.max,T=Math.min,j=i.toString,D="function"==typeof Symbol&&"symbol"==typeof Symbol.toStringTag,O=Function.prototype.toString,S=/^\sclass /,x=function(t){try{var e=O.call(t),r=e.replace(/\/\/.\n/g,""),n=r.replace(/\/\[.\s\S]\*\//g,""),o=n.replace(/\n/gm," ").replace(/ {2}/g," ");.return S.test(o)}catch(i){return!1}},E=function(t){try{return x(t)?!1:(O.call(t),!0)}catch(e){return!1}},M="[object Function]",I="[object GeneratorFunction]",t=function(t){if(!t)return!1;if("function"!=typeof t&&"object"!=typeof t)return!1;if(D)return E(t);if(x(t))return!1;var e=j.call(t);return e===M\|\|e===I},$=RegExp.prototype.exec,U=function(t){try{return $.call(t),!0}catch(e){return!1}},F="[object RegExp]";e=function(t){return"object"!=typeof t?!1:D?U(t):j.call(t)===F};var P,N=String.pr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\result@2[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 404 x 132, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12802
Entropy (8bit):	7.9775089394871195
Encrypted:	false
SSDEEP:	384:krjHfQi+q52GYTH+VLIT1O5sfCQgF/yG3ZVAFFzt:kjH4i+/9E5MI/1JVu
MD5:	25768C84CCAFA2F700D74446E64978F4
SHA1:	BACE9F44F9A2609B57A0A64766111A80B14019D1
SHA-256:	1868167D3777607F62A02A2384A35B95B736C06C5B909421CD5BAE5842B2428C
SHA-512:	DEE72E30AF120941AB0EA82EC5380EC5B7CC13FCD8670351940FFA17FCF34ECC4933EB04482E1B8BA60886A23021C401D8DB10D4E39FDBA3B93F4F90A3CA908B
Malicious:	false
Preview:	.PNG........IHDR..............d.....sRGB.......1.IDATx..].\|....of....#......n.Q....h..Z.........l..Z.z..C....@. G.V..n8.$$!{..w......3.=.\|.....z.}..~."._....G.#....p.8.....G.#....p.8.....G.#....p.8.....G.#....p.8.....G.#....p.8....@.#@..\|.x9...._..r... .0..T..$....}k..mN5...mu5...9.p..%I.../..ee.../.R.m..8.V".....r.#0gNcQs0.=...#G.S..}.........-..0..i..L.f..#...l.=...B....\|....q.2...P2.q{..(.R.>n.e..t'.}.d.(.?.].~Y.To.....0.I8.c..R....3.}.;..v>N..H?..CI.g.-RA`......GP._.B.?..7.x..O./.\|..l&......y......vA.Q...s&.@. ..J.<.n.v..,`.....+9I;WlJ.....q_.;W{j.T.."..&.v.X...Fms7..,V.O...;.......u#PY..~.[..;.;1./.%..j..5.\|...E..F\Fe....6.q.W...;..q.......#......63..Rj.....#.,\.D8.'.s&..ltD...7....y8....w(..>......%7hf.N......,.,..u[\|?.3...O....&.n.YQV5.<.#....$..gN..UUL ,..}KZ....0...=e....).7...E+..3.s...s.LD.;....A..7}g..~.5.;.2..X..v}.......UzN.......~E.;.~..+...I.3....9.^Q..F..d]...O.....;...Cu.pR.@."..J....!0a.o.BK....GX.F..E.J..V.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\result[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 202 x 66, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6617
Entropy (8bit):	7.961654715497248
Encrypted:	false
SSDEEP:	192:v/ECalepd7UEuagpUtRVpZ6oSJWme7VJ07qAwHiOyM3xSvTm7:3aopdvxI6RVpcoaWBL1AwHi/Tu
MD5:	6C825ED7EA4CD25657288AB4F7D0227F
SHA1:	159D18C3AE69681973E81BDB0A7E0E786B2EC310
SHA-256:	CCA2EF55292662C7224F99F750F8E651D1E9B73DA299E8FEC6C741C1390C5F9C
SHA-512:	5DE810FFB2E1908A3A63AF6BAD3333DA45DF83EBE18D463A8A858C91A319B1B11401EA3E899E6EA1106B134E74BC7593A6878DF0CEDCC11130D2E96159138261
Malicious:	false
Preview:	.PNG........IHDR.......B.......I.....sRGB.........IDATx..].\|T...w..E...!..."Y.J..hE.....b....U..G...V....H..Y...Y..ZE..l....'...I.QE.....!_.u...Mv.w...nv..;?.s.33...s.c...-.[...l....%`K....I..P>'u6.1Z.3q..k..k....@b\|...55u..c..i..R6\|.4.%`+.u..Nq.y.....(..G#/.'...Q.g.6...0..........2r.#.,...@....G(...y...(y..'.6.........@.....+........l##.t]:J_.$..44T....aI..........'Q.....<.B.....(..Q...O... ..`....O....O~.Y..h..j.B........j..0e#.j.RaP..j......xn$`+Jn..2.....6I...R.a...Qn......^..o.'.a.m..CxZI.....U..M.58....l........f#...4.<N.4.}.....fsci....25)j.U....<....V..~...Z=..b.%....W.W}.&.M.%.oF..hl.u..>...v.d.D."......W=.^...V.PJ....$`+.99...%A..M%.$/'..C.....ZF.V....%M.....${@Q.8..)<G._.(....)...=....K.V.c.X.B.!B..JB.UjEaN..*;...Th...lE1%&sD...Q..M...f[.^.h.x`.....\|.a..4+.[Q.J.<...I.(a.<..f.+UG`.oK...)v%...7...YI..U..8......T.#U.&}.a.... ..i....0'&.D...&-..12O.....7..W....:.u\HQ&EE.nz....+...K k/M:..7...p6..W.J....@.CI7l.'.%%w..T.....^`."

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sbase-65630eb62e[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	58938
Entropy (8bit):	5.390521318221495
Encrypted:	false
SSDEEP:	768:i5U1hugyH+VxdJGn9BdsT/YDdzIvdgLyKszmxc9btEd0b8CXIQP6ts+Mw6gssUkh:i5o69BdsgfgzB8giz6UoX8xawHngQH
MD5:	65630EB62E65C7568DE102AAB426584E
SHA1:	1882FE415C7BEF3771D8BB1E9302664DE46622C9
SHA-256:	BFB8AC065E7C01C74BD37A32612E20C20442BC2EC3F4A26CBEA8D72519D808D5
SHA-512:	E41A1D46FDF590E3D13379FEF39C6FEC92D6A698A824D09275231E87A37363664959FA18226E41340C5AB83EC6451BD16E659D718D9130DFE2F1FEAAB2196988
Malicious:	false
Preview:	define("superman/lib/event",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.fire=fire;_exports.on=on;_exports.un=un;function fire(modName,evtName,evtArgs){F.use("superman:lib/mod_evt",function(evt){evt.fire(modName,evtName,evtArgs)})}function on(modName,evtName,handler){F.use("superman:lib/mod_evt",function(evt){evt.on(modName,evtName,handler)})}function un(modName,evtName,handler){F.use("superman:lib/mod_evt",.function(evt){evt.un(modName,evtName,handler)})}});.define("superman/lib/extract_data",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.extractData=extractData;function extractData(key){var el=document.getElementById(key);var res={};if(el){try{res=JSON.parse(el.innerHTML)}catch(e){console.error(e)}}else{console.warn("".concat(key," NOT FOUND"))}return res}});.define("superman/lib/commonUtils",["require","exports"],functi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\tips-e2ceadd14d[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (500)
Category:	dropped
Size (bytes):	564
Entropy (8bit):	5.051821460428066
Encrypted:	false
SSDEEP:	12:07Vgy7OGzGJiyo48V9ymFs2N6d2xzRCXGOTAdFcGTBy3w9ENs+w8eGizG1UKVB:0v7OGqDo4A9ymFsjd2pYXGOcEGlygeWk
MD5:	E2CEADD14D8E3FB1106E48AC89843760
SHA1:	2EC737233A3DF71D4D91476EF19D8DFC362EBD79
SHA-256:	3E4CCD740747E6805F9EFE89C3803697E9E867578DDDD215437FECEDAA8E625F
SHA-512:	03DC292CED672A7F4E999B8907474C338593D136481B8641EEF2310B5630C0DB0FE67ADA90ECE016088B68381E8F0E1EB9D3265E65337AD3858D2AD1F6A0FA7B
Malicious:	false
Preview:	F.addLog("superman:components/tips",["tipsClick","activityClick"]);F.module("superman:components/tips",function(require,exports,ctx){function init(){var $lmLink=$("#lm-new a");var activity=$("#bottom_layer .activity");if($lmLink.size()>0){$lmLink.on("mousedown",function(e){var $curLink=$(e.currentTarget);ctx.fire("tipsClick",{showType:$curLink.data("dataType"),clkText:$curLink.text(),clkImgUrl:$curLink.find("img").attr("src")})})}if(activity.length>0){activity.on("mousedown",function(){ctx.fire(."activityClick",{clickType:"activity"})})}}exports.init=init});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\IKR5FVEW.htm

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Category:	dropped
Size (bytes):	21290
Entropy (8bit):	5.783042543166375
Encrypted:	false
SSDEEP:	192:JHIIqSfA68vnfW43GO9xhvPcBQYt8gZySxqI+ihF:JII7wd/vPcBQRgssv+ihF
MD5:	865216ECE7B0113F2B3EF92C9BD9FC25
SHA1:	F0621889961EBEA0C0E7734C8D699BF396EC189A
SHA-256:	AB6B2F3388336AC0508EB2A7C475CB8900E67141B4982F69DCFA2023269CAE3D
SHA-512:	2D0A35E9697DDA03C31DDD0892B83B7D4E5BD10975239EA7C80991CA970F6B3B71C9BCBCCE9AB3830388D08728A683B30B888F9DD70DF55FEBA158C706EC8CC7
Malicious:	false
Preview:	....<!DOCTYPE html>..<html>..<head>..<meta charset='utf-8'>..<meta name="robots" content="all"/>..<meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/>..<meta name="applicable-device" content="pc,mobile"/>..<meta http-equiv="Cache-Control" content="no-transform"/>..<meta name="apple-mobile-web-app-capable" content="yes"/>..<meta name="apple-mobile-web-app-status-bar-style" content="black"/>..<meta http-equiv="mobile-agent" content="format=html5; url=https://m.ip138.com/"/>..<title>iP....--......... \| ...... \| iP....... \| ............</title>..<meta name="keywords" content="ip,ip..,ip....,ip138,.ip,..ip,..ip,ip....."/>..<meta name="description" content="..ip......."/>..<link rel="canonical" href="https://www.ip138.com/"/>..<link rel="alternate" media="only screen and (max-width: 640px)" hre

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\PCfb_5bf082d29588c07f842ccde3f97243ea[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 540 x 258, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24774
Entropy (8bit):	7.8977443148518525
Encrypted:	false
SSDEEP:	768:7gv41RZkLaEspIxaFl5gGoYQS3k3g3/nf:8QZ4aDpIxaF150wPf
MD5:	5BF082D29588C07F842CCDE3F97243EA
SHA1:	85EB806F298D3E7EAA3D6E54682EF4E703F76949
SHA-256:	15B942249848D901938A69E03A3D44961E91C8311D7A8F1CA34FC9AFA6366B22
SHA-512:	37A093A20C3FB0361690EC3172E1B96D558AEFF826A04C7CA6CCD67A3757BF05502EAFED5D1E7D844CFD76F7AD796939D1D720092CB936C4F17CA5AE9CAE8E48
Malicious:	false
Preview:	.PNG........IHDR.....................sRGB.......@.IDATx..........."UPT.........%b.D.%F...\|....c.1j..h.....k.`.{C..6T@.....<.y..r..{.=..g~.93.;..Nywvv..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\aging-tools-35648b2e67[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (498)
Category:	dropped
Size (bytes):	6505
Entropy (8bit):	5.184082362813397
Encrypted:	false
SSDEEP:	96:10LM6osUTrO8VlEbayC+5UgV9QlC/cbT2WoScEr3CU5AmpJNQ3yY:q46osU/lEhV9Qaw3CU5AQJNQV
MD5:	35648B2E672F9CA11C70BABC2ED0D6DB
SHA1:	879536B3107FAB2FE806B88C5CC46E9A4D7C5E7B
SHA-256:	63874C072E2BD44E7AB070056D46775936CC7E7B044787F9A9328C705DCC3C3A
SHA-512:	CA7CC997C9EA8AC1DE9F066820FCC6E1B2441750ED7922F3C094DAB2EFDA8D62CC4974FE06DE3CA9AED8159CF7CE6DFC43A493ED040FB4C8E10979B237837A6E
Malicious:	false
Preview:	function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj}}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor===Symbol&&obj!==Symbol.prototype?"symbol":typeof obj}}return _typeof(obj)}define("superman/components/aging-tools",["require","exports","@baidu/aging-tools-pc","superman/lib/event"],function(require,_exports,AgingTool,_event){"use strict".;Object.defineProperty(_exports,"__esModule",{value:true});_exports.Tools=void 0;AgingTool=_interopRequireWildcard(AgingTool);function _getRequireWildcardCache(){if(typeof WeakMap!=="function")return null;var cache=new WeakMap;_getRequireWildcardCache=function _getRequireWildcardCache(){return cache};return cache}function _interopRequireWildcard(obj){if(obj&&obj.__esModule){return obj}if(obj===null\|\|_typeof(obj)!=="object"&&typeof obj!=="function"){return{"default":obj}}.var cache=_getRequireWildcardCa

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\bzPopper_7bc4f0e[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (6522)
Category:	dropped
Size (bytes):	92487
Entropy (8bit):	5.631327751978014
Encrypted:	false
SSDEEP:	1536:kAcPQ1AAvgjHtoY/oNnmXYJ3tgLCmcf3ltJPSxQNyvDeEYf7O/2SAcjRaxzlOm:HJf3PJBN0Zar
MD5:	7BC4F0ED3CC6D9C8638DE8892A06EA63
SHA1:	23E629ACFFB988ED79C891E78F6DB2719AFE5D6D
SHA-256:	21D86005224F4431EF470FC8FE9B0438ED64613428D6BBA06D01A8762E341BE1
SHA-512:	C23073D5CDA71DFA8FBDAC43B5A3DEEF28AC8E26EEB2EC608C375994F2C62B06E060AD92FBE7B8BE312E1CBEF2F4B9BC948C562EF2F455F44003573173B7B20F
Malicious:	false
Preview:	define("plugins/bzPopper",["require"],function(){function e(e){return e}function t(e,t){return t={exports:{}},e(t,t.exports),t.exports}function n(e){"@babel/helpers - typeof";return(n="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function r(e){"@babel/helpers - typeof";return(r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e.}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function o(e){"@babel/helpers - typeof";return(o="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function i(e){"@babel/helpers - typeof";return(i="function"==typeof Symbol&&"symbol"==typeof Symbol

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\es6-polyfill_388d059[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1182)
Category:	dropped
Size (bytes):	74476
Entropy (8bit):	5.367962493773159
Encrypted:	false
SSDEEP:	768:aXC0VNelpshpoCsNSA2NVNah6SzqJmNeah5GG9t3IByY/hQ1+haRA7/Dvt3BI2:cpmUNaER4Nem9f3fYh7/x3r
MD5:	388D059DFFA87621761C31CED2935CA4
SHA1:	997D0214DA5C397E440B67934FD94C53248E51FE
SHA-256:	7E5D30B3A8DBE644998B4722BD96B7F7F23C9F403B045F61C0566AD5A133C566
SHA-512:	347A9F2B2E8AF186AE4EBD774EBA976D40B68A0642575AEB2CCA2E39DE28106F438CF3D7409A879D474B5C3B91A36F003A22855C230EF2E715E420949D75E81B
Malicious:	false
Preview:	!function(e,n){"object"==typeof exports&&"undefined"!=typeof module?n():"function"==typeof define&&define.amd?define(n):n()}(this,function(){"use strict";function e(){}function n(e,n){return function(){e.apply(n,arguments)}}function t(e){if(!(this instanceof t))throw new TypeError("Promises must be constructed via new");if("function"!=typeof e)throw new TypeError("not a function");this._state=0,this._handled=!1,this._value=void 0,this._deferreds=[],c(e,this)}function o(e,n){for(;3===e._state;)e=e._value;.return 0===e._state?void e._deferreds.push(n):(e._handled=!0,void t._immediateFn(function(){var t=1===e._state?n.onFulfilled:n.onRejected;if(null===t)return void(1===e._state?r:i)(n.promise,e._value);var o;try{o=t(e._value)}catch(f){return void i(n.promise,f)}r(n.promise,o)}))}function r(e,o){try{if(o===e)throw new TypeError("A promise cannot be resolved with itself.");if(o&&("object"==typeof o\|\|"function"==typeof o)){var r=o.then;if(o instanceof t)return e._state=3,e._value=o,void f(e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\h[1].gif

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	3.0950611313667666
Encrypted:	false
SSDEEP:	3:CUMllRPQEsJ9pse:Gl3QEsJLse
MD5:	AD4B0F606E0F8465BC4C4C170B37E1A3
SHA1:	50B30FD5F87C85FE5CBA2635CB83316CA71250D7
SHA-256:	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
SHA-512:	EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
Malicious:	false
Preview:	GIF89a.............!.......,...........L..;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\lib_1_0[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (26045)
Category:	dropped
Size (bytes):	49594
Entropy (8bit):	5.6634739275993
Encrypted:	false
SSDEEP:	1536:1z80BLhpVnWJ1tJlwkwump17ItLsIixt7XnXhT:XxEJ6rKrSdh
MD5:	D822911FBE1473D8DB2158AB490FB690
SHA1:	822B8DA39CB69751F1F3B067DAEDB3CA71F92E46
SHA-256:	B0E7223E7415AFC0B6E29FD6F3AA8B15EAF07176C13CAA4F321413AF55058EBD
SHA-512:	E6DBB176A490E0D899E9EEA6B3A64311DE6CAB6F3A542E198275D5F4BFE3165F93D1468329F87E0DDF8BAC4F8A0DC36D982D4F2172D9354EC2CD1FC9588CFD8E
Malicious:	false
Preview:	var fpLib = {};.(function(){if(!PluginDetect)var PluginDetect={getNum:function(b,c){if(!this.num(b))return null;var a;if(typeof c=="undefined")a=/[\d][\d\.\_,-]/.exec(b);else a=(new RegExp(c)).exec(b);return a?a[0].replace(/[\.\_-]/g,","):null},hasMimeType:function(c){if(PluginDetect.isIE)return null;var b,a,d,e=c.constructor==String?[c]:c;for(d=0;d<e.length;d++){b=navigator.mimeTypes[e[d]];if(b&&b.enabledPlugin){a=b.enabledPlugin;if(a.name\|\|a.description)return b}}return null},findNavPlugin:function(g,d){var a=.g.constructor==String?g:g.join("."),e=d===false?"":"\\d",b,c=new RegExp(a+"."+e+"\|"+e+"."+a,"i"),f=navigator.plugins;for(b=0;b<f.length;b++)if(c.test(f[b].description)\|\|c.test(f[b].name))return f[b];return null},AXO:window.ActiveXObject,getAXO:function(b,a){var f=null,d,c=false;try{f=new this.AXO(b);c=true}catch(d){}if(typeof a!="undefined"){delete f;return c}return f},num:function(a){return typeof a!="string"?false:/\d/.test(a)},compareNums:function(g,e){var d=this,c,b,a,f

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\newzhidao-da1cf444b0[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2315
Entropy (8bit):	7.8207152590145
Encrypted:	false
SSDEEP:	48:1n0BLOxqnxVXDkeZDzQjx+LudAd9b521ZXRF9er7yPzAmPb+E9+ZTqk/bz:1n0xTnznHQFAucKt8MzTyHVxbz
MD5:	DA1CF444B022EB5CB48F651F7E104070
SHA1:	6A4D2CD500990AC04972ECCDD9E096D6BB7437C6
SHA-256:	D0B65B0566367C5326718EA732A898FA180A1F23C517D225EAFD53EA263AE01B
SHA-512:	70EA29DFFF0544742743D532B4A2930EE2ADE5F258AB9627ADE5B340D0489C8928F4E5A4C889441A540B8C7401B1A506F746F8BF81DB67C518BBF0A0A0A5BF1D
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H....uIDATx..ZypSE..}5M.3mJi..r...f..c....#......."..LEd`t.Q.e`..)..(r..A...X....WH..I.$~....ew_.....ow.k......4..H.?.D&..D@..=.D D .IA..1".`# F...1G..!F...1".x.9B..1"......C...x(..u..x.u.Zk...K...om.{...N...L...25O.>H..G.%.o.H..R.O.?.r.T.._]Wn..c"...G.zMJ,......!........2..9.P.dy...g'..5.1.. 8..cgc.}.-tn.=......Cb.^.....e.......bV&...'..>g......Gu.[.m...q..%......I.0G..w........p.......4K'U...G..........:.t.U..E.rC..D.@..a.eO<Q...l.]q..+...." ....B......US.;.........`......A..U..RevS..$R..pC...m.;.n.._..d._..r"{...2..G....R.YX_.\7.4.;.\.Q..G$............>Yz.....j.......2...c...N.].rs....F..(O(.}-A.."j./..eD(.../.....>X.cW.y.t.i<.5o....w.I..-o...:..i.B".5.n...r:.r.....L...i.<....<...(....x[..Q;.0.8_..4.hhs.l<.........~.F...R....7..q..~..Q..Q.s...............EH.^I..i.....hr..H.`...dz...T.m.r."..-.(MD.j..G...Te.(T..^

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qrcode-0e4b67354f[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	2068
Entropy (8bit):	5.239085499472425
Encrypted:	false
SSDEEP:	48:RiZV/2BmAVyuuY6iBbPjDjQyHCW0/0gah+yo6Ld:RiZ5qmEyuuYvjmWci9Ld
MD5:	0E4B67354FFF9B6D750438C9499673C5
SHA1:	2EE2DC3C35A91835192DD5467DEF1118913BF056
SHA-256:	669D458EDF5C4BF191E54616ECFEB50348E1245567C21DC50143E91918A04E6B
SHA-512:	2C853265218A1D43864B8968D391A572C4898997E95E671C7D048B69A7F20B619923A43E7BE214735BDEFE15B76E75142FA58E808A976759101F514DF42D24EF
Malicious:	false
Preview:	F.module("superman:components/qrcode",function(require,exports,ctx){var login1;var $qrcodeWrapper=$("#s_qrcode_nologin");var $qrTooltip=$(".qrcode-tooltip");var called=false;function loadScript(cb){$.getScript(location.protocol+"//passport.baidu.com/passApi/js/wrapper.js?cdnversion="+(new Date).getTime(),function(){cb&&cb()})}function hoverHandler(){if(called){$qrTooltip.hide();called=false;return}ctx.fire("qrcodehover");called=true;$qrTooltip.show();if($(".qrcode-tooltip").children().length>2){.return}loadScript(function(){passport.use("login",{tangram:true,loginVersion:"v5",defaultCss:true},function(magic){login1=new magic.passport.login({product:"mn",loginType:1,qrcodeLogin:1,hasRegUrl:false,autosuggest:false,hasPlaceholder:false,u:window.document.location.href,staticPage:window.location.protocol+"//www.baidu.com/cache/user/html/v3Jump.html"});window.mmm=login1;login1.on("loginSuccess",function(evt){evt.returnValue=false;ctx.fire("qrcodeloginsuccess");setTimeout(function(){.window.d

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qrcode-hover@2x-f9b106a848[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	7.664961416654295
Encrypted:	false
SSDEEP:	24:qh/sJ40kkN1YDU8LRjMPAr0JSvum8PGBP2v8dzhx902af9:qh/mqS1b8tjDroZd89/m9
MD5:	F9B106A84823022DBC97874B6E2A2786
SHA1:	4E45221781A912AC1DEEC4CD7DCBE48080CEED26
SHA-256:	D451F415A843BD24E506EC0B9D5BC5AF47BABF13703EC3001B4CBF373DFF4544
SHA-512:	C5299966D7757DEAA4A285C41AB32484786723B6B9AFF5C9D1739E07F68173A8D89368080B8976221CE9328473AE4892AFC27FA9975FC902E5DCE4F3C96C1A00
Malicious:	false
Preview:	.PNG........IHDR...0...0..... .......sRGB........DeXIfMM........i.......................................0...........0.....7l....oIDATh..Y;S.A...[.= .HKCc3S....3....CR.P..?!...+5....Wf...w7.7.=.7./.-...nz..ytO?f. .x..V..u.......ye........;0...c....Z?~...x8.g\|Z..4O..0m[0[.'.`D...:....~..Gk.3Yx....Y.wy,Km...i.!.Y{..c.....K .YP.@...)..5..[..q..)...........g..)......j..D`(=8.\|Y^?...<.y<.9........%...rt.?6..^.J.u.U.=R.:pc...Vi......g<.9....7.....=g..r.[.3.fD.g.>.m.s....._0.........8o.D..HNJU.'..mY.g"....<[.j..,....7{..&..z...g.?i=...2vg...U...CS.......'...h`..X........e ;^.%m.5Q[...x..`.........kf......h.Vw.y....;.....N.$...n...\.sq.&..h...5Y5.n...,..4..TA....m^@....-..L....N..s5f.wl'!........di..8.M...Q..\.....!...q...&.y...G...(.....;N..K.'+..[.....Kf^..H...9K...j..8.....HF.l..c.4.....b..I..5mK.g..\hp.)OYYB....2."7.<%....P9I..iQ....Q.%- 5Y[..@m.s..W....6.\|..{..>.d#.n.+T:.2.P..W.i.kI...R.:.d.W....4?H.).tG.....:....D...O.)..Z&....n...n.=.%.yn+1U.W...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\qrcode@2x-daf987ad02[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1265
Entropy (8bit):	7.706925263725265
Encrypted:	false
SSDEEP:	24:qh/i5jSxy+nQryeYpq2ALI1+cOU0XlkycR+Qs71Iiq1v53jsh6rs8Stk:qh/i5jSxyIQrrYwLzk3Fsl2v5oCik
MD5:	DAF987AD02F4984C4E7FCFE42617B171
SHA1:	4A462DE8D070E214629425CD0F7A61C9F2F9C9F3
SHA-256:	1E0D2B1E749C3458897D0492D0D126EB4C1698E2798CF1FA1C63E9E9C5341B4B
SHA-512:	E0ACC1F1E1150EC11FF85712CE3E896BCB7068E4B322CAC7F11A2CE03D5FA94AED5EF930E69212F7D4212A9AC76242EA7CDC6E0F9AB421E7F77A6D31F0E173F9
Malicious:	false
Preview:	.PNG........IHDR...0...0..... .......sRGB........DeXIfMM.*.......i.......................................0...........0.....7l....[IDATh..Y.r.1...(.C..!1.)...`.\|a...C..]g..\G.........+sn...4.f{..Xo..5..J.~:..F6..X..z?]b^..=>....1v..=..'...D...{.P{...p..&K.%..{.........p.3..B>.}q..D2/Ws}.~H#....g...T.#..A^Y...C......U..E..n....OqJK/z.......z..Z.4....;..kI..:.p.V763A..2...2M.......Y..M.(....X......$....O....J.Bh............b`n&..5k4P.31.O.Y.a0.?...m.......H..FS.K.GK\......'.1.>.HE....8[^..sf^.}......w.<....O..:...!cw>K.^.....5...... ....m`...G.W.,Q......1]....5.9....=wa>...^....p.m8.hwp..P.........Hq<..h..2N...K.h.k..Q5.n/....E...f..]..m.`......"....BTS.e....7...F.;.....mq...........L...x...`..nz\$.LQ.V..L.p^.N.76.e.....8e.y..dH......J\|z...".d.....,SQ..0..........0.8.%N....BPe_.&..4.t.6..'.kGf....A.u.n..i..@....@.............v.>...2...H.....t;...vv..6.X.p...Qc.6pG...\xw......9f..8>.Ks...K\|.y.F....k,ia.1...Q.p...hB&......Q. .6....x

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\s_super_index-3fffae8d60[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (474)
Category:	dropped
Size (bytes):	1022
Entropy (8bit):	5.250583358652288
Encrypted:	false
SSDEEP:	24:2QWyxX3MpRRL/sqhnnqsWUXipRRlt4boVIwm0GXbmxcK1KCUcfK1XnaCFXTxU:myxHMp0qdnZWUSp43DmxcK8C/KFna0FU
MD5:	3FFFAE8D606970854D942B26E5E279F7
SHA1:	7D1DD2906A56E5D9B59D9A04E7B158C30304E580
SHA-256:	2A10F0DAEA88983E117607B8024F75AE8163FC3AE0B10945C2AD6224F3B27070
SHA-512:	D3AFA64BD8C29F8D9E38CA786C8FAE9A793A292C7060440D13532A254AC92E7DAE762EE625DA7D434D8A55C433B058603BD793B8F460154BC51EFEEBC5EBD08B
Malicious:	false
Preview:	(function(){var samNewBox=bds&&bds.comm&&bds.comm.samNewBox&&bds.comm.samNewBox===1;setTimeout(function(){try{var kw=document.getElementById("kw");kw.focus();if(samNewBox){var btn=$("#su");btn.addClass("btnfocus");var form=$("#form");form.addClass("sam_form_shadow")}kw.parentNode.className="bg s_ipt_wr new-pmd iptfocus quickdelete-wrap"}catch(e){}},0);setTimeout(function(){var kw=document.getElementById("kw");var ua=navigator.userAgent.toLowerCase();if(/ipad/.test(ua.)&&document.activeElement&&document.activeElement===kw){kw.blur()}},0)})();.$(window).on("load",function(){var rand=Math.random();if(rand<.01){try{var baseUrl="//www.baidu.com/nocache/fesplg/s.gif?log_type=hm&type=uamonitor&";var queryString="";queryString+="&c_ua="+encodeURIComponent(navigator.userAgent);queryString+="&s_ua="+encodeURIComponent(bds.comm.userAgent);var url=baseUrl+queryString;var img=new Image;var img_rand="_LOG_"+(new Date).getTime();img.onload=function(){delete window[img_rand]};window[img_rand]=img;img.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\ubase-89d6b96e41[1].css

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	7242
Entropy (8bit):	5.022708415753268
Encrypted:	false
SSDEEP:	96:GRftwngh398oEwRg2t01hD1b4E54roGLHhHVYQ29NS7ZV2Xx5EAm+NkKakGkCkyS:GTpwg4hXpPJImk9Be
MD5:	89D6B96E41C39C1873AE7E3AF642D33C
SHA1:	5154FA91982D42C4B0A02587985FC8AF62344B45
SHA-256:	E2707CCF249F5C7F803780DBFE8AC99296B10C2E759D53D496C16BD30F71BA10
SHA-512:	87ECF2DD5B099CF66B7B7C461EF35C496D6D696719A7FBA6F4010E2EA2E7FB057197578EAC3A9526F69F2A125F5F67603D5107036AB363FDF12243FB9BD9275D
Malicious:	false
Preview:	.sui-draggable-mask{position:fixed;_position:absolute;width:100%;height:100%;z-index:200000;left:0;top:0;-moz-user-select:none;-webkit-user-select:none;-ms-user-select:none}..sui-draggable,.sui-draggable-wraper{z-index:199999}..sui-componentWrap{*zoom:1}..sui-wraper{text-align:left}..sui-draggable-proxy{visibility:hidden}..sui-draggsort-collapse{visibility:hidden;width:100%}..sui-draggsort-holder{border:1px dashed #ccc;position:absolute}..sui-dialog{position:absolute;z-index:199999;width:390px;border:1px solid #d8d8d8;box-shadow:1px 2px 1px 0 rgba(0,0,0,.072);background:#fff;text-align:left}..sui-dialog-body{min-height:30px;_height:30px;padding:10px;color:#666;font-size:13px}..sui-dialog-close,.sui-dialog-tips em{background:url(../../img/dialog.png?v=md5) no-repeat left -218px}..sui-dialog-close{background:url(../../img/dialog.png?v=md5) no-repeat -27px -202px}..sui-dialog-close{position:absolute;width:20px;height:20px;right:10px;top:10px;text-indent:-100000px;cursor:pointer;outline:0;

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\wrapper[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	C source, ASCII text, with very long lines (6865), with no line terminators
Category:	dropped
Size (bytes):	6865
Entropy (8bit):	5.353852023652682
Encrypted:	false
SSDEEP:	96:AKzh1kGDmH2jy4UjZnlV2WwInTP3u2jDax:AKd1NDw2jHUjZnlgWnPNPax
MD5:	E8F9803B1ED406C5CD71A45210F81ECD
SHA1:	6DEECB91B4613B29EA0D447BF8BAFD35FE478873
SHA-256:	0947BDAF4B256C45A3C1DD995265E37B8290BDF2781D72CC032D5EBB32203DF6
SHA-512:	01A4B7855116ADC6AA4C68CDEA9EA2DAC180DB15E4E7B5138538D3C6B5F559B56F309287F314EC5505B56DE465599E3B02D3A24F1D88D9F6BB105E65870B1CCB
Malicious:	false
Preview:	var passport=passport\|\|window.passport\|\|{};passport._modulePool=passport._modulePool\|\|{},passport._define=passport._define\|\|function(s,a){passport._modulePool[s]=a&&a()},passport._getModule=passport._getModule\|\|function(s){return passport._modulePool[s]},window.upsmsStore={reg_upsms:"106929130003000002",verify_upsms:"106929130003000004",verify_text_upsms:"1069 2913 0003 000 004"},window.YY_TPL_CONFIG="yylive,yyliveserver,yyanchor,pcyy,yyudbsec,bdgameassist,yoyuyin,";try{if(window.localStorage&&window.localStorage.getItem("upsms-pcApi"))try{window.upsmsStore=JSON.parse(window.localStorage.getItem("upsms-pcApi"))}catch(e){}}catch(e){}var passport=window.passport\|\|{};passport._load=passport._load\|\|function(s,a,e){var t=document,n=t.createElement("SCRIPT");if(a){n.type="text/javascript",n.charset="UTF-8";var o=s.split("?")[0],p=Math.round(1e3*Math.random()),i=(new Date).getTime();n.readyState?n.onreadystatechange=function(){if("loaded"===n.readyState\|\|"complete"===n.readyState){if(n.onread

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\yingxiaoicon-612169cc36[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	3378
Entropy (8bit):	7.906510308987039
Encrypted:	false
SSDEEP:	96:1nZY7gjm/vPn7t59ZlUSVjMjs3lkj7OZJE/+i:8ZHlZVjxlbZm+i
MD5:	612169CC36C91DDD3B1F6955EEF781F2
SHA1:	45ABC6DF0B931554E68BEBFEB8F866FBEF3A8B02
SHA-256:	A37B681C56797A3750930237005403EEFF16F51CF4C25B3FBCC9D83DCEEFB4EC
SHA-512:	EB0D394093160F80876113B497CB29F39A3AD4F0007026BACB9EEB98B04C8BA2258BD9CA5C543F60AA3B412AD4E5E321460D7326D6DEB3373BA205980393E724
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H.....IDATx..[yxT....d... ....!....Vd.Q[.P.Z,R.Y......T..j)_Km].Z.[Q....J.$.....bD..YB...Lf...$.fy3.f._.\|......s.=..;:............[.4 4 .JA..M"4..#.I...MGh..I...M".xh:B..M"..h.!.C..n<.r\.0.e.3.l./.....f3.%.t......C0m..N...t.!T..Y.p.o.A.U.k.l..Rt.pO..V..;...Y.=..VL..V.6q.n....AJ...4.,..........Y.t16.E....E..r...\....P+&....]........M.g...@.Q.........[..x.^.....I.C.b.J....d..6.U....1:Yy.3.W.v'...M.(p..M.(T5../.L....V..&"[...Y..2L./..4.JQ....[.....+.(..$I#z.J.m........O}U.fl.{'.TE^.M ....mx...Q.r.P{T.;... ..;(....b..Q...u>...k.EQ..D'../.....KD.s..2H.[...YF.p..N.w....]...\....c+.Ba&...#.y.........1J.\}..........8.....~...h4....c...B.......(;..4.. (.....}...E".n}_.Rb.I.[.l..r.........xB........ ..c0e....aA)..9@.!.R...M&.O.MaTE...w.je.D...5<ML.&{\....J..Eg.D...G.XM.C.....C..3.qB.@..2..."....B.}B.`.n..Yb.v...........w.)s.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\PEEPV5GT.htm

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (13309)
Category:	dropped
Size (bytes):	441771
Entropy (8bit):	5.69192765700415
Encrypted:	false
SSDEEP:	6144:crvInremPyaX3f4lGiDTyTNv7FDK192K3HUI:crv+SmPyariDTyTNv7FDK1h0I
MD5:	D1C71DF9F543B6CFB85DD17963CF6B42
SHA1:	1347D788DB0485FF737593F71DDD030EB4830F17
SHA-256:	846CD008181D8890B49D2B396C464B664D6D5B1364B08AC5ACBE16F7C9EB8B75
SHA-512:	FF8774E8BE10D259B4678F1C4B925DBD02A5C9968472AB1374EA5955DC215B3A2ABCD72013C57BCDB0A0DB0D2A2C6D9127F043723E2F9C42A37DCCFE1452B76B
Malicious:	false
Preview:	<!DOCTYPE html> STATUS OK--><html><head><meta http-equiv="Content-Type" content="text/html;charset=utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><meta content="always" name="referrer"><meta name="theme-color" content="#ffffff"><meta name="description" content="............................................................."><link rel="shortcut icon" href="https://www.baidu.com/favicon.ico" type="image/x-icon" /><link rel="search" type="application/opensearchdescription+xml" href="/content-search.xml" title="...." /><link rel="icon" sizes="any" mask href="https://www.baidu.com/favicon.ico"><link rel="dns-prefetch" href="//dss0.bdstatic.com"/><link rel="dns-prefetch" href="//dss1.bdstatic.com"/><link rel="dns-prefetch" href="//ss1.bdstatic.com"/><link rel="dns-prefetch" href="//sp0.baidu.com"/><link rel="dns-prefetch" href="//sp1.baidu.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\aging-tools-pc_63487d8[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (5357)
Category:	dropped
Size (bytes):	144135
Entropy (8bit):	5.818354811349155
Encrypted:	false
SSDEEP:	3072:0USvc7JPopxamEUcaAVkgLVo6fgWczcA24Vvgg0jwGrAoYdfGrLKxPzsQnYuhgEb:ykWpomEUcaAVkgLVoSz424Vvgg0jwG8P
MD5:	63487D8C50E44137F8B6CE2A04407F8F
SHA1:	FD76921A0C4BAB77264C2D8975F9923D3A35CD5B
SHA-256:	77DED67F98C3F5E5B0BCA2A61233F5253C4B102B9FE684B0F132621599ED0290
SHA-512:	C2E75E398C1D9A54564D961578C7EE7FF344664B731231F811367EC4E22D84818E9AF761E7BB47F6C7DA835158E62CC33C729D6A826C1773BD79B3A3637A1847
Malicious:	false
Preview:	define("@baidu/aging-tools-pc/dist/index",["san","tslib"],function(n,t){function e(n){if(o[n])return o[n].exports;var t=o[n]={i:n,l:!1,exports:{}};return i[n].call(t.exports,t,t.exports,e),t.l=!0,t.exports}return i=[function(t){t.exports=n},function(n){n.exports=t},function(n,t,e){t=function(){"use strict";function t(n){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n.})(n)}function i(n){if(null==n)throw new TypeError("Cannot convert undefined or null to object");for(var t=Object(n),e=1;e<arguments.length;e++){var i=arguments[e];if(null!=i)for(var o in i)Object.prototype.hasOwnProperty.call(i,o)&&(t[o]=i[o])}return t}var o=e(0).defineComponent;n.exports=function(n,e,a){for(var s=function(n){var t=[n];return"function"==typeof n&&(t.push(n.prototype),n.prototype.constructor&&t.push(n.prototype.constructor.prototype)),t}(n),r=0;r<

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ai-talk-switch-c2572e6a36[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1981)
Category:	dropped
Size (bytes):	17292
Entropy (8bit):	5.316143586190706
Encrypted:	false
SSDEEP:	384:7F95Cj5iYv/qPf7OhRcTzD/0Ils+7SKDSKDnfDx+bt:7F95Cj8OhuTzL0Ils+7SKDSKDnf1S
MD5:	C2572E6A367115D1DE6B65753D08700A
SHA1:	6ABA158DC2A79607569A902813AB5C1D22C7A48C
SHA-256:	6E77215533403F50CF6B0E4267F57188DC720402D7FAAD9971CC8419C470DC2B
SHA-512:	955F0CAC7A6205B86F2A6DAFCD403877CF874B42B518DA307B50D3F07DA7846DF6F5B1A6360D1AE61183F6CBBFE2E417447B996EA1008F7BA867D03D08ACD29A
Malicious:	false
Preview:	define("superman/components/ai-talk-switch",["require","exports","superman/lib/extract_data","superman/lib/commonUtils"],function(require,_exports,_extract_data,_commonUtils){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.AiTalkSwitch=void 0;function ownKeys(object,enumerableOnly){var keys=Object.keys(object);if(Object.getOwnPropertySymbols){var symbols=Object.getOwnPropertySymbols(object);if(enumerableOnly)symbols=symbols.filter(function(sym){.return Object.getOwnPropertyDescriptor(object,sym).enumerable});keys.push.apply(keys,symbols)}return keys}function _objectSpread(target){for(var i=1;i<arguments.length;i++){var source=arguments[i]!=null?arguments[i]:{};if(i%2){ownKeys(Object(source),true).forEach(function(key){_defineProperty(target,key,source[key])})}else if(Object.getOwnPropertyDescriptors){Object.defineProperties(target,Object.getOwnPropertyDescriptors(source))}else{ownKeys(Object(source)).forEach(function(key){.Object.defineProperty(target,ke

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\every_cookie_4644b13[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (624)
Category:	dropped
Size (bytes):	3421
Entropy (8bit):	5.202004257725097
Encrypted:	false
SSDEEP:	96:6RBZD1yZTMo1iN7l8luRrsQhdjtdA9Q18Jvlg0UL:6RBZpyZTMiiNRsuBsQhToI8Lg0UL
MD5:	4644B1365B341BC21A65B69A93ED92EC
SHA1:	1B2B310663C0D1A550CE21B51D41E0B5B0FFB4B1
SHA-256:	C967C928543BC32A4FF75C26E04C9838BEBF81C5B228E119B54D6E6B002C6E02
SHA-512:	C9D3936F083C6E7B69B66F174A6173CACE88A7E4A9D74B3E2BFB0324C232D87225165DC9D99E4510D6CDC74BCBA5853C64A73AF8932FA187211E735D9C15E15E
Malicious:	false
Preview:	try{!function(){function i(i){this.key=i,this.curCookie="",this.lsCookie="",this.udCookie="",this.udData=t(this.key),this.findCookie="",this.type=-1,this.IS=!1,this.support=!1,this.syncAll()}function t(i){var t=null,o=!0,e="userData"+i;if(!(t=document.getElementById(e)))try{t=document.createElement("INPUT"),t.type="hidden",t.style.display="none",t.setAttribute("id",e),t.setAttribute("data-for","result"),t.addBehavior("#default#userData"),$("body").prepend(t);var s=new Date;s.setDate(s.getDate()+365),t.expires=s.toUTCString().}catch(n){o=!1,t=null}return{setItem:function(i){try{o&&t&&(t.setAttribute(e,i),t.save(e))}catch(s){}},getItem:function(){try{if(o&&t)return t.load(e),t.getAttribute(e)\|\|""}catch(i){}},isSupport:function(){return o&&t?!0:!1}}}function o(i){return i?decodeURIComponent(document.cookie.replace(new RegExp("(?:(?:^\|.;)\\s"+i+"\\s\\=\\s([^;]).$)\|^.*$"),"$1"))\|\|"":void 0}function e(i,t,o,e,s,n){return!i\|\|/^(?:expires\|max\-age\|path\|domain\|secure)$/i.test(i)?!1:(docum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\iconfont-cdfecb8456[1].eot

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Embedded OpenType (EOT), iconfont family
Category:	dropped
Size (bytes):	42528
Entropy (8bit):	6.495880947728945
Encrypted:	false
SSDEEP:	768:NoHsjrPes6j2XSEyLXMb6edYe92qSKS9yIDr4VpczuNIgTZdBHHBqjtBWWj4j0WR:KMjrPes6aiEyDMNdDPS9yIDr4VpczuB3
MD5:	CDFECB84568C0B94E1514EE0437B7809
SHA1:	BF404B26189899550A06C9C4B063D81157A33233
SHA-256:	6D948029F6F319ABC9F33765ECE05BF08D0F5678F668011E8B0B0452BF4EFC2A
SHA-512:	C785783DF7B11FDA8D62FB7885989DF952FEC99B1A16D094705A677C55F82D334D78C1C416D5DB250A39E6338F4836FF73A9D9648CB4FC5F272E69705105463E
Malicious:	false
Preview:	...x.............................LP................................................i.c.o.n.f.o.n.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.....i.c.o.n.f.o.n.t................0GSUB .%z...8...TOS/2<$I........`cmap.&.C........glyf..!H...t...Hhead/.].......6hhea.].........$hmtx.C..........loca..... ...Rmaxp..."....... name..<........gpost......$...R.........\......................................_.<...........&.......&....r.......................................................0.>..DFLT..latn............................liga.........................................................2..............................PfEd..................................................................................................................D..................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\min_super-f2d67e59b3[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	64259
Entropy (8bit):	5.462025118256277
Encrypted:	false
SSDEEP:	1536:Rvf2Pq4LXR056BJZfdqqPkzUrrqFWVwqzb6LEKdvZEv:Vf2PqbjFFIbKEKda
MD5:	F2D67E59B33EBDED5D94DDCEDA7564DF
SHA1:	E59E8422D28C38B597905C37731034D899FB7BA1
SHA-256:	22622983EFAD496CE5D8725F585507514FA1ADC8C55CF022359FFF406D1843C8
SHA-512:	95BB3C348A4D89E04150F973C25949AE7CC34EA6641E97AB82982F64599CAD4AD85B244B43958590965A3CFFC5BE615448AE34AE1CE5B9691ACD071BCFD489EC
Malicious:	false
Preview:	F.module("common/result_page",function(require,exports,ctx){exports.createResulPageLink=function(option){if(!option\|\|!option.wd){return""}if(!option.tn){option.tn="baidutop10"}return"//www.baidu.com/s?wd="+encodeURIComponent(option.wd)+"&ie=utf-8&tn="+option.tn+"&rsv_idx=2"}});.F.module("superman:common/image_lazy_load",function(require,exports,ctx){var S=ctx.base;var _intervalId=0;var _timeoutId=0;var _dataSrcImgStack=[];var _intervaling=false;exports.isVisible=function(elm,noOffset){if(!_isVisible(elm)){return false}var hOffset=noOffset?0:60;var vOffset=noOffset?0:60;var elmPos={};try{elmPos=$(elm).offset()}catch(e){elmPos={left:0,top:0}}var scrollTop=$(document).scrollTop();var scrollLeft=$(document).scrollLeft();var viewWidth=$(window).width();var viewHeight=$(.window).height();var xa=elmPos.left-hOffset,ya=elmPos.top-vOffset,xc=elmPos.left+elm.offsetWidth+hOffset,yc=elmPos.top+elm.offsetHeight+vOffset,xa1=scrollLeft,ya1=scrollTop,xc1=scrollLeft+viewWidth,yc1=scrollTop+viewHeight;r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\newbaike-889054f349[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2315
Entropy (8bit):	7.841930881932477
Encrypted:	false
SSDEEP:	48:1nvgSx7grHEEN/2fOdGWgyBcQ6L1YbOrKPntuRo/9Bbf9:1nYSarki2mgOcPeOrKPnt79
MD5:	889054F349B43513BC7E68D8B6F1C515
SHA1:	41A99A134FA7F41EF75C43BD0ABFEF37985A3274
SHA-256:	2DBA92AFCF4535F74B5B8BDB81014E583A5BF9C9A98B803F157B0C3E5C997109
SHA-512:	D5C516C3AAF4C05BAB3604A9E7B6281C665EC48ED2D80DB9C41D7C9A939FF95083F76A6B3FA760753CA8456D88CFA126265CCC2C0BC3749410BAB38727F3EDC4
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H....uIDATx..[yl.E...=hA@(W[.r4r....... ...W.......A........9..H.Fb..,(rU.+.h)r.C.o...W.......b..fgg......73.\|.U.....p......2&P (.z.@.A.A..G.2B........z.(#.xP.A.A..G.2B....ex.z\..._J^.RX".............gb.0..FqlR..c36..[..h.`.O...9e]...~..U...z5..v\|..\.........2o..W,k.wV......&.b.@ N_b....H........>BB...]WW........J.dw".1D....c..\|..x.v...4.w.\|.X..9..0_...V..z.....{K.X..+......\|M.y.5..bw.25;p...m..QO.-.r.(+vH...:......-<..3 .....Qh..\|..._o..o.....-..=.3^x.v..0#L...&...(..T.F.....aP......X#.eG..p.-..m..I^l.......... .RZ....h%WL\..=X...AGC..@`...A..5'.5.$&..E........-..;F.5.5n9TN.+7....{..H#......P.%..V..#..wx..E...~...fg..=7q`....B\.'..l..6.;...<.......`m..0}..vu.\i.ZI.....H[.j..E%.,...b..O.O.c.S...3F...1.,..,..T.h`.....n.......@@,.29{........G.(.R....cm8.c..9.....D..O.!....DB3T?..0./..9..`..g.......[...+!~..y..4[....H...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\newfanyi-da0cea8f7e[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	4560
Entropy (8bit):	7.916008234996706
Encrypted:	false
SSDEEP:	96:1nyMZNUDqoMyNL8BKh4gN/Au7Of3rFPk3b/JtUioepkNc/qxfottNy:MMEm8L8E4Df5P2ziepku/W0y
MD5:	DA0CEA8F7E96046B1140228813422283
SHA1:	AB8A7FD7F3919077717EF42F600573B795CD36E1
SHA-256:	15DAD359B451156FB21F32C229912A4AEFA3C4829139F3D0F45921BF0F496740
SHA-512:	791932AF34E33649950E8C636487836F3A46932C1B0183595BEAA3A2BBA4B228778A64C3A374E4DC9ADD0806A2AB4D664C98B20D3A571193209EB27DC4965FD2
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H....:IDATx..Zi...u~..3{.\....HI6iQ.EJ..Q....M#0.K..$.-.p.(p..N.$p.#H....8....%..lX...&i..a..}..]rO....\|....q)......Bomu.....W...Xk..D........%T...Q...Q...E."P..B<>.b...(D.b..xT\|D.".Q.@.".........r...k"+.....h..9x)<=fz'....J&....6W{.u...i..h..{...!m\|SNf..).U..^.4;.F;.....pp.3.3..e.b....j...1(#...V5.u-..K>r.Y.`R./V[N .H..?<l.\|4..2Y.SX.......R..L@.u({.f.!.{.._l[Ut_.y\|..o.,.qct...... .}.>.F..?.B..@.b)0.9...<.hO..B$.!.y60.)Y.l?.F..0.7l)/..8.sW.?.z.L[............."..'...\|.....\2....v.r....z.o.bY..0.8.g_...<..j..~'^.!.(.0z._......(..(.+.k......-..;..N.)./-..L(.;.=.....%.P.x.;.bw@aT.t.*..e'3s.%..Jg2... p..I.K...Zg.......J...{.s...,<B&...q..2. pe.. aA...\.$.g..*d.q.I.v....\|y.....T>,t.2P\.u.~ug4..../a]!.!@N..(.A;...".C...R...x.&P.6....;a_.&...J.......X....B.wC.....Y......o..... .N....>6........b......... i.At.n.p0...).....j.%....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\newwenku-d8c9b7b0fb[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2787
Entropy (8bit):	7.8539026516046455
Encrypted:	false
SSDEEP:	48:1np66YtDeL9FPLB4WJBHgseRs6LLvZ0qkw8RZb62TPRaDz7xcVHgxO38Gd611b:1nsvtDm9FhbHg5fPvZ0qkwgZ2A5yz7KO
MD5:	D8C9B7B0FB3C7216099F8A69DEB9769F
SHA1:	587B81584004120D6B31A95740C0B94E65111B2B
SHA-256:	59A16C8A365C785AF4F0EC92CE83B532AD32FA58503A09055DE114B04FBC17ED
SHA-512:	A461AE5C75F65E39FC42E3E57A2E720BDF2D4306B47E5B78040FB1E0AC5FE1D2245DD60AB7F190BC2582452D38BE6D90EDBB1849818449E127BB126A4566871C
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H....MIDATx..[{PT........V...C., $X.cJ.Hb'.F......>.ct21.LM;.I-..i.4..vl.....Mk...L...U......\.......w...^...].......s..w~.w.c.eY..$....G..Ba.....6(X...a1B....-.V...a1B....-.V...a1B....-.V....e.][4......vh......Dif...V..g..._.......}...<.....3.......6_@..b0 ..@.O..K...&\|.L..h..a.(.. .C.:Nz.c...>........A.....jR2]..p.L.....h ....2..%yg..<.....z..H.. ..2!....,P.h.}l..........uZ..S..x.".....F.....H....O..5..<1p....5..&........Z.......s../b.wvI.9..TV.JVD(.J.}B0(.A.P..!...S7..Y..y/...W.vt8.v..R.W.?p...E.T.e4..>...e.wb^(..h.I7\|)ad%..P....,C.a}.... .j..Y FSS......'...$e(......Z:.7E>E}F..\. .I..982y......Y3>..(~..e2.U.~..&E.H......L6..q ...H)d..XK.P......!......Y..A...g.f..>..F....y.....$w.zZ..X...8....E_K.s6......8.....v.#....l.......REc......i..~.3.49]..4.5....@`d........v..j.Rqky.............#>q..^..-...&J.....j..i...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\newxueshuicon-a5314d5c83[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2651
Entropy (8bit):	7.854819454613078
Encrypted:	false
SSDEEP:	48:JnMdfmJnOutovOX0bp49fRhxfDpNATU7X8VWKWn9ayDTaAXNRte8Hudj7k1c:JnKf4nRtoIN1pNATS/DTaAXZ8o2
MD5:	A5314D5C8374C8E3B4A60D609C84BA66
SHA1:	F1F43C03231EC3106977A56675B8868493474956
SHA-256:	DA16A153EE0624DABE1D62683CEE4941F8CC17456914B5F93BFE009012309013
SHA-512:	80E3D4902FA83486AAD04555DC726F41427ADA249C33B64F0C20B6540ABCF52DC399FC9C3C3E35C391C82635770016926B421AB3085E0B48232278173532F7A4
Malicious:	false
Preview:	.PNG........IHDR...X...X.............sRGB........DeXIfMM........i.......................................X...........X.....H.....IDATx..].pU..>!.....BHA;..".0.S.D,..d.....u........TGGG..t.j.)3b.:)."......V A.O.$.%/..^........8.3/...s.......d.;.RL.R.s...!7..l............r..vG.(........C.....v.O,....o....}50a....}....V...s'qC...#O.-H8R......#.P..wL........<.u.&.....'..M-..s......J.....O.z3.....Pn..\C5`.I...S..+O.....aWg...o6.....G..QVy=u...>./.........PZ"....L^....{.n.q.7.<.V..p.>...J.v7.Jh..f..b....ckX.1........c.fZ.......Y.-...u.p............P......x......X..<.6r....E.7.....aW.A..=1xwu...-.....[....M..9....G......'.OE..U..8..6......7......g.n.<..........+aY....+..._.`..b..8...Qv;,.........Y0@$..4+...p]......0....d.......pD.2.].a...n.!.....:..o.u..N..[....-.w..g...,.^\...ES..+.`..Xg...........Y.[kO.=.8...G=.p..8LF....c+..:Jz..M..z7...ZAX.R*.0C;....\7C.........]x.V.>..`..../.[.....&..a'......e.r....~..,.G.ea]M.T..g.XH...d...:\|...`.G.u^.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\newyinyue-03ecd1e9b9[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 88 x 88, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	2263
Entropy (8bit):	7.79381405061802
Encrypted:	false
SSDEEP:	48:1nPh+Z9a+ftb/SyhaPmQRh9uyJHX7bPG7pc43mAp1DY5lUfx2:1nPAXaI5haO8h9u+KZpZYbD
MD5:	03ECD1E9B97CA338AC39E9C4DDDA6927
SHA1:	1BAB5582F607E31AED57D6653E01175AADA52AB8
SHA-256:	32F658459DD806332D3727304AE55E40CD8214F0464500FD287AAA0C939D63C1
SHA-512:	69D85AF6AB833E954DB70E5EEE78283E9CE6D700E11FBBADA25FE0859DC2113C615413F7E48D74769329D9E4BD306012578091CD34D8A48AEA6C0F633FA594CD
Malicious:	false
Preview:	.PNG........IHDR...X...X........c....sRGB........DeXIfMM........i.......................................X...........X.....H....AIDATx..Z{PTU..{...,........s Q.+.........4.3M..Xf)PR.N.J.6...L,.Z.X.>@...sa.w...a.{..s..B.q.........o..d.A..?...$t0@....J.%BZ.hF...!e.f...Z#hF..2@3B....4#hFH...!..N>.R^......CG...........Vp..l\.._.......LcF....En..:...........WF..B...l..T.....fz.I.]..D...u.-.n.8N.....6g.}.\&.VA.k..eDp\|Ka...`c.5...f...E.m.2u&S.V+I...;\|.>;7p.....;....7.7....M.).g.....fj..D.:..X[..q...5..Ah~e.'o......}..p.J..D4<......H.[...~......O....a...Z\.Y.G>H..6....W...I.i.a...Q.y.D..._P.~;.:M.i....Xw9wm7.z3!..S...P.>.w.O..p-.......:A.\...t.d.)........P...w....>9)......w...j..;X..[.}.5.W....q.P-...("......c&.....X[..{....."4..._.W.liA.BC...e_....5`.M...Wi.,..,...k.}...7%.......j-... T...A.<dt...d.3..=.n."......s...X.....g...*r...4........]+.0..;6....;.......cah.r"...M..1..E.L\|.,2".u&86.0.\|E....."$TA....h.k.t.M).$r.m.X....l...mD!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\super_load-8301698f5e[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	C source, Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	30752
Entropy (8bit):	5.505783706086418
Encrypted:	false
SSDEEP:	384:hn4bY7kTTMLmuf8geltjTY12AAUdoDWwUtjkr3nrEdabdZQBFSBZZpcLRbSy7K+0:SbY7k3MaDUtCdZN/pcLhSTO18
MD5:	8301698F5EB7CDE858916FE1847AB70F
SHA1:	9FAE0E35DFF6F613C38A150CE0F41CBA0CAAB0F6
SHA-256:	46ED5B031D49CF9B19456823FDDFB9B4127F2E38A9C91C5139BE5B84FF598828
SHA-512:	9F2B8DA44DDD325494488B8271180EBFB8BFF332F2E8FCD463E514E4585534FFF384F934CED0ABC70FD6AAD80C4670E71F7FB746E213E71226937F2196484AF2
Malicious:	false
Preview:	F.module("superman:weather/weather_tpl",function(require,exports,ctx){var isNewStyle=bds.comm&&bds.comm.newTopMenu===1;exports.pollutionLevel={0:".",10:".",20:"....",30:"....",40:"....",50:"...."};var _dom=$("#s_mod_weather");exports.createIconUrl=function(url,getStyleVal){if(!url){return""}if(!getStyleVal){return'style="background-image:url('+url+");background-image:none;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src="+url+', enabled=true,sizingMethod="crop")";'}else{.return"background-image:url("+url+");background-image:none;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src="+url+', enabled=true,sizingMethod="crop")'}};exports.randIconCdn=function(img){var _returnStr=(img?img:"a2").slice(1);if(isNaN(_returnStr)\|\|_returnStr.length<1){return 1}else{return parseInt(_returnStr)%8+1}};exports.randerImgPath=function(data,imgType,whichData,isNotToday){var i=whichData?whichData:0;var _c=data,_t=_c.weatherArr?_c.weatherArr[i]:

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\ubase-dddde7cd4e[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	52422
Entropy (8bit):	5.2986785729858425
Encrypted:	false
SSDEEP:	1536:jmWcQvlmTDgmWMQv7mnCgghQVUJYwq+fFfEoF4HvOSF:MtUq7
MD5:	DDDDE7CD4E229228869FE227B2A42929
SHA1:	E3FB95448DC996094F9958FAFE724AE07FF55384
SHA-256:	A97216D890BD787972C5F1A2621443DD7DD3A6530D31D62ECC1B8DB96A28D382
SHA-512:	218D3802086B24E32FEE81B557E18114283877F1FE387B1FA4F96F40C8EE3F4CE130280B25D94529EA03B08D3A62CC3E14B0AAB6D39B84530422F21A968FD6EA
Malicious:	false
Preview:	jQuery.extend(F,{unique:function(){var uniq=+new Date;return function(prefix){return(prefix\|\|"")+ ++uniq}}(),mix:jQuery.extend,inherit:function(){var args=Array.prototype.slice.call(arguments),subclass=args[0],subpro=subclass.prototype,oinitialize=subpro.initialize,initializes=[],index=1,superclass,superpro;while(superclass=args[index++]){superpro=F.isFunction(superclass)?superclass.prototype:F.isPlainObject(superclass)?superclass:null;if(superpro){F.isFunction(superpro.initialize.)&&initializes.push(superpro.initialize);for(var key in superpro){if(superpro.hasOwnProperty(key)&&key!=="initialize"){subpro[key]=superpro[key]}}}}if(initializes.length){oinitialize&&initializes.push(oinitialize);subpro.initialize=function(){var args=arguments,idx=0,len=initializes.length;for(;idx<len;idx++){initializes[idx].apply(this,args)}}}return subclass}});jQuery.each("isFunction,isPlainObject,isArray".split(","),function(_,method){F[method]=jQuery[method]});.F.module("superman:superuijs/util/tool",fun

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\video-meet-7833028d86[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (500)
Category:	dropped
Size (bytes):	4398
Entropy (8bit):	5.184350731126256
Encrypted:	false
SSDEEP:	96:10LM6VTrOMVVEbayy+5MgF9EoRUJYTcrqCCxuMCxyKyXk:q46V/XExF9EmTGAk
MD5:	7833028D860AFF115ED44DC3ECF82E92
SHA1:	8839C37D384D841E9E32E9D83D55294364E4A8FD
SHA-256:	49501EDD5CC5C53757DDA5423C9A81FA4512910AEC096ADD4CE69D0BFDA25982
SHA-512:	DF562C0FBECA9BCB687E01687C32AE75A57EEB4A3E9A5DD7006AABA73460EB9D96EBF96063482EE257C9B42E0B00E9382E562CC0097B61902CB76AFCC86BBD3E
Malicious:	false
Preview:	function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj}}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor===Symbol&&obj!==Symbol.prototype?"symbol":typeof obj}}return _typeof(obj)}define("superman/components/video-meet",["require","exports","@baidu/video-meeting","superman/components/guide_tips","superman/lib/event"],function(require,_exports,Meet,.GuideTips,Event){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.VideoMeet=void 0;Meet=_interopRequireWildcard(Meet);GuideTips=_interopRequireWildcard(GuideTips);Event=_interopRequireWildcard(Event);function _getRequireWildcardCache(){if(typeof WeakMap!=="function")return null;var cache=new WeakMap;_getRequireWildcardCache=function _getRequireWildcardCache(){return cache};return cache}function _interopRequireWildcard(obj){if(obj&&obj.__esModule){return obj}if(.obj=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\96c9c06653ba892e[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	99173
Entropy (8bit):	5.449175245041189
Encrypted:	false
SSDEEP:	1536:f/YexqX5sxU9nz0FvdigHKgKsGviGRDJzkK/FaOqP4azbvQJTz:o99nwd0FAK/FaOqP5Qxz
MD5:	AA09C0CF401ED8A1A3DC7E47F516C0D6
SHA1:	DC8D70D9A9A7B71398D1FE0C3E51EA195D8E69F7
SHA-256:	093F8B675DBFC95ABBC84B750186D23874D4CF57B214948DD6248566D531D48B
SHA-512:	F2C533EBE69FD86759381BEAAE8965FE068E3D1E3C30C95E51E6E2B936BF8B848479E147D7E017EEAAD54522E3EB735EC7E7E5A3A41F3878B78BE047F290C34B
Malicious:	false
Preview:	(function(){ (function(){ var _0x380f=['cm90b3Q=','Q291bnQ=','S0p2WUY=','YXRjaE0=','Y3QgQXI=','KS5pbmQ=','ZWRpYSg=','ZUltYWc=','LnRocm8=','fDR8MHw=','ZmtsUmM=','QmF0dGU=','bmNHZnI=','UlRDRW4=','YUtleXM=','dW5kZWY=','ZW1lbnQ=','MTJ8MHw=','biAhIWQ=','SW50ZXI=','ZWxmLnI=','c2V0Qnk=','YWdtZW4=','dE1lZGk=','b21ldHI=','b3JhZ2U=','alFjVGE=','IHsgcmU=','RnlwcHg=','Y2hhckM=','bnRsLnM=','dHVyZWU=','JnQ9','YXhhIH0=','biAic2g=','ZXJDYXM=','dHJvbGw=','fDB8Mg==','aVFyQm8=','bGVzcyk=','PSB1bmQ=','ZmxXY2M=','MkQoKTs=','SW5mbzs=','QXVkaW8=','dFZ2TXU=','bkN2Z1c=','c3RhdGk=','fDB8NA==','ZW9mIFs=','UlRDUGU=','aWlhZ3Q=','Ym9ydFM=','dXN0IGI=','dCJ9KQ==','dCgwKQ==','LCB1bmk=','cyBzaXo=','Y2xhc3M=','cHd0VG0=','VENrc1c=','YWdOYW0=','MHwzfDQ=','aWQga2U=','Q1NTUHI=','Y2Vs','ci5ibHU=','b3giLm0=','UHJveHk=','MnwxMXw=','RmpxV3E=','ZWdtZW4=','biAhIXM=','ZXJUaW0=','bWtwRUU=','N3wxfDY=','QXBwbGU=','dERpcmU=','RmNNd3o=','dG9Mb2M=','YVN0cmU=','MnwzfDE=','LnBhZFM=','V2V3R0E=','IHZhciA=','Rk1Gc1c=','YW5pdGE=','VVVrQVY=','

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\PCtm_d9c8750bed0b3c7d089fa7d55720d6cf[1].png

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	PNG image data, 540 x 258, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15444
Entropy (8bit):	7.754529849677063
Encrypted:	false
SSDEEP:	384:WvD/oA79X29A/9VZ2iCHnprYx6qw9B9DvCoc2iouNJZu:O/7R3VVrCJrYxnwxDL0NZu
MD5:	D9C8750BED0B3C7D089FA7D55720D6CF
SHA1:	15E45B5ECB7C7F4F54CDC3A224E702794C1A9684
SHA-256:	22EB1E51C92F3C013305AE0319EF4477C692DC26ACBCA1518776E2FAF9D66A98
SHA-512:	197D9FB1D52230EABCF551CF9547335DEEE7C9AFC5187F32A99E168B019841248DC6B973234338911BD5C96DF8644A4F14D955357111821C22499D803FAEA922
Malicious:	false
Preview:	.PNG........IHDR.....................sRGB........DeXIfMM.*.......i........................................................u.eg..;.IDATx.........eV......E..&..(.Q..11..$.h4&....}.......Q.sK.M.!..1 "3....C.{....f....S 0[w...U...f..{...:u.S.a...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\all_async_search_d3cea19[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (1653)
Category:	dropped
Size (bytes):	721537
Entropy (8bit):	5.468355805495175
Encrypted:	false
SSDEEP:	12288:749fBm2sKweWhCvTxTCncQQ7mQ7ClRTitSCQXHzFmKCTjRZ4AOs5kT7ku9KHPz64:749fDsKweWhCvTxTCncQQ7mQ7ClRTit1
MD5:	D3CEA19A98ED342F12B17FBC84C0E131
SHA1:	17201096CC19236088D158B5F32F641B5A6CC625
SHA-256:	6FE92273F47140106582620A0862932CA814B3D234039B4CAF19592734F89712
SHA-512:	039BC1E2F8F5A23DBA39E17975B12A96E5F66A294C697E121BE7A1CC2648BDB0289A9F398C044B8C900ABCB74A7D900C6BC43C78CE29D1EC327C056FFC7ADE75
Malicious:	false
Preview:	function addEV(e,t,n){window.attachEvent?e.attachEvent("on"+t,n):window.addEventListener&&e.addEventListener(t,n,!1)}function _aMC(e){for(var t=e,n=-1;t=t.parentNode;)if(n=parseInt(t.getAttribute("id")),n>0)return n}function al_c(e){for(;"TABLE"!=e.tagName;)e=e.parentNode;return e.getAttribute("id")}function al_c2(e,t){for(;t--;)for(;"TABLE"!=(e=e.parentNode).tagName;);return e.getAttribute("id")}function c(e){var t=e.p1;if(!("alop"!=e.fm\|\|"rsv_xpath"in e\|\|t&&"6677"==G(t).getAttribute("srcid")))return!0;.!t\|\|"p5"in e\|\|(e.p5=t);var n=window.document.location.href,i="",o="",r="",a=window["BD_PS_C"+(new Date).getTime()]=new Image;for(v in e){switch(v){case"title":o=e[v].replace(/<[^<>]+>/g,""),o&&o.length>100&&(o=o.substring(0,100)),o=encodeURIComponent(o);break;case"mu":case"url":o=escape(e[v]);break;default:o=e[v]}i+="&"+v+"="+o}if(!("mu"in e))try{"p2"in e&&G(e.p1).getAttribute("mu")&&"pl"!=e.fm&&(r="&mu="+escape(G(e.p1).getAttribute("mu")))}catch(s){}if(window.bds&&bds.comm){var c=bds.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\cd37ed75a9387c5b[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	101303
Entropy (8bit):	5.1331518656794906
Encrypted:	false
SSDEEP:	768:8ZRjP07XeK3zzB1XO882HI7tBKnSc19PQHp7duGDzO0hAPcG6x3F7qVQkgdVkh3Y:8MTFnfCjKP0eb9cMLuhvySmVVIULA3
MD5:	110727716215016FE8C9B36A4C54B018
SHA1:	DCE4E2484465BF6190BE47AD14694B31B1A129A7
SHA-256:	1EC8BE51273E675D98DA5E6F79DBCE8A74DEA7EB8E7ADAD3884882E99F6799F8
SHA-512:	CD81BED2E156D858DE35455258DCD500EEE01B05C576EE3626FCC865B20F213F5E29B82402239D8B1E7A625830BE690A54C770592E62DDF53BED0F9FB5A380DD
Malicious:	false
Preview:	(function(){ var _0x304a=['dGVzdA==','U2l1S0U=','RGlrcW8=','TFV5Z0M=','ZWZpbmU=','fDF8Mg==','dyBEYXQ=','YXRoKHQ=','Y29wVXE=','TnZaY3Q=','U3RvcmE=','Y2RyQ1I=','aFFLb1Y=','OTZjOWM=','TWtzbkI=','QXZhaWw=','UGVyZm8=','SFloWmI=','Zm5MaXM=','IihwcmU=','blFES3k=','bWVTZWc=','b25sb2E=','W29iamU=','V2Vi','dExpc3Q=','ZEJlRXg=','V2ViU2Q=','bWh1b2Q=','ZToxfTs=','SWxEd20=','cmF5XQ==','Ym94YXA=','Q2hyb20=','V0RNU1M=','b3N6Zmk=','LmJhaWQ=','bml1bV8=','aW4gSFQ=','a2V5MlA=','YXZpb3I=','RkV5ZEg=','KSk7dmE=','R05VL0w=','YXRvcg==','SFJxZnU=','X1NlbGU=','ekhpV0o=','d1JsaU4=','QVdQdVA=','c3VsdEM=','R3VCTXg=','d2ViZHI=','ZjQ2','am52WVI=','YWluPQ==','ZWdFeHA=','c3R5bGU=','bXNJc1M=','M3w0fDI=','biAhIUE=','aW9uIjs=','anNFcnI=','Zm9jdXM=','Y2xhc3M=','Y01Sa3E=','dmUgY28=','V0Jhc1k=','T3V0U2Q=','Y0FYSUQ=','YWJpbGk=','ZXI7','UElJZ3E=','YmFyfSk=','YXd1cGQ=','Mnw4fDU=','SW50ZXI=','X19uaWc=','R3R2b2Q=','ZGdHd3I=','fDB8Mg==','ZjIz','UG9pbnQ=','WUJNQm0=','aVBob24=','ZjI1','bVJ6aGs=','dmxjWUQ=','ZW5lcg==','U3RyaW4=','c3R

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\esl-d776bfb1aa[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (500)
Category:	dropped
Size (bytes):	16420
Entropy (8bit):	5.277788807223608
Encrypted:	false
SSDEEP:	384:F8wausvkD02NOw5ihIC8h5hkENZ6v5NeGr:LausMDCw5ihghbkWZ6v5YGr
MD5:	D776BFB1AAE5A93AD826135C4B1C8727
SHA1:	E9EA57885910893E888310D7029AC03F2D1CE813
SHA-256:	3D2D7991FB0A0D332FAF8FD84BCB9875062A8CF768B3C4DC46591BBA79CA1479
SHA-512:	B238A9EE31EC04DAC5ECE2710CDEDF8E8E70B0B5838EDB84E621DABE100B918F9B4BD3A79D61E7FDC80EEED6EB55D07B2BBBF34EF5E4E0A7DB83D7F5B980F22F
Malicious:	false
Preview:	(function(root){if(root.esl&&root.require&&root.esl.version===root.require.version){return}var define;var require;var esl;(function(global){var modModules={};var MODULE_PRE_DEFINED=1;var MODULE_ANALYZED=2;var MODULE_PREPARED=3;var MODULE_DEFINED=4;var modAutoDefineModules={};function modFlagAutoDefine(id){if(!modIs(id,MODULE_DEFINED)){modAutoDefineModules[id]=1}}var BUILDIN_MODULE={require:globalRequire,exports:1,module:1};var actualGlobalRequire=createLocalRequire();var waitTimeout.;var requireConf={baseUrl:"./",paths:{},config:{},map:{},packages:[],shim:{},waitSeconds:0,bundles:{},urlArgs:{}};function globalRequire(requireId,callback){var invalidIds=[];function monitor(id){if(id.indexOf(".")===0){invalidIds.push(id)}}if(typeof requireId==="string"){monitor(requireId)}else{each(requireId,function(id){monitor(id)})}if(invalidIds.length>0){throw new Error("[REQUIRE_FATAL]Relative ID is not allowed in global require: "+invalidIds.join(", "))}.var timeout=requireConf.waitSeconds;if(timeou

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\guide_tips-d9e617f782[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	4446
Entropy (8bit):	5.445498876525151
Encrypted:	false
SSDEEP:	96:ivxiRIdfINmVVzX20Jh+gCscuDjkg1/2x02N6SSfuS/203a:fMfgkjrD5I6i1
MD5:	D9E617F782FA4F4FA3596B2C9C9F7ED3
SHA1:	6D629DC60574097B637A9E6FB342B440FB901A97
SHA-256:	0AF87B59FAEC3FDFEC2A6087C5911681B1A0DC3C08C6B8E0069DA0A5C93A1201
SHA-512:	A7153D493B4FF15BE905E81021CDD5A50CB32DBF5B7CC788F4A0C6AB8FB48BCE8DF63180BF72966D948C6FA33C19035693D366A40F5A53833F8DEE85ED7BBF87
Malicious:	false
Preview:	define("superman/components/guide_tips",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.show=show;_exports.close=close;_exports.init=init;var arrowWidth=10;var tipsHeight=34;var tipsWidth=120;var arrowSpace=8;var loginSpace=6;var txtLength=7;var bottomTxtLength=12;function closeGuideTips(option){if(option.ls){try{window.localStorage.setItem(option.ls,"1")}catch(e){}}if(option.red_dot){$(option.red_dot).removeClass(."red-point")}var newClass=option.id.trim()+"-"+option.type;$("."+newClass).hide()}function createdElement(top,left,option){var type=option.type;var txt=option.txt;var newClass=option.id.trim()+"-"+option.type;$("#"+option.id).append('\n <div class="guide-info-new '.concat(newClass,'" style="left: ').concat(left,"px;top: ").concat(top,'px;">\n <span>').concat(txt,'</span>\n <i class="c-icon guide-close" ></i>\n <div class="guide-arrow-').concat(type

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\hotsearch-5af0f864cf[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	5463
Entropy (8bit):	5.211826262517801
Encrypted:	false
SSDEEP:	96:chi9OTRf6wHBIXV9Os778A6Ji37iQfq3ERGYjUuGD9kp4J+sTFbFmT5:cf6w3z1D9+EI5
MD5:	5AF0F864CF0FE6387A5351D482EA2D88
SHA1:	6709497DAEC781C042B1B212ACB20406D0F6F35E
SHA-256:	191232CF257803C4D194794659330D402FE4AD71EBDEAC4FEE109DF2A948AA03
SHA-512:	E649837FB590D4F22A28731E3713CBCCDD440FCB6F160FDD121F256735D849E26A67FEA75F95ADBEB0E6370A9CF87F0384FA6FB24217A3AAE6C2A15B44C7399C
Malicious:	false
Preview:	F.addLog("superman:components/hotsearch",["hotsearchClick","hotsearchShow","hotsearchSet","newsClick"]);F.addLog("superman:components",{categoryClick:"1200100001"});F.module("superman:components/hotsearch",function(require,exports,ctx){var pageNum=0;var hotsearchData;var totalPages;var $hotsearchWrapper=$(".s-hotsearch-wrapper");var $hotsearchContentWrapper=$hotsearchWrapper.find("#hotsearch-content-wrapper");var $hideHotsearchBtn=$("#s-user-setting-menu .s-set-hotsearch.set-hide").;var $showHotsearchBtn=$("#s-user-setting-menu .s-set-hotsearch.set-show");function getHotsearchData(){try{hotsearchData=$.parseJSON($("#hotsearch_data").text()).hotsearch}catch(err){hotsearchData=[]}var hitSample=bds&&bds.comm&&bds.comm.sampleval&&bds.comm.sampleval.indexOf("new_hotitem_num")>-1;var perPage=hitSample?10:6;totalPages=Math.floor(hotsearchData.length/perPage);tempData=hotsearchData.map(function(item){var newItem=item;newItem.index=parseInt(item.index,10);if(newItem.index===-100){.newItem.isAd=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\jquery-1-edb203c114.10.2[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (500)
Category:	dropped
Size (bytes):	143929
Entropy (8bit):	5.227244873914862
Encrypted:	false
SSDEEP:	3072:Jz1IL+ugS+yLvGJuJC8od+6f4CupVOkMKV:e+GXC8oHACwMKV
MD5:	EDB203C114D8E1115C869CA443DD6E48
SHA1:	525BF4344984E7AB03085DAEBB95B0D0E55FBBB4
SHA-256:	AC301A9D0B4250646CABF4E9E56204D09AF518367EED031562360D0F0CB9D733
SHA-512:	F9A78CCEA9B028D14016BD6DD13769FC25C569E3C4FD7EDE8DE90BE36BFA973F6A5354696B2A0D8C90286D161FFC49BFE75958FECF0E23E8393351EE707F29D9
Malicious:	false
Preview:	(function(window,undefined){var readyList,rootjQuery,core_strundefined=typeof undefined,location=window.location,document=window.document,docElem=document.documentElement,_jQuery=window.jQuery,_$=window.$,class2type={},core_deletedIds=[],core_version="1.10.2",core_concat=core_deletedIds.concat,core_push=core_deletedIds.push,core_slice=core_deletedIds.slice,core_indexOf=core_deletedIds.indexOf,core_toString=class2type.toString,core_hasOwn=class2type.hasOwnProperty,core_trim=core_version.trim,.jQuery=function(selector,context){return new jQuery.fn.init(selector,context,rootjQuery)},core_pnum=/[+-]?(?:\d\.\|)\d+(?:[eE][+-]?\d+\|)/.source,core_rnotwhite=/\S+/g,rtrim=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,rquickExpr=/^(?:\s(<[\w\W]+>)[^>]\|#([\w-]))$/,rsingleTag=/^<(\w+)\s\/?>(?:<\/\1>\|)$/,rvalidchars=/^[\],:{}\s]$/,rvalidbraces=/(?:^\|:\|,)(?:\s\[)+/g,rvalidescape=/\\(?:["\\\/bfnrt]\|u[\da-fA-F]{4})/g,rvalidtokens=/"[^"\\\r\n]"\|true\|false\|null\|-?(?:\d+\.\|)\d+(?:[eE][+-]?\d+\|)/g,.rmsPrefix=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\light_new_1698989816000[1].json

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (21110), with no line terminators
Category:	dropped
Size (bytes):	21528
Entropy (8bit):	4.841124494074864
Encrypted:	false
SSDEEP:	384:1VYjY8KuXvKKnKCKvb0nL4Tv618MKf4aAOazFeJIpRKKZWqz9g:1VfZMSKKC46mv6+M64aAxQILDs
MD5:	EB81A616EA78901E20C61B1C651287D9
SHA1:	1E515A0D5952764903BDA73B0D715C8CCE235F89
SHA-256:	DB0B90F3ABC11F76FBF2BF0CA0359E44D10C8BA4DFA8014156DFF3CE7D23DB68
SHA-512:	42C3F4760D958980A3ABCA4492A929618A28F0E052058EC75F7EFB19C8CAD6298D6538BA058E31CCA5A44E3D04BB402D1E7DF9C9D9D8CAFA9E9E200259FD56EC
Malicious:	false
Preview:	{"v":"5.11.0","fr":25,"ip":25,"op":209,"w":120,"h":28,"nm":"......","ddd":0,"assets":[],"layers":[{"ddd":0,"ind":1,"ty":4,"nm":".... 25","parent":3,"sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[-19.063,-9.563,0],"ix":2,"l":2},"a":{"a":0,"k":[-22.375,-8.625,0],"ix":1,"l":2},"s":{"a":0,"k":[100,100,100],"ix":6,"l":2}},"ao":0,"shapes":[{"ty":"gr","it":[{"d":1,"ty":"el","s":{"a":0,"k":[58,58],"ix":2},"p":{"a":0,"k":[0,0],"ix":3},"nm":".... 1","mn":"ADBE Vector Shape - Ellipse","hd":false},{"ty":"fl","c":{"a":0,"k":[1,1,1,1],"ix":4},"o":{"a":0,"k":100,"ix":5},"r":1,"bm":0,"nm":"logo...","mn":"ADBE Vector Graphic - Fill","hd":false},{"ty":"tr","p":{"a":0,"k":[-22.375,-8.625],"ix":2},"a":{"a":0,"k":[0,0],"ix":1},"s":{"a":0,"k":[100,100],"ix":3},"r":{"a":0,"k":0,"ix":6},"o":{"a":0,"k":100,"ix":7},"sk":{"a":0,"k":0,"ix":4},"sa":{"a":0,"k":0,"ix":5},"nm":".."}],"nm":".. 1","np":2,"cix":2,"bm":0,"ix":1,"mn":"ADBE Vecto

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\login_guide-4fba3971ce[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (500)
Category:	dropped
Size (bytes):	8919
Entropy (8bit):	5.287664464765285
Encrypted:	false
SSDEEP:	192:JGaOCpboPyFJwH8vP/FFfUM6Goib0/LGlE51bV0EGkM6GyK1Ntp1nJTeWoq:iC2a0mfUM68bOGlE51bVHGk9GygPl
MD5:	4FBA3971CE850C09757774298F8185ED
SHA1:	D0C5328052F97F019B71C10C1820510A47F7194F
SHA-256:	4030AEBC5B377E798FE7FFA8C89704FD93A99DC5F010C7B4E95CA536307B1B64
SHA-512:	F27FDEE984D98E03BF027CB8BDAC49E6A03FC64AAC83C9D5CAC10BE1F4DB75CE1A962B1E4929BA4372BE6767686CCC440AE864F391B10A2B158E459139AE24C9
Malicious:	false
Preview:	define("superman/components/login_guide",["require","exports","superman/lib/event"],function(require,_exports,_event){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.init=init;function _createForOfIteratorHelper(o){if(typeof Symbol==="undefined"\|\|o[Symbol.iterator]==null){if(Array.isArray(o)\|\|(o=_unsupportedIterableToArray(o))){var i=0;var F=function F(){};return{s:F,n:function n(){if(i>=o.length)return{done:true};return{done:false,value:o[i++]}},e:function e(_e){.throw _e},f:F}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var it,normalCompletion=true,didErr=false,err;return{s:function s(){it=o[Symbol.iterator]()},n:function n(){var step=it.next();normalCompletion=step.done;return step},e:function e(_e2){didErr=true;err=_e2},f:function f(){try{if(!normalCompletion&&it["return"]!=null)it["return"]()}finally{if(didErr)throw err}}}}.function _unsu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\operate-827e19fac1[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text, with very long lines (496)
Category:	dropped
Size (bytes):	4474
Entropy (8bit):	5.131818622272256
Encrypted:	false
SSDEEP:	48:9qWHQNGbkfaEIyB6aJF9MX46gTh/CwCMEJmGVY6+d1JzGKTuQjz3ogaAeTBraG4R:/+3UgF9Jh/C5MEJwTyUlYHVTBra5R
MD5:	827E19FAC177168F6E85C6E68A2B3DB0
SHA1:	F5F91CCA004FCF78FCA2C2BF6CB78CED343DA1B7
SHA-256:	4366EAFC7190A00CDD4B967C11747E58B319E8B9805583517DCAF09B0A0039E6
SHA-512:	B70494B36F385662DC788921BF419CD73CC04684415CDF17FFE5C25A037A77E134738558F4FD997D938ACAC4DA4360F05BCCCA376F9A11953A89F3126C8B5C62
Malicious:	false
Preview:	define("superman/components/top-right-operate/operate",["require","exports","superman/lib/extract_data","superman/lib/commonUtils"],function(require,_exports,_extract_data,_commonUtils){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.RightTopOperate=void 0;function _classCallCheck(instance,Constructor){if(!(instance instanceof Constructor)){throw new TypeError("Cannot call a class as a function")}}function _defineProperties(target,props){for(.var i=0;i<props.length;i++){var descriptor=props[i];descriptor.enumerable=descriptor.enumerable\|\|false;descriptor.configurable=true;if("value"in descriptor)descriptor.writable=true;Object.defineProperty(target,descriptor.key,descriptor)}}function _createClass(Constructor,protoProps,staticProps){if(protoProps)_defineProperties(Constructor.prototype,protoProps);if(staticProps)_defineProperties(Constructor,staticProps);return Constructor}function _defineProperty(obj,key,value){if(key in obj){.Object.defineProperty(obj,

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\search-sug_947981a[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1921)
Category:	dropped
Size (bytes):	57420
Entropy (8bit):	5.428393724499845
Encrypted:	false
SSDEEP:	1536:c7UgkS5UbTGwwaogAaEaACpUUBlGFOp0SBn/:cOS5UbTGwwaPAaEa/UUEsLd/
MD5:	947981AE2C8738FA4978E847E7B8BE64
SHA1:	45168240211D47DD4B1ADA85E1DFA3110E385B41
SHA-256:	00797F642C48B9D3D263E412C64AD87CF7F4D622E9D46998AE11C0DBD004E09E
SHA-512:	F8E2440B58E62AB1EB7E4587CBBAFD13B4B48637F9D21087D2C3E44393D9BD5C7307D56038B85744A473BECC777EDDD315DB94887BF497F14297B2AEC7CA134D
Malicious:	false
Preview:	define("@baidu/search-sug/sug/index",["require"],function(require){function checkHsugIn(e){return window.__sample_hsug_length?e.length>=4\|\|encodeURIComponent(e).length>=18:e.length>=4\|\|encodeURIComponent(e).length>=18}function checkHsugShow(e){return e.length>=1&&encodeURIComponent(e).length>3}function SUGOBJ(e){var t=this,e=t.opts=e\|\|{};t.ipt=e.ipt\|\|null,t.reverse=e.reverse\|\|!1,t.form=e.form\|\|null,t.submission=e.submission\|\|null,t.maxNum=e.maxNum\|\|10,t.bds=e.bds\|\|null,t.sids=t.bds&&t.bds.comm&&t.bds.comm.sid,t.withoutMode=e.withoutMode\|\|!1,t.withoutRich=e.withoutRich\|\|!1,t.withoutStat=e.withoutStat\|\|!1,t.withoutZhixin=e.withoutZhixin\|\|!1,t.visible=!1,t.stopRefresh=!1,t.renderCallback=e.renderCallback\|\|function(){},t.selectCallback=e.selectCallback\|\|function(){},t.storestr=t.storestr\|\|"",t.storearr=t.storearr\|\|[],t.zhixinsug=[],t.zhixintemplate={},t.zhixinused={},t.zhixindata={},t.query=t.ipt&&t.ipt.value\|\|"",t.inputValue=t.query,t.showValue=t.query,t.sugValue="",t.queryValue="",t.reqV

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\tslib-c95383af0c[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	15964
Entropy (8bit):	4.057866639164157
Encrypted:	false
SSDEEP:	384:ippyYtKiDpI+BTZKn5bHk15YxesyMVJbJ:4btjDpfBVKn5wPYI1uD
MD5:	C95383AF0CA41ACFEBC6860E7E7958BC
SHA1:	0768E0FAD8A0FA5E20C44DA1B1716B836187BBAD
SHA-256:	6229FD66F2B7F28054150B018934F7B3A7CAF4E635C39BCD1CA6E915A3A20296
SHA-512:	4D3854FFEE5C08244F4A3DF45656FD6B8D8EC3741E9E6C416E05084198177DE00A33F7D459F0D82EF03766B8F5F7A3DB76DB9C3C25AD60E4CA5CA51191FDDD6B
Malicious:	false
Preview:	define('tslib', [. 'require',. 'amd_modules/tslib/tslib'.], function (require, mod) {. return mod;.});.var __extends;.var __assign;.var __rest;.var __decorate;.var __param;.var __metadata;.var __awaiter;.var __generator;.var __exportStar;.var __values;.var __read;.var __spread;.var __spreadArrays;.var __await;.var __asyncGenerator;.var __asyncDelegator;.var __asyncValues;.var __makeTemplateObject;.var __importStar;.var __importDefault;.var __classPrivateFieldGet;.var __classPrivateFieldSet;.var __createBinding;.(function (factory) {. var root = typeof global === 'object' ? global : typeof self === 'object' ? self : typeof this === 'object' ? this : {};. if (typeof define === 'function' && define.amd) {. define('amd_modules/tslib/tslib', [. 'require',. 'exports'. ], function (require, exports) {. factory(createExporter(root, createExporter(exports)));. });. } else if (typeof module === 'object' && typeof module.expo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\ubase_sync-d600f57804[1].css

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	407
Entropy (8bit):	4.720616141486747
Encrypted:	false
SSDEEP:	12:P6krtMA6kXakA/kCkWkW9aCA6k7bacdBN0/np:gXkTCWmnp
MD5:	D600F57804631038C658B4056D63812A
SHA1:	46E251BD98F509F6AB1BD7D1677E659877D2A7F5
SHA-256:	E8F727AB350843617D0AC285C439DFF120ABC053587ECFCF54D3B4655846868C
SHA-512:	851BE8477D5D07A539D010C710718BDD01CE35DB20D4A4F58E25344AB91C61A5BD4EF3BCD8EC031174243C1C3AE8283B1F712078F6920BD62BBEEA0FB39402A5
Malicious:	false
Preview:	.sui-scrollbar-container{position:relative;overflow:hidden}..sui-scrollbar-bar{border-left:1px solid #e1e1e1;border-right:1px solid #e3e3e3;border-top:1px solid #e3e3e3;border-bottom:1px solid #e3e3e3;background:#e3e3e3;width:7px;position:absolute;top:0;right:0;height:100%;cursor:pointer}..sui-scrollbar-slider{border:1px solid #e1e1e1;background:#fff;width:100%;left:-1px;position:absolute;cursor:pointer}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\video-meeting-1be7f62dac[1].js

Download File

Process:	C:\Windows\SysWOW64\svchost.exe
File Type:	Unicode text, UTF-8 text, with very long lines (731)
Category:	dropped
Size (bytes):	256786
Entropy (8bit):	4.565288105395258
Encrypted:	false
SSDEEP:	3072:D39Este0vsOHoxOMJl2fR1sG1KXOEU/IGMaeuZLtsZPW+RY32SVEFKo:RfHex232+q
MD5:	1BE7F62DAC8F0DE20D70DF0E0539AE24
SHA1:	40681F7A9C4B16B61C922C433ABFD383635DCA1B
SHA-256:	BAC636F543B73B6B8864DF0217B39BA788E1EA0EEA7B5D679F7AE713FD226DCC
SHA-512:	991A5E68EA5E7363576C6642F81F9277651B9E9FF65B389CDE717B4ABABF874387849D34C204FD750F8E5D7D31EB274917EA49DE5004F2A00AC07E2F6958782C
Malicious:	false
Preview:	define('amd_modules/@baidu/video-meeting/dist/index', [. 'require',. 'san',. 'tslib'.], function (require, t, e) {. return function (t) {. var e = {};. function n(a) {. if (e[a]). return e[a].exports;. var i = e[a] = {. i: a,. l: !1,. exports: {}. };. return t[a].call(i.exports, i, i.exports, n), i.l = !0, i.exports;. }. return n.m = t, n.c = e, n.d = function (t, e, a) {. n.o(t, e) \|\| Object.defineProperty(t, e, {. enumerable: !0,. get: a. });. }, n.r = function (t) {. 'undefined' != typeof Symbol && Symbol.toStringTag && Object.defineProperty(t, Symbol.toStringTag, { value: 'Module' }), Object.defineProperty(t, '__esModule', { value: !0 });. }, n.t = function (t, e) {. if (1 & e && (t = n(t)), 8 & e). return t;. if (4 & e && 'obje

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.898841937026526
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	7J4bYHR4n3.exe
File size:	4'054'104 bytes
MD5:	2edb2224339e3562069277b1820851d8
SHA1:	325a9e3a7c452350e2adc1aa33195e50c812909a
SHA256:	ba9eb3c1f2bd625039366009e6b764353bf52ec388a9816aed97bd71971bcf3b
SHA512:	77b161049174efe0092ee4cd4ef9c9fded523da9e4298f181503fca78439eeaa7d2f4dd63cd65c5e6631fba5153ef710ba19415ebb255be45a15e9136952a420
SSDEEP:	98304:jZCk5ZjXckSKCqcfIPNnw8CncZhaunt2n5C/E1zk7Vx30RS:jZCk0lmuI2cZ0utu8czWVxkR
TLSH:	E916227312A61042E1F94C3D943BBEE472F761794A428C3974E7EDC72A21DE5E613A43
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[@e..............................=...... ....@...........................Z............................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x7d9cf1
Entrypoint Section:	.%pv
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x65405B00 [Tue Oct 31 01:40:16 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	dfc8645270ceb59f393a21b56cbd94ee

Entrypoint Preview

Instruction
call 00007FF7889B1AD3h
test ah, FFFFFF9Bh
clc
xor ebx, eax
cmp esp, ebp
add edi, eax
jmp 00007FF7889EF4D3h
not eax
cmp di, 3316h
cmc
add eax, 4C0F2D4Ah
neg eax
not eax
cmc
xor ebx, eax
test bx, ax
add edi, eax
jmp 00007FF78897709Ah
clc
test cl, FFFFFFA6h
xor ebx, edx
clc
add edi, edx
jmp 00007FF788A94D1Dh
jmp 00007FF788AAAC4Bh
movzx eax, byte ptr [esi]
btr ecx, esi
test ch, FFFFFFE2h
btc cx, 0012h
add esi, 00000001h
xor al, bl
movzx ecx, sp
xchg cl, ch
rol al, 1
movsx ecx, ax
setb ch
movzx ecx, bp
inc al
bt ecx, esi
rol al, 1
neg al
mov cx, 3198h
dec al
not al
xor bl, al
sar ch, cl
mov ecx, dword ptr [esp+eax]
and al, 36h
sub ebp, 00000004h
sub eax, 2B1740A6h
mov eax, esi
mov dword ptr [ebp+00h], ecx
sar ax, FF9Ah
mov eax, dword ptr [esi]
cmc
add esi, 00000004h
cmp esp, ebp
test di, 5545h
xor eax, ebx
not eax
stc
clc
cmp bp, di
add eax, 0F3955F4h
neg eax
jmp 00007FF788916EEEh
jmp edi
mov eax, dword ptr [ebp+00h]
xor dl, FFFFFF8Fh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x478cc8	0xc8	.%pv
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1e9000	0x170	.(n(
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x10a00	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x12000	0x159e	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x14000	0x2d1ad	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pn0	0x42000	0x1a6c07	0x0	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.(n(	0x1e9000	0x2f4	0x400	False	0.3408203125	data	2.43828674365498	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.%pv	0x1ea000	0x3b61a0	0x3b6200	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	SetWaitableTimer, CreateToolhelp32Snapshot, Process32First, Process32Next, IsWow64Process, VirtualAllocEx, WriteProcessMemory, WaitForSingleObject, GetExitCodeThread, GetModuleFileNameW, GetEnvironmentVariableW, SetPriorityClass, GetCurrentThread, SetThreadPriority, ExitProcess, MultiByteToWideChar, GetCurrentProcessId, GlobalAlloc, GlobalFree, lstrlenW, WideCharToMultiByte, CreateWaitableTimerA, GetTempPathW, QueryDosDeviceW, TerminateProcess, GetProcessHeap, GetModuleHandleA, HeapAlloc, HeapReAlloc, HeapFree, IsBadReadPtr, GetModuleFileNameA, ReadFile, GetFileSize, CreateFileA, DeleteFileA, GetEnvironmentVariableA, GetCommandLineA, FreeLibrary, GetProcAddress, LoadLibraryA, LCMapStringA, RtlMoveMemory, CloseHandle, lstrcpyn, OpenProcess, GetCurrentProcess, Module32First, OpenEventA
USER32.dll	TranslateMessage, wsprintfA, MessageBoxA, MsgWaitForMultipleObjects, DispatchMessageA, GetMessageA, PeekMessageA
ADVAPI32.dll	OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA
SHELL32.dll	ShellExecuteExW, SHGetSpecialFolderPathW, SHChangeNotify
PSAPI.DLL	GetProcessImageFileNameW
MSVCRT.dll	realloc, calloc, strstr, malloc, _stricmp, sprintf, atoi, _ftol, strrchr, strchr, free
SHLWAPI.dll	PathFileExistsA
OLEAUT32.dll	VariantTimeToSystemTime
KERNEL32.dll	LocalAlloc, LocalFree, GetModuleFileNameW, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 18, 2023 07:51:58.384248972 CET	49704	80	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.535386086 CET	80	49704	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:58.535482883 CET	49704	80	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.535742998 CET	49704	80	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.690224886 CET	80	49704	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:58.692081928 CET	80	49704	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:58.692157984 CET	49704	80	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.790694952 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.790774107 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:58.790860891 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.811800003 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:58.811850071 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.281357050 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.281552076 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.281608105 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.281676054 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.398149014 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.398165941 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.398711920 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.398783922 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.401650906 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.445287943 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.562108040 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.562150002 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.562180996 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.562194109 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.562222004 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.562254906 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.562254906 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.562284946 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.568907976 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.568994045 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.569009066 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.569111109 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.569433928 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.569499969 CET	443	49705	157.185.145.100	192.168.2.5
Nov 18, 2023 07:51:59.569566011 CET	49705	443	192.168.2.5	157.185.145.100
Nov 18, 2023 07:51:59.802226067 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:51:59.996778965 CET	80	49706	138.113.102.96	192.168.2.5
Nov 18, 2023 07:51:59.997102022 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:51:59.997571945 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:52:00.194607019 CET	80	49706	138.113.102.96	192.168.2.5
Nov 18, 2023 07:52:00.388174057 CET	80	49706	138.113.102.96	192.168.2.5
Nov 18, 2023 07:52:00.388207912 CET	80	49706	138.113.102.96	192.168.2.5
Nov 18, 2023 07:52:00.388272047 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:52:00.388272047 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:52:00.432161093 CET	49707	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:00.898910046 CET	8712	49707	45.125.46.159	192.168.2.5
Nov 18, 2023 07:52:00.899000883 CET	49707	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:02.700812101 CET	49707	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:03.159310102 CET	8712	49707	45.125.46.159	192.168.2.5
Nov 18, 2023 07:52:03.200484037 CET	49707	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:03.700627089 CET	49707	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:04.716609001 CET	49708	8710	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:05.195811033 CET	8710	49708	45.125.46.159	192.168.2.5
Nov 18, 2023 07:52:05.195894957 CET	49708	8710	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:07.013381004 CET	49708	8710	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:07.487551928 CET	8710	49708	45.125.46.159	192.168.2.5
Nov 18, 2023 07:52:07.528575897 CET	49708	8710	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:08.042795897 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:09.059915066 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:09.558893919 CET	9000	49709	202.189.4.141	192.168.2.5
Nov 18, 2023 07:52:09.559020996 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:09.559992075 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:09.560070992 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:10.020746946 CET	9000	49709	202.189.4.141	192.168.2.5
Nov 18, 2023 07:52:10.020798922 CET	9000	49709	202.189.4.141	192.168.2.5
Nov 18, 2023 07:52:10.021131992 CET	9000	49709	202.189.4.141	192.168.2.5
Nov 18, 2023 07:52:10.041336060 CET	49708	8710	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:10.075479031 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:13.956526995 CET	49710	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:14.400969982 CET	8712	49710	45.125.46.159	192.168.2.5
Nov 18, 2023 07:52:14.401074886 CET	49710	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:14.595479012 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:14.929177999 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:14.929287910 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:14.929572105 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.263252020 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313345909 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313366890 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313374043 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313384056 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313390970 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313396931 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313402891 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313410044 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313421965 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313429117 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313440084 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313451052 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313462973 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313473940 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313484907 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313494921 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313505888 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313514948 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.313522100 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313533068 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313544989 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313556910 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.313580036 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.313606024 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.319200993 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.319246054 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.319257975 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.319269896 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.319283962 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.319294930 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.319339037 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.319369078 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.329220057 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.329314947 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.540297985 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.540426016 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647243977 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647300959 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647320032 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647370100 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647398949 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647413015 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647423983 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647442102 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647450924 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647454977 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647475958 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647484064 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647496939 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647505045 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647510052 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647524118 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647537947 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647548914 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647550106 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647548914 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647562981 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.647571087 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647599936 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.647619963 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.653179884 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.653192997 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.653206110 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.653215885 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.653228045 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.653232098 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.653245926 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.653258085 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.653279066 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.653296947 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.663044930 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.663183928 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.981319904 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981342077 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981395006 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.981442928 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.981494904 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981508017 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981518984 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981533051 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981539965 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981542110 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.981551886 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.981561899 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.981590033 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.981614113 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.987061024 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987076044 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987087965 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987140894 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.987145901 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987162113 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987169027 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987181902 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987194061 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.987205982 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.987234116 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.987234116 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.996840000 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.996862888 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.996875048 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.996886969 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.996900082 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.996912003 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:15.996932030 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:15.996969938 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.315474987 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315506935 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315515041 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315521955 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315532923 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315548897 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315556049 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.315581083 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.315638065 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.315638065 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.321012974 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.321024895 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.321036100 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.321096897 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.330940962 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.330954075 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.331015110 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.331037998 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.331049919 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.331058025 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.331070900 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.331082106 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.331106901 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.331159115 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.341272116 CET	49710	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:16.649372101 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.649384975 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.649395943 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.649406910 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.649420023 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.649430990 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.649478912 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.649523973 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.654778957 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654792070 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654803038 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654814005 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654824018 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654835939 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654851913 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654860020 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654867887 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.654867887 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.654876947 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.654892921 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.654928923 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.654959917 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.658379078 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.759129047 CET	8712	49710	45.125.46.159	192.168.2.5
Nov 18, 2023 07:52:16.789691925 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:16.789710045 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:16.789768934 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:16.789891958 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:16.789941072 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:16.790010929 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:16.790800095 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:16.790815115 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:16.790952921 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:16.790990114 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:16.809814930 CET	49710	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:16.973598957 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.973695993 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.974000931 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.983422041 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983441114 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983454943 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983469009 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983480930 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983494043 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983506918 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983515978 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.983515978 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.983529091 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983544111 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:16.983588934 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.983588934 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:16.984908104 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.167550087 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.274915934 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.275010109 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.275091887 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.275558949 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.275587082 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.275634050 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.276370049 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.276408911 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.276484966 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.276496887 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.289326906 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.290975094 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291045904 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291045904 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291057110 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291069031 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291080952 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291088104 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291102886 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291136026 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291156054 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291167974 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291177988 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291188955 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291198969 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291202068 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291209936 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291213989 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291225910 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291235924 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291237116 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291245937 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.291255951 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291275978 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.291300058 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.293407917 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.310894966 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.310972929 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.311007023 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.311049938 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.314997911 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.315073013 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.315109968 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.315166950 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.318567991 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.319986105 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320000887 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320012093 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320023060 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320034981 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320039988 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320049047 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320075989 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320106983 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320210934 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320224047 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320236921 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320247889 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320261002 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320271969 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320280075 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320290089 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320295095 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320308924 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320322037 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320323944 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320336103 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320343971 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320348978 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320362091 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320369959 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320377111 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320389986 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320394039 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320405006 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.320421934 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320458889 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.320811033 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.320825100 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.321515083 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.321576118 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.325264931 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.333376884 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.333395004 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.333527088 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.333767891 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.333843946 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.336272955 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.372402906 CET	49710	8712	192.168.2.5	45.125.46.159
Nov 18, 2023 07:52:17.373296976 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.381280899 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.492834091 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.492911100 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.506078959 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.506277084 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.506567955 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.606499910 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606513977 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606529951 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606561899 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606581926 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606597900 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606606960 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606606960 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606611967 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606616974 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606626034 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606669903 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606692076 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606705904 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606719017 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606725931 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606731892 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606745005 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606751919 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606755018 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.606779099 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.606794119 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.608798981 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.609982014 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.610027075 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.610040903 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.610148907 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.611478090 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.611535072 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.657310963 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.657409906 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.657461882 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.657530069 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.659981966 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.660068035 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.660082102 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.660969019 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.661300898 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.661315918 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.661571026 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.663887978 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.663894892 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.663948059 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.664125919 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.664403915 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.664429903 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.664702892 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.667269945 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668462992 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668492079 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668504953 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668523073 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.668550968 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.668551922 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.668554068 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668570995 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668598890 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668606997 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.668704033 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.669548988 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.705265045 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.709254026 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.778449059 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.778511047 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.778551102 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.778559923 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.778575897 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.778606892 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.778708935 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.778757095 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.779462099 CET	49718	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.779475927 CET	443	49718	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.780045986 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.780064106 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.780136108 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.780441999 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.780457020 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.780942917 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.780962944 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.780996084 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.781008959 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.781023026 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.781071901 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.781670094 CET	49719	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.781697035 CET	443	49719	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.782711029 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.782743931 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.782823086 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.783051968 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:17.783072948 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:17.821801901 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.822988987 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.858180046 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859597921 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859637976 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859661102 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859678030 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859684944 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859719038 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859725952 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859756947 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859762907 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859796047 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859807968 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859833002 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859843016 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859870911 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859899044 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859908104 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.859913111 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859955072 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.859966993 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860016108 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860021114 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860058069 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860068083 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860095978 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860099077 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860133886 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860142946 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860172987 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860177994 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860213041 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860217094 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860249996 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860260010 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860290051 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860299110 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860335112 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860346079 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860373020 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:17.860378981 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.860420942 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:17.925713062 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.925754070 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.925791025 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.925831079 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:17.925926924 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:17.997311115 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.997384071 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.997406006 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.997499943 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.998357058 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.998430967 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.998583078 CET	443	49722	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.998635054 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.998651028 CET	49722	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.999234915 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.999269962 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.999286890 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.999341965 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.999361992 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.999368906 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:17.999414921 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.999665976 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:17.999684095 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.000288010 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.000322104 CET	443	49723	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.000399113 CET	49723	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.001138926 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.001164913 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.001214981 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.001698017 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.001702070 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.003413916 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.004920006 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.004998922 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.004997969 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.005038977 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.005074024 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.005090952 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.005090952 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.005115032 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.005120993 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.005153894 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.005189896 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.005202055 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.005202055 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.005239964 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.060297966 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060347080 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060359001 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.060388088 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060399055 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.060431004 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060436010 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.060478926 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.060530901 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060569048 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060575962 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.060616016 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.060676098 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.060724974 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.160164118 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.160227060 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.160238028 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.160274982 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.162972927 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163012981 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163069010 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.163100958 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163139105 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163141966 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.163177013 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163182974 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.163217068 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163218975 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.163259029 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.163261890 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.163305044 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197159052 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197215080 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197262049 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197272062 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197309971 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197319031 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197348118 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197354078 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197386980 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197395086 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197432995 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197442055 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197479010 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197488070 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197519064 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197525024 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197617054 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197639942 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197678089 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197686911 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197714090 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197722912 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197753906 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:18.197760105 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.197799921 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:18.242505074 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.242543936 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.242579937 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.242590904 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.242615938 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:18.242630959 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.242660999 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:18.281801939 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.281883001 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.282340050 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.282345057 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.282558918 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.282632113 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.284281969 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.284291983 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.297653913 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.297661066 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.297806978 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.297817945 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.351840019 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.351933956 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.351946115 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.351984024 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.353713036 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.353774071 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.353780985 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.353812933 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.356123924 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.356129885 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.356393099 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.356822968 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.357302904 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.358903885 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.358910084 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.359181881 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.363281012 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.363883972 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.405301094 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.409270048 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.690608978 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.690730095 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.690738916 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.690875053 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.691442966 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.691468000 CET	443	49730	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.691536903 CET	49730	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.692130089 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.692154884 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.692223072 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.692573071 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.692586899 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.716909885 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.716941118 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.716957092 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.716970921 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.716985941 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.716999054 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.717041016 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.745433092 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.745452881 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.745546103 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.745563030 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.745605946 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.752791882 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.752845049 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.752851009 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.752873898 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.752881050 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.752911091 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.752924919 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.752969027 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.753057003 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.753101110 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.753599882 CET	49727	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.753617048 CET	443	49727	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.754354954 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.754378080 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.754440069 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.754797935 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.754811049 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.755448103 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.755500078 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.755527020 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.755583048 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.755616903 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.755640984 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.755645990 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.755702972 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.756107092 CET	49728	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.756134033 CET	443	49728	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.757153034 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.757234097 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.757323980 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.757601023 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:18.757635117 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:18.871469021 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.871520996 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.871568918 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.871633053 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.871676922 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.872149944 CET	49729	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.872169971 CET	443	49729	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.873059988 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.873110056 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:18.873351097 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.873631001 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:18.873647928 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.043178082 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.043430090 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.044219017 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.044228077 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.060426950 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.060432911 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.227510929 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.227596045 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.228010893 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.228029013 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.230285883 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.230302095 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.265744925 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.265829086 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.267034054 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.267040014 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.268016100 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.268075943 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.271249056 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.271259069 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.273341894 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.273348093 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.273637056 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.273643970 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.407325029 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.407349110 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.407366991 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.407390118 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.407424927 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.407430887 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.407478094 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.435719013 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.435780048 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.435947895 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.435947895 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.435956955 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.435998917 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.571389914 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.571410894 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.571505070 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.571517944 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.571563959 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.596400976 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.596430063 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.596446991 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.596510887 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.596553087 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.596569061 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.596626997 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.597443104 CET	49736	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.597475052 CET	443	49736	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.598138094 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.604743004 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.604779959 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.604829073 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.604855061 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.604868889 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.604896069 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.635550022 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.635603905 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.635689020 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.635704994 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.635745049 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.635765076 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.721194983 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.721276045 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.721304893 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.721318960 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.721359968 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.737297058 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.737318039 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.737366915 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.737373114 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.737399101 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.737426996 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.737993956 CET	49734	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.738010883 CET	443	49734	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.738703966 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.738770008 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.738840103 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.739208937 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.739224911 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.746020079 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.746068001 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.746107101 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.746119976 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.746145964 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.746162891 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.748307943 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.748352051 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.748399019 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.748404980 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.748451948 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.748451948 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.748862028 CET	49735	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.748897076 CET	443	49735	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.749429941 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.749475956 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.749542952 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.749871016 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:19.749901056 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:19.767241001 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.767329931 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.767575026 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.772233009 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.772275925 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.772300005 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.772313118 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.772331953 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.772350073 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.792059898 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.792109966 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.792134047 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.792220116 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.792220116 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.792458057 CET	49733	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.792473078 CET	443	49733	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.793436050 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.867501974 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.867563009 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.936477900 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.937771082 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.937889099 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.937913895 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.937953949 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.937963009 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.937993050 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938004971 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938030958 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938035965 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938085079 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938090086 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938128948 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938134909 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938152075 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938167095 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938183069 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938184023 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938210011 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938221931 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938245058 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938260078 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938272953 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938297033 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938304901 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938342094 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938349009 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938400984 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938405991 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938437939 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938442945 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938473940 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938482046 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938512087 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938524961 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938555002 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938563108 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938601017 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938611031 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938637018 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938643932 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938683987 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.938687086 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.938726902 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.940778017 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.941318989 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.941339016 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.941411018 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.941828012 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:19.941842079 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.963387966 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:19.963454008 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.059820890 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.066211939 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.066272020 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.109539032 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.109576941 CET	80	49738	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.109631062 CET	49738	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.229804993 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.230138063 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.230225086 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.230648041 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.230676889 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.231004000 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231019020 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231057882 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231064081 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231072903 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231077909 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231086969 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231101036 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231117964 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231136084 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231168032 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231178999 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231189966 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231201887 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231209040 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231213093 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231220961 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231226921 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231228113 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231240034 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.231271982 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.231287003 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.234498978 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.234512091 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.234514952 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.240161896 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.240257978 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.240602016 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.240622997 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.244987011 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.245002031 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.292504072 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.292574883 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.293019056 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.293028116 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.293266058 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.293272018 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.404580116 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.405791044 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.405803919 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.405847073 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.408061028 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.408075094 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.408107996 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.408133984 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.412667036 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.412681103 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.412714005 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.412727118 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.417284966 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.417299032 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.417354107 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.421916962 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.421930075 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.421967983 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.421981096 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.426481962 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.426512957 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.426532030 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.426548004 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.431098938 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.431112051 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.431158066 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.435683012 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.435695887 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.435728073 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.435749054 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.440344095 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.440356970 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.440382957 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.440414906 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.444916964 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.444928885 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.444977999 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.449572086 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.449585915 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.449636936 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.454106092 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.454139948 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.454161882 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.454190969 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.458841085 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.458854914 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.459003925 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.463346958 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.463392973 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.463406086 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.463438988 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.467964888 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.467977047 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.468019962 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.472548008 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.472580910 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.472620964 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.477170944 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.477185011 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.477224112 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.481784105 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.481797934 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.481833935 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.481877089 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.486365080 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.486377001 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.486416101 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.576001883 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.576029062 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.576082945 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.576108932 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.578241110 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.578258038 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.578289986 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.578309059 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.582845926 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.582863092 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.582895994 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.582907915 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.587457895 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.587476969 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.587508917 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.587523937 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.592056990 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.592075109 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.592114925 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.596674919 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.596694946 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.596723080 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.596736908 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.602148056 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.602193117 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.602227926 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.605865955 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.605882883 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.605914116 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.605941057 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.610476017 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.610492945 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.610529900 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.610541105 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.615045071 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.615087032 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.615119934 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.615129948 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.619653940 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.619671106 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.619699955 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.619713068 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.624259949 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.624278069 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.624339104 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.628933907 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.628973961 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.628995895 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.629025936 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.633558989 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.633574009 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.633606911 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.633621931 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.638365030 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.638410091 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.638453007 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.638474941 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.642715931 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.642734051 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.642796993 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.647286892 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.647303104 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.647372007 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.653402090 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.653424025 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.653502941 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.657402992 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657422066 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657496929 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.657601118 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657627106 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657644033 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657658100 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.657702923 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.657716036 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657732010 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.657773018 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.660991907 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.661036968 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.661094904 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.665462971 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.665477037 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.665527105 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.665973902 CET	49742	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.665985107 CET	443	49742	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.666671038 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.670139074 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.670154095 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.670197010 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.674397945 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.674412966 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.674459934 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.674480915 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.678924084 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.678940058 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.678976059 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.678989887 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.683320999 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.683336020 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.683372974 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.683383942 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.687834978 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.687855959 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.687886953 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.687901020 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.692251921 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.692266941 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.692301989 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.692312956 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.696679115 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.696692944 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.696727991 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.696738005 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.701555014 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.701576948 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.701612949 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.701816082 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.705728054 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.705770969 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.705825090 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.706429005 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.706485987 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.706506014 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.706537008 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.706558943 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.706645012 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.706696033 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.707118988 CET	49739	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.707130909 CET	443	49739	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.707806110 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.707828999 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.707910061 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.708285093 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.708296061 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.710447073 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.710463047 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.710500002 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.710514069 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.714565039 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.714607954 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.714623928 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.714656115 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.716424942 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.716448069 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.716492891 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.716509104 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.716509104 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.716567039 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.717047930 CET	49740	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:20.717082024 CET	443	49740	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:20.719582081 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.719638109 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.719690084 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.723516941 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.723532915 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.723575115 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.723593950 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.727967978 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.728046894 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.746177912 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.746195078 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.746340036 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.747680902 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.747721910 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.747737885 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.747776031 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.750745058 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.750778913 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.750798941 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.750823021 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.754087925 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.754128933 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.754174948 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.756782055 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.756797075 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.756833076 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.759788036 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.759803057 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.759838104 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.762840986 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.762873888 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.762924910 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.765876055 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.765888929 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.765923023 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.765949965 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.768925905 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.768939018 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.768975019 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.768996954 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.771929026 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.771943092 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.771979094 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.774974108 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.775008917 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.775042057 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.775067091 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.777995110 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.778043032 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.778042078 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.778084993 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.781372070 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.781383991 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.781423092 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.784065962 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.784079075 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.784111977 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.784140110 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.787111998 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.787147045 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.787185907 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.790160894 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.790174961 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.790206909 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.790230989 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.793215036 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.793227911 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.793267012 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.796211004 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.796224117 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.796262026 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.799274921 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.799313068 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.799350023 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.802191019 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.802203894 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.802238941 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.805238008 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.805255890 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.805291891 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.808101892 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.808115959 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.808146954 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.808172941 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.811093092 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.811137915 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.812638044 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.812653065 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.812681913 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.812701941 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.815602064 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.815615892 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.815649033 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.815660000 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.818476915 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.818490982 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.818522930 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.818533897 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.821418047 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.821455956 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.821486950 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.824368954 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.824383974 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.824417114 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.824441910 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.827364922 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.827378988 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.827425003 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.830275059 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.830287933 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.830321074 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.830348015 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.833266973 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.833302975 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.833342075 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.835436106 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.835500002 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.835726976 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.836256027 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.836268902 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.836304903 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.839215040 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.839227915 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.839265108 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.841928959 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.841998100 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.842046022 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.844815969 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.844856977 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.844893932 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.844912052 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.847575903 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.847618103 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.847623110 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.847660065 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.850342035 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.850387096 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.850481033 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.851052046 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.851103067 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.851197004 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.851461887 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:20.851473093 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.938479900 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:20.939454079 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.004528046 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.005831003 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.005844116 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.005881071 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.005902052 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.005934000 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.020632982 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.020643950 CET	80	49741	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.020730019 CET	49741	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.049580097 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.205152988 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.205271006 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.205671072 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.205679893 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.206165075 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.206238985 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.206473112 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.206480026 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.208185911 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.208192110 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.208926916 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.208935976 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.218331099 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.219779968 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.219809055 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.219856977 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.219897985 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.221952915 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.221966028 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.222022057 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.226538897 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.226552963 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.226603985 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.226630926 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.231101036 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.231129885 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.231173038 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.235688925 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.235701084 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.235745907 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.240247011 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.240258932 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.240300894 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.244880915 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.244909048 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.244952917 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.249377966 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.249416113 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.249433994 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.249464035 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.253977060 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.253988028 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.254028082 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.258589029 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.258600950 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.258641005 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.263151884 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.263164997 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.263206959 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.267729044 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.267743111 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.267785072 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.272248983 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.272263050 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.272300005 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.276843071 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.276874065 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.276913881 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.388643980 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.391005039 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.391465902 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.560118914 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.561413050 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.561430931 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.561500072 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.563426971 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.563469887 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.563528061 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.567826033 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.567842007 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.567898035 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.571625948 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.572952986 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.573287964 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.574299097 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.574326038 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.574342012 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.574374914 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.574403048 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.574412107 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.574455023 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.602735996 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.602756023 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.602823973 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.602834940 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.602873087 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.670809984 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.670864105 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.670890093 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.670960903 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.670964956 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.671010971 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.671020031 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.671061039 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.671099901 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.671149015 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.672285080 CET	49744	443	192.168.2.5	104.193.90.87
Nov 18, 2023 07:52:21.672297955 CET	443	49744	104.193.90.87	192.168.2.5
Nov 18, 2023 07:52:21.738322973 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.738346100 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.738455057 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.738471031 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.738512993 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.742433071 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.743714094 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.743727922 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.743788958 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.743789911 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.745727062 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.745769024 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.745820045 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.745820045 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.750030994 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.750045061 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.750144958 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.753979921 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.753993034 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.754090071 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.758198977 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.758255959 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.758275986 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.758299112 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762444973 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.762458086 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.762479067 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.762516022 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762533903 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.762547016 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762562990 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.762574911 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.762588978 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762605906 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762630939 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762906075 CET	49745	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.762916088 CET	443	49745	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.763747931 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.763819933 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.763900995 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.764182091 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.764214039 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.766535997 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.766547918 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.766582012 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.766604900 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.770566940 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.770579100 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.770629883 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.770629883 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.770945072 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.772057056 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.772077084 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.772144079 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.772804022 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:21.772814035 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.798464060 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:21.798612118 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:21.799237013 CET	49748	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:21.939709902 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.939722061 CET	80	49743	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:21.939830065 CET	49743	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.113836050 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:22.113919020 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:22.113981009 CET	49716	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:22.121752024 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.121844053 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.122561932 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.122585058 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.124771118 CET	80	49748	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:22.124831915 CET	49748	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:22.125222921 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.125236988 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.127760887 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.127816916 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.129657984 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.129662991 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.131922960 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.131927967 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.132288933 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:22.132298946 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:22.132349968 CET	49713	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:22.459465027 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.459548950 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.459595919 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.459651947 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.460918903 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.460972071 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.461042881 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.461097956 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.467006922 CET	49746	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.467040062 CET	443	49746	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.467935085 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.468010902 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.468091011 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.471484900 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.471515894 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.493920088 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.493942976 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.493958950 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.493971109 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.493990898 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.493998051 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.494035006 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.494052887 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.522495985 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.522512913 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.522582054 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.522592068 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.522633076 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.659291983 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.659310102 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.659394026 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.659403086 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.660953999 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.692635059 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.692702055 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.692718983 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.692735910 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.692749023 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.692758083 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.692780972 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.692801952 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.693130970 CET	49747	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.693141937 CET	443	49747	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.829375982 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.832600117 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.832979918 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.832998037 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.835627079 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:22.835639954 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:22.880028009 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:22.880067110 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:22.880147934 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:22.880310059 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:22.880331993 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:22.880407095 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:22.881123066 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:22.881129026 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:22.881319046 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:22.881326914 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.172148943 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.172192097 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.172218084 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.172262907 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.172287941 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.172291994 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.172336102 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.178790092 CET	49749	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.178821087 CET	443	49749	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.839358091 CET	49752	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:23.839459896 CET	443	49752	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:23.839541912 CET	49752	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:23.840158939 CET	49752	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:23.840188026 CET	443	49752	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:23.857026100 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.857121944 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.857146025 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.857796907 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.861629009 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.861634016 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.861875057 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.861942053 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.862340927 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.896802902 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.896893978 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.896908998 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.896953106 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.900821924 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.900825977 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.901051044 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.903832912 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.904470921 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:23.909285069 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:23.909356117 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:23.912971973 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.913002014 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.913072109 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.913372040 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.913386106 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.915509939 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.915586948 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.915688038 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.917079926 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:23.917118073 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:23.942403078 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:23.942898035 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:23.945292950 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.027667046 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.027687073 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.027757883 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.028259039 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.028271914 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.224121094 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.224210978 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.240250111 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.252039909 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.252115965 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.252172947 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:24.254128933 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:24.254142046 CET	443	49751	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.254158974 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:24.254187107 CET	49751	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:24.289066076 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.289148092 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.289357901 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.289417982 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.293122053 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.293148041 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.294606924 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.294671059 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.308024883 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.308103085 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.308170080 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:24.308319092 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.308326006 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.323771000 CET	49750	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:24.323806047 CET	443	49750	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:24.330024004 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.350471973 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.350492954 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.352380037 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.352386951 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.402719975 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.402780056 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.555191040 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559505939 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559523106 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559536934 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559550047 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559562922 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559571981 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559577942 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559592009 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559602022 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559606075 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559638023 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559689045 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559711933 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559726000 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559739113 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559751034 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559763908 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559777975 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559791088 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559803009 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559806108 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559815884 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559828997 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559842110 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559844017 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559854984 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.559864998 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559884071 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.559901953 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.569624901 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.569746971 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.608458042 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.608545065 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.608557940 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.608596087 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.609556913 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.609616041 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.609690905 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.609713078 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.609740973 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.609766960 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.610785961 CET	49754	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.610795021 CET	443	49754	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.612804890 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.612853050 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.612926960 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.613549948 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.613585949 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.636545897 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.636569023 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.636584044 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.636645079 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.636681080 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.636715889 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.636737108 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.664834976 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.664880037 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.664896965 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.664932966 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.664983988 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.665280104 CET	49755	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.665308952 CET	443	49755	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.665985107 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.666027069 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.666105986 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.666449070 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.666460991 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.674137115 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675431013 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675445080 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675514936 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675575018 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675586939 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675600052 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675611973 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675622940 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675632954 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675636053 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675651073 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675659895 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675659895 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675662041 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675676107 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675688028 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675698042 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675704956 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675715923 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675719023 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675728083 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675740004 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675741911 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675765038 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675781012 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675786972 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675792933 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675806046 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675817966 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675838947 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.675843954 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675844908 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675868034 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.675882101 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.770695925 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.770747900 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.809784889 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.874447107 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874511003 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874526024 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874538898 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874550104 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874562025 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874572992 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874579906 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874579906 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874614954 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874629021 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874684095 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874684095 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874701977 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874720097 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874732971 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874742985 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874756098 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874766111 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874766111 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874797106 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874797106 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.874830961 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874842882 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:24.874885082 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:24.882680893 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882731915 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.882755995 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882767916 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882778883 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882790089 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882802010 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882814884 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.882817030 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.882834911 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.882853985 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.895196915 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:24.895277023 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:24.895364046 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:24.895778894 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:24.895804882 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:24.950933933 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.950958967 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.951031923 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.964679956 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.966120958 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.966741085 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.966758966 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.967025042 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:24.967031956 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:24.986748934 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986763000 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986776114 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986788034 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986800909 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986813068 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986818075 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.986824989 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:24.986849070 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:24.986865997 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.014786005 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.014892101 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.014928102 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.015007019 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.018768072 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.018837929 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.020435095 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.020442009 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.020653009 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020688057 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020699978 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020711899 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020723104 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020730019 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.020765066 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.020811081 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.020814896 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.020827055 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020838976 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020868063 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.020941019 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020953894 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020967007 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.020978928 CET	9000	49709	202.189.4.141	192.168.2.5
Nov 18, 2023 07:52:25.020981073 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.020991087 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.021002054 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.021006107 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.021014929 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.021027088 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.021039009 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.021068096 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.021068096 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.021071911 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:25.021114111 CET	49709	9000	192.168.2.5	202.189.4.141
Nov 18, 2023 07:52:25.021981955 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.022001028 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.022845030 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.022902012 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.023345947 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.023403883 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.157377005 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.157488108 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.157645941 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.304811001 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.304831982 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.304888010 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.305012941 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.305012941 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.305012941 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.319200039 CET	49758	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.319238901 CET	443	49758	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.319981098 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.320029020 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.320111990 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.321178913 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.321208954 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.362670898 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.362746000 CET	49721	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:52:25.365212917 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.365233898 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.365263939 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.365269899 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.365281105 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.365287066 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.365299940 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.365356922 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.377157927 CET	49759	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.377167940 CET	443	49759	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.385307074 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.385335922 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.385396004 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.397694111 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.397708893 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.423276901 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.423346996 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.423348904 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.423391104 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.423804045 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.423816919 CET	443	49757	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.423832893 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.423856020 CET	49757	443	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:25.428842068 CET	80	49716	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.465835094 CET	80	49713	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:25.518821001 CET	9000	49709	202.189.4.141	192.168.2.5
Nov 18, 2023 07:52:25.580249071 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:25.676544905 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.676750898 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.678581953 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.678601980 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.678870916 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.678883076 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.700192928 CET	80	49721	111.225.213.38	192.168.2.5
Nov 18, 2023 07:52:25.753329992 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.753412962 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.753787994 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.753794909 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.754023075 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:25.754029036 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:25.910460949 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:25.910624027 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:25.910960913 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.023889065 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.023925066 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.023972034 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.023983955 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.024012089 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.024105072 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.025327921 CET	49761	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.025362015 CET	443	49761	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.026199102 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.026241064 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.026344061 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.026647091 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.026659012 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.107423067 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.107455015 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.107489109 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.107510090 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.107547045 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.107557058 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.107587099 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.107606888 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.108431101 CET	49762	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.108445883 CET	443	49762	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.109141111 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.109184027 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.109261990 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.109529018 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.109544992 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.239264965 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337587118 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337603092 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337641001 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337649107 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.337652922 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337661982 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337672949 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337685108 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337692022 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.337699890 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337708950 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.337712049 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.337740898 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.377660990 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.377726078 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.381194115 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.381207943 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.387651920 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.387674093 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.460155010 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.460232973 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.460762024 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.460771084 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.461185932 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.461191893 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.542797089 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.542989969 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.665966988 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.665981054 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.665992975 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.666018963 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.666058064 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.666058064 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.666101933 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:26.666143894 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:26.722666979 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.722688913 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.722724915 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.722748995 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.722764015 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.722769022 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.722790003 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.722820997 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.746182919 CET	49764	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.746206999 CET	443	49764	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.749290943 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.749372005 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.749453068 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.758454084 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.758491993 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.829452991 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.829482079 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.829498053 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.829552889 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.829572916 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.829627991 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.829628944 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.829667091 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.830828905 CET	49765	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.830853939 CET	443	49765	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.832425117 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.832458973 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:26.832540989 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.832829952 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:26.832839012 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.109889984 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.109965086 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.110994101 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.111012936 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.124216080 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.124228954 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.184164047 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.184209108 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.189893007 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.189903021 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.190109968 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.190114975 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.455761909 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.455787897 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.455848932 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.455858946 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.455900908 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.455910921 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.456928015 CET	49766	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.456969976 CET	443	49766	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.457695961 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.457779884 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.457866907 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.458173037 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.458209991 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.529174089 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.529202938 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.529238939 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.529254913 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.529266119 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.529268026 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.529298067 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.529324055 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.530131102 CET	49767	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.530143023 CET	443	49767	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.531533003 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.531559944 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.531621933 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.531909943 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.531923056 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.815252066 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.815428019 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.817150116 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.817162991 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.826704025 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.826716900 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.882873058 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.882946968 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.887254000 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.887265921 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:27.887528896 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:27.887532949 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.156301975 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.156364918 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.156379938 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.156444073 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.156481981 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.156506062 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.156735897 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.156797886 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.211735010 CET	49768	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.211777925 CET	443	49768	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.215267897 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.215328932 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.215473890 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.220392942 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.220413923 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.247188091 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.247247934 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.247262955 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.247327089 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.247348070 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.247392893 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.275540113 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.275559902 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.275727034 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.275738001 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.278954029 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.411143064 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.411159992 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.411214113 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.411222935 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.411278963 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.420633078 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.420694113 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.420696020 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.420775890 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.420782089 CET	443	49769	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.420800924 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.420820951 CET	49769	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.422172070 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.422213078 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.422272921 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.422596931 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.422616005 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.579699039 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.579801083 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.587121010 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.587145090 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.591490030 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.591495991 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.773469925 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.773821115 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.774226904 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.774243116 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.774483919 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.774490118 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.940882921 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.940943003 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.940994024 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.941041946 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.941068888 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.941099882 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.941133976 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.969110012 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.969160080 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.969197035 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.969212055 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:28.969264030 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:28.969264030 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.104716063 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.104742050 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.104789019 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.104798079 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.104813099 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.104835033 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.118042946 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.118066072 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.118139982 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.118146896 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.118377924 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.119404078 CET	49771	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.119415045 CET	443	49771	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.120829105 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.120862961 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.121296883 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.121959925 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.121972084 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.137907982 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.137936115 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.137979984 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.138015985 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.138046026 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.139019012 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.168752909 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.168768883 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.168814898 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.168828964 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.168854952 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.169429064 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.254303932 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.254322052 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.254385948 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.254395008 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.254437923 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.279661894 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.279700041 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.279794931 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.279819012 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.279872894 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.306065083 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.306086063 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.306180954 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.306196928 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.306245089 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.329514027 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.329530954 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.329624891 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.329646111 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.329694033 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.351541042 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.351555109 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.351635933 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.351650000 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.351700068 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.373368979 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.373383045 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.373457909 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.373471022 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.373516083 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.393199921 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.393214941 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.393289089 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.393296003 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.393333912 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.411689997 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.411712885 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.411811113 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.411824942 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.411875963 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.429095984 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.429111004 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.429197073 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.429210901 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.429276943 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.445254087 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.445271015 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.445353985 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.445368052 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.445420027 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.455709934 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.455782890 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.455789089 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.455832958 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.455888987 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.455912113 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.472758055 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.475348949 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.494292021 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.494302988 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.506042957 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.506048918 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.506339073 CET	49770	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.506360054 CET	443	49770	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.507055998 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.507117987 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.507200956 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.507493973 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.507527113 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.822913885 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.822940111 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.822985888 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.823004007 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.823020935 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.823023081 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.823031902 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.823051929 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.823076963 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:29.858345985 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:29.858437061 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:30.866372108 CET	49772	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:30.866394043 CET	443	49772	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:30.867707968 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:30.867746115 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:30.867954016 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:30.867966890 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:30.868535042 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.037266970 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.037386894 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.064779997 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.064807892 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.064824104 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.064858913 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.064893007 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.064910889 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.064970016 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.093204975 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.093223095 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.093281984 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.093303919 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.093358994 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.139275074 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.139343023 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.179721117 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.228848934 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.228867054 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.228945971 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.228965044 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.229024887 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.262017965 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.262032986 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.262093067 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.262113094 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.262140036 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.262157917 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.292896032 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.292912006 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.292978048 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.292996883 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.293052912 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.348651886 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.349936962 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.349957943 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.349968910 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.349981070 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350018024 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350059986 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350152016 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350167036 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350178957 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350189924 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350198030 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350199938 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350210905 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350220919 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350229979 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350233078 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350245953 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350256920 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350259066 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350269079 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350269079 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350281000 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350291967 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350301981 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350303888 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350313902 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350326061 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350326061 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350336075 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350347996 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350349903 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350358963 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350364923 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350373030 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.350394011 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.350414991 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.378377914 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.378396988 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.378477097 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.378515959 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.378562927 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.403739929 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.403755903 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.403811932 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.403832912 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.403882980 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.429692984 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.429707050 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.429765940 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.429788113 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.429833889 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.453207016 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.453222036 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.453283072 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.453300953 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.453346014 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.475492001 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.475507975 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.475569963 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.475588083 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.475632906 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.497167110 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.497183084 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.497283936 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.497315884 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.497365952 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.517232895 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.517252922 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.517324924 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.517359972 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.517424107 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.519249916 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.519268990 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.519328117 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.521249056 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.521310091 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.521332979 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.521384954 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.525933981 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.525948048 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.526030064 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.530694008 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.530708075 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.530754089 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.530785084 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.535419941 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.535432100 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.535481930 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.535564899 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.535581112 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.535653114 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.535667896 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.535721064 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.540221930 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.540235996 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.540282011 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.545033932 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.545063972 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.545104027 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.545128107 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.549761057 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.549774885 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.549822092 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.552984953 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.553000927 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.553061008 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.553075075 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.553117037 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.554531097 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.554547071 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.554615021 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.559277058 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.559292078 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.559351921 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.564023018 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.564080000 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.564235926 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.564287901 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.568880081 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.568892002 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.568948984 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.569324017 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.569339991 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.569402933 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.569417000 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.569470882 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.573699951 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.573714018 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.573751926 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.573781967 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.578280926 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.578337908 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.578340054 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.578386068 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.583101988 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.583144903 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.583154917 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.583190918 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.584065914 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.584081888 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.584151983 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.584181070 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.584245920 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.587842941 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.587872982 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.587913990 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.592609882 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.592622042 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.592665911 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.592694998 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.597376108 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.597390890 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.597395897 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.597410917 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.597457886 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.597477913 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.597493887 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.597549915 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.598212957 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.604015112 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.604094982 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.604094982 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.604144096 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.604373932 CET	49773	443	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.604402065 CET	443	49773	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.766917944 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.768098116 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.768114090 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.768165112 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.768204927 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.770400047 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.770415068 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.770466089 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.774971962 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.774986029 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.775027037 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.775055885 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.779588938 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.779608965 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.779645920 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.779676914 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.784104109 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.784116983 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.784173965 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.788714886 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.788744926 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.788789988 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.788815022 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.793296099 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.793309927 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.793343067 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.793358088 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.797869921 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.797883987 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.797919989 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.802545071 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.802563906 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.802601099 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.802649975 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.807039022 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.807053089 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.807092905 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.807127953 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.811614990 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.811660051 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.811669111 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.811702967 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.816205025 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.816219091 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.816256046 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.816287041 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.818727970 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:31.818764925 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:31.818825960 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:31.819448948 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:31.819463015 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:31.820801020 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.820813894 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.820858955 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.820888042 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.825529099 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.825573921 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.825598955 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.825623035 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.829298973 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:31.829345942 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:31.829416037 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:31.829977036 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.829989910 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.830043077 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.833549023 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:31.833578110 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:31.834583998 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.834602118 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.834662914 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.834692001 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.836179972 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:31.836195946 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:31.836267948 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:31.836756945 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:31.836769104 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:31.839143038 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.839160919 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.839201927 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.839225054 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.843728065 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.843772888 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.843791962 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.843816996 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.848299026 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.848349094 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.848349094 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.848397017 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.853116989 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.853135109 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.853173018 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.853187084 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.857470989 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.857487917 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:52:31.857522964 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:31.857553005 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:52:32.466830969 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:32.466913939 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:32.468370914 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:32.468400002 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:32.480916977 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:32.480935097 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:32.495045900 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:32.495225906 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:32.495492935 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:32.495503902 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:32.495815992 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:32.495820999 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.110487938 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.110569954 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.110657930 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.127707005 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.127744913 CET	443	49776	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.127774954 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.127815008 CET	49776	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.165458918 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.165541887 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.165663004 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.165735960 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.165756941 CET	443	49777	103.235.46.40	192.168.2.5
Nov 18, 2023 07:52:33.165779114 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:33.165805101 CET	49777	443	192.168.2.5	103.235.46.40
Nov 18, 2023 07:52:34.583136082 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:34.583214045 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:34.642426968 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:34.642441034 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:34.642741919 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:34.644113064 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:34.644706011 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:34.685281992 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:35.291485071 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:35.291507959 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:35.291522980 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:35.291701078 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:35.291718960 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:35.291790962 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:35.292974949 CET	49775	443	192.168.2.5	124.239.243.38
Nov 18, 2023 07:52:35.292994976 CET	443	49775	124.239.243.38	192.168.2.5
Nov 18, 2023 07:52:37.672875881 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:37.673007011 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:37.673041105 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:37.673105001 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:37.680941105 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:37.680953026 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:37.681327105 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:37.681399107 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:37.681927919 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:37.725284100 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:40.189362049 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:40.189429998 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:41.995768070 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:41.995843887 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:46.904457092 CET	49752	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:49.397433996 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:49.397532940 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:49.397538900 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:49.397593021 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:49.398185015 CET	49760	443	192.168.2.5	39.156.68.81
Nov 18, 2023 07:52:49.398226023 CET	443	49760	39.156.68.81	192.168.2.5
Nov 18, 2023 07:52:55.504803896 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:52:55.504892111 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:52:56.337816954 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:52:56.337876081 CET	49763	80	192.168.2.5	103.235.46.9
Nov 18, 2023 07:52:58.688430071 CET	80	49704	157.185.145.100	192.168.2.5
Nov 18, 2023 07:52:58.688520908 CET	49704	80	192.168.2.5	157.185.145.100
Nov 18, 2023 07:52:59.664395094 CET	80	49763	103.235.46.9	192.168.2.5
Nov 18, 2023 07:53:00.389523983 CET	80	49706	138.113.102.96	192.168.2.5
Nov 18, 2023 07:53:00.389612913 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:53:10.819828987 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:53:10.820095062 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:53:24.560666084 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:53:24.560838938 CET	49753	80	192.168.2.5	103.235.47.7
Nov 18, 2023 07:53:27.875766039 CET	80	49753	103.235.47.7	192.168.2.5
Nov 18, 2023 07:53:29.675683975 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:53:29.675782919 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:53:29.883024931 CET	80	49756	111.225.213.38	192.168.2.5
Nov 18, 2023 07:53:29.883163929 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:53:48.169310093 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:53:48.169365883 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:53:48.169528961 CET	49704	80	192.168.2.5	157.185.145.100
Nov 18, 2023 07:53:48.169595003 CET	49706	80	192.168.2.5	138.113.102.96
Nov 18, 2023 07:53:48.320810080 CET	80	49704	157.185.145.100	192.168.2.5
Nov 18, 2023 07:53:48.338429928 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:53:48.338443995 CET	80	49774	104.193.88.112	192.168.2.5
Nov 18, 2023 07:53:48.338501930 CET	49774	80	192.168.2.5	104.193.88.112
Nov 18, 2023 07:53:48.363926888 CET	80	49706	138.113.102.96	192.168.2.5
Nov 18, 2023 07:53:49.059602022 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:53:50.840877056 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:53:54.497267008 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:54:01.606532097 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:54:15.809626102 CET	49756	80	192.168.2.5	111.225.213.38
Nov 18, 2023 07:54:44.387633085 CET	49756	80	192.168.2.5	111.225.213.38

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 18, 2023 07:51:58.217844963 CET	61303	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:51:58.370409012 CET	53	61303	1.1.1.1	192.168.2.5
Nov 18, 2023 07:51:59.578048944 CET	61242	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:51:59.800836086 CET	53	61242	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:14.440268993 CET	64962	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:14.593362093 CET	53	64962	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:16.335664988 CET	60218	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:16.662759066 CET	65043	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:16.788044930 CET	53	60218	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:17.013365984 CET	58786	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:17.165885925 CET	53	58786	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:17.272970915 CET	53	65043	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:22.725441933 CET	54912	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:22.878155947 CET	53	54912	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:23.531689882 CET	62962	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:23.684464931 CET	57572	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:23.837826014 CET	53	57572	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:24.026068926 CET	53	62962	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:25.422899961 CET	55305	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:25.575257063 CET	53	55305	1.1.1.1	192.168.2.5
Nov 18, 2023 07:52:31.661484957 CET	51813	53	192.168.2.5	1.1.1.1
Nov 18, 2023 07:52:31.814582109 CET	53	51813	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 18, 2023 07:51:58.217844963 CET	192.168.2.5	1.1.1.1	0x1fac	Standard query (0)	www.ip138.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:51:59.578048944 CET	192.168.2.5	1.1.1.1	0x9f3c	Standard query (0)	2023.ip138.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:14.440268993 CET	192.168.2.5	1.1.1.1	0x1be3	Standard query (0)	www.baidu.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:16.335664988 CET	192.168.2.5	1.1.1.1	0x36cc	Standard query (0)	dss0.bdstatic.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:16.662759066 CET	192.168.2.5	1.1.1.1	0x23d4	Standard query (0)	pss.bdstatic.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.013365984 CET	192.168.2.5	1.1.1.1	0x5eed	Standard query (0)	hectorstatic.baidu.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:22.725441933 CET	192.168.2.5	1.1.1.1	0xc3f5	Standard query (0)	sp1.baidu.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:23.531689882 CET	192.168.2.5	1.1.1.1	0xf5dc	Standard query (0)	sp2.baidu.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:23.684464931 CET	192.168.2.5	1.1.1.1	0x6dbe	Standard query (0)	hector.baidu.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:25.422899961 CET	192.168.2.5	1.1.1.1	0xa849	Standard query (0)	passport.baidu.com	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.661484957 CET	192.168.2.5	1.1.1.1	0x74d1	Standard query (0)	psstatic.cdn.bcebos.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 18, 2023 07:51:58.370409012 CET	1.1.1.1	192.168.2.5	0x1fac	No error (0)	www.ip138.com	www.ip138.com.lxdns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:51:58.370409012 CET	1.1.1.1	192.168.2.5	0x1fac	No error (0)	www.ip138.com.lxdns.com		157.185.145.100	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:51:59.800836086 CET	1.1.1.1	192.168.2.5	0x9f3c	No error (0)	2023.ip138.com	2023.ip138.com.wsglb0.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:51:59.800836086 CET	1.1.1.1	192.168.2.5	0x9f3c	No error (0)	2023.ip138.com.wsglb0.com		138.113.102.96	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:14.593362093 CET	1.1.1.1	192.168.2.5	0x1be3	No error (0)	www.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:14.593362093 CET	1.1.1.1	192.168.2.5	0x1be3	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:14.593362093 CET	1.1.1.1	192.168.2.5	0x1be3	No error (0)	www.wshifen.com		103.235.47.7	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:14.593362093 CET	1.1.1.1	192.168.2.5	0x1be3	No error (0)	www.wshifen.com		103.235.47.102	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:14.593362093 CET	1.1.1.1	192.168.2.5	0x1be3	No error (0)	www.wshifen.com		103.235.46.40	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:14.593362093 CET	1.1.1.1	192.168.2.5	0x1be3	No error (0)	www.wshifen.com		103.235.47.103	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:16.788044930 CET	1.1.1.1	192.168.2.5	0x36cc	No error (0)	dss0.bdstatic.com	sslbaiduv6.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:16.788044930 CET	1.1.1.1	192.168.2.5	0x36cc	No error (0)	sslbaiduv6.jomodns.com	sslbaidu.gshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:16.788044930 CET	1.1.1.1	192.168.2.5	0x36cc	No error (0)	sslbaidu.gshifen.com		104.193.90.87	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	hectorstatic.baidu.com	hectorstatic.baidu.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	hectorstatic.baidu.com.a.bdydns.com	opencdnbd.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		111.225.213.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		111.174.9.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		113.219.142.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		117.68.52.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		115.238.202.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		113.219.161.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		119.96.52.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		111.170.26.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		114.232.92.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.165885925 CET	1.1.1.1	192.168.2.5	0x5eed	No error (0)	opencdnbd.jomodns.com		111.177.8.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.272970915 CET	1.1.1.1	192.168.2.5	0x23d4	No error (0)	pss.bdstatic.com	pss.bdstatic.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:17.272970915 CET	1.1.1.1	192.168.2.5	0x23d4	No error (0)	pss.bdstatic.com.a.bdydns.com	opencdnbdpss.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:17.272970915 CET	1.1.1.1	192.168.2.5	0x23d4	No error (0)	opencdnbdpss.jomodns.com	opencdnglobal.gshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:17.272970915 CET	1.1.1.1	192.168.2.5	0x23d4	No error (0)	opencdnglobal.gshifen.com		104.193.88.112	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:17.272970915 CET	1.1.1.1	192.168.2.5	0x23d4	No error (0)	opencdnglobal.gshifen.com		104.193.90.80	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:22.878155947 CET	1.1.1.1	192.168.2.5	0xc3f5	No error (0)	sp1.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:22.878155947 CET	1.1.1.1	192.168.2.5	0xc3f5	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:22.878155947 CET	1.1.1.1	192.168.2.5	0xc3f5	No error (0)	www.wshifen.com		103.235.46.40	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:22.878155947 CET	1.1.1.1	192.168.2.5	0xc3f5	No error (0)	www.wshifen.com		103.235.47.103	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:22.878155947 CET	1.1.1.1	192.168.2.5	0xc3f5	No error (0)	www.wshifen.com		103.235.47.102	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:22.878155947 CET	1.1.1.1	192.168.2.5	0xc3f5	No error (0)	www.wshifen.com		103.235.47.7	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:23.837826014 CET	1.1.1.1	192.168.2.5	0x6dbe	No error (0)	hector.baidu.com		39.156.68.81	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:24.026068926 CET	1.1.1.1	192.168.2.5	0xf5dc	No error (0)	sp2.baidu.com	www.a.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:24.026068926 CET	1.1.1.1	192.168.2.5	0xf5dc	No error (0)	www.a.shifen.com	www.wshifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:24.026068926 CET	1.1.1.1	192.168.2.5	0xf5dc	No error (0)	www.wshifen.com		103.235.47.7	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:24.026068926 CET	1.1.1.1	192.168.2.5	0xf5dc	No error (0)	www.wshifen.com		103.235.47.102	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:24.026068926 CET	1.1.1.1	192.168.2.5	0xf5dc	No error (0)	www.wshifen.com		103.235.47.103	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:24.026068926 CET	1.1.1.1	192.168.2.5	0xf5dc	No error (0)	www.wshifen.com		103.235.46.40	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:25.575257063 CET	1.1.1.1	192.168.2.5	0xa849	No error (0)	passport.baidu.com	passport.n.shifen.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:25.575257063 CET	1.1.1.1	192.168.2.5	0xa849	No error (0)	passport.n.shifen.com		103.235.46.9	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	psstatic.cdn.bcebos.com	psstatic.cdn.bcebos.com.a.bdydns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	psstatic.cdn.bcebos.com.a.bdydns.com	opencdnbd.jomodns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		124.239.243.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		182.84.110.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		150.138.110.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		150.138.188.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		171.214.23.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		171.214.24.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		175.4.51.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		180.97.64.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		125.74.110.38	A (IP address)	IN (0x0001)	false
Nov 18, 2023 07:52:31.814582109 CET	1.1.1.1	192.168.2.5	0x74d1	No error (0)	opencdnbd.jomodns.com		182.106.158.38	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.ip138.comaccept-language:

www.ip138.com

www.baidu.com

dss0.bdstatic.com

pss.bdstatic.com

sp1.baidu.com

sp2.baidu.com

psstatic.cdn.bcebos.com

hector.baidu.com

hectorstatic.baidu.com

passport.baidu.com

2023.ip138.com

202.189.4.141:9000

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.5	49704	157.185.145.100	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:51:58.535742998 CET	0	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 Accept: / Referer: http://www.ip138.com Accept-Language: zh-cn Host: www.ip138.com Cache-Control: no-cache
Nov 18, 2023 07:51:58.692081928 CET	1	IN	HTTP/1.1 301 Moved Permanently Date: Sat, 18 Nov 2023 06:51:58 GMT Content-Length: 0 Connection: keep-alive Server: Cdn Cache Server V2.0 Location: https://www.ip138.com/ X-Via: 1.0 yatu3:8 (Cdn Cache Server V2.0) X-Ws-Request-Id: 65585f0e_PS-SEA-04Nmy103_40678-6075

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	157.185.145.100	80	192.168.2.5	49704	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:51:58.535742998 CET	0	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 Accept: / Referer: http://www.ip138.com Accept-Language: zh-cn Host: www.ip138.com Cache-Control: no-cache
Nov 18, 2023 07:51:58.692081928 CET	1	IN	HTTP/1.1 301 Moved Permanently Date: Sat, 18 Nov 2023 06:51:58 GMT Content-Length: 0 Connection: keep-alive Server: Cdn Cache Server V2.0 Location: https://www.ip138.com/ X-Via: 1.0 yatu3:8 (Cdn Cache Server V2.0) X-Ws-Request-Id: 65585f0e_PS-SEA-04Nmy103_40678-6075

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	138.113.102.96	80	192.168.2.5	49706	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:51:59.997571945 CET	29	OUT	GET / HTTP/1.1 Accept: / Referer: http://2023.ip138.com/ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 2023.ip138.com Cache-Control: no-cache
Nov 18, 2023 07:52:00.388174057 CET	30	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 06:52:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 921 Connection: keep-alive Server: nginx Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-tip: 1 X-Via: 1.1 dianxun232:8 (Cdn Cache Server V2.0), 1.1 PSmglsjLAX2kb133:5 (Cdn Cache Server V2.0) X-Ws-Request-Id: 65585f10_PSmglsjLAX2wh136_35942-54413
Nov 18, 2023 07:52:00.388207912 CET	31	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 3c 74 69 74 6c 65 3e e6 82 a8 e7 9a 84 49 50 e5 9c b0 e5 9d 80 e6 98 af ef bc 9a 31 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"/><title>IP156.146.49.168</title><link rel="canonical" href="http://www.ip138.com/" /><style type="text/css">body{margin:0;padding:0;}p{margin: 0;line-height: 26px;font-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.5	49706	138.113.102.96	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:51:59.997571945 CET	29	OUT	GET / HTTP/1.1 Accept: / Referer: http://2023.ip138.com/ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 2023.ip138.com Cache-Control: no-cache
Nov 18, 2023 07:52:00.388174057 CET	30	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 06:52:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 921 Connection: keep-alive Server: nginx Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Access-Control-tip: 1 X-Via: 1.1 dianxun232:8 (Cdn Cache Server V2.0), 1.1 PSmglsjLAX2kb133:5 (Cdn Cache Server V2.0) X-Ws-Request-Id: 65585f10_PSmglsjLAX2wh136_35942-54413
Nov 18, 2023 07:52:00.388207912 CET	31	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 0a 3c 74 69 74 6c 65 3e e6 82 a8 e7 9a 84 49 50 e5 9c b0 e5 9d 80 e6 98 af ef bc 9a 31 Data Ascii: <!DOCTYPE html><html><head><meta charset="utf-8"/><title>IP156.146.49.168</title><link rel="canonical" href="http://www.ip138.com/" /><style type="text/css">body{margin:0;padding:0;}p{margin: 0;line-height: 26px;font-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	202.189.4.141	9000	192.168.2.5	49709	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:09.559992075 CET	33	OUT	POST /img.gif HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: text/html, application/xhtml+xml, / Accept-Encoding: identity Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Content-Length: 20 Host: 202.189.4.141:9000
Nov 18, 2023 07:52:10.021131992 CET	33	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 18 Nov 2023 06:52:09 GMT Content-Type: image/gif Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=15

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.5	49709	202.189.4.141	9000	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:09.559992075 CET	33	OUT	POST /img.gif HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: text/html, application/xhtml+xml, / Accept-Encoding: identity Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Content-Length: 20 Host: 202.189.4.141:9000
Nov 18, 2023 07:52:10.021131992 CET	33	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 18 Nov 2023 06:52:09 GMT Content-Type: image/gif Content-Length: 0 Connection: keep-alive Keep-Alive: timeout=15

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	103.235.47.7	80	192.168.2.5	49713	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:14.929572105 CET	35	OUT	GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive
Nov 18, 2023 07:52:15.313345909 CET	36	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com; Content-Type: text/html; charset=utf-8 Date: Sat, 18 Nov 2023 06:52:15 GMT P3p: CP=" OTI DSP COR IVA OUR IND COM " P3p: CP=" OTI DSP COR IVA OUR IND COM " Server: BWS/1.1 Set-Cookie: BAIDUID=145E27E221F282D0BD0487E5415FCD62:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BIDUPSID=145E27E221F282D0BD0487E5415FCD62; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: PSTM=1700290335; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; max-age=31536000; expires=Sun, 17-Nov-24 06:52:15 GMT; domain=.baidu.com; path=/; version=1; comment=bd Traceid: 1700290335076652340218361076780579524406 X-Ua-Compatible: IE=Edge,chrome=1 Transfer-Encoding: chunked Data Raw: 32 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5a 6b 6f db d6 19 fe 2b ac 84 01 ed e6 23 91 a2 25 cb 54 9c 21 4d 63 6c d8 87 0e 68 0a 6c c0 Data Ascii: 200Zko+#%T!Mclhl
Nov 18, 2023 07:52:15.313366890 CET	36	IN	Data Raw: 00 e3 88 3c 94 08 53 24 47 52 96 1d c1 40 da 2e 6b bb ad 37 04 ed b0 b5 e8 d6 02 1d 36 60 6b 53 2c 5b 83 f4 92 1f 53 4b 4e 3e f5 2f ec 7d cf 85 22 29 da 92 d3 7c 59 59 27 16 75 2e ef f5 79 9f f3 9e 5c 7a ea b9 e7 af 5e ff e5 cf af 69 c3 74 e4 5f Data Ascii: <S$GR@.k76`kS,[SKN>/}")\|YY'u.y\z^it_!/\rFKQK)K#~=vjW eAJEN-ei'!Stk+x\GM_v3`0GlP]?GIM(\|]jx;8'_:,c/J0<
Nov 18, 2023 07:52:15.313374043 CET	38	IN	Data Raw: 35 33 32 39 0d 0a 3b 35 6f 44 07 ac 79 48 c4 e4 66 61 61 46 63 7b a8 06 d2 28 f2 3d 1b fc 18 06 cd 30 62 41 c2 bf cd 99 f5 47 87 23 5f 6d df 94 6e 24 62 54 83 7f 95 7a a9 0f 3b 0a 9b 08 8d 6a 5a 61 47 21 44 e2 dd 60 c9 4e 8d 06 47 35 6d 44 93 fd Data Ascii: 5329;5oDyHfaaFc{(=0bAG#_mn$bTz;jZaG!D`NG5mDU0jRTAtDo$=l4IOJpYHD&.6!JsT`$Zs+I;Ao~<6'^aMJ;5f{=f07`ic{7O
Nov 18, 2023 07:52:15.313384056 CET	39	IN	Data Raw: 30 ce 93 fe 20 9f 1c 82 58 41 09 94 14 2b 8f 5e 9c b0 9a 3a 54 0d cd 40 80 cf 69 c5 cf f1 16 72 b9 0b 20 f8 10 5a 2f 1c bf b9 1c 7b ba 6d 6e b1 ed 3e c7 ee 27 bd 76 57 df a6 ac d3 6e 0c 3c f7 99 5f 6d e7 2d 6f 81 b9 f6 11 52 44 94 6a d4 3a f0 e0 Data Ascii: 0 XA+^:T@ir Z/{mn>'vWn<_m-oRDj:tXB^qwrh%9ix6AqVft@Ur1)Rim b1bh0qN$USz/)d@v^U46z~OD6=44X8&?[M_\|RK@!!.>
Nov 18, 2023 07:52:15.313390970 CET	40	IN	Data Raw: e8 66 5b 96 33 9b 00 bb 18 64 1f f6 69 f3 90 00 03 08 a2 48 5a 42 28 d3 91 e4 d9 99 35 f4 98 0f c8 73 fe 21 f9 80 20 f9 9b 00 d9 bf c8 a9 ea ea 66 75 93 b4 35 b2 91 cb 18 33 23 53 cd be 54 77 57 57 9d 3a d5 b5 d1 c3 50 6d 1c b9 f4 25 26 45 76 83 Data Ascii: f[3diHZB(5s! fu53#STwWW:Pm%&EviT{V8sXl!%wrE>9$23?4AfqvmN$r49z4o 6=@MHWEp0x9".ZfpB/vU~A5b?8:yh'@]"@SjV
Nov 18, 2023 07:52:15.313396931 CET	41	IN	Data Raw: 1f 7f fa db 9f ba 87 16 36 be 6a 54 71 e0 f1 05 37 65 76 6d 0d 80 5b 7a 09 86 b2 55 5a 9f b2 d1 49 05 95 1c 5c 97 2e 62 4f 10 2c cc 7d a2 eb 65 a7 9e 17 6b b9 31 3a 3b 26 34 3c 57 cd ed 06 6e ac 6b 9c 0e a4 96 e5 40 39 10 8d f7 0d bb 07 14 68 7b Data Ascii: 6jTq7evm[zUZI\.bO,}ek1:;&4<Wnk@9h{eD4T9@L2%-{\|c MnQllc2Db{_4#eg QC1y)q&n^]0q%r!C=S~1,h*I1r!z
Nov 18, 2023 07:52:15.313402891 CET	42	IN	Data Raw: 86 94 6b 05 a9 94 63 b7 9f ec 08 dd ef de 38 c2 39 7b 86 35 38 24 ca 0f 9a e0 f5 e2 1c 0b d3 a6 2c d2 aa bd e4 f1 4b 26 13 26 b8 98 a4 25 81 32 c9 e9 70 7b da 21 a1 e5 d4 4f 6f 08 b8 f0 8c 4e fa b2 62 97 b2 22 d3 11 6e b5 75 ca 84 3c 66 d4 94 c9 Data Ascii: kc89{58$,K&&%2p{!OoNb"nu<f#6kir0(>\|02$,kGx\|qQk<He0j:C:}owM)]y'j$>+T{kfQU4,/VQ-rT
Nov 18, 2023 07:52:15.313410044 CET	43	IN	Data Raw: 8a 5f d2 a3 6b da 28 24 d8 bd 88 5e 33 80 6c 31 80 13 33 99 2e 6e 80 f4 67 d9 48 35 25 bf bf aa fa e9 64 30 9e 5e 67 f1 64 c4 d5 07 b5 bf b2 ef 93 cb f1 20 1d 0e a6 f1 55 7f bf d7 75 ef b7 8f e9 1b c8 e6 7a 92 2d 93 e4 72 b8 88 fb bb 8f 77 1d 3b Data Ascii: _k($^3l13.ngH5%d0^gd Uuz-rw;jx[nxwFYB8YqR!V(LkTi?MkQ&1mQGEH=%G']mzY=LZz`k\n0=XMb?ERN
Nov 18, 2023 07:52:15.313421965 CET	45	IN	Data Raw: d0 fb 07 a4 8a 7d fc 95 17 54 ff cc d3 01 1b 92 fa 45 55 f0 ca b6 a0 e7 62 17 4a 06 e9 a4 0a c1 eb ae 84 a9 6c b3 f1 05 79 bd 61 36 b2 ca e9 3d c3 09 73 2f a2 b7 3f a4 b0 d8 a7 1c a0 74 22 00 e2 e6 f5 1f 00 00 00 ff ff ec 3d d9 52 1b 4b 96 ef fd Data Ascii: }TEUbJlya6=s/?t"=RKD;&ol60AH%h_0731g:T!a;/qTY'Of<,LS([2@x8!xRnshAs8Ah!)GG[yP<(9c\|7:d
Nov 18, 2023 07:52:15.313429117 CET	46	IN	Data Raw: ea dd a6 dd 80 ad 50 0a aa aa 56 51 70 69 07 7a 66 8d 5c 41 4d 8f 18 99 2f 6a 7e bb 5a b5 7b a6 67 d6 db 55 f4 c2 96 33 93 af 37 d0 bc e0 3d b4 de 6f a0 fc 95 34 49 58 57 4c b7 28 7f b7 de aa 61 da be e4 69 59 fb a9 b4 6c 68 ca 45 eb ad 96 41 64 Data Ascii: PVQpizf\AM/j~Z{gU37=o4IXWL(aiYlhEAdtn@nCi$L\|! &dEO18.#)js^BRWPrj(G&fCt2F7+dAo;V+BfQD4VY!?p!?5}BC*L
Nov 18, 2023 07:52:15.313440084 CET	47	IN	Data Raw: 1c d0 ce 89 30 60 c6 78 2d 63 02 5e 49 bc b4 82 a5 d3 ec 44 1d 14 5d 74 23 dc f3 90 e6 11 7d 76 8c 1b 7f b0 91 44 77 1c f7 9a 24 b0 c8 5e 7c 3c c2 a5 da 08 37 73 fc fb fb 9d 26 54 78 70 fa c3 4c 74 de a5 04 95 19 e0 0f 2f 56 39 34 79 c7 3b 3f b8 Data Ascii: 0`x-c^ID]t#}vDw$^\|<7s&TxpLt/V94y;?+7R+qrwPo[M1C{\&>ad^?)miH7[fp-<>ldI+gr1!4cHt{-hbF}z+USo4+1r+)
Nov 18, 2023 07:52:15.540297985 CET	67	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com; Content-Type: text/html; charset=utf-8 Date: Sat, 18 Nov 2023 06:52:15 GMT P3p: CP=" OTI DSP COR IVA OUR IND COM " P3p: CP=" OTI DSP COR IVA OUR IND COM " Server: BWS/1.1 Set-Cookie: BAIDUID=145E27E221F282D0BD0487E5415FCD62:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BIDUPSID=145E27E221F282D0BD0487E5415FCD62; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: PSTM=1700290335; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; max-age=31536000; expires=Sun, 17-Nov-24 06:52:15 GMT; domain=.baidu.com; path=/; version=1; comment=bd Traceid: 1700290335076652340218361076780579524406 X-Ua-Compatible: IE=Edge,chrome=1 Transfer-Encoding: chunked Data Raw: 32 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5a 6b 6f db d6 19 fe 2b ac 84 01 ed e6 23 91 a2 25 cb 54 9c 21 4d 63 6c d8 87 0e 68 0a 6c c0 Data Ascii: 200Zko+#%T!Mclhl
Nov 18, 2023 07:52:16.984908104 CET	187	OUT	GET /img/PCfb_5bf082d29588c07f842ccde3f97243ea.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.319986105 CET	231	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 24774 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "60c6-5f29b35fa44c0" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 19 Jan 2023 10:15:23 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1c 00 00 01 02 08 06 00 00 00 b5 ca 0e 0a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 40 00 49 44 41 54 78 01 ed 9d 07 bc 15 c5 d9 c6 e5 de 0b 22 55 50 54 b0 01 16 ec 0d 8d 9a a8 89 25 62 ef 44 8d 25 46 0c 96 cf 7c b6 18 1b 1a 63 89 31 6a d4 d8 92 68 14 f5 b3 c5 de 6b d4 60 17 7b 43 c5 0e 36 54 40 01 05 81 cb f7 3c cb 79 ae c3 72 ce b9 bb 7b ca 3d f7 de 67 7e bf 39 33 bb 3b e5 9d ff 4e 79 77 76 76 ce 02 0b d8 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 Data Ascii: PNGIHDRsRGB@IDATx"UPT%bD%F\|c1jhk`{C6T@<yr{=g~93;Nywvv
Nov 18, 2023 07:52:17.333527088 CET	258	OUT	GET /img/flexible/logo/pc/peak-result.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.668462992 CET	294	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 7707 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "1e1b-5b00622d17d00" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 24 Sep 2020 02:41:24 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 94 00 00 00 84 08 06 00 00 00 b7 64 dd 8f 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 25 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 38 20 37 39 2e 31 36 34 30 33 36 2c 20 32 30 31 39 2f 30 38 2f 31 33 2d 30 31 3a 30 36 3a 35 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 31 2e 30 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 37 30 39 33 38 37 46 39 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 37 30 39 33 38 37 46 41 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 37 30 39 33 38 37 46 37 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 37 30 39 33 38 37 46 38 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e 2b 89 aa b5 00 00 1a 8c 49 44 41 54 78 da ec 9d 07 b8 16 c5 d5 c7 0f 4a 11 14 b1 61 89 28 60 03 35 8a 62 43 14 c5 10 7b ec 05 35 16 62 8b 51 63 ef f8 59 12 35 9a c4 fa 19 0b 1a 7b 2f 88 c6 16 4b 34 d1 a0 82 20 46 45 44 a5 a8 44 11 90 66 41 a4 7c f3 77 ce 7d be 2b de fb be b3 b3 b3 f3 ee ee fb ff 3d cf 79 4c b8 bb fb ee ce Data Ascii: PNGIHDRdtEXtSoftwareAdobe ImageReadyqe<%iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:709387F9E92511EA8F22E951255463F7" xmpMM:DocumentID="xmp.did:709387FAE92511EA8F22E951255463F7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:709387F7E92511EA8F22E951255463F7" stRef:documentID="xmp.did:709387F8E92511EA8F22E951255463F7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>+IDATxJa(`5bC{5bQcY5{/K4 FEDDfA\|w}+=yL
Nov 18, 2023 07:52:17.669548988 CET	301	OUT	GET /img/flexible/logo/pc/result.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:18.004920006 CET	380	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 6617 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "19d9-5a533d00d4900" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Sat, 09 May 2020 09:33:56 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ca 00 00 00 42 08 06 00 00 00 16 86 49 1d 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 19 93 49 44 41 54 78 01 ed 5d 0d 7c 54 c5 b5 9f b9 77 bf f2 45 0c 10 08 21 bb 81 00 22 59 8a 4a 82 0a 68 45 ad 14 df d3 a7 ad 62 d5 16 fb f0 55 ad f5 47 ab b6 96 56 9f 05 fb 89 48 ab f6 59 7f ad f6 59 db da 5a 45 fb fa 6c 95 ea ab 08 d6 27 0a 04 11 49 e0 51 45 92 0d 09 92 00 21 5f fb 75 ef 9d f7 9f 4d 76 b3 77 f7 de bb f7 6e 76 13 94 3b 3f c2 bd 73 ce 99 33 33 e7 ce 99 99 73 e6 63 09 b1 83 2d 01 5b 02 b6 04 6c 09 d8 12 b0 25 60 4b c0 96 c0 08 49 80 8e 50 3e 27 75 36 8c 31 5a 7f 33 71 d4 1c 6b 82 bc 6b e5 f5 eb a9 9c 8d 40 62 7c ea 1b 1c 35 35 75 b4 a3 63 93 b2 69 d3 05 52 36 7c ec 34 d6 25 60 2b 8a 75 99 99 4e 71 e6 79 ed e5 a1 fe c8 0f 28 a1 9f 47 23 2f 8c 27 84 d0 9b 04 51 b8 67 f7 36 ef 1f e3 30 a3 e7 fc f9 81 82 ae 88 b2 8a 32 72 13 23 a4 2c 89 f6 80 40 e8 ba dd 0d de 47 28 05 d6 0e 79 93 80 ad 28 79 12 ed 27 e6 36 d7 c9 94 bc c0 18 99 a8 97 85 40 c8 da c6 1d d5 2b f5 f0 1c ee 9f 1f 18 cb c2 6c 23 23 ec 74 5d 3a 4a 5f 2e 24 8e cf 34 34 54 f6 eb d2 d8 88 61 49 00 df ca 0e b9 96 80 bf ae cd 27 51 fa 92 91 92 f0 3c 15 42 be e9 9f 1b b8 d1 28 7f 16 51 d6 1b 2a 09 4f cc d8 e2 20 93 fe 60 c4 c7 c6 0d 4f 02 b6 a2 0c 4f 7e da a9 59 f4 fb 68 bc e3 b4 91 6a a8 42 95 fb f9 a8 a1 86 0e c4 6a e7 06 30 65 23 17 6a e1 52 61 50 a6 cb 6a eb 03 97 a4 c2 ed 78 6e 24 60 2b 4a 6e e4 98 e0 32 fb ec c0 1c 05 36 49 02 90 e9 85 91 52 16 61 cb b5 c8 18 51 6e d7 82 eb c1 98 c2 d6 ac 5e cd ec 6f aa 27 a0 61 c0 6d a1 0e 43 78 5a 49 15 89 dd 8d b9 90 55 b9 2e 4d e5 35 38 ca d4 a5 c2 8d e3 6c ce fa 17 da fe d9 98 c6 c6 66 23 01 ab 1f 34 9b 3c 4e 9a 34 dc 7d cb ed 05 eb 15 66 73 63 69 93 12 0a 8a 32 35 29 6a fe 55 96 b3 c8 df 3c fb 93 95 d2 56 94 1c 7e f9 05 0b 5a 3d f0 d1 9e 62 95 25 ec 10 e7 d5 57 af 57 7d 0b 26 13 4d bb 25 13 6f 46 d9 99 99 68 6c bc 75 09 a8 3e 8e f5 e4 76 8a 64 09 44 8a 22 ae e4 b8 95 f7 8e 8e a5 2a 57 3d d6 5e 12 eb 2e 56 f8 50 4a 2a ad d0 db b4 e6 24 60 2b 8a 39 39 99 a2 92 25 41 d5 d8 4d 25 1a 24 2a 2f 27 aa 05 43 85 d2 b0 95 f4 09 5a 46 b3 56 d6 04 0f fb 25 4d 02 b6 a2 a4 89 24 7b 40 51 b4 38 ab ad 29 3c 47 bf 5f ad 28 a2 cc fa b2 29 09 dc c4 3d d9 a4 b3 d3 18 4b c0 56 14 63 f9 58 c2 86 42 cd 21 42 b2 d9 4a 42 d9 aa 55 6a 45 61 4e 96 dd 2a 3b a5 ff b0 54 68 9b d8 94 04 6c 45 31 25 26 73 44 0d 0d f5 51 d8 08 4d e6 a8 87 a8 90 66 5b ea 5e ad 68 b1 78 60 88 c2 fc 1b b6 7c bd 61 9e da a6 34 2b 01 5b 51 cc 4a ca 3c dd 13 e6 49 07 28 61 d8 3c 9d 9a 66 ef 2b 55 47 60 d0 6f 4b 85 1b c6 29 76 25 bb 9d bf 37 a4 b1 91 59 49 c0 91 55 aa 93 38 11 df c9 db a3 90 19 54 12 23 55 13 26 7d b0 61 83 da e8 2e 20 c5 8f 05 69 cf d7 e1 f2 ad 30 27 26 ca 44 87 f0 8c 26 2d 85 02 31 32 4f 13 a7 01 c4 a4 ef 37 8d af 57 b6 a4 a2 ce 3a ab 75 5c 48 51 26 45 45 1a 6e 7a b3 ea bd d4 d1 2b 95 de 8e a7 4b 20 6b 2f 4d 3a ab 8f 37 a4 b6 2e 70 36 16 13 57 11 4a 2e c6 e2 e0 40 07 43 49 37 6c 92 27 dd 25 25 77 ef dc 54 Data Ascii: PNGIHDRBIsRGBIDATx]\|TwE!"YJhEbUGVHYYZEl'IQE!_uMvwnv;?s33sc-[l%`KIP>'u61Z3qkk@b\|55uciR6\|4%`+uNqy(G#/'Qg602r#,@G(y(y'6@+l##t]:J_.$44TaI'Q<B(QO `OO~YhjBj0e#jRaPjxn$`+Jn26IRaQn^o'amCxZIU.M58lf#4<N4}fsci25)jU<V~Z=b%WW}&M%oFhlu>vdD"W=^.VPJ$`+99%AM%$/'CZFV%M${@Q8)<G_()=KVcXB!BJBUjEaN*;ThlE1%&sDQMf[^hx`\|a4+[QJ<I(a<f+UG`oK)v%7YIU8T#U&}a. i0'&D&-12O7W:u\HQ&EEnz+K k/M:7.p6WJ.@CI7l'%%wT

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.5	49713	103.235.47.7	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:14.929572105 CET	35	OUT	GET / HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, / Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive
Nov 18, 2023 07:52:15.313345909 CET	36	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com; Content-Type: text/html; charset=utf-8 Date: Sat, 18 Nov 2023 06:52:15 GMT P3p: CP=" OTI DSP COR IVA OUR IND COM " P3p: CP=" OTI DSP COR IVA OUR IND COM " Server: BWS/1.1 Set-Cookie: BAIDUID=145E27E221F282D0BD0487E5415FCD62:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BIDUPSID=145E27E221F282D0BD0487E5415FCD62; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: PSTM=1700290335; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; max-age=31536000; expires=Sun, 17-Nov-24 06:52:15 GMT; domain=.baidu.com; path=/; version=1; comment=bd Traceid: 1700290335076652340218361076780579524406 X-Ua-Compatible: IE=Edge,chrome=1 Transfer-Encoding: chunked Data Raw: 32 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5a 6b 6f db d6 19 fe 2b ac 84 01 ed e6 23 91 a2 25 cb 54 9c 21 4d 63 6c d8 87 0e 68 0a 6c c0 Data Ascii: 200Zko+#%T!Mclhl
Nov 18, 2023 07:52:15.313366890 CET	36	IN	Data Raw: 00 e3 88 3c 94 08 53 24 47 52 96 1d c1 40 da 2e 6b bb ad 37 04 ed b0 b5 e8 d6 02 1d 36 60 6b 53 2c 5b 83 f4 92 1f 53 4b 4e 3e f5 2f ec 7d cf 85 22 29 da 92 d3 7c 59 59 27 16 75 2e ef f5 79 9f f3 9e 5c 7a ea b9 e7 af 5e ff e5 cf af 69 c3 74 e4 5f Data Ascii: <S$GR@.k76`kS,[SKN>/}")\|YY'u.y\z^it_!/\rFKQK)K#~=vjW eAJEN-ei'!Stk+x\GM_v3`0GlP]?GIM(\|]jx;8'_:,c/J0<
Nov 18, 2023 07:52:15.313374043 CET	38	IN	Data Raw: 35 33 32 39 0d 0a 3b 35 6f 44 07 ac 79 48 c4 e4 66 61 61 46 63 7b a8 06 d2 28 f2 3d 1b fc 18 06 cd 30 62 41 c2 bf cd 99 f5 47 87 23 5f 6d df 94 6e 24 62 54 83 7f 95 7a a9 0f 3b 0a 9b 08 8d 6a 5a 61 47 21 44 e2 dd 60 c9 4e 8d 06 47 35 6d 44 93 fd Data Ascii: 5329;5oDyHfaaFc{(=0bAG#_mn$bTz;jZaG!D`NG5mDU0jRTAtDo$=l4IOJpYHD&.6!JsT`$Zs+I;Ao~<6'^aMJ;5f{=f07`ic{7O
Nov 18, 2023 07:52:15.313384056 CET	39	IN	Data Raw: 30 ce 93 fe 20 9f 1c 82 58 41 09 94 14 2b 8f 5e 9c b0 9a 3a 54 0d cd 40 80 cf 69 c5 cf f1 16 72 b9 0b 20 f8 10 5a 2f 1c bf b9 1c 7b ba 6d 6e b1 ed 3e c7 ee 27 bd 76 57 df a6 ac d3 6e 0c 3c f7 99 5f 6d e7 2d 6f 81 b9 f6 11 52 44 94 6a d4 3a f0 e0 Data Ascii: 0 XA+^:T@ir Z/{mn>'vWn<_m-oRDj:tXB^qwrh%9ix6AqVft@Ur1)Rim b1bh0qN$USz/)d@v^U46z~OD6=44X8&?[M_\|RK@!!.>
Nov 18, 2023 07:52:15.313390970 CET	40	IN	Data Raw: e8 66 5b 96 33 9b 00 bb 18 64 1f f6 69 f3 90 00 03 08 a2 48 5a 42 28 d3 91 e4 d9 99 35 f4 98 0f c8 73 fe 21 f9 80 20 f9 9b 00 d9 bf c8 a9 ea ea 66 75 93 b4 35 b2 91 cb 18 33 23 53 cd be 54 77 57 57 9d 3a d5 b5 d1 c3 50 6d 1c b9 f4 25 26 45 76 83 Data Ascii: f[3diHZB(5s! fu53#STwWW:Pm%&EviT{V8sXl!%wrE>9$23?4AfqvmN$r49z4o 6=@MHWEp0x9".ZfpB/vU~A5b?8:yh'@]"@SjV
Nov 18, 2023 07:52:15.313396931 CET	41	IN	Data Raw: 1f 7f fa db 9f ba 87 16 36 be 6a 54 71 e0 f1 05 37 65 76 6d 0d 80 5b 7a 09 86 b2 55 5a 9f b2 d1 49 05 95 1c 5c 97 2e 62 4f 10 2c cc 7d a2 eb 65 a7 9e 17 6b b9 31 3a 3b 26 34 3c 57 cd ed 06 6e ac 6b 9c 0e a4 96 e5 40 39 10 8d f7 0d bb 07 14 68 7b Data Ascii: 6jTq7evm[zUZI\.bO,}ek1:;&4<Wnk@9h{eD4T9@L2%-{\|c MnQllc2Db{_4#eg QC1y)q&n^]0q%r!C=S~1,h*I1r!z
Nov 18, 2023 07:52:15.313402891 CET	42	IN	Data Raw: 86 94 6b 05 a9 94 63 b7 9f ec 08 dd ef de 38 c2 39 7b 86 35 38 24 ca 0f 9a e0 f5 e2 1c 0b d3 a6 2c d2 aa bd e4 f1 4b 26 13 26 b8 98 a4 25 81 32 c9 e9 70 7b da 21 a1 e5 d4 4f 6f 08 b8 f0 8c 4e fa b2 62 97 b2 22 d3 11 6e b5 75 ca 84 3c 66 d4 94 c9 Data Ascii: kc89{58$,K&&%2p{!OoNb"nu<f#6kir0(>\|02$,kGx\|qQk<He0j:C:}owM)]y'j$>+T{kfQU4,/VQ-rT
Nov 18, 2023 07:52:15.313410044 CET	43	IN	Data Raw: 8a 5f d2 a3 6b da 28 24 d8 bd 88 5e 33 80 6c 31 80 13 33 99 2e 6e 80 f4 67 d9 48 35 25 bf bf aa fa e9 64 30 9e 5e 67 f1 64 c4 d5 07 b5 bf b2 ef 93 cb f1 20 1d 0e a6 f1 55 7f bf d7 75 ef b7 8f e9 1b c8 e6 7a 92 2d 93 e4 72 b8 88 fb bb 8f 77 1d 3b Data Ascii: _k($^3l13.ngH5%d0^gd Uuz-rw;jx[nxwFYB8YqR!V(LkTi?MkQ&1mQGEH=%G']mzY=LZz`k\n0=XMb?ERN
Nov 18, 2023 07:52:15.313421965 CET	45	IN	Data Raw: d0 fb 07 a4 8a 7d fc 95 17 54 ff cc d3 01 1b 92 fa 45 55 f0 ca b6 a0 e7 62 17 4a 06 e9 a4 0a c1 eb ae 84 a9 6c b3 f1 05 79 bd 61 36 b2 ca e9 3d c3 09 73 2f a2 b7 3f a4 b0 d8 a7 1c a0 74 22 00 e2 e6 f5 1f 00 00 00 ff ff ec 3d d9 52 1b 4b 96 ef fd Data Ascii: }TEUbJlya6=s/?t"=RKD;&ol60AH%h_0731g:T!a;/qTY'Of<,LS([2@x8!xRnshAs8Ah!)GG[yP<(9c\|7:d
Nov 18, 2023 07:52:15.313429117 CET	46	IN	Data Raw: ea dd a6 dd 80 ad 50 0a aa aa 56 51 70 69 07 7a 66 8d 5c 41 4d 8f 18 99 2f 6a 7e bb 5a b5 7b a6 67 d6 db 55 f4 c2 96 33 93 af 37 d0 bc e0 3d b4 de 6f a0 fc 95 34 49 58 57 4c b7 28 7f b7 de aa 61 da be e4 69 59 fb a9 b4 6c 68 ca 45 eb ad 96 41 64 Data Ascii: PVQpizf\AM/j~Z{gU37=o4IXWL(aiYlhEAdtn@nCi$L\|! &dEO18.#)js^BRWPrj(G&fCt2F7+dAo;V+BfQD4VY!?p!?5}BC*L
Nov 18, 2023 07:52:15.313440084 CET	47	IN	Data Raw: 1c d0 ce 89 30 60 c6 78 2d 63 02 5e 49 bc b4 82 a5 d3 ec 44 1d 14 5d 74 23 dc f3 90 e6 11 7d 76 8c 1b 7f b0 91 44 77 1c f7 9a 24 b0 c8 5e 7c 3c c2 a5 da 08 37 73 fc fb fb 9d 26 54 78 70 fa c3 4c 74 de a5 04 95 19 e0 0f 2f 56 39 34 79 c7 3b 3f b8 Data Ascii: 0`x-c^ID]t#}vDw$^\|<7s&TxpLt/V94y;?+7R+qrwPo[M1C{\&>ad^?)miH7[fp-<>ldI+gr1!4cHt{-hbF}z+USo4+1r+)
Nov 18, 2023 07:52:15.540297985 CET	67	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Encoding: gzip Content-Security-Policy: frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com; Content-Type: text/html; charset=utf-8 Date: Sat, 18 Nov 2023 06:52:15 GMT P3p: CP=" OTI DSP COR IVA OUR IND COM " P3p: CP=" OTI DSP COR IVA OUR IND COM " Server: BWS/1.1 Set-Cookie: BAIDUID=145E27E221F282D0BD0487E5415FCD62:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BIDUPSID=145E27E221F282D0BD0487E5415FCD62; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: PSTM=1700290335; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com Set-Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; max-age=31536000; expires=Sun, 17-Nov-24 06:52:15 GMT; domain=.baidu.com; path=/; version=1; comment=bd Traceid: 1700290335076652340218361076780579524406 X-Ua-Compatible: IE=Edge,chrome=1 Transfer-Encoding: chunked Data Raw: 32 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5a 6b 6f db d6 19 fe 2b ac 84 01 ed e6 23 91 a2 25 cb 54 9c 21 4d 63 6c d8 87 0e 68 0a 6c c0 Data Ascii: 200Zko+#%T!Mclhl
Nov 18, 2023 07:52:16.984908104 CET	187	OUT	GET /img/PCfb_5bf082d29588c07f842ccde3f97243ea.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.319986105 CET	231	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 24774 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "60c6-5f29b35fa44c0" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 19 Jan 2023 10:15:23 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1c 00 00 01 02 08 06 00 00 00 b5 ca 0e 0a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 40 00 49 44 41 54 78 01 ed 9d 07 bc 15 c5 d9 c6 e5 de 0b 22 55 50 54 b0 01 16 ec 0d 8d 9a a8 89 25 62 ef 44 8d 25 46 0c 96 cf 7c b6 18 1b 1a 63 89 31 6a d4 d8 92 68 14 f5 b3 c5 de 6b d4 60 17 7b 43 c5 0e 36 54 40 01 05 81 cb f7 3c cb 79 ae c3 72 ce b9 bb 7b ca 3d f7 de 67 7e bf 39 33 bb 3b e5 9d ff 4e 79 77 76 76 ce 02 0b d8 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 09 98 80 Data Ascii: PNGIHDRsRGB@IDATx"UPT%bD%F\|c1jhk`{C6T@<yr{=g~93;Nywvv
Nov 18, 2023 07:52:17.333527088 CET	258	OUT	GET /img/flexible/logo/pc/peak-result.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.668462992 CET	294	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 7707 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "1e1b-5b00622d17d00" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 24 Sep 2020 02:41:24 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 94 00 00 00 84 08 06 00 00 00 b7 64 dd 8f 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 25 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 38 20 37 39 2e 31 36 34 30 33 36 2c 20 32 30 31 39 2f 30 38 2f 31 33 2d 30 31 3a 30 36 3a 35 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 32 31 2e 30 20 28 4d 61 63 69 6e 74 6f 73 68 29 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 37 30 39 33 38 37 46 39 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 37 30 39 33 38 37 46 41 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 37 30 39 33 38 37 46 37 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 37 30 39 33 38 37 46 38 45 39 32 35 31 31 45 41 38 46 32 32 45 39 35 31 32 35 35 34 36 33 46 37 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e 2b 89 aa b5 00 00 1a 8c 49 44 41 54 78 da ec 9d 07 b8 16 c5 d5 c7 0f 4a 11 14 b1 61 89 28 60 03 35 8a 62 43 14 c5 10 7b ec 05 35 16 62 8b 51 63 ef f8 59 12 35 9a c4 fa 19 0b 1a 7b 2f 88 c6 16 4b 34 d1 a0 82 20 46 45 44 a5 a8 44 11 90 66 41 a4 7c f3 77 ce 7d be 2b de fb be b3 b3 b3 f3 ee ee fb ff 3d cf 79 4c b8 bb fb ee ce Data Ascii: PNGIHDRdtEXtSoftwareAdobe ImageReadyqe<%iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.0 (Macintosh)" xmpMM:InstanceID="xmp.iid:709387F9E92511EA8F22E951255463F7" xmpMM:DocumentID="xmp.did:709387FAE92511EA8F22E951255463F7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:709387F7E92511EA8F22E951255463F7" stRef:documentID="xmp.did:709387F8E92511EA8F22E951255463F7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>+IDATxJa(`5bC{5bQcY5{/K4 FEDDfA\|w}+=yL
Nov 18, 2023 07:52:17.669548988 CET	301	OUT	GET /img/flexible/logo/pc/result.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:18.004920006 CET	380	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 6617 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "19d9-5a533d00d4900" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Sat, 09 May 2020 09:33:56 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 ca 00 00 00 42 08 06 00 00 00 16 86 49 1d 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 19 93 49 44 41 54 78 01 ed 5d 0d 7c 54 c5 b5 9f b9 77 bf f2 45 0c 10 08 21 bb 81 00 22 59 8a 4a 82 0a 68 45 ad 14 df d3 a7 ad 62 d5 16 fb f0 55 ad f5 47 ab b6 96 56 9f 05 fb 89 48 ab f6 59 7f ad f6 59 db da 5a 45 fb fa 6c 95 ea ab 08 d6 27 0a 04 11 49 e0 51 45 92 0d 09 92 00 21 5f fb 75 ef 9d f7 9f 4d 76 b3 77 f7 de bb f7 6e 76 13 94 3b 3f c2 bd 73 ce 99 33 33 e7 ce 99 99 73 e6 63 09 b1 83 2d 01 5b 02 b6 04 6c 09 d8 12 b0 25 60 4b c0 96 c0 08 49 80 8e 50 3e 27 75 36 8c 31 5a 7f 33 71 d4 1c 6b 82 bc 6b e5 f5 eb a9 9c 8d 40 62 7c ea 1b 1c 35 35 75 b4 a3 63 93 b2 69 d3 05 52 36 7c ec 34 d6 25 60 2b 8a 75 99 99 4e 71 e6 79 ed e5 a1 fe c8 0f 28 a1 9f 47 23 2f 8c 27 84 d0 9b 04 51 b8 67 f7 36 ef 1f e3 30 a3 e7 fc f9 81 82 ae 88 b2 8a 32 72 13 23 a4 2c 89 f6 80 40 e8 ba dd 0d de 47 28 05 d6 0e 79 93 80 ad 28 79 12 ed 27 e6 36 d7 c9 94 bc c0 18 99 a8 97 85 40 c8 da c6 1d d5 2b f5 f0 1c ee 9f 1f 18 cb c2 6c 23 23 ec 74 5d 3a 4a 5f 2e 24 8e cf 34 34 54 f6 eb d2 d8 88 61 49 00 df ca 0e b9 96 80 bf ae cd 27 51 fa 92 91 92 f0 3c 15 42 be e9 9f 1b b8 d1 28 7f 16 51 d6 1b 2a 09 4f cc d8 e2 20 93 fe 60 c4 c7 c6 0d 4f 02 b6 a2 0c 4f 7e da a9 59 f4 fb 68 bc e3 b4 91 6a a8 42 95 fb f9 a8 a1 86 0e c4 6a e7 06 30 65 23 17 6a e1 52 61 50 a6 cb 6a eb 03 97 a4 c2 ed 78 6e 24 60 2b 4a 6e e4 98 e0 32 fb ec c0 1c 05 36 49 02 90 e9 85 91 52 16 61 cb b5 c8 18 51 6e d7 82 eb c1 98 c2 d6 ac 5e cd ec 6f aa 27 a0 61 c0 6d a1 0e 43 78 5a 49 15 89 dd 8d b9 90 55 b9 2e 4d e5 35 38 ca d4 a5 c2 8d e3 6c ce fa 17 da fe d9 98 c6 c6 66 23 01 ab 1f 34 9b 3c 4e 9a 34 dc 7d cb ed 05 eb 15 66 73 63 69 93 12 0a 8a 32 35 29 6a fe 55 96 b3 c8 df 3c fb 93 95 d2 56 94 1c 7e f9 05 0b 5a 3d f0 d1 9e 62 95 25 ec 10 e7 d5 57 af 57 7d 0b 26 13 4d bb 25 13 6f 46 d9 99 99 68 6c bc 75 09 a8 3e 8e f5 e4 76 8a 64 09 44 8a 22 ae e4 b8 95 f7 8e 8e a5 2a 57 3d d6 5e 12 eb 2e 56 f8 50 4a 2a ad d0 db b4 e6 24 60 2b 8a 39 39 99 a2 92 25 41 d5 d8 4d 25 1a 24 2a 2f 27 aa 05 43 85 d2 b0 95 f4 09 5a 46 b3 56 d6 04 0f fb 25 4d 02 b6 a2 a4 89 24 7b 40 51 b4 38 ab ad 29 3c 47 bf 5f ad 28 a2 cc fa b2 29 09 dc c4 3d d9 a4 b3 d3 18 4b c0 56 14 63 f9 58 c2 86 42 cd 21 42 b2 d9 4a 42 d9 aa 55 6a 45 61 4e 96 dd 2a 3b a5 ff b0 54 68 9b d8 94 04 6c 45 31 25 26 73 44 0d 0d f5 51 d8 08 4d e6 a8 87 a8 90 66 5b ea 5e ad 68 b1 78 60 88 c2 fc 1b b6 7c bd 61 9e da a6 34 2b 01 5b 51 cc 4a ca 3c dd 13 e6 49 07 28 61 d8 3c 9d 9a 66 ef 2b 55 47 60 d0 6f 4b 85 1b c6 29 76 25 bb 9d bf 37 a4 b1 91 59 49 c0 91 55 aa 93 38 11 df c9 db a3 90 19 54 12 23 55 13 26 7d b0 61 83 da e8 2e 20 c5 8f 05 69 cf d7 e1 f2 ad 30 27 26 ca 44 87 f0 8c 26 2d 85 02 31 32 4f 13 a7 01 c4 a4 ef 37 8d af 57 b6 a4 a2 ce 3a ab 75 5c 48 51 26 45 45 1a 6e 7a b3 ea bd d4 d1 2b 95 de 8e a7 4b 20 6b 2f 4d 3a ab 8f 37 a4 b6 2e 70 36 16 13 57 11 4a 2e c6 e2 e0 40 07 43 49 37 6c 92 27 dd 25 25 77 ef dc 54 Data Ascii: PNGIHDRBIsRGBIDATx]\|TwE!"YJhEbUGVHYYZEl'IQE!_uMvwnv;?s33sc-[l%`KIP>'u61Z3qkk@b\|55uciR6\|4%`+uNqy(G#/'Qg602r#,@G(y(y'6@+l##t]:J_.$44TaI'Q<B(QO `OO~YhjBj0e#jRaPjxn$`+Jn26IRaQn^o'amCxZIU.M58lf#4<N4}fsci25)jU<V~Z=b%WW}&M%oFhlu>vdD"W=^.VPJ$`+99%AM%$/'CZFV%M${@Q8)<G_()=KVcXB!BJBUjEaN*;ThlE1%&sDQMf[^hx`\|a4+[QJ<I(a<f+UG`oK)v%7YIU8T#U&}a. i0'&D&-12O7W:u\HQ&EEnz+K k/M:7.p6WJ.@CI7l'%%wT

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	103.235.47.7	80	192.168.2.5	49716	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:16.974000931 CET	176	OUT	GET /img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.290975094 CET	204	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 15444 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "3c54-5f29b35156300" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 19 Jan 2023 10:15:08 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1c 00 00 01 02 08 06 00 00 00 b5 ca 0e 0a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 02 1c a0 03 00 04 00 00 00 01 00 00 01 02 00 00 00 00 75 e5 65 67 00 00 3b be 49 44 41 54 78 01 ed 9d 09 9c 14 d5 b5 87 ef ad ea 65 56 16 99 19 96 d9 10 45 03 c3 26 cd 80 88 28 ee 51 e3 1a 31 31 9a b8 24 9a 68 34 26 d1 c4 ed a7 12 7d 9a 97 98 d5 f7 b2 a8 51 df 73 4b 04 4d a2 21 ee 0b 31 20 22 33 a0 c0 80 db 43 a7 7b 18 96 01 06 66 98 e9 e9 a5 ea be 53 20 30 5b 77 d7 d6 dd 55 dd ff d2 66 ba ea 9e 7b ee b9 df ed aa 3a 75 97 53 8c 61 03 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 Data Ascii: PNGIHDRsRGBDeXIfMM*iueg;IDATxeVE&(Q11$h4&}QsKM!1 "3C{fS 0[wUf{:uSa
Nov 18, 2023 07:52:17.291045904 CET	205	IN	Data Raw: 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 Data Ascii:
Nov 18, 2023 07:52:17.291057110 CET	206	IN	Data Raw: 43 2d 08 80 40 1a 09 c0 e1 48 23 5c a8 06 01 3b 09 d0 44 d1 b9 da c4 4e 3b 75 26 d2 45 37 f6 8b ea e6 6d d3 ed 40 70 26 ec 9d c0 9a d8 b0 d2 3d b1 3d 57 24 4a c6 71 10 00 01 e7 12 80 c3 e1 dc b6 81 65 20 d0 97 00 17 df ee 7b 20 7d 7b 34 6c 53 c4 Data Ascii: C-@H#\;DN;u&E7m@p&==W$Jqe { }{4lS:z)i4=v2{@`8%@:WOyz!7Uz@2CGf8D`j}9*,)1YeL#rK`IT #qM@` '<#\r}
Nov 18, 2023 07:52:17.291069031 CET	207	IN	Data Raw: e1 3c 2d 91 45 93 96 9b 25 1e 49 6d 42 22 08 80 40 52 02 70 38 92 e2 41 22 08 38 84 80 e0 59 71 38 94 d2 48 d2 f0 e9 da 64 56 fa 1c 92 71 4a 42 94 ed 9d 48 9b f1 82 51 20 08 80 80 59 02 70 38 cc 92 43 3e 10 c8 20 01 5a a2 92 15 87 c3 d7 ed 4d 3d Data Ascii: <-E%ImB"@Rp8A"8Yq8HdVqJBHQ Yp8C> ZM=AO<N[(lZ@a!4@&tdeJpy'a@\Ck7%u884Eap8j/X#{R"%#9;6:4
Nov 18, 2023 07:52:17.291080952 CET	208	IN	Data Raw: 13 d0 86 51 d4 a8 78 d6 16 67 43 2b 46 9b f3 c1 f9 93 75 f5 c1 fa c4 a5 32 f6 de 92 e1 bb 36 34 d6 9e c5 64 76 0a 39 0e ba 42 91 1f d4 47 d1 33 38 7b 86 6e ea d3 ed 74 36 34 fd 9a 93 50 c8 3c 01 89 4b 14 3b 84 45 0e 96 a9 e7 1b 6f e5 32 bf e2 c2 Data Ascii: QxgC+Fu264dv9BG38{nt64P<K;Eo2r62r6^LTabY[G2 C?+H@BLtCK&L.\:n_NK+5\%wk{d1,>9QS4:}76r^#^-cJG
Nov 18, 2023 07:52:17.291156054 CET	210	IN	Data Raw: da 92 15 c3 38 db 61 47 b9 93 ea 37 55 6f ed 08 2d 27 cf e0 76 2b 3d 1a 29 6d 11 e2 a2 68 67 e7 da 29 d3 5b 8e 4e 29 ab 4b 80 6f d7 25 66 b3 90 10 3c 2b 0e a6 cd d5 80 3a 10 c8 2a 01 38 1c 59 c5 8f c2 dd 4a c0 1b af d4 6e 40 91 4c db cf 99 f5 1b Data Ascii: 8aG7Uo-'v+=)mhg)[N)Ko%f<+:*8YJn@LIM32a?vTz]}YV=Q;8<@_4@@Fh~B+MB4+&Bdt9EB0U)_1/h0y@`KII{^y#C'
Nov 18, 2023 07:52:17.291167974 CET	211	IN	Data Raw: 4d 89 b3 5b d6 ad aa d2 62 67 e8 de 02 01 e1 8d c5 23 4f 3a 7a 28 a5 5f 6d 54 55 8b cf b1 6d 54 bf c3 49 77 d7 ae ac dd 48 ce d8 57 48 c8 be 88 af 9c 6d 66 92 e7 a4 a6 c6 31 c1 a4 85 23 11 04 40 c0 30 01 38 1c 86 91 39 2f 83 f6 84 48 f3 3a 1e 84 Data Ascii: M[bg#O:z(_mTUmTIwHWHmf1#@089/H:iZYE*-<&xjzZ<~7iCgtFgB9#%i\|0m&>`p@/8}ywOolZRbH53D1u'\NLrX>g75@N1LSa>
Nov 18, 2023 07:52:17.291177988 CET	212	IN	Data Raw: 6c 56 31 f5 00 1e c1 58 ec 13 b3 f9 2d e7 13 e2 4a c1 62 57 f6 d7 e3 ed de 73 0d 1d b3 7d 4e 57 ff 72 9c b4 8f 65 b1 4e 6a 8d cf 6d d1 5e 59 4c 43 2c 97 59 31 8d c6 0d 6b ad e4 47 5e 67 12 98 1c 08 4d 66 3d f1 b7 e9 76 92 27 ce c6 be 76 a0 a7 7c Data Ascii: lV1X-JbWs}NWreNjm^YLC,Y1kG^gMf=v'v\|zdN<-ZZCS<.6u~Hp5y2HiC4f#LO3Y+g'B@i(L3!TjzQnY=J$~z;AnZ
Nov 18, 2023 07:52:17.291188955 CET	214	IN	Data Raw: 8b e0 50 5a fe 59 45 3f dc 4a 7a d1 d2 d8 58 5c d1 d1 3d a7 c3 76 ce 3e 18 d3 1d 5b 4e af 4e d6 21 ec 5e 11 45 11 57 91 f5 ae 75 38 ea ea 9b cf 8a 2b f1 3f 53 1d 8a cd b6 c2 d1 f5 7e 36 6f 6e 21 3b 8e 3e 63 6b bc 66 d5 98 ca 37 67 76 61 d2 7c 5b Data Ascii: PZYE?JzX\=v>[NN!^EWu8+?S~6on!;>ckf7gva\|[1k&';"B]8aF? FsgPplcHzOe]d9V_-/olYC+XH-ozk_etG*~FI7
Nov 18, 2023 07:52:17.291202068 CET	215	IN	Data Raw: f3 1d 3b e0 6c e8 a2 3a a8 90 3f 12 66 97 51 ca bd 83 a6 a6 f1 20 fd 36 2e 08 fa e4 fa 34 16 61 4a 35 f5 1c 54 9a f4 91 4d 95 87 4c f9 43 00 0e 47 0e b6 35 39 08 57 b7 14 c8 cb ab 7a 94 c7 8d 54 4f cc 9f 2f b7 2c fe eb 57 42 7e f9 66 ba fd 6b a1 Data Ascii: ;l:?fQ 6.4aJ5TMLCG59WzTO/,WB~fk{i1%K17.32snc'4v)eAHr:,7]Dq'"=\RXKb.C&9ncIjLSSeO3!HMM@#[5rU--:
Nov 18, 2023 07:52:17.291213989 CET	216	IN	Data Raw: f9 fa 4a 49 8c 5f 07 67 a3 2f 93 84 7b 82 7d 9a 30 4d 67 c2 d3 cf ee 61 14 23 25 a5 b4 36 ec 72 c3 f5 c3 d9 33 4f 8e 62 e7 9f 5d cc ca ca 32 73 5a 77 75 a7 be 6e 5f ff dd 61 6c 56 bd 0b 26 b7 72 b6 fb bd 25 c3 77 a5 84 0d 81 ac 11 e0 e5 a3 4f a3 Data Ascii: JI_g/{}0Mga#%6r3Ob]2sZwun_alV&r%wO1CgTr\|&E `hSs7@)"&_9ApOLn07G2#wC5eztrh8moc-0M&TxO8{nvp:U1Ixl8wV
Nov 18, 2023 07:52:17.293407917 CET	220	OUT	GET /img/flexible/logo/pc/result@2.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.492834091 CET	261	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 15444 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "3c54-5f29b35156300" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 19 Jan 2023 10:15:08 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1c 00 00 01 02 08 06 00 00 00 b5 ca 0e 0a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 02 1c a0 03 00 04 00 00 00 01 00 00 01 02 00 00 00 00 75 e5 65 67 00 00 3b be 49 44 41 54 78 01 ed 9d 09 9c 14 d5 b5 87 ef ad ea 65 56 16 99 19 96 d9 10 45 03 c3 26 cd 80 88 28 ee 51 e3 1a 31 31 9a b8 24 9a 68 34 26 d1 c4 ed a7 12 7d 9a 97 98 d5 f7 b2 a8 51 df 73 4b 04 4d a2 21 ee 0b 31 20 22 33 a0 c0 80 db 43 a7 7b 18 96 01 06 66 98 e9 e9 a5 ea be 53 20 30 5b 77 d7 d6 dd 55 dd ff d2 66 ba ea 9e 7b ee b9 df ed aa 3a 75 97 53 8c 61 03 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 Data Ascii: PNGIHDRsRGBDeXIfMM*iueg;IDATxeVE&(Q11$h4&}QsKM!1 "3C{fS 0[wUf{:uSa
Nov 18, 2023 07:52:17.609982014 CET	279	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 12802 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "3202-5a533d00d4900" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Sat, 09 May 2020 09:33:56 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 94 00 00 00 84 08 06 00 00 00 b7 64 dd 8f 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 31 bc 49 44 41 54 78 01 ed 5d 09 7c 14 d5 fd 7f 6f 66 af 9c 10 ee 23 bb 01 c5 2a 09 a0 10 6e 14 51 a9 8a b7 b6 68 0f b5 5a b5 b5 b5 ad b6 f5 c0 e3 af f1 6c b5 ad 5a db 7a d7 a3 da 43 11 ef bb da d2 aa 40 80 20 47 02 56 11 c8 6e 38 03 24 24 21 7b ce bc ff 77 12 12 93 cd ee ce b1 33 9b 3d de 7c 08 bb f3 de ef 7a df 99 7d bf f7 7e ef 22 84 5f 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 40 96 23 40 b3 bc 7c bc 78 39 84 c0 8c 19 5f 14 cb 72 fe 00 bf 20 97 30 99 0a 54 14 82 24 1c 09 d9 8a a4 7d 6b 97 8e 6d 4e 35 14 f3 e6 6d 75 35 07 c8 08 39 e2 70 ca a2 ec 94 25 49 14 98 d0 92 2f 0a cd 65 65 a3 9b 17 2f a6 52 aa 6d e2 fa 38 02 56 22 c0 1d 8a 95 e8 72 d9 96 23 30 67 4e 63 51 73 30 f0 3d c6 e4 ab 18 23 47 c5 53 88 17 7d 13 11 c8 8b 8e c2 e2 07 d7 2e 2d b1 cc b9 30 c6 e8 84 69 de 8b 98 4c 2e 66 94 ce 23 8c 89 b1 6c 82 3d cd 84 d2 a7 04 42 1e ae ad f1 7c 19 8b 86 a7 71 04 32 0d 01 ee 50 32 ed 89 71 7b bb 11 28 9f 52 7f 3e 6e 1e 65 84 94 74 27 aa 7d a1 64 a7 28 08 3f a9 5d e5 7e 59 8d 54 6f fe a4 a9 db 8f 8c 30 e9 49 38 95 63 b5 f3 52 19 b4 bf 1f 33 dc 7d e3 3b ef d0 a0 76 3e 4e c9 11 48 3f 04 b8 43 49 bf 67 c2 2d 52 41 60 d2 c9 bb 0a a4 bd c1 47 50 13 5f a4 42 1a 3f 9b d2 87 37 d5 78 ae 8a 4f a0 2f a7 7c aa f7 6c 26 b3 17 c0 e5 d4 c7 79 88 9a d2 0d a2 dd 76 41 ed 8a 51 9b 0c f1 73 26 8e 40 1a 20 c0 1d 4a 1a 3c 04 6e 82 76 04 16 2c 60 ce fa dd de b7 d0 2b 39 49 3b 57 6c 4a 81 0a bf af ab 71 5f 13 3b 57 7b 6a f9 54 df 02 22 cb af c2 26 87 76 ae 58 94 b4 d1 46 6d 73 37 d4 8c fa 2c 56 2e 4f e3 08 a4 3b 02 dc a1 a4 fb 13 e2 f6 75 23 50 59 c9 ec 7e e6 5b c2 08 3b b3 3b 31 c9 2f 02 25 8b ea 6a ca ee 35 2a a6 7c ea f6 c9 8c 45 96 11 46 5c 46 65 f4 e6 a3 db ed 36 c7 71 eb 57 8e d8 da 3b 9d df 71 04 d2 1f 01 8c 09 f2 8b 23 90 19 08 04 98 ef 36 33 9d 89 52 6a 99 91 db 95 b1 0f 23 08 2c 5c c8 44 38 93 27 cd 73 26 8a 15 6c 74 44 0a 2e 99 37 8f d9 8c d8 c4 79 38 02 fd 89 00 77 28 fd 89 3e d7 ad 19 81 8e 9e 00 25 37 68 66 d0 4e e8 8c c8 d2 e3 ca ec 2c ed 2c 9d 94 75 5b 7c 3f 87 33 99 a2 97 4f 8d 1e b3 d5 26 ef 6e f3 59 51 56 35 d5 3c 9f 23 90 14 02 dc a1 24 05 1f 67 4e 05 02 55 55 4c 20 2c f2 14 2a 7d 4b 5a ed e8 f5 cc 9d 30 bd e1 14 3d 65 a9 ac dc 91 8f 29 c1 37 eb e1 d1 45 2b b3 ff 33 da 73 d2 a5 87 13 73 04 4c 44 80 3b 14 13 c1 e4 a2 ac 41 e0 c5 37 7d 67 a2 d5 7e 8c 35 d2 3b a5 32 89 fd 58 8f fc 76 2a 7d 1b 83 f0 03 f5 f0 e8 a4 55 7a 4e d7 eb e4 e1 e4 1c 81 7e 45 80 3b 94 7e 85 9f 2b d7 82 00 9c 49 d2 33 b1 d4 f4 c0 39 9c 5e 51 b9 c3 a3 46 d7 9d cf 64 5d 0e a8 9b 4f c7 17 f4 9c be 3b f9 b8 9d 43 75 b0 70 52 8e 40 bf 22 c0 1d 4a bf c2 cf 95 ab 21 30 61 86 6f 12 42 4b f3 d4 e8 92 cf 47 58 8d 46 be a1 45 ce 84 4a Data Ascii: PNGIHDRdsRGB1IDATx]\|of#nQhZlZzC@ GVn8$$!{w3=\|z}~"_G#p8G#p8G#p8G#p8G#p8@#@\|x9_r 0T$}kmN5mu59p%I/ee/Rm8V"r#0gNcQs0=#GS}.-0iL.f#l=B\|q2P2q{(R>net'}d(?]~YTo0I8cR3};v>NH?CIg-RA`GP_B?7xO/\|l&yvAQs&@ J<nv,`+9I;WlJq_;W{jT"&vXFms7,V.O;u#PY~[;;1/%j5\|EF\Fe6qW;q#63Rj#,\D8's&ltD.7y8w(>%7hfN,,u[\|?3O&nYQV5<#$gNUUL ,}KZ0=e)7E+3ssLD;A7}g~5;2Xv}UzN~E;~+I39^QFd]O;CupR@"J!0aoBKGXFEJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.5	49716	103.235.47.7	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:16.974000931 CET	176	OUT	GET /img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.290975094 CET	204	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 15444 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "3c54-5f29b35156300" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 19 Jan 2023 10:15:08 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1c 00 00 01 02 08 06 00 00 00 b5 ca 0e 0a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 02 1c a0 03 00 04 00 00 00 01 00 00 01 02 00 00 00 00 75 e5 65 67 00 00 3b be 49 44 41 54 78 01 ed 9d 09 9c 14 d5 b5 87 ef ad ea 65 56 16 99 19 96 d9 10 45 03 c3 26 cd 80 88 28 ee 51 e3 1a 31 31 9a b8 24 9a 68 34 26 d1 c4 ed a7 12 7d 9a 97 98 d5 f7 b2 a8 51 df 73 4b 04 4d a2 21 ee 0b 31 20 22 33 a0 c0 80 db 43 a7 7b 18 96 01 06 66 98 e9 e9 a5 ea be 53 20 30 5b 77 d7 d6 dd 55 dd ff d2 66 ba ea 9e 7b ee b9 df ed aa 3a 75 97 53 8c 61 03 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 Data Ascii: PNGIHDRsRGBDeXIfMM*iueg;IDATxeVE&(Q11$h4&}QsKM!1 "3C{fS 0[wUf{:uSa
Nov 18, 2023 07:52:17.291045904 CET	205	IN	Data Raw: 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 Data Ascii:
Nov 18, 2023 07:52:17.291057110 CET	206	IN	Data Raw: 43 2d 08 80 40 1a 09 c0 e1 48 23 5c a8 06 01 3b 09 d0 44 d1 b9 da c4 4e 3b 75 26 d2 45 37 f6 8b ea e6 6d d3 ed 40 70 26 ec 9d c0 9a d8 b0 d2 3d b1 3d 57 24 4a c6 71 10 00 01 e7 12 80 c3 e1 dc b6 81 65 20 d0 97 00 17 df ee 7b 20 7d 7b 34 6c 53 c4 Data Ascii: C-@H#\;DN;u&E7m@p&==W$Jqe { }{4lS:z)i4=v2{@`8%@:WOyz!7Uz@2CGf8D`j}9*,)1YeL#rK`IT #qM@` '<#\r}
Nov 18, 2023 07:52:17.291069031 CET	207	IN	Data Raw: e1 3c 2d 91 45 93 96 9b 25 1e 49 6d 42 22 08 80 40 52 02 70 38 92 e2 41 22 08 38 84 80 e0 59 71 38 94 d2 48 d2 f0 e9 da 64 56 fa 1c 92 71 4a 42 94 ed 9d 48 9b f1 82 51 20 08 80 80 59 02 70 38 cc 92 43 3e 10 c8 20 01 5a a2 92 15 87 c3 d7 ed 4d 3d Data Ascii: <-E%ImB"@Rp8A"8Yq8HdVqJBHQ Yp8C> ZM=AO<N[(lZ@a!4@&tdeJpy'a@\Ck7%u884Eap8j/X#{R"%#9;6:4
Nov 18, 2023 07:52:17.291080952 CET	208	IN	Data Raw: 13 d0 86 51 d4 a8 78 d6 16 67 43 2b 46 9b f3 c1 f9 93 75 f5 c1 fa c4 a5 32 f6 de 92 e1 bb 36 34 d6 9e c5 64 76 0a 39 0e ba 42 91 1f d4 47 d1 33 38 7b 86 6e ea d3 ed 74 36 34 fd 9a 93 50 c8 3c 01 89 4b 14 3b 84 45 0e 96 a9 e7 1b 6f e5 32 bf e2 c2 Data Ascii: QxgC+Fu264dv9BG38{nt64P<K;Eo2r62r6^LTabY[G2 C?+H@BLtCK&L.\:n_NK+5\%wk{d1,>9QS4:}76r^#^-cJG
Nov 18, 2023 07:52:17.291156054 CET	210	IN	Data Raw: da 92 15 c3 38 db 61 47 b9 93 ea 37 55 6f ed 08 2d 27 cf e0 76 2b 3d 1a 29 6d 11 e2 a2 68 67 e7 da 29 d3 5b 8e 4e 29 ab 4b 80 6f d7 25 66 b3 90 10 3c 2b 0e a6 cd d5 80 3a 10 c8 2a 01 38 1c 59 c5 8f c2 dd 4a c0 1b af d4 6e 40 91 4c db cf 99 f5 1b Data Ascii: 8aG7Uo-'v+=)mhg)[N)Ko%f<+:*8YJn@LIM32a?vTz]}YV=Q;8<@_4@@Fh~B+MB4+&Bdt9EB0U)_1/h0y@`KII{^y#C'
Nov 18, 2023 07:52:17.291167974 CET	211	IN	Data Raw: 4d 89 b3 5b d6 ad aa d2 62 67 e8 de 02 01 e1 8d c5 23 4f 3a 7a 28 a5 5f 6d 54 55 8b cf b1 6d 54 bf c3 49 77 d7 ae ac dd 48 ce d8 57 48 c8 be 88 af 9c 6d 66 92 e7 a4 a6 c6 31 c1 a4 85 23 11 04 40 c0 30 01 38 1c 86 91 39 2f 83 f6 84 48 f3 3a 1e 84 Data Ascii: M[bg#O:z(_mTUmTIwHWHmf1#@089/H:iZYE*-<&xjzZ<~7iCgtFgB9#%i\|0m&>`p@/8}ywOolZRbH53D1u'\NLrX>g75@N1LSa>
Nov 18, 2023 07:52:17.291177988 CET	212	IN	Data Raw: 6c 56 31 f5 00 1e c1 58 ec 13 b3 f9 2d e7 13 e2 4a c1 62 57 f6 d7 e3 ed de 73 0d 1d b3 7d 4e 57 ff 72 9c b4 8f 65 b1 4e 6a 8d cf 6d d1 5e 59 4c 43 2c 97 59 31 8d c6 0d 6b ad e4 47 5e 67 12 98 1c 08 4d 66 3d f1 b7 e9 76 92 27 ce c6 be 76 a0 a7 7c Data Ascii: lV1X-JbWs}NWreNjm^YLC,Y1kG^gMf=v'v\|zdN<-ZZCS<.6u~Hp5y2HiC4f#LO3Y+g'B@i(L3!TjzQnY=J$~z;AnZ
Nov 18, 2023 07:52:17.291188955 CET	214	IN	Data Raw: 8b e0 50 5a fe 59 45 3f dc 4a 7a d1 d2 d8 58 5c d1 d1 3d a7 c3 76 ce 3e 18 d3 1d 5b 4e af 4e d6 21 ec 5e 11 45 11 57 91 f5 ae 75 38 ea ea 9b cf 8a 2b f1 3f 53 1d 8a cd b6 c2 d1 f5 7e 36 6f 6e 21 3b 8e 3e 63 6b bc 66 d5 98 ca 37 67 76 61 d2 7c 5b Data Ascii: PZYE?JzX\=v>[NN!^EWu8+?S~6on!;>ckf7gva\|[1k&';"B]8aF? FsgPplcHzOe]d9V_-/olYC+XH-ozk_etG*~FI7
Nov 18, 2023 07:52:17.291202068 CET	215	IN	Data Raw: f3 1d 3b e0 6c e8 a2 3a a8 90 3f 12 66 97 51 ca bd 83 a6 a6 f1 20 fd 36 2e 08 fa e4 fa 34 16 61 4a 35 f5 1c 54 9a f4 91 4d 95 87 4c f9 43 00 0e 47 0e b6 35 39 08 57 b7 14 c8 cb ab 7a 94 c7 8d 54 4f cc 9f 2f b7 2c fe eb 57 42 7e f9 66 ba fd 6b a1 Data Ascii: ;l:?fQ 6.4aJ5TMLCG59WzTO/,WB~fk{i1%K17.32snc'4v)eAHr:,7]Dq'"=\RXKb.C&9ncIjLSSeO3!HMM@#[5rU--:
Nov 18, 2023 07:52:17.291213989 CET	216	IN	Data Raw: f9 fa 4a 49 8c 5f 07 67 a3 2f 93 84 7b 82 7d 9a 30 4d 67 c2 d3 cf ee 61 14 23 25 a5 b4 36 ec 72 c3 f5 c3 d9 33 4f 8e 62 e7 9f 5d cc ca ca 32 73 5a 77 75 a7 be 6e 5f ff dd 61 6c 56 bd 0b 26 b7 72 b6 fb bd 25 c3 77 a5 84 0d 81 ac 11 e0 e5 a3 4f a3 Data Ascii: JI_g/{}0Mga#%6r3Ob]2sZwun_alV&r%wO1CgTr\|&E `hSs7@)"&_9ApOLn07G2#wC5eztrh8moc-0M&TxO8{nvp:U1Ixl8wV
Nov 18, 2023 07:52:17.293407917 CET	220	OUT	GET /img/flexible/logo/pc/result@2.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.492834091 CET	261	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 15444 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "3c54-5f29b35156300" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Thu, 19 Jan 2023 10:15:08 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 1c 00 00 01 02 08 06 00 00 00 b5 ca 0e 0a 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 02 1c a0 03 00 04 00 00 00 01 00 00 01 02 00 00 00 00 75 e5 65 67 00 00 3b be 49 44 41 54 78 01 ed 9d 09 9c 14 d5 b5 87 ef ad ea 65 56 16 99 19 96 d9 10 45 03 c3 26 cd 80 88 28 ee 51 e3 1a 31 31 9a b8 24 9a 68 34 26 d1 c4 ed a7 12 7d 9a 97 98 d5 f7 b2 a8 51 df 73 4b 04 4d a2 21 ee 0b 31 20 22 33 a0 c0 80 db 43 a7 7b 18 96 01 06 66 98 e9 e9 a5 ea be 53 20 30 5b 77 d7 d6 dd 55 dd ff d2 66 ba ea 9e 7b ee b9 df ed aa 3a 75 97 53 8c 61 03 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 00 01 10 Data Ascii: PNGIHDRsRGBDeXIfMM*iueg;IDATxeVE&(Q11$h4&}QsKM!1 "3C{fS 0[wUf{:uSa
Nov 18, 2023 07:52:17.609982014 CET	279	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 12802 Content-Type: image/png Date: Sat, 18 Nov 2023 06:52:17 GMT Etag: "3202-5a533d00d4900" Expires: Tue, 15 Nov 2033 06:52:17 GMT Last-Modified: Sat, 09 May 2020 09:33:56 GMT Server: Apache Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 94 00 00 00 84 08 06 00 00 00 b7 64 dd 8f 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 31 bc 49 44 41 54 78 01 ed 5d 09 7c 14 d5 fd 7f 6f 66 af 9c 10 ee 23 bb 01 c5 2a 09 a0 10 6e 14 51 a9 8a b7 b6 68 0f b5 5a b5 b5 b5 ad b6 f5 c0 e3 af f1 6c b5 ad 5a db 7a d7 a3 da 43 11 ef bb da d2 aa 40 80 20 47 02 56 11 c8 6e 38 03 24 24 21 7b ce bc ff 77 12 12 93 cd ee ce b1 33 9b 3d de 7c 08 bb f3 de ef 7a df 99 7d bf f7 7e ef 22 84 5f 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 00 47 80 23 c0 11 e0 08 70 04 38 02 1c 01 8e 40 96 23 40 b3 bc 7c bc 78 39 84 c0 8c 19 5f 14 cb 72 fe 00 bf 20 97 30 99 0a 54 14 82 24 1c 09 d9 8a a4 7d 6b 97 8e 6d 4e 35 14 f3 e6 6d 75 35 07 c8 08 39 e2 70 ca a2 ec 94 25 49 14 98 d0 92 2f 0a cd 65 65 a3 9b 17 2f a6 52 aa 6d e2 fa 38 02 56 22 c0 1d 8a 95 e8 72 d9 96 23 30 67 4e 63 51 73 30 f0 3d c6 e4 ab 18 23 47 c5 53 88 17 7d 13 11 c8 8b 8e c2 e2 07 d7 2e 2d b1 cc b9 30 c6 e8 84 69 de 8b 98 4c 2e 66 94 ce 23 8c 89 b1 6c 82 3d cd 84 d2 a7 04 42 1e ae ad f1 7c 19 8b 86 a7 71 04 32 0d 01 ee 50 32 ed 89 71 7b bb 11 28 9f 52 7f 3e 6e 1e 65 84 94 74 27 aa 7d a1 64 a7 28 08 3f a9 5d e5 7e 59 8d 54 6f fe a4 a9 db 8f 8c 30 e9 49 38 95 63 b5 f3 52 19 b4 bf 1f 33 dc 7d e3 3b ef d0 a0 76 3e 4e c9 11 48 3f 04 b8 43 49 bf 67 c2 2d 52 41 60 d2 c9 bb 0a a4 bd c1 47 50 13 5f a4 42 1a 3f 9b d2 87 37 d5 78 ae 8a 4f a0 2f a7 7c aa f7 6c 26 b3 17 c0 e5 d4 c7 79 88 9a d2 0d a2 dd 76 41 ed 8a 51 9b 0c f1 73 26 8e 40 1a 20 c0 1d 4a 1a 3c 04 6e 82 76 04 16 2c 60 ce fa dd de b7 d0 2b 39 49 3b 57 6c 4a 81 0a bf af ab 71 5f 13 3b 57 7b 6a f9 54 df 02 22 cb af c2 26 87 76 ae 58 94 b4 d1 46 6d 73 37 d4 8c fa 2c 56 2e 4f e3 08 a4 3b 02 dc a1 a4 fb 13 e2 f6 75 23 50 59 c9 ec 7e e6 5b c2 08 3b b3 3b 31 c9 2f 02 25 8b ea 6a ca ee 35 2a a6 7c ea f6 c9 8c 45 96 11 46 5c 46 65 f4 e6 a3 db ed 36 c7 71 eb 57 8e d8 da 3b 9d df 71 04 d2 1f 01 8c 09 f2 8b 23 90 19 08 04 98 ef 36 33 9d 89 52 6a 99 91 db 95 b1 0f 23 08 2c 5c c8 44 38 93 27 cd 73 26 8a 15 6c 74 44 0a 2e 99 37 8f d9 8c d8 c4 79 38 02 fd 89 00 77 28 fd 89 3e d7 ad 19 81 8e 9e 00 25 37 68 66 d0 4e e8 8c c8 d2 e3 ca ec 2c ed 2c 9d 94 75 5b 7c 3f 87 33 99 a2 97 4f 8d 1e b3 d5 26 ef 6e f3 59 51 56 35 d5 3c 9f 23 90 14 02 dc a1 24 05 1f 67 4e 05 02 55 55 4c 20 2c f2 14 2a 7d 4b 5a ed e8 f5 cc 9d 30 bd e1 14 3d 65 a9 ac dc 91 8f 29 c1 37 eb e1 d1 45 2b b3 ff 33 da 73 d2 a5 87 13 73 04 4c 44 80 3b 14 13 c1 e4 a2 ac 41 e0 c5 37 7d 67 a2 d5 7e 8c 35 d2 3b a5 32 89 fd 58 8f fc 76 2a 7d 1b 83 f0 03 f5 f0 e8 a4 55 7a 4e d7 eb e4 e1 e4 1c 81 7e 45 80 3b 94 7e 85 9f 2b d7 82 00 9c 49 d2 33 b1 d4 f4 c0 39 9c 5e 51 b9 c3 a3 46 d7 9d cf 64 5d 0e a8 9b 4f c7 17 f4 9c be 3b f9 b8 9d 43 75 b0 70 52 8e 40 bf 22 c0 1d 4a bf c2 cf 95 ab 21 30 61 86 6f 12 42 4b f3 d4 e8 92 cf 47 58 8d 46 be a1 45 ce 84 4a Data Ascii: PNGIHDRdsRGB1IDATx]\|of#nQhZlZzC@ GVn8$$!{w3=\|z}~"_G#p8G#p8G#p8G#p8G#p8@#@\|x9_r 0T$}kmN5mu59p%I/ee/Rm8V"r#0gNcQs0=#GS}.-0iL.f#l=B\|q2P2q{(R>net'}d(?]~YTo0I8cR3};v>NH?CIg-RA`GP_B?7xO/\|l&yvAQs&@ J<nv,`+9I;WlJq_;W{jT"&vXFms7,V.O;u#PY~[;;1/%j5\|EF\Fe6qW;q#63Rj#,\D8's&ltD.7y8w(>%7hfN,,u[\|?3O&nYQV5<#$gNUUL ,}KZ0=e)7E+3ssLD;A7}g~5;2Xv}UzN~E;~+I39^QFd]O;CupR@"J!0aoBKGXFEJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.5	49721	111.225.213.38	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:17.506567955 CET	262	OUT	GET /cd37ed75a9387c5b.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: hectorstatic.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.859597921 CET	340	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 25019 Connection: keep-alive Expires: Fri, 17 Nov 2023 11:41:52 GMT Last-Modified: Fri, 17 Nov 2023 09:18:16 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 72625 Accept-Ranges: bytes Ohc-Global-Saved-Time: Fri, 17 Nov 2023 10:41:52 GMT Ohc-Upstream-Trace: 111.225.213.52 Ohc-Cache-HIT: lf6ct52 [2], cdix84 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 25019 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd 09 73 dc 38 b2 30 f8 57 66 22 f6 4d 49 63 bd 1d e2 e0 d5 6a cd 44 cb 56 e9 68 5b b6 4a 75 a9 bc 8e 17 24 41 ea aa 2a a9 75 58 92 7b 7a 7f fb 82 99 20 48 02 a0 5c b2 dd 6f f6 0b 77 44 8b 95 40 22 91 48 24 32 13 09 60 ad b8 5f 66 77 e7 57 cb b5 f5 df ff f2 39 b9 f9 cb ff 78 8f cc e3 c9 d6 c7 9e d8 1d 7f 11 bf 6c 6d f5 36 7a 23 3a 27 c7 de a8 fc 73 b0 3b bf c9 26 51 f9 e7 b0 3f f6 67 de bb f2 cf d9 64 76 9d 2e a0 40 f1 a6 1f bd 3b 85 6a e2 69 7b e7 64 7a 54 fe 79 32 1d 5c fd ba 87 7f d2 f8 61 3c dd 01 0c cb 59 72 c2 e0 d7 11 1b 7c ce 16 3b 58 60 f0 74 44 f6 cb 3f 93 7e ff 6d 4a 4e ca 3f df 0f 67 17 ef 27 d0 da 70 72 f7 25 bd 84 02 47 d3 d9 59 32 79 00 0c bb e3 a7 d9 02 28 3b ee cf af 26 0b 28 30 5b f8 ef 92 29 54 db 3f 3f 7b c8 90 c8 74 de df 39 66 97 f0 e7 64 3c 9c 4d 32 f8 93 fa b7 29 05 1a 26 34 3e 4f b0 ec 98 8e cf cb ce ec 3c 5e 67 48 eb 6c e7 60 3e 98 9e 56 c0 11 3d 42 44 67 24 c5 3f 67 c3 ab c7 62 78 0b a4 4c 1e 77 04 f5 ca 3f b3 45 df 97 dc 80 2e 2e 62 7e 32 fd 05 7a 40 cf 9e 52 2c 30 f6 06 87 23 02 b4 a6 ec 30 98 2d 80 c0 b7 8b 03 d9 45 6c 62 31 27 e9 18 ba 98 4c f8 e9 71 1f 7e 4d e8 d8 7f 37 ff 05 d9 2c c7 81 41 c7 07 97 72 74 76 80 c8 5f 8f 2f 43 81 bc 1d 78 fe f8 ad f7 a0 86 e4 73 86 03 75 dc 3f 78 9c 2d a1 b7 53 72 38 4f 77 e1 cf fc f2 ec 7a ec 5d c1 48 92 83 db 64 c4 81 de b1 38 12 63 68 2d 63 e3 5b b1 03 f4 0e d8 f8 f5 10 59 22 24 4b 66 7b c8 fc 8b 23 5a 12 b8 f0 e9 64 0c bf 9c 4c e6 f7 1f 90 07 b3 89 e8 e7 7b 0a d1 c0 57 8d a6 d3 c3 83 0c 79 f0 8e 3d 78 c5 1b a8 96 9e ff 72 b6 3f da c1 8e c7 f7 fb 17 c0 db 64 79 d8 cf 96 6a 98 e3 0b 81 c3 7c 42 1f cf 32 86 7f 7a e4 38 61 50 4d 2c 46 a7 27 34 42 36 1f 9c 65 04 78 3b 64 63 4f 0d df 89 d7 3f 39 1e e1 9f 93 83 eb 74 17 0a cc a6 fb 61 29 5b 3b f3 83 19 22 3a 59 f4 9f 8a e3 4b e4 a0 20 d9 2e 54 79 b7 7c e0 c5 9b 11 8e b8 ef c9 6a c8 cc f8 3e 41 d9 1a b0 01 ad a4 63 57 ec 09 1c a4 e2 cd 76 35 59 66 17 fb 5f 40 8a e3 eb 74 09 e5 26 a3 83 c3 a3 05 48 46 32 de be 4a 29 57 e5 48 c9 91 f1 41 90 ec de 62 d7 1e 2f 26 48 f9 6c e2 cf d5 98 ca 09 f5 24 85 44 b1 77 ae 66 67 46 c7 b7 b3 09 fc 29 76 c8 97 d9 c3 16 0a 88 3f cf 15 ff 27 e3 7b f1 1a aa bd 1b 9e d2 c3 8b 1d fc 75 fe 65 76 cc 91 e4 c3 Data Ascii: s80Wf"MIcjDVh[Ju$A*uX{z H\owD@"H$2`_fwW9xlm6z#:'s;&Q?gdv.@;ji{dzTy2\a<Yr\|;X`tD?~mJN?g'pr%GY2y(;&(0[)T??{t9fd<M2)&4>O<^gHl`>V=BDg$?gbxLw?E..b~2z@R,0#0-Elb1'Lq~M7,Artv_/Cxsu?x-Sr8Owz]Hd8ch-c[Y"$Kf{#ZdL{Wy=xr?dyj\|B2z8aPM,F'4B6ex;dcO?9ta)[;":YK .Ty\|j>AcWv5Yf_@t&HF2J)WHAb/&Hl$DwfgF)v?'{uev
Nov 18, 2023 07:52:17.859637976 CET	342	IN	Data Raw: e8 9d 1a c1 f1 e1 3c 5b 9e 28 96 fd 36 42 01 19 d2 bb b3 c1 18 18 34 18 8f b7 b3 9d 2b 14 fe f8 a9 ec c8 65 ff f3 09 aa 8f 09 f5 cf 04 72 79 dc ef 1f a4 4b e0 53 36 19 93 c1 28 aa 46 1a 1a dc 79 2c 49 20 b3 db 11 0e 41 22 25 f7 08 05 5e 72 a3 04 Data Ascii: <[(6B4+eryKS6(Fy,I A"%^r&d2](;U}]JIMb3xSe&35(w'g/H[YuwK3zagrZ1]n.AT1 p}?7>x5J8Io>zy?W^v
Nov 18, 2023 07:52:17.859678030 CET	343	IN	Data Raw: 4b f7 ae 5f 0f 97 ba e3 03 a5 61 16 fe 50 a0 21 2c fa d2 aa 3b af d7 27 c4 9b 8d 67 47 d9 18 0d ec 9d 99 74 7f 50 fc 27 87 f2 4f 74 8a a6 07 ef 8f 51 1b c9 e5 6a ac 34 bc b4 25 de 1c 4d 2a 9d 57 0a b0 98 90 79 86 6b d9 68 21 bd 36 6c 7f 38 39 e4 Data Ascii: K_aP!,;'gGtP'OtQj4%MWykh!6l89=tgvgW<@Kt^=JLc1+.k[evO<l85jz0?Qc9GtH>yJOR^)1aK4V):.p-c=+5]Pd{/2)Lg
Nov 18, 2023 07:52:17.859719038 CET	344	IN	Data Raw: 6e 86 8c 9a d2 9d 2a 5e 92 2d e2 07 60 c7 00 26 d1 72 56 85 c0 a4 35 7d 98 52 9c ec 8b f9 e8 04 17 53 a9 de a4 2d 8e de 7e df bb 57 ac 78 77 7c 79 2f 90 41 62 f7 b0 a8 26 dc de f6 9b 7c 94 a9 79 c2 60 9e 5c 5f f5 c0 40 20 33 5c 23 f2 c9 e0 4b a6 Data Ascii: n^-`&rV5}RS-~Wxw\|y/Ab&\|y`\_@ 3\#KVx).}o/eZnx{:e(Lo/Va# k7=pa09"`44c?y`$X2Ss@zD`@xF^OZYyQ
Nov 18, 2023 07:52:17.859756947 CET	346	IN	Data Raw: 69 83 2b 8b f0 64 71 b0 a3 b6 b7 ca cd f1 31 6a fb 94 fa 5f aa 78 c1 b8 7f 77 8c 4e 8c 74 7f ce 95 ee 93 c6 ff 78 bc a3 c8 e9 57 51 fe 63 76 f8 a4 76 39 a5 5e 97 96 71 b5 06 5d a8 29 25 25 6d aa 22 5f 29 13 5f 94 a4 c9 b2 73 b5 cd f7 eb eb 03 fe Data Ascii: i+dq1j_xwNtxWQcvv9^q])%%m"_)_s+F;ao"f\Obmi,IK#b4-C<8qx9;TK74Kih@F.tx7SgU\\|*+1\)!SQ1
Nov 18, 2023 07:52:17.859796047 CET	347	IN	Data Raw: bd 0e 32 56 e9 19 b8 45 a0 2c 75 7f 9a a0 24 83 93 8f 9b 6d a3 c9 e0 f5 10 03 e6 93 71 7f 27 c7 55 46 4c b7 17 03 dc 20 7e 37 dc 2e d4 5e 5a b2 7b 3d 4f 96 ca 26 18 5f f6 30 4c a4 d2 24 24 17 ab 6d b2 ec fc 94 2b 0b 45 bc 3e 7d a8 ac ff e9 c0 ab Data Ascii: 2VE,u$mq'UFL ~7.^Z{=O&_0L$$m+E>}2P@GRDolZ!i,gsr#mxrvK+v{Ja={*@2.f/8'j{\P2WXyJGKTe\|Q
Nov 18, 2023 07:52:17.859833002 CET	348	IN	Data Raw: 3f 4a b6 49 fb 2b cb a5 a8 fc 63 eb d5 ff f5 8f 8d 5e 4f 4b 01 8b b3 2c 91 1d e8 6d 16 92 69 d5 8f 8c 11 bf d8 92 43 5d 4a 03 0f fd 20 4b cb bf 68 54 04 69 08 bf f9 d4 4b 68 59 62 53 ff be a5 69 f8 d8 cb ce 92 9b 5f ee 50 5c b1 ec ab 57 eb 9b ff Data Ascii: ?JI+c^OK,miC]J KhTiKhYbSi_P\W.i[?KwJWEVx/W{(;=4sM2F71X_I}=Bn}wGcxLZ$Hn@O<B=BYlK
Nov 18, 2023 07:52:17.859870911 CET	350	IN	Data Raw: 35 da 46 2d 2c 67 bd 7f d7 88 7d 16 e7 89 07 41 30 0c dd 96 21 8a f5 df 6f 1f ce 55 f8 10 5b f8 a8 8b be 7a 25 c1 59 72 9b 4b 15 f5 53 85 24 97 8b 7f ec a6 02 a7 c7 9a 1b 06 32 be 56 79 e9 d5 cf 79 88 ba f8 d3 46 ef 5f 52 63 49 48 94 05 1e 5f df Data Ascii: 5F-,g}A0!oU[z%YrKS$2VyyF_RcIH_w\|'}!Z]to=:4W*?ZTS&H 0c=)neT&-82'K;FbSeR/w@V26`_!]Z4cj!iO~K?K3
Nov 18, 2023 07:52:17.859908104 CET	351	IN	Data Raw: be 47 b7 34 a7 ab f4 2f 40 87 2e 15 b4 68 31 6e 2d 9b e7 c9 4d 73 1b 10 ab 6c 1a c4 fc 51 7f 3b 91 21 bb 9a c1 fa b6 98 e0 e8 ba c5 04 fb b3 a1 bb 51 0a 64 2d 06 28 33 e7 b7 c7 92 ce ec 6c 90 df de cf ef be a6 bc a4 a6 93 6c ad ac 2e f8 68 35 5d Data Ascii: G4/@.h1n-MslQ;!Qd-(3ll.h5]t+/h#0T26X$:-4CBa5]KK9+c?JC4mbmzhfkq*4Ox$aK>Jha6UO,1K<$<
Nov 18, 2023 07:52:17.859966993 CET	353	IN	Data Raw: 67 32 77 99 55 38 53 08 65 d3 5b b5 57 21 32 cb a5 0e a9 62 ed f8 d1 49 a4 70 97 71 10 29 4c 99 32 07 87 c6 a6 6b 12 37 62 58 7e 9a 16 a1 e6 1c 7c 74 12 95 bb cb bc 88 73 56 ed 55 38 c7 08 cd 63 2d f8 f0 d1 49 64 e1 2e e3 d0 42 a6 86 31 62 42 e6 Data Ascii: g2wU8Se[W!2bIpq)L2k7bX~\|tsVU8c-Id.B1bBl^zl3=14Bjjsc5<6u\|e^2TvUH*!N"CFf+H`p0s<E ?:2/a]{%%x^RG']ESTM=/S$HjDqN4G'4kBdd
Nov 18, 2023 07:52:17.860021114 CET	354	IN	Data Raw: fb e6 31 b7 49 5c 65 cc 39 f5 78 a0 ef 93 85 8f 4e 4e 50 77 99 17 ed 7d 5a b5 57 8b 3c 7b 51 a2 e3 61 f0 d1 49 24 73 97 59 65 b8 cc 7d 67 92 19 a3 61 46 34 48 6e ea 7a 66 ae 3d 66 00 91 85 a6 b2 37 4f 32 10 cb 1f 32 c3 94 d6 f9 74 52 66 d8 bb fb Data Ascii: 1I\e9xNNPw}ZW<{QaI$sYe}gaF4Hnzf=f7O22tRf~2\|t^ME\(l\Ie%<u\|tdUn:{[yGg/w7{e:3<4( 2iMR/?:"{iBrB5WWD>:/+/7uZdz
Nov 18, 2023 07:52:18.060297966 CET	388	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 25019 Connection: keep-alive Expires: Fri, 17 Nov 2023 11:41:52 GMT Last-Modified: Fri, 17 Nov 2023 09:18:16 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 72625 Accept-Ranges: bytes Ohc-Global-Saved-Time: Fri, 17 Nov 2023 10:41:52 GMT Ohc-Upstream-Trace: 111.225.213.52 Ohc-Cache-HIT: lf6ct52 [2], cdix84 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 25019 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd 09 73 dc 38 b2 30 f8 57 66 22 f6 4d 49 63 bd 1d e2 e0 d5 6a cd 44 cb 56 e9 68 5b b6 4a 75 a9 bc 8e 17 24 41 ea aa 2a a9 75 58 92 7b 7a 7f fb 82 99 20 48 02 a0 5c b2 dd 6f f6 0b 77 44 8b 95 40 22 91 48 24 32 13 09 60 ad b8 5f 66 77 e7 57 cb b5 f5 df ff f2 39 b9 f9 cb ff 78 8f cc e3 c9 d6 c7 9e d8 1d 7f 11 bf 6c 6d f5 36 7a 23 3a 27 c7 de a8 fc 73 b0 3b bf c9 26 51 f9 e7 b0 3f f6 67 de bb f2 cf d9 64 76 9d 2e a0 40 f1 a6 1f bd 3b 85 6a e2 69 7b e7 64 7a 54 fe 79 32 1d 5c fd ba 87 7f d2 f8 61 3c dd 01 0c cb 59 72 c2 e0 d7 11 1b 7c ce 16 3b 58 60 f0 74 44 f6 cb 3f 93 7e ff 6d 4a 4e ca 3f df 0f 67 17 ef 27 d0 da 70 72 f7 25 bd 84 02 47 d3 d9 59 32 79 00 0c bb e3 a7 d9 02 28 3b ee cf af 26 0b 28 30 5b f8 ef 92 29 54 db 3f 3f 7b c8 90 c8 74 de df 39 66 97 f0 e7 64 3c 9c 4d 32 f8 93 fa b7 29 05 1a 26 34 3e 4f b0 ec 98 8e cf cb ce ec 3c 5e 67 48 eb 6c e7 60 3e 98 9e 56 c0 11 3d 42 44 67 24 c5 3f 67 c3 ab c7 62 78 0b a4 4c 1e 77 04 f5 ca 3f b3 45 df 97 dc 80 2e 2e 62 7e 32 fd 05 7a 40 cf 9e 52 2c 30 f6 06 87 23 02 b4 a6 ec 30 98 2d 80 c0 b7 8b 03 d9 45 6c 62 31 27 e9 18 ba 98 4c f8 e9 71 1f 7e 4d e8 d8 7f 37 ff 05 d9 2c c7 81 41 c7 07 97 72 74 76 80 c8 5f 8f 2f 43 81 bc 1d 78 fe f8 ad f7 a0 86 e4 73 86 03 75 dc 3f 78 9c 2d a1 b7 53 72 38 4f 77 e1 cf fc f2 ec 7a ec 5d c1 48 92 83 db 64 c4 81 de b1 38 12 63 68 2d 63 e3 5b b1 03 f4 0e d8 f8 f5 10 59 22 24 4b 66 7b c8 fc 8b 23 5a 12 b8 f0 e9 64 0c bf 9c 4c e6 f7 1f 90 07 b3 89 e8 e7 7b 0a d1 c0 57 8d a6 d3 c3 83 0c 79 f0 8e 3d 78 c5 1b a8 96 9e ff 72 b6 3f da c1 8e c7 f7 fb 17 c0 db 64 79 d8 cf 96 6a 98 e3 0b 81 c3 7c 42 1f cf 32 86 7f 7a e4 38 61 50 4d 2c 46 a7 27 34 42 36 1f 9c 65 04 78 3b 64 63 4f 0d df 89 d7 3f 39 1e e1 9f 93 83 eb 74 17 0a cc a6 fb 61 29 5b 3b f3 83 19 22 3a 59 f4 9f 8a e3 4b e4 a0 20 d9 2e 54 79 b7 7c e0 c5 9b 11 8e b8 ef c9 6a c8 cc f8 3e 41 d9 1a b0 01 ad a4 63 57 ec 09 1c a4 e2 cd 76 35 59 66 17 fb 5f 40 8a e3 eb 74 09 e5 26 a3 83 c3 a3 05 48 46 32 de be 4a 29 57 e5 48 c9 91 f1 41 90 ec de 62 d7 1e 2f 26 48 f9 6c e2 cf d5 98 ca 09 f5 24 85 44 b1 77 ae 66 67 46 c7 b7 b3 09 fc 29 76 c8 97 d9 c3 16 0a 88 3f cf 15 ff 27 e3 7b f1 1a aa bd 1b 9e d2 c3 8b 1d fc 75 fe 65 76 cc 91 e4 c3 Data Ascii: s80Wf"MIcjDVh[Ju$A*uX{z H\owD@"H$2`_fwW9xlm6z#:'s;&Q?gdv.@;ji{dzTy2\a<Yr\|;X`tD?~mJN?g'pr%GY2y(;&(0[)T??{t9fd<M2)&4>O<^gHl`>V=BDg$?gbxLw?E..b~2z@R,0#0-Elb1'Lq~M7,Artv_/Cxsu?x-Sr8Owz]Hd8ch-c[Y"$Kf{#ZdL{Wy=xr?dyj\|B2z8aPM,F'4B6ex;dcO?9ta)[;":YK .Ty\|j>AcWv5Yf_@t&HF2J)WHAb/&Hl$DwfgF)v?'{uev
Nov 18, 2023 07:52:18.162972927 CET	402	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 25019 Connection: keep-alive Expires: Fri, 17 Nov 2023 11:41:52 GMT Last-Modified: Fri, 17 Nov 2023 09:18:16 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 72625 Accept-Ranges: bytes Ohc-Global-Saved-Time: Fri, 17 Nov 2023 10:41:52 GMT Ohc-Upstream-Trace: 111.225.213.52 Ohc-Cache-HIT: lf6ct52 [2], cdix84 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 25019 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd 09 73 dc 38 b2 30 f8 57 66 22 f6 4d 49 63 bd 1d e2 e0 d5 6a cd 44 cb 56 e9 68 5b b6 4a 75 a9 bc 8e 17 24 41 ea aa 2a a9 75 58 92 7b 7a 7f fb 82 99 20 48 02 a0 5c b2 dd 6f f6 0b 77 44 8b 95 40 22 91 48 24 32 13 09 60 ad b8 5f 66 77 e7 57 cb b5 f5 df ff f2 39 b9 f9 cb ff 78 8f cc e3 c9 d6 c7 9e d8 1d 7f 11 bf 6c 6d f5 36 7a 23 3a 27 c7 de a8 fc 73 b0 3b bf c9 26 51 f9 e7 b0 3f f6 67 de bb f2 cf d9 64 76 9d 2e a0 40 f1 a6 1f bd 3b 85 6a e2 69 7b e7 64 7a 54 fe 79 32 1d 5c fd ba 87 7f d2 f8 61 3c dd 01 0c cb 59 72 c2 e0 d7 11 1b 7c ce 16 3b 58 60 f0 74 44 f6 cb 3f 93 7e ff 6d 4a 4e ca 3f df 0f 67 17 ef 27 d0 da 70 72 f7 25 bd 84 02 47 d3 d9 59 32 79 00 0c bb e3 a7 d9 02 28 3b ee cf af 26 0b 28 30 5b f8 ef 92 29 54 db 3f 3f 7b c8 90 c8 74 de df 39 66 97 f0 e7 64 3c 9c 4d 32 f8 93 fa b7 29 05 1a 26 34 3e 4f b0 ec 98 8e cf cb ce ec 3c 5e 67 48 eb 6c e7 60 3e 98 9e 56 c0 11 3d 42 44 67 24 c5 3f 67 c3 ab c7 62 78 0b a4 4c 1e 77 04 f5 ca 3f b3 45 df 97 dc 80 2e 2e 62 7e 32 fd 05 7a 40 cf 9e 52 2c 30 f6 06 87 23 02 b4 a6 ec 30 98 2d 80 c0 b7 8b 03 d9 45 6c 62 31 27 e9 18 ba 98 4c f8 e9 71 1f 7e 4d e8 d8 7f 37 ff 05 d9 2c c7 81 41 c7 07 97 72 74 76 80 c8 5f 8f 2f 43 81 bc 1d 78 fe f8 ad f7 a0 86 e4 73 86 03 75 dc 3f 78 9c 2d a1 b7 53 72 38 4f 77 e1 cf fc f2 ec 7a ec 5d c1 48 92 83 db 64 c4 81 de b1 38 12 63 68 2d 63 e3 5b b1 03 f4 0e d8 f8 f5 10 59 22 24 4b 66 7b c8 fc 8b 23 5a 12 b8 f0 e9 64 0c bf 9c 4c e6 f7 1f 90 07 b3 89 e8 e7 7b 0a d1 c0 57 8d a6 d3 c3 83 0c 79 f0 8e 3d 78 c5 1b a8 96 9e ff 72 b6 3f da c1 8e c7 f7 fb 17 c0 db 64 79 d8 cf 96 6a 98 e3 0b 81 c3 7c 42 1f cf 32 86 7f 7a e4 38 61 50 4d 2c 46 a7 27 34 42 36 1f 9c 65 04 78 3b 64 63 4f 0d df 89 d7 3f 39 1e e1 9f 93 83 eb 74 17 0a cc a6 fb 61 29 5b 3b f3 83 19 22 3a 59 f4 9f 8a e3 4b e4 a0 20 d9 2e 54 79 b7 7c e0 c5 9b 11 8e b8 ef c9 6a c8 cc f8 3e 41 d9 1a b0 01 ad a4 63 57 ec 09 1c a4 e2 cd 76 35 59 66 17 fb 5f 40 8a e3 eb 74 09 e5 26 a3 83 c3 a3 05 48 46 32 de be 4a 29 57 e5 48 c9 91 f1 41 90 ec de 62 d7 1e 2f 26 48 f9 6c e2 cf d5 98 ca 09 f5 24 85 44 b1 77 ae 66 67 46 c7 b7 b3 09 fc 29 76 c8 97 d9 c3 16 0a 88 3f cf 15 ff 27 e3 7b f1 1a aa bd 1b 9e d2 c3 8b 1d fc 75 fe 65 76 cc 91 e4 c3 Data Ascii: s80Wf"MIcjDVh[Ju$A*uX{z H\owD@"H$2`_fwW9xlm6z#:'s;&Q?gdv.@;ji{dzTy2\a<Yr\|;X`tD?~mJN?g'pr%GY2y(;&(0[)T??{t9fd<M2)&4>O<^gHl`>V=BDg$?gbxLw?E..b~2z@R,0#0-Elb1'Lq~M7,Artv_/Cxsu?x-Sr8Owz]Hd8ch-c[Y"$Kf{#ZdL{Wy=xr?dyj\|B2z8aPM,F'4B6ex;dcO?9ta)[;":YK .Ty\|j>AcWv5Yf_@t&HF2J)WHAb/&Hl$DwfgF)v?'{uev

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	111.225.213.38	80	192.168.2.5	49721	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:17.506567955 CET	262	OUT	GET /cd37ed75a9387c5b.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: hectorstatic.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
Nov 18, 2023 07:52:17.859597921 CET	340	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 25019 Connection: keep-alive Expires: Fri, 17 Nov 2023 11:41:52 GMT Last-Modified: Fri, 17 Nov 2023 09:18:16 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 72625 Accept-Ranges: bytes Ohc-Global-Saved-Time: Fri, 17 Nov 2023 10:41:52 GMT Ohc-Upstream-Trace: 111.225.213.52 Ohc-Cache-HIT: lf6ct52 [2], cdix84 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 25019 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd 09 73 dc 38 b2 30 f8 57 66 22 f6 4d 49 63 bd 1d e2 e0 d5 6a cd 44 cb 56 e9 68 5b b6 4a 75 a9 bc 8e 17 24 41 ea aa 2a a9 75 58 92 7b 7a 7f fb 82 99 20 48 02 a0 5c b2 dd 6f f6 0b 77 44 8b 95 40 22 91 48 24 32 13 09 60 ad b8 5f 66 77 e7 57 cb b5 f5 df ff f2 39 b9 f9 cb ff 78 8f cc e3 c9 d6 c7 9e d8 1d 7f 11 bf 6c 6d f5 36 7a 23 3a 27 c7 de a8 fc 73 b0 3b bf c9 26 51 f9 e7 b0 3f f6 67 de bb f2 cf d9 64 76 9d 2e a0 40 f1 a6 1f bd 3b 85 6a e2 69 7b e7 64 7a 54 fe 79 32 1d 5c fd ba 87 7f d2 f8 61 3c dd 01 0c cb 59 72 c2 e0 d7 11 1b 7c ce 16 3b 58 60 f0 74 44 f6 cb 3f 93 7e ff 6d 4a 4e ca 3f df 0f 67 17 ef 27 d0 da 70 72 f7 25 bd 84 02 47 d3 d9 59 32 79 00 0c bb e3 a7 d9 02 28 3b ee cf af 26 0b 28 30 5b f8 ef 92 29 54 db 3f 3f 7b c8 90 c8 74 de df 39 66 97 f0 e7 64 3c 9c 4d 32 f8 93 fa b7 29 05 1a 26 34 3e 4f b0 ec 98 8e cf cb ce ec 3c 5e 67 48 eb 6c e7 60 3e 98 9e 56 c0 11 3d 42 44 67 24 c5 3f 67 c3 ab c7 62 78 0b a4 4c 1e 77 04 f5 ca 3f b3 45 df 97 dc 80 2e 2e 62 7e 32 fd 05 7a 40 cf 9e 52 2c 30 f6 06 87 23 02 b4 a6 ec 30 98 2d 80 c0 b7 8b 03 d9 45 6c 62 31 27 e9 18 ba 98 4c f8 e9 71 1f 7e 4d e8 d8 7f 37 ff 05 d9 2c c7 81 41 c7 07 97 72 74 76 80 c8 5f 8f 2f 43 81 bc 1d 78 fe f8 ad f7 a0 86 e4 73 86 03 75 dc 3f 78 9c 2d a1 b7 53 72 38 4f 77 e1 cf fc f2 ec 7a ec 5d c1 48 92 83 db 64 c4 81 de b1 38 12 63 68 2d 63 e3 5b b1 03 f4 0e d8 f8 f5 10 59 22 24 4b 66 7b c8 fc 8b 23 5a 12 b8 f0 e9 64 0c bf 9c 4c e6 f7 1f 90 07 b3 89 e8 e7 7b 0a d1 c0 57 8d a6 d3 c3 83 0c 79 f0 8e 3d 78 c5 1b a8 96 9e ff 72 b6 3f da c1 8e c7 f7 fb 17 c0 db 64 79 d8 cf 96 6a 98 e3 0b 81 c3 7c 42 1f cf 32 86 7f 7a e4 38 61 50 4d 2c 46 a7 27 34 42 36 1f 9c 65 04 78 3b 64 63 4f 0d df 89 d7 3f 39 1e e1 9f 93 83 eb 74 17 0a cc a6 fb 61 29 5b 3b f3 83 19 22 3a 59 f4 9f 8a e3 4b e4 a0 20 d9 2e 54 79 b7 7c e0 c5 9b 11 8e b8 ef c9 6a c8 cc f8 3e 41 d9 1a b0 01 ad a4 63 57 ec 09 1c a4 e2 cd 76 35 59 66 17 fb 5f 40 8a e3 eb 74 09 e5 26 a3 83 c3 a3 05 48 46 32 de be 4a 29 57 e5 48 c9 91 f1 41 90 ec de 62 d7 1e 2f 26 48 f9 6c e2 cf d5 98 ca 09 f5 24 85 44 b1 77 ae 66 67 46 c7 b7 b3 09 fc 29 76 c8 97 d9 c3 16 0a 88 3f cf 15 ff 27 e3 7b f1 1a aa bd 1b 9e d2 c3 8b 1d fc 75 fe 65 76 cc 91 e4 c3 Data Ascii: s80Wf"MIcjDVh[Ju$A*uX{z H\owD@"H$2`_fwW9xlm6z#:'s;&Q?gdv.@;ji{dzTy2\a<Yr\|;X`tD?~mJN?g'pr%GY2y(;&(0[)T??{t9fd<M2)&4>O<^gHl`>V=BDg$?gbxLw?E..b~2z@R,0#0-Elb1'Lq~M7,Artv_/Cxsu?x-Sr8Owz]Hd8ch-c[Y"$Kf{#ZdL{Wy=xr?dyj\|B2z8aPM,F'4B6ex;dcO?9ta)[;":YK .Ty\|j>AcWv5Yf_@t&HF2J)WHAb/&Hl$DwfgF)v?'{uev
Nov 18, 2023 07:52:17.859637976 CET	342	IN	Data Raw: e8 9d 1a c1 f1 e1 3c 5b 9e 28 96 fd 36 42 01 19 d2 bb b3 c1 18 18 34 18 8f b7 b3 9d 2b 14 fe f8 a9 ec c8 65 ff f3 09 aa 8f 09 f5 cf 04 72 79 dc ef 1f a4 4b e0 53 36 19 93 c1 28 aa 46 1a 1a dc 79 2c 49 20 b3 db 11 0e 41 22 25 f7 08 05 5e 72 a3 04 Data Ascii: <[(6B4+eryKS6(Fy,I A"%^r&d2](;U}]JIMb3xSe&35(w'g/H[YuwK3zagrZ1]n.AT1 p}?7>x5J8Io>zy?W^v
Nov 18, 2023 07:52:17.859678030 CET	343	IN	Data Raw: 4b f7 ae 5f 0f 97 ba e3 03 a5 61 16 fe 50 a0 21 2c fa d2 aa 3b af d7 27 c4 9b 8d 67 47 d9 18 0d ec 9d 99 74 7f 50 fc 27 87 f2 4f 74 8a a6 07 ef 8f 51 1b c9 e5 6a ac 34 bc b4 25 de 1c 4d 2a 9d 57 0a b0 98 90 79 86 6b d9 68 21 bd 36 6c 7f 38 39 e4 Data Ascii: K_aP!,;'gGtP'OtQj4%MWykh!6l89=tgvgW<@Kt^=JLc1+.k[evO<l85jz0?Qc9GtH>yJOR^)1aK4V):.p-c=+5]Pd{/2)Lg
Nov 18, 2023 07:52:17.859719038 CET	344	IN	Data Raw: 6e 86 8c 9a d2 9d 2a 5e 92 2d e2 07 60 c7 00 26 d1 72 56 85 c0 a4 35 7d 98 52 9c ec 8b f9 e8 04 17 53 a9 de a4 2d 8e de 7e df bb 57 ac 78 77 7c 79 2f 90 41 62 f7 b0 a8 26 dc de f6 9b 7c 94 a9 79 c2 60 9e 5c 5f f5 c0 40 20 33 5c 23 f2 c9 e0 4b a6 Data Ascii: n^-`&rV5}RS-~Wxw\|y/Ab&\|y`\_@ 3\#KVx).}o/eZnx{:e(Lo/Va# k7=pa09"`44c?y`$X2Ss@zD`@xF^OZYyQ
Nov 18, 2023 07:52:17.859756947 CET	346	IN	Data Raw: 69 83 2b 8b f0 64 71 b0 a3 b6 b7 ca cd f1 31 6a fb 94 fa 5f aa 78 c1 b8 7f 77 8c 4e 8c 74 7f ce 95 ee 93 c6 ff 78 bc a3 c8 e9 57 51 fe 63 76 f8 a4 76 39 a5 5e 97 96 71 b5 06 5d a8 29 25 25 6d aa 22 5f 29 13 5f 94 a4 c9 b2 73 b5 cd f7 eb eb 03 fe Data Ascii: i+dq1j_xwNtxWQcvv9^q])%%m"_)_s+F;ao"f\Obmi,IK#b4-C<8qx9;TK74Kih@F.tx7SgU\\|*+1\)!SQ1
Nov 18, 2023 07:52:17.859796047 CET	347	IN	Data Raw: bd 0e 32 56 e9 19 b8 45 a0 2c 75 7f 9a a0 24 83 93 8f 9b 6d a3 c9 e0 f5 10 03 e6 93 71 7f 27 c7 55 46 4c b7 17 03 dc 20 7e 37 dc 2e d4 5e 5a b2 7b 3d 4f 96 ca 26 18 5f f6 30 4c a4 d2 24 24 17 ab 6d b2 ec fc 94 2b 0b 45 bc 3e 7d a8 ac ff e9 c0 ab Data Ascii: 2VE,u$mq'UFL ~7.^Z{=O&_0L$$m+E>}2P@GRDolZ!i,gsr#mxrvK+v{Ja={*@2.f/8'j{\P2WXyJGKTe\|Q
Nov 18, 2023 07:52:17.859833002 CET	348	IN	Data Raw: 3f 4a b6 49 fb 2b cb a5 a8 fc 63 eb d5 ff f5 8f 8d 5e 4f 4b 01 8b b3 2c 91 1d e8 6d 16 92 69 d5 8f 8c 11 bf d8 92 43 5d 4a 03 0f fd 20 4b cb bf 68 54 04 69 08 bf f9 d4 4b 68 59 62 53 ff be a5 69 f8 d8 cb ce 92 9b 5f ee 50 5c b1 ec ab 57 eb 9b ff Data Ascii: ?JI+c^OK,miC]J KhTiKhYbSi_P\W.i[?KwJWEVx/W{(;=4sM2F71X_I}=Bn}wGcxLZ$Hn@O<B=BYlK
Nov 18, 2023 07:52:17.859870911 CET	350	IN	Data Raw: 35 da 46 2d 2c 67 bd 7f d7 88 7d 16 e7 89 07 41 30 0c dd 96 21 8a f5 df 6f 1f ce 55 f8 10 5b f8 a8 8b be 7a 25 c1 59 72 9b 4b 15 f5 53 85 24 97 8b 7f ec a6 02 a7 c7 9a 1b 06 32 be 56 79 e9 d5 cf 79 88 ba f8 d3 46 ef 5f 52 63 49 48 94 05 1e 5f df Data Ascii: 5F-,g}A0!oU[z%YrKS$2VyyF_RcIH_w\|'}!Z]to=:4W*?ZTS&H 0c=)neT&-82'K;FbSeR/w@V26`_!]Z4cj!iO~K?K3
Nov 18, 2023 07:52:17.859908104 CET	351	IN	Data Raw: be 47 b7 34 a7 ab f4 2f 40 87 2e 15 b4 68 31 6e 2d 9b e7 c9 4d 73 1b 10 ab 6c 1a c4 fc 51 7f 3b 91 21 bb 9a c1 fa b6 98 e0 e8 ba c5 04 fb b3 a1 bb 51 0a 64 2d 06 28 33 e7 b7 c7 92 ce ec 6c 90 df de cf ef be a6 bc a4 a6 93 6c ad ac 2e f8 68 35 5d Data Ascii: G4/@.h1n-MslQ;!Qd-(3ll.h5]t+/h#0T26X$:-4CBa5]KK9+c?JC4mbmzhfkq*4Ox$aK>Jha6UO,1K<$<
Nov 18, 2023 07:52:17.859966993 CET	353	IN	Data Raw: 67 32 77 99 55 38 53 08 65 d3 5b b5 57 21 32 cb a5 0e a9 62 ed f8 d1 49 a4 70 97 71 10 29 4c 99 32 07 87 c6 a6 6b 12 37 62 58 7e 9a 16 a1 e6 1c 7c 74 12 95 bb cb bc 88 73 56 ed 55 38 c7 08 cd 63 2d f8 f0 d1 49 64 e1 2e e3 d0 42 a6 86 31 62 42 e6 Data Ascii: g2wU8Se[W!2bIpq)L2k7bX~\|tsVU8c-Id.B1bBl^zl3=14Bjjsc5<6u\|e^2TvUH*!N"CFf+H`p0s<E ?:2/a]{%%x^RG']ESTM=/S$HjDqN4G'4kBdd
Nov 18, 2023 07:52:17.860021114 CET	354	IN	Data Raw: fb e6 31 b7 49 5c 65 cc 39 f5 78 a0 ef 93 85 8f 4e 4e 50 77 99 17 ed 7d 5a b5 57 8b 3c 7b 51 a2 e3 61 f0 d1 49 24 73 97 59 65 b8 cc 7d 67 92 19 a3 61 46 34 48 6e ea 7a 66 ae 3d 66 00 91 85 a6 b2 37 4f 32 10 cb 1f 32 c3 94 d6 f9 74 52 66 d8 bb fb Data Ascii: 1I\e9xNNPw}ZW<{QaI$sYe}gaF4Hnzf=f7O22tRf~2\|t^ME\(l\Ie%<u\|tdUn:{[yGg/w7{e:3<4( 2iMR/?:"{iBrB5WWD>:/+/7uZdz
Nov 18, 2023 07:52:18.060297966 CET	388	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 25019 Connection: keep-alive Expires: Fri, 17 Nov 2023 11:41:52 GMT Last-Modified: Fri, 17 Nov 2023 09:18:16 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 72625 Accept-Ranges: bytes Ohc-Global-Saved-Time: Fri, 17 Nov 2023 10:41:52 GMT Ohc-Upstream-Trace: 111.225.213.52 Ohc-Cache-HIT: lf6ct52 [2], cdix84 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 25019 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd 09 73 dc 38 b2 30 f8 57 66 22 f6 4d 49 63 bd 1d e2 e0 d5 6a cd 44 cb 56 e9 68 5b b6 4a 75 a9 bc 8e 17 24 41 ea aa 2a a9 75 58 92 7b 7a 7f fb 82 99 20 48 02 a0 5c b2 dd 6f f6 0b 77 44 8b 95 40 22 91 48 24 32 13 09 60 ad b8 5f 66 77 e7 57 cb b5 f5 df ff f2 39 b9 f9 cb ff 78 8f cc e3 c9 d6 c7 9e d8 1d 7f 11 bf 6c 6d f5 36 7a 23 3a 27 c7 de a8 fc 73 b0 3b bf c9 26 51 f9 e7 b0 3f f6 67 de bb f2 cf d9 64 76 9d 2e a0 40 f1 a6 1f bd 3b 85 6a e2 69 7b e7 64 7a 54 fe 79 32 1d 5c fd ba 87 7f d2 f8 61 3c dd 01 0c cb 59 72 c2 e0 d7 11 1b 7c ce 16 3b 58 60 f0 74 44 f6 cb 3f 93 7e ff 6d 4a 4e ca 3f df 0f 67 17 ef 27 d0 da 70 72 f7 25 bd 84 02 47 d3 d9 59 32 79 00 0c bb e3 a7 d9 02 28 3b ee cf af 26 0b 28 30 5b f8 ef 92 29 54 db 3f 3f 7b c8 90 c8 74 de df 39 66 97 f0 e7 64 3c 9c 4d 32 f8 93 fa b7 29 05 1a 26 34 3e 4f b0 ec 98 8e cf cb ce ec 3c 5e 67 48 eb 6c e7 60 3e 98 9e 56 c0 11 3d 42 44 67 24 c5 3f 67 c3 ab c7 62 78 0b a4 4c 1e 77 04 f5 ca 3f b3 45 df 97 dc 80 2e 2e 62 7e 32 fd 05 7a 40 cf 9e 52 2c 30 f6 06 87 23 02 b4 a6 ec 30 98 2d 80 c0 b7 8b 03 d9 45 6c 62 31 27 e9 18 ba 98 4c f8 e9 71 1f 7e 4d e8 d8 7f 37 ff 05 d9 2c c7 81 41 c7 07 97 72 74 76 80 c8 5f 8f 2f 43 81 bc 1d 78 fe f8 ad f7 a0 86 e4 73 86 03 75 dc 3f 78 9c 2d a1 b7 53 72 38 4f 77 e1 cf fc f2 ec 7a ec 5d c1 48 92 83 db 64 c4 81 de b1 38 12 63 68 2d 63 e3 5b b1 03 f4 0e d8 f8 f5 10 59 22 24 4b 66 7b c8 fc 8b 23 5a 12 b8 f0 e9 64 0c bf 9c 4c e6 f7 1f 90 07 b3 89 e8 e7 7b 0a d1 c0 57 8d a6 d3 c3 83 0c 79 f0 8e 3d 78 c5 1b a8 96 9e ff 72 b6 3f da c1 8e c7 f7 fb 17 c0 db 64 79 d8 cf 96 6a 98 e3 0b 81 c3 7c 42 1f cf 32 86 7f 7a e4 38 61 50 4d 2c 46 a7 27 34 42 36 1f 9c 65 04 78 3b 64 63 4f 0d df 89 d7 3f 39 1e e1 9f 93 83 eb 74 17 0a cc a6 fb 61 29 5b 3b f3 83 19 22 3a 59 f4 9f 8a e3 4b e4 a0 20 d9 2e 54 79 b7 7c e0 c5 9b 11 8e b8 ef c9 6a c8 cc f8 3e 41 d9 1a b0 01 ad a4 63 57 ec 09 1c a4 e2 cd 76 35 59 66 17 fb 5f 40 8a e3 eb 74 09 e5 26 a3 83 c3 a3 05 48 46 32 de be 4a 29 57 e5 48 c9 91 f1 41 90 ec de 62 d7 1e 2f 26 48 f9 6c e2 cf d5 98 ca 09 f5 24 85 44 b1 77 ae 66 67 46 c7 b7 b3 09 fc 29 76 c8 97 d9 c3 16 0a 88 3f cf 15 ff 27 e3 7b f1 1a aa bd 1b 9e d2 c3 8b 1d fc 75 fe 65 76 cc 91 e4 c3 Data Ascii: s80Wf"MIcjDVh[Ju$A*uX{z H\owD@"H$2`_fwW9xlm6z#:'s;&Q?gdv.@;ji{dzTy2\a<Yr\|;X`tD?~mJN?g'pr%GY2y(;&(0[)T??{t9fd<M2)&4>O<^gHl`>V=BDg$?gbxLw?E..b~2z@R,0#0-Elb1'Lq~M7,Artv_/Cxsu?x-Sr8Owz]Hd8ch-c[Y"$Kf{#ZdL{Wy=xr?dyj\|B2z8aPM,F'4B6ex;dcO?9ta)[;":YK .Ty\|j>AcWv5Yf_@t&HF2J)WHAb/&Hl$DwfgF)v?'{uev
Nov 18, 2023 07:52:18.162972927 CET	402	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 25019 Connection: keep-alive Expires: Fri, 17 Nov 2023 11:41:52 GMT Last-Modified: Fri, 17 Nov 2023 09:18:16 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 72625 Accept-Ranges: bytes Ohc-Global-Saved-Time: Fri, 17 Nov 2023 10:41:52 GMT Ohc-Upstream-Trace: 111.225.213.52 Ohc-Cache-HIT: lf6ct52 [2], cdix84 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 25019 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 d4 bd 09 73 dc 38 b2 30 f8 57 66 22 f6 4d 49 63 bd 1d e2 e0 d5 6a cd 44 cb 56 e9 68 5b b6 4a 75 a9 bc 8e 17 24 41 ea aa 2a a9 75 58 92 7b 7a 7f fb 82 99 20 48 02 a0 5c b2 dd 6f f6 0b 77 44 8b 95 40 22 91 48 24 32 13 09 60 ad b8 5f 66 77 e7 57 cb b5 f5 df ff f2 39 b9 f9 cb ff 78 8f cc e3 c9 d6 c7 9e d8 1d 7f 11 bf 6c 6d f5 36 7a 23 3a 27 c7 de a8 fc 73 b0 3b bf c9 26 51 f9 e7 b0 3f f6 67 de bb f2 cf d9 64 76 9d 2e a0 40 f1 a6 1f bd 3b 85 6a e2 69 7b e7 64 7a 54 fe 79 32 1d 5c fd ba 87 7f d2 f8 61 3c dd 01 0c cb 59 72 c2 e0 d7 11 1b 7c ce 16 3b 58 60 f0 74 44 f6 cb 3f 93 7e ff 6d 4a 4e ca 3f df 0f 67 17 ef 27 d0 da 70 72 f7 25 bd 84 02 47 d3 d9 59 32 79 00 0c bb e3 a7 d9 02 28 3b ee cf af 26 0b 28 30 5b f8 ef 92 29 54 db 3f 3f 7b c8 90 c8 74 de df 39 66 97 f0 e7 64 3c 9c 4d 32 f8 93 fa b7 29 05 1a 26 34 3e 4f b0 ec 98 8e cf cb ce ec 3c 5e 67 48 eb 6c e7 60 3e 98 9e 56 c0 11 3d 42 44 67 24 c5 3f 67 c3 ab c7 62 78 0b a4 4c 1e 77 04 f5 ca 3f b3 45 df 97 dc 80 2e 2e 62 7e 32 fd 05 7a 40 cf 9e 52 2c 30 f6 06 87 23 02 b4 a6 ec 30 98 2d 80 c0 b7 8b 03 d9 45 6c 62 31 27 e9 18 ba 98 4c f8 e9 71 1f 7e 4d e8 d8 7f 37 ff 05 d9 2c c7 81 41 c7 07 97 72 74 76 80 c8 5f 8f 2f 43 81 bc 1d 78 fe f8 ad f7 a0 86 e4 73 86 03 75 dc 3f 78 9c 2d a1 b7 53 72 38 4f 77 e1 cf fc f2 ec 7a ec 5d c1 48 92 83 db 64 c4 81 de b1 38 12 63 68 2d 63 e3 5b b1 03 f4 0e d8 f8 f5 10 59 22 24 4b 66 7b c8 fc 8b 23 5a 12 b8 f0 e9 64 0c bf 9c 4c e6 f7 1f 90 07 b3 89 e8 e7 7b 0a d1 c0 57 8d a6 d3 c3 83 0c 79 f0 8e 3d 78 c5 1b a8 96 9e ff 72 b6 3f da c1 8e c7 f7 fb 17 c0 db 64 79 d8 cf 96 6a 98 e3 0b 81 c3 7c 42 1f cf 32 86 7f 7a e4 38 61 50 4d 2c 46 a7 27 34 42 36 1f 9c 65 04 78 3b 64 63 4f 0d df 89 d7 3f 39 1e e1 9f 93 83 eb 74 17 0a cc a6 fb 61 29 5b 3b f3 83 19 22 3a 59 f4 9f 8a e3 4b e4 a0 20 d9 2e 54 79 b7 7c e0 c5 9b 11 8e b8 ef c9 6a c8 cc f8 3e 41 d9 1a b0 01 ad a4 63 57 ec 09 1c a4 e2 cd 76 35 59 66 17 fb 5f 40 8a e3 eb 74 09 e5 26 a3 83 c3 a3 05 48 46 32 de be 4a 29 57 e5 48 c9 91 f1 41 90 ec de 62 d7 1e 2f 26 48 f9 6c e2 cf d5 98 ca 09 f5 24 85 44 b1 77 ae 66 67 46 c7 b7 b3 09 fc 29 76 c8 97 d9 c3 16 0a 88 3f cf 15 ff 27 e3 7b f1 1a aa bd 1b 9e d2 c3 8b 1d fc 75 fe 65 76 cc 91 e4 c3 Data Ascii: s80Wf"MIcjDVh[Ju$A*uX{z H\owD@"H$2`_fwW9xlm6z#:'s;&Q?gdv.@;ji{dzTy2\a<Yr\|;X`tD?~mJN?g'pr%GY2y(;&(0[)T??{t9fd<M2)&4>O<^gHl`>V=BDg$?gbxLw?E..b~2z@R,0#0-Elb1'Lq~M7,Artv_/Cxsu?x-Sr8Owz]Hd8ch-c[Y"$Kf{#ZdL{Wy=xr?dyj\|B2z8aPM,F'4B6ex;dcO?9ta)[;":YK .Ty\|j>AcWv5Yf_@t&HF2J)WHAb/&Hl$DwfgF)v?'{uev

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.5	49738	104.193.88.112	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:19.767575026 CET	735	OUT	GET /r/www/cache/static/bundles/es6-polyfill_388d059.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:19.937771082 CET	768	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:27:12 GMT Last-Modified: Thu, 26 Oct 2023 01:40:49 GMT ETag: "388d059dffa87621761c31ced2935ca4" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865507 Accept-Ranges: bytes Content-MD5: OI0Fnf+odiF2HDHO0pNcpA== x-bce-content-crc32: 578717120 x-bce-debug-id: sxNOgb0Tv901K7d15deVv24ZcLW67PG9rmYM4LsowVDLT57VmcdPXPJHbki3hUiUdSvBflt0quOtVE7bOenQDQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 558812a7-e4fc-4962-b0a3-647ad63bc55f x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:12 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 74476 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 36 37 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 bd e9 76 db 48 b6 2e f8 df 4f 41 a2 2a 59 40 12 a2 48 cd 22 13 62 39 6d 39 d3 55 b6 e5 b2 e4 ac 41 56 e9 42 64 50 84 4d 01 4c 00 d4 90 22 cf 5a 7d df a6 7f f6 8f 7e 81 7e 82 7b de a8 f7 b7 63 40 80 04 65 e7 59 f7 74 e7 40 01 81 18 77 ec d8 53 ec d8 51 1f cd e2 41 1e 25 b1 2b fc d8 7b 74 92 ab cf 62 90 3b 41 90 3f 4c 45 32 aa 89 fb 69 92 e6 59 a3 e1 cc e2 a1 18 45 b1 18 3a 75 fd f1 26 19 ce 26 a2 1f bb 5e d7 d1 f5 14 45 65 f6 46 43 fe 6d 85 37 c3 be 7c 74 63 af 4b 65 16 6e 3e 8e 32 df 74 80 5a 9f 65 a2 96 e5 69 44 3d e8 e9 f4 9a a0 2f 0b f3 a6 3a 9a 8a 7c 96 c6 35 ab 30 b5 30 9d 4e 1e dc d8 0f d3 eb d9 8d 88 f3 cc 5b 14 e5 72 57 78 8f d1 c8 ad 73 ab b5 28 ce f2 30 1e a0 9f b9 e7 e5 e3 34 b9 ab c5 e2 ae 76 46 7d 3f 4e d3 24 75 9d f7 69 72 13 65 22 ab dd cc b2 bc 76 25 6a 83 84 0a a5 b3 41 2e 86 b5 db 28 44 7e c7 eb 51 9d c5 e0 0d 68 44 75 9d 71 92 d7 42 d3 6b 2a 8d ce b4 2e a9 2f b9 08 da be 7c 1b 87 f1 70 22 86 41 bd a3 12 6e c3 c9 4c 04 b7 49 34 ac e9 3c 04 49 91 a6 62 98 05 e7 17 fe 80 60 82 64 af 18 6e 22 c1 34 a2 46 Data Ascii: 6741vH.OAY@H"b9m9UAVBdPML"Z}~~{c@eYt@wSQA%+{tb;A?LE2iYE:u&&^EeFCm7\|tcKen>2tZeiD=/:\|500N[rWxs(04vF}?N$uire"v%jA.(D~QhDuqBk./\|p"AnLI4<Ib`dn"4F
Nov 18, 2023 07:52:19.937913895 CET	769	IN	Data Raw: 7b db 41 10 08 d5 48 cf 13 78 e6 1a 7b cf 14 14 db 56 86 3e 37 23 ac 16 5a d3 59 36 c6 9c b9 c2 ea 5b db e7 8c 79 eb 32 ba b9 11 c3 88 8a be 8a 5d 6b 3e 6e c3 b4 96 07 1d bb ea b8 95 c4 af 66 93 51 34 a1 2a ba 78 fb 20 80 6e 62 08 28 c6 b3 c9 84 Data Ascii: {AHx{V>7#ZY6[y2]k>nfQ4x nb(rwKnqk'zh+cL_\|0vG]U[k-<GKKi}^S5a9&lIELnU\|\LLF-/Id>XD'!I+WMC)69I#2S)cW
Nov 18, 2023 07:52:19.937953949 CET	770	IN	Data Raw: 2b fa dd ef d0 88 cc 8c a5 6e ee 2b 41 26 25 29 34 f1 a3 80 96 f0 e3 62 8d 7a 9a 5b 5c 53 51 07 b0 bd ab 70 f0 c5 a8 bb 25 3d 95 aa 89 78 5e 1b 8d 4e 3d 90 8f ad 38 19 0a f0 dc 46 e3 70 25 6d b5 01 7c b6 2a 7f a9 d6 59 2d 49 6b 0a 39 8d 3e 3c 18 Data Ascii: +n+A&%)4bz[\SQp%=x^N=8Fp%m\|*Y-Ik9><WIZr[WDXu7g\|<\@Vi]BlIr=UOU2DzIxYZ.q7j}M]"'.Q~fJ5?rfUrZ7
Nov 18, 2023 07:52:19.937993050 CET	772	IN	Data Raw: f1 24 83 e6 48 3c 72 20 e9 85 da cc 7c 64 d5 a4 cb 03 79 35 49 42 e2 3d e7 1d 9a 0f 68 2a 5d 71 be 75 41 3c ce f0 1e fa 12 e0 67 3e 17 34 a9 3e 3e 07 f8 31 ef db 78 df e6 f7 0e bd 2f 41 ab 6a 09 16 20 b3 24 2a cb 1a 83 21 93 0c b4 d1 d1 0b b3 42 Data Ascii: $H<r \|dy5IB=h]quA<g>4>>1x/Aj $!BW"<' uDO)gqr'g}aGE)eWDB7_o"MCZ2$.ZJIz;MZF5HZi\d]q4Bo/ah/<Dy*=Y-`2[9lSfZ+{6J
Nov 18, 2023 07:52:19.938030958 CET	773	IN	Data Raw: 99 04 88 52 f0 fe 7c 79 fb 78 69 d3 1b 02 08 d1 b4 ee 46 87 71 6b 29 b3 58 97 99 5d c1 52 38 3b 78 9a ca 27 24 98 25 3f 48 de 63 2c 29 5a 4c 83 87 90 96 54 cb 39 ce 13 16 8f a3 20 48 e7 73 fa 8d e7 f3 f4 28 22 c9 f6 28 32 22 f7 f2 2a c4 a4 2b c9 Data Ascii: R\|yxiFqk)X]R8;x'$%?Hc,)ZLT9 Hs("(2"+^EC\4uX&*/j4!%!\|WK1{cfJyc)(,T]R]-GJIX<7O}@>}'\Uy{gorrGJ9Rwko.v9^e]
Nov 18, 2023 07:52:19.938085079 CET	774	IN	Data Raw: db a4 bf d1 e9 0e 08 3d fa a3 ee 59 19 25 94 dd b5 3b 70 09 21 48 7f a4 07 9a 5c b9 81 4b cf c4 c9 b0 e5 40 4f 04 45 41 82 ea 03 3d ee 20 43 3c a4 a7 5d f9 f4 1a 88 44 af 7b ba e4 c9 2c a7 d7 7d 20 55 a7 73 b8 b3 16 a9 f6 b7 0e b7 25 52 49 ae c9 Data Ascii: =Y%;p!H\K@OEA= C<]D{,} Us%RIH}Vi$EGng>j=s%EI $^,031d;flS,tvEbK2(=fv3iF,S-zG/^\|8u<x>WQ8S
Nov 18, 2023 07:52:19.938134909 CET	776	IN	Data Raw: c0 0b 7f 1c 66 a5 de e9 ce 5f 73 cf 70 34 9e 96 76 19 f1 d2 7e d9 95 df 4c 9a 29 a3 11 96 1b e6 fe 2c fc ac 54 04 ab 46 65 7a 90 a5 24 9f 69 c3 55 9a 84 cb 45 f7 31 1c 0e 2b 7a a6 b3 e7 41 51 40 76 72 82 53 fb 76 3f 1d e9 01 b7 e6 dc 81 02 3d 4f Data Ascii: f_sp4v~L),TFez$iUE1+zAQ@vrSv?=OZzmHN!Nh3O<@yPQX;>)q)8V\(K{\|/VY/KrCCQBeT`guC"eQi7@(_
Nov 18, 2023 07:52:19.938152075 CET	777	IN	Data Raw: 96 c5 e7 4b aa ca 07 d0 cd d7 36 29 f2 df 04 af cf 1f 2e e6 f3 d7 e7 ce 9f ff 6c a0 4a 09 34 a2 d7 e7 d3 0b ff 73 80 a1 bc 99 cf cf dc 29 e9 29 30 33 c2 99 89 a4 7e ca a0 85 97 f9 fc 0d 06 fd 85 18 ea 09 29 28 5f a4 d8 24 69 1f 4d 31 91 3f 45 1d Data Ascii: K6).lJ4s))03~)(_$iM1?EM;Tb2GGP"S?sOT'U@zzN}91_ Zqx#vp?Y55pt?8x=4{Lo$*(S/{;\|!K
Nov 18, 2023 07:52:19.938167095 CET	779	IN	Data Raw: 64 d6 9b 5d 6c cc a9 50 5e 75 77 0a 2f 9b af fa f8 b2 5f 2f 6f cb 1a 08 af dc 90 00 f9 64 ad 0b 33 f7 12 e4 bb b0 4c c2 77 4d fa 76 30 db 38 58 db d3 0a 38 f0 39 28 9c 22 0c f8 2c 21 bd d9 93 1b af c6 c3 96 54 f7 8c 54 95 46 a3 78 06 ab 5d cd ab Data Ascii: d]lP^uw/_/od3LwMv08X89(",!TTFx]y56=+q{]JS>BpZGHx\.liXl$N/`a[orOw\#=ar)$,!Uo"RtxAv"r)@R]y89W
Nov 18, 2023 07:52:19.938184023 CET	780	IN	Data Raw: c2 fb 4f 1f 93 eb 4d 8f c6 bd b1 3a fd 36 0c 4e a8 7f e3 0b 98 c9 10 8e d2 9c 0d 1e 68 73 cc d0 20 98 04 42 c7 5b 8c 88 bf 6a 41 92 3d 43 82 91 74 e0 ad bb e0 af fc 69 a4 0f 79 4a 23 16 da 79 90 66 38 cb 8a 25 87 c4 20 ce 39 04 f6 f2 ba 1b 52 af Data Ascii: OM:6Nhs B[jA=CtiyJ#yf8% 9RvL3EpZu1(*DV%r#=qgGJxU9$8'W/;;`3z^WARVS^j9=Jd'E<P
Nov 18, 2023 07:52:19.938221931 CET	781	IN	Data Raw: 9a 2c 77 5e 3a b8 ce d6 50 71 12 7f 68 38 b3 95 ba 23 3e df 00 71 0a ba 1e 87 46 71 53 6a c4 b3 fc c2 f9 a2 13 df 9c 91 c7 ea 81 26 42 14 9d 03 be 13 83 c7 71 19 3c ae 32 c3 e7 03 f8 c0 24 a9 d4 c0 b2 d9 14 90 65 bb 93 5a ed 4c fc 75 e0 78 e9 4a Data Ascii: ,w^:Pqh8#>qFqSj&Bq<2$eZLuxJ JW"L2hae.I{$FSTX{\|@c&"u{bO)m]9h[uXF&+aa,8_INu/UBY%5)s$U]U]8j

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	104.193.88.112	80	192.168.2.5	49738	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:19.767575026 CET	735	OUT	GET /r/www/cache/static/bundles/es6-polyfill_388d059.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:19.937771082 CET	768	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:27:12 GMT Last-Modified: Thu, 26 Oct 2023 01:40:49 GMT ETag: "388d059dffa87621761c31ced2935ca4" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865507 Accept-Ranges: bytes Content-MD5: OI0Fnf+odiF2HDHO0pNcpA== x-bce-content-crc32: 578717120 x-bce-debug-id: sxNOgb0Tv901K7d15deVv24ZcLW67PG9rmYM4LsowVDLT57VmcdPXPJHbki3hUiUdSvBflt0quOtVE7bOenQDQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 558812a7-e4fc-4962-b0a3-647ad63bc55f x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:12 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 74476 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 36 37 34 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 bd e9 76 db 48 b6 2e f8 df 4f 41 a2 2a 59 40 12 a2 48 cd 22 13 62 39 6d 39 d3 55 b6 e5 b2 e4 ac 41 56 e9 42 64 50 84 4d 01 4c 00 d4 90 22 cf 5a 7d df a6 7f f6 8f 7e 81 7e 82 7b de a8 f7 b7 63 40 80 04 65 e7 59 f7 74 e7 40 01 81 18 77 ec d8 53 ec d8 51 1f cd e2 41 1e 25 b1 2b fc d8 7b 74 92 ab cf 62 90 3b 41 90 3f 4c 45 32 aa 89 fb 69 92 e6 59 a3 e1 cc e2 a1 18 45 b1 18 3a 75 fd f1 26 19 ce 26 a2 1f bb 5e d7 d1 f5 14 45 65 f6 46 43 fe 6d 85 37 c3 be 7c 74 63 af 4b 65 16 6e 3e 8e 32 df 74 80 5a 9f 65 a2 96 e5 69 44 3d e8 e9 f4 9a a0 2f 0b f3 a6 3a 9a 8a 7c 96 c6 35 ab 30 b5 30 9d 4e 1e dc d8 0f d3 eb d9 8d 88 f3 cc 5b 14 e5 72 57 78 8f d1 c8 ad 73 ab b5 28 ce f2 30 1e a0 9f b9 e7 e5 e3 34 b9 ab c5 e2 ae 76 46 7d 3f 4e d3 24 75 9d f7 69 72 13 65 22 ab dd cc b2 bc 76 25 6a 83 84 0a a5 b3 41 2e 86 b5 db 28 44 7e c7 eb 51 9d c5 e0 0d 68 44 75 9d 71 92 d7 42 d3 6b 2a 8d ce b4 2e a9 2f b9 08 da be 7c 1b 87 f1 70 22 86 41 bd a3 12 6e c3 c9 4c 04 b7 49 34 ac e9 3c 04 49 91 a6 62 98 05 e7 17 fe 80 60 82 64 af 18 6e 22 c1 34 a2 46 Data Ascii: 6741vH.OAY@H"b9m9UAVBdPML"Z}~~{c@eYt@wSQA%+{tb;A?LE2iYE:u&&^EeFCm7\|tcKen>2tZeiD=/:\|500N[rWxs(04vF}?N$uire"v%jA.(D~QhDuqBk./\|p"AnLI4<Ib`dn"4F
Nov 18, 2023 07:52:19.937913895 CET	769	IN	Data Raw: 7b db 41 10 08 d5 48 cf 13 78 e6 1a 7b cf 14 14 db 56 86 3e 37 23 ac 16 5a d3 59 36 c6 9c b9 c2 ea 5b db e7 8c 79 eb 32 ba b9 11 c3 88 8a be 8a 5d 6b 3e 6e c3 b4 96 07 1d bb ea b8 95 c4 af 66 93 51 34 a1 2a ba 78 fb 20 80 6e 62 08 28 c6 b3 c9 84 Data Ascii: {AHx{V>7#ZY6[y2]k>nfQ4x nb(rwKnqk'zh+cL_\|0vG]U[k-<GKKi}^S5a9&lIELnU\|\LLF-/Id>XD'!I+WMC)69I#2S)cW
Nov 18, 2023 07:52:19.937953949 CET	770	IN	Data Raw: 2b fa dd ef d0 88 cc 8c a5 6e ee 2b 41 26 25 29 34 f1 a3 80 96 f0 e3 62 8d 7a 9a 5b 5c 53 51 07 b0 bd ab 70 f0 c5 a8 bb 25 3d 95 aa 89 78 5e 1b 8d 4e 3d 90 8f ad 38 19 0a f0 dc 46 e3 70 25 6d b5 01 7c b6 2a 7f a9 d6 59 2d 49 6b 0a 39 8d 3e 3c 18 Data Ascii: +n+A&%)4bz[\SQp%=x^N=8Fp%m\|*Y-Ik9><WIZr[WDXu7g\|<\@Vi]BlIr=UOU2DzIxYZ.q7j}M]"'.Q~fJ5?rfUrZ7
Nov 18, 2023 07:52:19.937993050 CET	772	IN	Data Raw: f1 24 83 e6 48 3c 72 20 e9 85 da cc 7c 64 d5 a4 cb 03 79 35 49 42 e2 3d e7 1d 9a 0f 68 2a 5d 71 be 75 41 3c ce f0 1e fa 12 e0 67 3e 17 34 a9 3e 3e 07 f8 31 ef db 78 df e6 f7 0e bd 2f 41 ab 6a 09 16 20 b3 24 2a cb 1a 83 21 93 0c b4 d1 d1 0b b3 42 Data Ascii: $H<r \|dy5IB=h]quA<g>4>>1x/Aj $!BW"<' uDO)gqr'g}aGE)eWDB7_o"MCZ2$.ZJIz;MZF5HZi\d]q4Bo/ah/<Dy*=Y-`2[9lSfZ+{6J
Nov 18, 2023 07:52:19.938030958 CET	773	IN	Data Raw: 99 04 88 52 f0 fe 7c 79 fb 78 69 d3 1b 02 08 d1 b4 ee 46 87 71 6b 29 b3 58 97 99 5d c1 52 38 3b 78 9a ca 27 24 98 25 3f 48 de 63 2c 29 5a 4c 83 87 90 96 54 cb 39 ce 13 16 8f a3 20 48 e7 73 fa 8d e7 f3 f4 28 22 c9 f6 28 32 22 f7 f2 2a c4 a4 2b c9 Data Ascii: R\|yxiFqk)X]R8;x'$%?Hc,)ZLT9 Hs("(2"+^EC\4uX&*/j4!%!\|WK1{cfJyc)(,T]R]-GJIX<7O}@>}'\Uy{gorrGJ9Rwko.v9^e]
Nov 18, 2023 07:52:19.938085079 CET	774	IN	Data Raw: db a4 bf d1 e9 0e 08 3d fa a3 ee 59 19 25 94 dd b5 3b 70 09 21 48 7f a4 07 9a 5c b9 81 4b cf c4 c9 b0 e5 40 4f 04 45 41 82 ea 03 3d ee 20 43 3c a4 a7 5d f9 f4 1a 88 44 af 7b ba e4 c9 2c a7 d7 7d 20 55 a7 73 b8 b3 16 a9 f6 b7 0e b7 25 52 49 ae c9 Data Ascii: =Y%;p!H\K@OEA= C<]D{,} Us%RIH}Vi$EGng>j=s%EI $^,031d;flS,tvEbK2(=fv3iF,S-zG/^\|8u<x>WQ8S
Nov 18, 2023 07:52:19.938134909 CET	776	IN	Data Raw: c0 0b 7f 1c 66 a5 de e9 ce 5f 73 cf 70 34 9e 96 76 19 f1 d2 7e d9 95 df 4c 9a 29 a3 11 96 1b e6 fe 2c fc ac 54 04 ab 46 65 7a 90 a5 24 9f 69 c3 55 9a 84 cb 45 f7 31 1c 0e 2b 7a a6 b3 e7 41 51 40 76 72 82 53 fb 76 3f 1d e9 01 b7 e6 dc 81 02 3d 4f Data Ascii: f_sp4v~L),TFez$iUE1+zAQ@vrSv?=OZzmHN!Nh3O<@yPQX;>)q)8V\(K{\|/VY/KrCCQBeT`guC"eQi7@(_
Nov 18, 2023 07:52:19.938152075 CET	777	IN	Data Raw: 96 c5 e7 4b aa ca 07 d0 cd d7 36 29 f2 df 04 af cf 1f 2e e6 f3 d7 e7 ce 9f ff 6c a0 4a 09 34 a2 d7 e7 d3 0b ff 73 80 a1 bc 99 cf cf dc 29 e9 29 30 33 c2 99 89 a4 7e ca a0 85 97 f9 fc 0d 06 fd 85 18 ea 09 29 28 5f a4 d8 24 69 1f 4d 31 91 3f 45 1d Data Ascii: K6).lJ4s))03~)(_$iM1?EM;Tb2GGP"S?sOT'U@zzN}91_ Zqx#vp?Y55pt?8x=4{Lo$*(S/{;\|!K
Nov 18, 2023 07:52:19.938167095 CET	779	IN	Data Raw: 64 d6 9b 5d 6c cc a9 50 5e 75 77 0a 2f 9b af fa f8 b2 5f 2f 6f cb 1a 08 af dc 90 00 f9 64 ad 0b 33 f7 12 e4 bb b0 4c c2 77 4d fa 76 30 db 38 58 db d3 0a 38 f0 39 28 9c 22 0c f8 2c 21 bd d9 93 1b af c6 c3 96 54 f7 8c 54 95 46 a3 78 06 ab 5d cd ab Data Ascii: d]lP^uw/_/od3LwMv08X89(",!TTFx]y56=+q{]JS>BpZGHx\.liXl$N/`a[orOw\#=ar)$,!Uo"RtxAv"r)@R]y89W
Nov 18, 2023 07:52:19.938184023 CET	780	IN	Data Raw: c2 fb 4f 1f 93 eb 4d 8f c6 bd b1 3a fd 36 0c 4e a8 7f e3 0b 98 c9 10 8e d2 9c 0d 1e 68 73 cc d0 20 98 04 42 c7 5b 8c 88 bf 6a 41 92 3d 43 82 91 74 e0 ad bb e0 af fc 69 a4 0f 79 4a 23 16 da 79 90 66 38 cb 8a 25 87 c4 20 ce 39 04 f6 f2 ba 1b 52 af Data Ascii: OM:6Nhs B[jA=CtiyJ#yf8% 9RvL3EpZu1(*DV%r#=qgGJxU9$8'W/;;`3z^WARVS^j9=Jd'E<P
Nov 18, 2023 07:52:19.938221931 CET	781	IN	Data Raw: 9a 2c 77 5e 3a b8 ce d6 50 71 12 7f 68 38 b3 95 ba 23 3e df 00 71 0a ba 1e 87 46 71 53 6a c4 b3 fc c2 f9 a2 13 df 9c 91 c7 ea 81 26 42 14 9d 03 be 13 83 c7 71 19 3c ae 32 c3 e7 03 f8 c0 24 a9 d4 c0 b2 d9 14 90 65 bb 93 5a ed 4c fc 75 e0 78 e9 4a Data Ascii: ,w^:Pqh8#>qFqSj&Bq<2$eZLuxJ JW"L2hae.I{$FSTX{\|@c&"u{bO)m]9h[uXF&+aa,8_INu/UBY%5)s$U]U]8j

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.5	49741	104.193.88.112	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:20.059820890 CET	797	OUT	GET /r/www/cache/static/bundles/polyfill_9354efa.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:20.231004000 CET	799	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:27:15 GMT Last-Modified: Thu, 26 Oct 2023 01:40:49 GMT ETag: "9354efad5c9f5519f606c3c39434b9ec" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865505 Accept-Ranges: bytes Content-MD5: k1TvrVyfVRn2BsPDlDS57A== x-bce-content-crc32: 3721482874 x-bce-debug-id: 4QgUsO942gpVq0GkrUhE9Mktwl24xIF0iP6V1nRWBPvCAATzI+xh3h6YrNLQ2UZYhyh6s90LPynCJ5Pa+zvCwA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: f09a987f-a9c7-4495-9ec8-52602373be3d x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:15 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 41984 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 31 63 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d db 72 db 48 b2 e0 f3 6a 7f 82 42 78 38 80 59 a4 00 ea 62 1b 34 c8 76 fb d6 76 fb d6 b6 ba ed 6e 9a a3 80 c8 a2 84 36 05 70 00 d0 b2 2c 32 c2 73 ce d9 7b c4 7e c0 be ec f9 83 fd 80 7d d8 88 fd 93 e3 f3 01 fb 0b 9b 99 75 41 01 04 d5 9e 9e 9e 39 d3 17 b1 ae 59 55 59 59 99 59 59 59 85 ed e9 22 1e e7 51 12 db ce e5 fb 30 6d e4 8c b3 34 b8 93 a6 e1 05 8b 83 b4 33 4f 93 3c c9 2f e6 9c 25 c1 f3 e3 9f f9 38 67 51 90 18 c9 61 f0 40 42 60 8b 20 34 32 b2 e0 55 9e 46 f1 09 9b 06 99 91 3c 0e 9e 2d ce 8e 79 ca 66 c1 d8 48 3e 0d e2 4e 36 8b c6 9c cd 31 34 a7 e0 09 04 e7 8b ec 94 4d 20 b0 88 b3 d3 68 9a b3 0b 08 8f 93 78 1c e6 ec 3d 04 7f 4e a2 98 1d 07 8b ce 38 9c cd d8 19 04 c2 f9 7c 76 c1 ce 83 a7 61 7e da 39 0b 3f b0 43 19 84 82 3f 07 51 27 4f 64 c7 ee 05 96 1a bd 15 04 d8 8d 64 da 78 75 71 76 9c cc 9a 4d 2b a3 40 35 43 d7 3e 0c 4f d8 73 3d f6 62 24 05 f8 57 c1 ce 1f de 66 d7 c7 b3 30 cb 1a 3b ec 43 a0 51 9d 3b 97 79 7a 41 f8 e6 c1 73 ea 39 a4 01 de 79 27 e5 f3 59 38 e6 f6 ce 5b f8 b7 73 fd 6d bc 73 c2 2c cb a1 b9 30 f3 ae 0f Data Ascii: 1c7f}rHjBx8Yb4vvn6p,2s{~}uA9YUYYYYY"Q0m43O</%8gQa@B` 42UF<-yfH>N614M hx=N8\|va~9?C?Q'OddxuqvM+@5C>Os=b$Wf0;CQ;yzAs9y'Y8[sms,0
Nov 18, 2023 07:52:20.231019020 CET	800	IN	Data Raw: 3b 6f b3 b7 af 46 d7 df 5e 7f bb 23 cb 24 80 8e a2 0c d4 3c 63 56 c3 72 8a b4 c6 65 77 85 65 21 b1 b7 95 f2 7c 91 c6 8d 57 9d 9c 67 b9 9d 38 2b c0 e8 f8 d4 8e 9c 4b 91 b3 ed ad 56 ec fe 5a a7 65 b5 0f 10 1f 6c 7b be 5d 74 7f db 55 30 78 09 c6 d3 Data Ascii: ;oF^#$<cVrewe!\|Wg8+KVZel{]tU0x&D:y0OR#;/5MQ0{-fn[MP& iJdqb(!g5, x\'?}SAzdx(>8{{\|`4>-)ne_
Nov 18, 2023 07:52:20.231057882 CET	801	IN	Data Raw: c4 06 df 09 3c c3 ce c2 47 46 da f6 60 af 87 55 84 04 b0 13 c5 9a 10 1f 7a 32 64 62 df 23 f9 a5 93 61 a0 30 68 94 92 b8 28 7a ad 56 74 3b ec 39 a4 7a 24 50 d2 5a c4 42 1f 9a 14 83 4d 07 dc 4e 50 03 01 45 c4 f1 b9 62 a0 3a 09 f5 12 b6 1d 72 a0 45 Data Ascii: <GF`Uz2db#a0h(zVt;9z$PZBMNPEb:rE9H\|z}&\xvyq5{Fyb02Y:?LJ+$LYn*J`b8-4ZR@T<8IG_#4:0^@r=lbA,
Nov 18, 2023 07:52:20.231072903 CET	803	IN	Data Raw: e9 c8 d0 cc d2 11 88 fc 62 5a 15 84 00 8a 31 f8 7f c5 ce 6a 78 ca e5 0a da ad 4e 21 1e d4 2b ae af 90 24 a1 a2 12 00 b4 81 3f aa 81 e5 d2 40 50 71 16 28 8c 71 0f 51 70 20 47 13 2c 08 21 d7 c8 30 10 7c 62 16 4f ea 85 96 7f cc eb 33 56 38 2a 81 e7 Data Ascii: bZ1jxN!+$?@Pq(qQp G,!0\|bO3V8Vl9+vN&JU,>-'9, ]9ZU\5RPvA=J_ 1^0BANXbTN2mn0DQq8~8[d9,M?K@4 X!r{g91
Nov 18, 2023 07:52:20.231086969 CET	804	IN	Data Raw: 90 8f 09 d8 e3 c5 0c d3 17 28 4d 5f f1 39 fc 7d 0e 7c 9a 59 cf 92 f7 f0 17 88 0c 80 45 a9 21 08 0d d7 94 27 dc d6 ab 94 33 dc 00 01 77 00 6e 52 1e 0e bb 34 08 c9 dc 01 21 23 27 55 1a 84 da 69 d9 2f 8b a6 ae 5e ca 88 a2 19 48 95 1c 64 0b 16 94 2e Data Ascii: (M_9}\|YE!'3wnR4!#'Ui/^Hd.l)]~Z&=o<4cENSu?s}NBVbiCQ/<_ZKJD2@jqcJc2dhTX_r UbZC=-@W@HKo21pIpQ
Nov 18, 2023 07:52:20.231168032 CET	806	IN	Data Raw: eb 7a 5d d6 dd db 65 dd 1b bb 6c d7 dd 63 bb bb f0 ff c1 fe 08 b4 bc b2 45 45 48 2a d8 5a 0d 3c 5f 7b 33 37 e2 21 1f 09 81 23 88 c4 ce db a8 09 b4 52 67 67 cf 11 0e 69 46 86 eb 61 86 e7 ba 4e b5 ce 81 c8 da c3 2c 68 fe 3a 15 bf e1 3a 2b d0 2d 75 Data Ascii: z]elcEEH*Z<_{37!#RggiFaN,h::+-u?t/mDR5'&#35D#iYiI!] ?n'~8yZyKmqKP"/eoyMD BrIiJ]Qt./`d_D9_@las
Nov 18, 2023 07:52:20.231178999 CET	806	IN	Data Raw: 8d cc b2 b0 3b ac bc 2b ec 3a 78 cd 43 b4 51 4c 21 bd 7e 82 40 23 f9 3c 8e 32 1d a1 00 58 6f 05 2f 0a d1 95 aa e2 0a 02 ee f1 39 ee f1 25 71 4a 37 4d 04 4c 04 83 0c 32 63 53 36 46 8f 96 59 60 c7 9d e8 24 4e 52 7e 17 a4 d3 c0 8a 84 ed 08 af eb e2 Data Ascii: ;+:xCQL!~@#<2Xo/9%qJ7ML2cS6FY`$NR~AkL'.hL i<X)JV[tew_jeul}9I]#"GNow0Cwh[\|R5kc=HUh^/$^j9u]/^
Nov 18, 2023 07:52:20.231189966 CET	807	IN	Data Raw: 31 39 66 36 0d 0a 4f 41 da 2a cd b2 92 11 ab b9 7a 8e 73 95 2d 8e 61 93 cb 5e a5 01 72 63 8a 00 86 8f 51 e1 b5 5c 14 11 94 84 a7 05 20 93 a6 ec 52 c4 2b db 03 a1 00 eb 0b 0c 74 f0 0b ba d8 39 35 29 11 d4 22 8f 0f f6 bc dc 19 72 8b 7e 25 05 ea 07 Data Ascii: 19f6OA*zs-a^rcQ\ R+t95)"r~%{iOO??O\|_?_?Io,v},C!mY\2duR@.g0)lrWa!TBj)\
Nov 18, 2023 07:52:20.231201887 CET	809	IN	Data Raw: 32 5f 60 4b c9 62 25 ae 74 15 57 a4 f0 a9 9c 46 ec c8 91 17 dc b9 8c 71 b1 c4 d0 b2 45 cb 24 c1 47 04 92 91 de 72 e2 5d 66 e3 59 e2 8a 27 1d 4d 44 6f 4b e8 1c 47 47 78 99 34 9e 64 ec e8 48 20 14 02 29 68 42 f0 33 e1 e3 24 05 0a 83 20 28 55 e1 19 Data Ascii: 2_`Kb%tWFqE$Gr]fY'MDoKGGx4dH )hB3$ (U<C,}F9O!t^gUb&!N'tFPxW?(g;~ay@'%Ur)z "4)qzE"><D2-a>Dd93'KvPO<d%eSx
Nov 18, 2023 07:52:20.231213093 CET	810	IN	Data Raw: f5 a9 cc a3 e0 12 89 db 4f 6d d0 bd e5 8a 80 88 e7 a8 cf 39 60 ac 0b cb be 86 e9 aa af 57 d9 47 43 f9 bd 2a 64 a9 b8 4c 47 a6 01 50 b6 84 3a dd ca 61 47 c8 41 8a ed 54 95 85 98 ea 24 77 2c 49 8e 16 ce ff 72 59 a3 5d 2e 97 95 fd 8c b4 8e 62 2b a5 Data Ascii: Om9`WGCdLGP:aGAT$w,IrY].b+t%Fe<@5hxI^FRd]=yJ5`VPTK@ddMTzEV>@Z@U=(noAVK,4v}N$8P\|24UDZ29jW~DA
Nov 18, 2023 07:52:20.231220961 CET	811	IN	Data Raw: ea 59 0e 3d df 83 5f 3b a8 f5 b5 8b 3b 12 7d 03 1d 0a 72 1f 2b e8 38 e8 3b 30 ab 89 79 a0 68 da 76 c9 cd 4d 3b d7 9c a1 5a 48 2c f0 05 6e 1f 6a d8 1f ed a8 5f 6e e0 8d 8a d3 9d d2 44 91 ce b3 11 0e 3d ff 7a b8 09 90 c8 44 61 b5 7d 26 7e ee 97 5d Data Ascii: Y=_;;}r+8;0yhvM;ZH,nj_nD=zDa}&~]{\|(E<0_W%$#Lz$hSW0-%ry1HZl%4/~))]7Y7"pH=`mO1BSRJ_)&6
Nov 18, 2023 07:52:20.234514952 CET	814	OUT	GET /r/www/cache/static/global/js/all_async_search_d3cea19.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:20.405791044 CET	817	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sun, 12 Nov 2023 07:54:21 GMT Last-Modified: Thu, 09 Nov 2023 04:49:18 GMT ETag: "d3cea19a98ed342f12b17fbc84c0e131" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 773879 Accept-Ranges: bytes Content-MD5: 086hmpjtNC8SsX+8hMDhMQ== x-bce-content-crc32: 2941124309 x-bce-debug-id: WvCDlHFvp/vC1CGoP/zRd+UE2iIPWukBWwmmAeNnrJVUffQPbrHMj3XL1zXLU6FUwXeOSVdiRet6U8K9NI2sgw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 1bd9a556-e875-490d-8da5-0e1c3c922198 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Thu, 09 Nov 2023 07:54:21 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 721537 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 33 37 62 39 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc bd 7b 93 e3 58 76 1f f8 b7 eb 53 64 a2 6b 58 40 13 64 92 99 95 59 55 60 21 e9 7a 4d 77 75 77 75 d7 74 56 3f b3 b2 b9 20 09 32 51 49 02 2c 00 cc 47 67 d2 31 d6 ca b1 1a 85 b4 b2 56 5a db 92 ed 8d 58 ef 86 c2 e1 55 78 b4 0e ad 2d c9 1a e9 bb 78 a7 bb 47 7f f9 2b ec f9 9d fb c0 05 09 56 55 b7 c6 b1 b1 3b 3d c5 04 2e ee fb 9e 7b ee 79 df d1 3c 1e e4 51 12 6f 04 c3 e1 a3 4f ed d0 cd dd d8 b9 3c 8b e2 61 72 d6 0c f2 3c 18 1c 3f 3a 0d e3 bc 1b 9a 6f b6 95 c4 56 1d 59 3d 95 95 8a e3 cb 07 51 96 87 71 98 d6 6a e1 4a 9a 4d 05 dc cd b6 b3 18 a9 46 7b c1 93 07 76 e8 5c 8e 92 d4 3e 0d d2 8d dc 0f dd d8 6f b4 3b b9 9f 37 67 41 4a 85 3f 4c 86 61 c7 89 46 76 ec 53 42 16 3e a6 d6 f3 e6 38 cc ef e5 79 1a f5 e7 79 68 5b d1 d0 72 1c 37 de 6f 39 69 98 cf d3 78 23 2e 9a 08 26 bd 81 6a a2 63 3d bb 77 ff 83 47 d6 a6 1f 36 f3 60 fc 61 30 a5 aa 43 7a 31 9a 92 35 84 15 4d 94 2b dd c6 64 c9 7a f3 46 a3 e3 94 5b b0 cb f5 3a 45 83 6f d6 04 77 5a ce 49 73 d6 ee d0 0c 6c da 56 30 49 66 dc fd d1 f4 ea ca 4a b3 d3 de f9 2c c8 8f ad 88 aa bb ba Data Ascii: 37b9e{XvSdkX@dYU`!zMwuwutV? 2QI,Gg1VZXUx-xG+VU;=.{y<QoO<ar<?:oVY=QqjJMF{v\>o;7gAJ?LaFvSB>8yyh[r7o9ix#.&jc=wG6`a0Cz15M+dzF[:EowZIslV0IfJ,

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	104.193.88.112	80	192.168.2.5	49741	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:20.059820890 CET	797	OUT	GET /r/www/cache/static/bundles/polyfill_9354efa.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:20.231004000 CET	799	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:27:15 GMT Last-Modified: Thu, 26 Oct 2023 01:40:49 GMT ETag: "9354efad5c9f5519f606c3c39434b9ec" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865505 Accept-Ranges: bytes Content-MD5: k1TvrVyfVRn2BsPDlDS57A== x-bce-content-crc32: 3721482874 x-bce-debug-id: 4QgUsO942gpVq0GkrUhE9Mktwl24xIF0iP6V1nRWBPvCAATzI+xh3h6YrNLQ2UZYhyh6s90LPynCJ5Pa+zvCwA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: f09a987f-a9c7-4495-9ec8-52602373be3d x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:15 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 41984 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 31 63 37 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cc 7d db 72 db 48 b2 e0 f3 6a 7f 82 42 78 38 80 59 a4 00 ea 62 1b 34 c8 76 fb d6 76 fb d6 b6 ba ed 6e 9a a3 80 c8 a2 84 36 05 70 00 d0 b2 2c 32 c2 73 ce d9 7b c4 7e c0 be ec f9 83 fd 80 7d d8 88 fd 93 e3 f3 01 fb 0b 9b 99 75 41 01 04 d5 9e 9e 9e 39 d3 17 b1 ae 59 55 59 59 99 59 59 59 85 ed e9 22 1e e7 51 12 db ce e5 fb 30 6d e4 8c b3 34 b8 93 a6 e1 05 8b 83 b4 33 4f 93 3c c9 2f e6 9c 25 c1 f3 e3 9f f9 38 67 51 90 18 c9 61 f0 40 42 60 8b 20 34 32 b2 e0 55 9e 46 f1 09 9b 06 99 91 3c 0e 9e 2d ce 8e 79 ca 66 c1 d8 48 3e 0d e2 4e 36 8b c6 9c cd 31 34 a7 e0 09 04 e7 8b ec 94 4d 20 b0 88 b3 d3 68 9a b3 0b 08 8f 93 78 1c e6 ec 3d 04 7f 4e a2 98 1d 07 8b ce 38 9c cd d8 19 04 c2 f9 7c 76 c1 ce 83 a7 61 7e da 39 0b 3f b0 43 19 84 82 3f 07 51 27 4f 64 c7 ee 05 96 1a bd 15 04 d8 8d 64 da 78 75 71 76 9c cc 9a 4d 2b a3 40 35 43 d7 3e 0c 4f d8 73 3d f6 62 24 05 f8 57 c1 ce 1f de 66 d7 c7 b3 30 cb 1a 3b ec 43 a0 51 9d 3b 97 79 7a 41 f8 e6 c1 73 ea 39 a4 01 de 79 27 e5 f3 59 38 e6 f6 ce 5b f8 b7 73 fd 6d bc 73 c2 2c cb a1 b9 30 f3 ae 0f Data Ascii: 1c7f}rHjBx8Yb4vvn6p,2s{~}uA9YUYYYYY"Q0m43O</%8gQa@B` 42UF<-yfH>N614M hx=N8\|va~9?C?Q'OddxuqvM+@5C>Os=b$Wf0;CQ;yzAs9y'Y8[sms,0
Nov 18, 2023 07:52:20.231019020 CET	800	IN	Data Raw: 3b 6f b3 b7 af 46 d7 df 5e 7f bb 23 cb 24 80 8e a2 0c d4 3c 63 56 c3 72 8a b4 c6 65 77 85 65 21 b1 b7 95 f2 7c 91 c6 8d 57 9d 9c 67 b9 9d 38 2b c0 e8 f8 d4 8e 9c 4b 91 b3 ed ad 56 ec fe 5a a7 65 b5 0f 10 1f 6c 7b be 5d 74 7f db 55 30 78 09 c6 d3 Data Ascii: ;oF^#$<cVrewe!\|Wg8+KVZel{]tU0x&D:y0OR#;/5MQ0{-fn[MP& iJdqb(!g5, x\'?}SAzdx(>8{{\|`4>-)ne_
Nov 18, 2023 07:52:20.231057882 CET	801	IN	Data Raw: c4 06 df 09 3c c3 ce c2 47 46 da f6 60 af 87 55 84 04 b0 13 c5 9a 10 1f 7a 32 64 62 df 23 f9 a5 93 61 a0 30 68 94 92 b8 28 7a ad 56 74 3b ec 39 a4 7a 24 50 d2 5a c4 42 1f 9a 14 83 4d 07 dc 4e 50 03 01 45 c4 f1 b9 62 a0 3a 09 f5 12 b6 1d 72 a0 45 Data Ascii: <GF`Uz2db#a0h(zVt;9z$PZBMNPEb:rE9H\|z}&\xvyq5{Fyb02Y:?LJ+$LYn*J`b8-4ZR@T<8IG_#4:0^@r=lbA,
Nov 18, 2023 07:52:20.231072903 CET	803	IN	Data Raw: e9 c8 d0 cc d2 11 88 fc 62 5a 15 84 00 8a 31 f8 7f c5 ce 6a 78 ca e5 0a da ad 4e 21 1e d4 2b ae af 90 24 a1 a2 12 00 b4 81 3f aa 81 e5 d2 40 50 71 16 28 8c 71 0f 51 70 20 47 13 2c 08 21 d7 c8 30 10 7c 62 16 4f ea 85 96 7f cc eb 33 56 38 2a 81 e7 Data Ascii: bZ1jxN!+$?@Pq(qQp G,!0\|bO3V8Vl9+vN&JU,>-'9, ]9ZU\5RPvA=J_ 1^0BANXbTN2mn0DQq8~8[d9,M?K@4 X!r{g91
Nov 18, 2023 07:52:20.231086969 CET	804	IN	Data Raw: 90 8f 09 d8 e3 c5 0c d3 17 28 4d 5f f1 39 fc 7d 0e 7c 9a 59 cf 92 f7 f0 17 88 0c 80 45 a9 21 08 0d d7 94 27 dc d6 ab 94 33 dc 00 01 77 00 6e 52 1e 0e bb 34 08 c9 dc 01 21 23 27 55 1a 84 da 69 d9 2f 8b a6 ae 5e ca 88 a2 19 48 95 1c 64 0b 16 94 2e Data Ascii: (M_9}\|YE!'3wnR4!#'Ui/^Hd.l)]~Z&=o<4cENSu?s}NBVbiCQ/<_ZKJD2@jqcJc2dhTX_r UbZC=-@W@HKo21pIpQ
Nov 18, 2023 07:52:20.231168032 CET	806	IN	Data Raw: eb 7a 5d d6 dd db 65 dd 1b bb 6c d7 dd 63 bb bb f0 ff c1 fe 08 b4 bc b2 45 45 48 2a d8 5a 0d 3c 5f 7b 33 37 e2 21 1f 09 81 23 88 c4 ce db a8 09 b4 52 67 67 cf 11 0e 69 46 86 eb 61 86 e7 ba 4e b5 ce 81 c8 da c3 2c 68 fe 3a 15 bf e1 3a 2b d0 2d 75 Data Ascii: z]elcEEH*Z<_{37!#RggiFaN,h::+-u?t/mDR5'&#35D#iYiI!] ?n'~8yZyKmqKP"/eoyMD BrIiJ]Qt./`d_D9_@las
Nov 18, 2023 07:52:20.231178999 CET	806	IN	Data Raw: 8d cc b2 b0 3b ac bc 2b ec 3a 78 cd 43 b4 51 4c 21 bd 7e 82 40 23 f9 3c 8e 32 1d a1 00 58 6f 05 2f 0a d1 95 aa e2 0a 02 ee f1 39 ee f1 25 71 4a 37 4d 04 4c 04 83 0c 32 63 53 36 46 8f 96 59 60 c7 9d e8 24 4e 52 7e 17 a4 d3 c0 8a 84 ed 08 af eb e2 Data Ascii: ;+:xCQL!~@#<2Xo/9%qJ7ML2cS6FY`$NR~AkL'.hL i<X)JV[tew_jeul}9I]#"GNow0Cwh[\|R5kc=HUh^/$^j9u]/^
Nov 18, 2023 07:52:20.231189966 CET	807	IN	Data Raw: 31 39 66 36 0d 0a 4f 41 da 2a cd b2 92 11 ab b9 7a 8e 73 95 2d 8e 61 93 cb 5e a5 01 72 63 8a 00 86 8f 51 e1 b5 5c 14 11 94 84 a7 05 20 93 a6 ec 52 c4 2b db 03 a1 00 eb 0b 0c 74 f0 0b ba d8 39 35 29 11 d4 22 8f 0f f6 bc dc 19 72 8b 7e 25 05 ea 07 Data Ascii: 19f6OA*zs-a^rcQ\ R+t95)"r~%{iOO??O\|_?_?Io,v},C!mY\2duR@.g0)lrWa!TBj)\
Nov 18, 2023 07:52:20.231201887 CET	809	IN	Data Raw: 32 5f 60 4b c9 62 25 ae 74 15 57 a4 f0 a9 9c 46 ec c8 91 17 dc b9 8c 71 b1 c4 d0 b2 45 cb 24 c1 47 04 92 91 de 72 e2 5d 66 e3 59 e2 8a 27 1d 4d 44 6f 4b e8 1c 47 47 78 99 34 9e 64 ec e8 48 20 14 02 29 68 42 f0 33 e1 e3 24 05 0a 83 20 28 55 e1 19 Data Ascii: 2_`Kb%tWFqE$Gr]fY'MDoKGGx4dH )hB3$ (U<C,}F9O!t^gUb&!N'tFPxW?(g;~ay@'%Ur)z "4)qzE"><D2-a>Dd93'KvPO<d%eSx
Nov 18, 2023 07:52:20.231213093 CET	810	IN	Data Raw: f5 a9 cc a3 e0 12 89 db 4f 6d d0 bd e5 8a 80 88 e7 a8 cf 39 60 ac 0b cb be 86 e9 aa af 57 d9 47 43 f9 bd 2a 64 a9 b8 4c 47 a6 01 50 b6 84 3a dd ca 61 47 c8 41 8a ed 54 95 85 98 ea 24 77 2c 49 8e 16 ce ff 72 59 a3 5d 2e 97 95 fd 8c b4 8e 62 2b a5 Data Ascii: Om9`WGCdLGP:aGAT$w,IrY].b+t%Fe<@5hxI^FRd]=yJ5`VPTK@ddMTzEV>@Z@U=(noAVK,4v}N$8P\|24UDZ29jW~DA
Nov 18, 2023 07:52:20.231220961 CET	811	IN	Data Raw: ea 59 0e 3d df 83 5f 3b a8 f5 b5 8b 3b 12 7d 03 1d 0a 72 1f 2b e8 38 e8 3b 30 ab 89 79 a0 68 da 76 c9 cd 4d 3b d7 9c a1 5a 48 2c f0 05 6e 1f 6a d8 1f ed a8 5f 6e e0 8d 8a d3 9d d2 44 91 ce b3 11 0e 3d ff 7a b8 09 90 c8 44 61 b5 7d 26 7e ee 97 5d Data Ascii: Y=_;;}r+8;0yhvM;ZH,nj_nD=zDa}&~]{\|(E<0_W%$#Lz$hSW0-%ry1HZl%4/~))]7Y7"pH=`mO1BSRJ_)&6
Nov 18, 2023 07:52:20.234514952 CET	814	OUT	GET /r/www/cache/static/global/js/all_async_search_d3cea19.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:20.405791044 CET	817	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sun, 12 Nov 2023 07:54:21 GMT Last-Modified: Thu, 09 Nov 2023 04:49:18 GMT ETag: "d3cea19a98ed342f12b17fbc84c0e131" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 773879 Accept-Ranges: bytes Content-MD5: 086hmpjtNC8SsX+8hMDhMQ== x-bce-content-crc32: 2941124309 x-bce-debug-id: WvCDlHFvp/vC1CGoP/zRd+UE2iIPWukBWwmmAeNnrJVUffQPbrHMj3XL1zXLU6FUwXeOSVdiRet6U8K9NI2sgw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 1bd9a556-e875-490d-8da5-0e1c3c922198 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Thu, 09 Nov 2023 07:54:21 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 721537 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 33 37 62 39 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc bd 7b 93 e3 58 76 1f f8 b7 eb 53 64 a2 6b 58 40 13 64 92 99 95 59 55 60 21 e9 7a 4d 77 75 77 75 d7 74 56 3f b3 b2 b9 20 09 32 51 49 02 2c 00 cc 47 67 d2 31 d6 ca b1 1a 85 b4 b2 56 5a db 92 ed 8d 58 ef 86 c2 e1 55 78 b4 0e ad 2d c9 1a e9 bb 78 a7 bb 47 7f f9 2b ec f9 9d fb c0 05 09 56 55 b7 c6 b1 b1 3b 3d c5 04 2e ee fb 9e 7b ee 79 df d1 3c 1e e4 51 12 6f 04 c3 e1 a3 4f ed d0 cd dd d8 b9 3c 8b e2 61 72 d6 0c f2 3c 18 1c 3f 3a 0d e3 bc 1b 9a 6f b6 95 c4 56 1d 59 3d 95 95 8a e3 cb 07 51 96 87 71 98 d6 6a e1 4a 9a 4d 05 dc cd b6 b3 18 a9 46 7b c1 93 07 76 e8 5c 8e 92 d4 3e 0d d2 8d dc 0f dd d8 6f b4 3b b9 9f 37 67 41 4a 85 3f 4c 86 61 c7 89 46 76 ec 53 42 16 3e a6 d6 f3 e6 38 cc ef e5 79 1a f5 e7 79 68 5b d1 d0 72 1c 37 de 6f 39 69 98 cf d3 78 23 2e 9a 08 26 bd 81 6a a2 63 3d bb 77 ff 83 47 d6 a6 1f 36 f3 60 fc 61 30 a5 aa 43 7a 31 9a 92 35 84 15 4d 94 2b dd c6 64 c9 7a f3 46 a3 e3 94 5b b0 cb f5 3a 45 83 6f d6 04 77 5a ce 49 73 d6 ee d0 0c 6c da 56 30 49 66 dc fd d1 f4 ea ca 4a b3 d3 de f9 2c c8 8f ad 88 aa bb ba Data Ascii: 37b9e{XvSdkX@dYU`!zMwuwutV? 2QI,Gg1VZXUx-xG+VU;=.{y<QoO<ar<?:oVY=QqjJMF{v\>o;7gAJ?LaFvSB>8yyh[r7o9ix#.&jc=wG6`a0Cz15M+dzF[:EowZIslV0IfJ,

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.5	49743	104.193.88.112	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:20.835726976 CET	1071	OUT	GET /r/www/cache/static/plugins/every_cookie_4644b13.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.005831003 CET	1087	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:32:02 GMT Last-Modified: Thu, 26 Oct 2023 01:40:52 GMT ETag: "4644b1365b341bc21a65b69a93ed92ec" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865218 Accept-Ranges: bytes Content-MD5: RkSxNls0G8IaZbaak+2S7A== x-bce-content-crc32: 2690864632 x-bce-debug-id: 9XC9YZYakJ8+rEvRUip98jiANtuhmxWx/yjvGLIRfKAi22GmVsaa3MvLuC3iSuNyZ2qW3uKXkhx51kvLJHEgIQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: ad6df55d-0ceb-4931-a91e-916328fabcad x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:32:02 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 3421 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 35 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 57 61 6f db 36 10 fd de 5f 61 b3 81 40 c6 ac 2a a5 6b 96 d9 10 8c 36 ed 80 00 c3 36 34 ed a7 65 09 14 e9 1c 73 91 45 55 a4 9c 1a 96 ff fb 8e a4 64 49 4e 82 b5 18 10 24 d4 f1 78 3c de bd f7 c8 e8 72 b3 1d 2f aa 3c d1 42 e6 94 6d db e1 48 50 c1 b6 7a 29 94 7f 0f 9b 48 70 3b 4c aa f2 5c ca 7b 01 11 21 ce 92 a9 03 43 95 3e 32 7c 88 75 1c 69 da 06 63 ce be 10 f9 a1 ab de 14 10 bd 0a dd c7 c5 65 34 6e 86 aa 2a 0a 59 ea ee 7b 93 27 ef b2 8c b2 dd 3e 5d 6d d2 5d c7 e5 48 47 79 95 65 5c 46 e3 80 63 e4 4a 41 69 f6 27 13 31 13 0b 3a a6 3a 4a 65 52 ad 20 d7 fe 1d e8 8f 19 98 e1 fb cd 45 4a 81 31 a6 b1 1c 3d 8f a4 84 58 43 e3 44 c9 c5 ef 7f 7e f9 4c 30 7f 97 29 59 8a 34 85 1c 93 f7 95 de 64 e0 a7 42 15 59 bc 89 48 2e 73 b0 66 d0 ef b4 2e c5 6d a5 81 12 91 12 0e 66 f5 d0 9c 62 7a af 16 b2 24 9c 94 a0 aa 4c db 1d e2 34 7d 0f cb 78 2d 64 49 c9 cb 14 16 31 ce bc dc 1f 87 f1 23 4a 6e 65 ba 21 cc 2f 4a 28 20 4f a9 66 33 53 01 15 e5 f0 30 42 2f 98 29 b3 95 19 51 65 4e 6b 47 6c f2 e6 f4 ad d9 01 be 15 02 37 8c b0 ee f2 cb e7 f3 4b 4c 28 bf a3 Data Ascii: 550Wao6_a@k664esEUdIN$x<r/<BmHPz)Hp;L\{!C>2\|uice4nY{'>]m]HGye\FcJAi'1::JeR EJ1=XCD~L0)Y4dBYH.sf.mfbz$L4}x-dI1#Jne!/J( Of3S0B/)QeNkGl7KL(
Nov 18, 2023 07:52:21.005844116 CET	1088	IN	Data Raw: ec c5 2e 89 75 b2 a4 39 db 4a 5b 71 5b d0 5d 09 ba 2a f3 2d c6 bb d0 b0 9a ee 21 63 50 82 45 93 9e a7 3d 8f 1e 9c 0d b8 b0 e7 8d d7 60 ca db 44 56 6c bb db f1 bb c3 48 2e 10 36 c9 c4 62 6e bf 91 f6 33 19 9b de 70 db af 5e 68 56 d7 84 34 11 85 8d Data Ascii: .u9J[q[]*-!cPE=`DVlH.6bn3p^hV4(J?f8:HOrU`,R}t'@M?o%t>?+uP3ccQH=t-E:"__.MUU\|ueU,ZkkPq8=<
Nov 18, 2023 07:52:21.005881071 CET	1088	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 18, 2023 07:52:21.049580097 CET	1089	OUT	GET /r/www/cache/static/plugins/bzPopper_7bc4f0e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.219779968 CET	1092	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 05:09:37 GMT Last-Modified: Thu, 26 Oct 2023 01:40:52 GMT ETag: "7bc4f0ed3cc6d9c8638de8892a06ea63" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 870164 Accept-Ranges: bytes Content-MD5: e8Tw7TzG2chjjeiJKgbqYw== x-bce-content-crc32: 2209409488 x-bce-debug-id: UyCgqVm7RAAaAoa8pPakkB2WgEjai892iILWa6jijqGHOdz54aNoXCkD2Vqok5P1YLWcIdZw6msrFMA9XnUVHQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 0e5e9278-bbdf-431b-b131-9aad8d0c9a4e x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:09:37 GMT Ohc-Cache-HIT: sfo01-sys-jorcol04.sfo01.baidu.com [2] Ohc-File-Size: 92487 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 38 39 39 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 5a 6d 73 db 46 92 fe ae 5f 21 e1 b6 58 40 04 51 54 b6 ea 76 17 0c 82 93 1d 67 ed 9c 1d 69 2d e5 6d 19 dd d6 10 1c 92 b0 41 0c 77 00 4a 64 48 fe f7 7b 7a 5e 30 43 8a 92 7d 55 97 ca 17 02 f3 d6 d3 dd d3 2f 4f 0f 38 e2 e3 a2 e2 61 30 2f 17 93 a2 aa cf 87 bf 5d 8b f9 9c cb 20 1e 04 92 ff 7b 51 48 1e dc c5 e3 45 95 37 85 a8 c2 68 6d 5f 8f 79 c8 a3 b5 e4 cd 42 e2 7d db 76 37 21 8f 9b 76 a0 49 d7 7c 39 17 b2 a9 93 f5 76 1b f3 b0 89 9b ae e9 89 dc ab 5b 5e 11 d5 e0 bf 86 6c c8 cb f3 29 2f c1 4a 7d 7c 76 dc ac e6 5c 8c 83 be 26 1b 56 69 60 57 04 69 aa 07 8f 6f 56 b3 a1 28 3b 9d a0 56 2f fb 03 dd a2 e1 92 35 42 66 ad 34 4e 00 33 93 6f 93 03 83 1c 34 9f de 8e 77 73 51 d5 8d 5c e4 a0 9d a6 69 db 7f 62 df bb 73 29 1a 41 cb 32 cb 5b d2 6e 18 61 23 27 be fc 2c f1 e5 ef 25 fe d1 1f 2d bf f8 2c f9 c5 ef 25 ff 1f 2d 7e f1 59 e2 17 bf 97 f8 7f f8 f1 b3 cf 92 9f fd 5e f2 ff d1 e2 e7 3a 76 16 e3 f0 64 24 f2 c5 8c 57 4d 77 c2 9b 57 25 a7 d7 17 ab 37 a3 30 98 2c 98 64 55 c3 f9 d9 5c 05 ea b3 ba 59 95 3c 88 a2 f5 bd 28 46 c7 3d f0 d0 74 3a Data Ascii: 899eZmsF_!X@QTvgi-mAwJdH{z^0C}U/O8a0/] {QHE7hm_yB}v7!vI\|9v[^l)/J}\|v\&Vi`WioV(;V/5Bf4N3o4wsQ\ibs)A2[na#',%-,%-~Y^:vd$WMwW%70,dU\Y<(F=t:
Nov 18, 2023 07:52:21.219809055 CET	1093	IN	Data Raw: 21 02 ef 36 ea df 33 79 5c a5 4d 17 91 9d cb e6 b2 e9 83 34 c9 b3 a8 46 2a ee 8f 82 13 2b 90 dd 10 74 b0 48 a6 2d 03 53 ce 46 9b cd 01 7e ea 17 ab 5b 36 f9 9e cd 90 3e 68 52 10 0d 7a 77 b1 70 2b 73 c9 59 c3 cd ec 30 30 8c f6 8f 44 b7 18 a5 4f 09 Data Ascii: !63y\M4F+tH-SF~[6>hRzwp+sY00DO.q_6y]q94VY7/E9CQ"tj"e&]lsRE{2_s[Zk<}1!3.kc#A.fsCgd@7T/9{>yNK
Nov 18, 2023 07:52:21.221952915 CET	1095	IN	Data Raw: 1a 9e ec 4e 19 05 5f 7d 2c 02 9a 44 06 21 e1 45 a7 03 77 01 c0 25 c4 3c 5f d4 94 5d b7 fa e8 08 8b be 63 80 70 ea ed 06 70 47 80 a5 36 f9 1f dc ab ea d6 44 57 89 11 83 52 14 1f 9e 67 f8 d1 e2 42 37 b4 2b 38 70 2a fa 86 66 e9 b3 22 6d d9 5d 3f 30 Data Ascii: N_},D!Ew%<_]cppG6DWRgB7+8p*f"m]?0>ZFe(AqPNcsNYh:,PrMzguR>hNk#+eMPkTcvO-tX>f2FIslmO,W^36?ff;\n>ujIh:
Nov 18, 2023 07:52:21.221966028 CET	1096	IN	Data Raw: af d2 9f c2 75 bb 63 f2 31 36 b3 93 65 5c a3 c0 6e f8 64 95 78 f9 cc 9d 85 40 9d 75 93 be fe 54 bd b1 c4 16 90 f7 d2 ca 7b 83 2d de a6 ca 74 af 28 88 9e 5d aa ec 7f af 02 aa 31 e1 4b 1b 7b af cc 0b 86 fd 8b fe 2b 15 88 b1 52 41 83 7b 1d 96 b5 1b Data Ascii: uc16e\ndx@uT{-t(]1K{+RA{\p~TmQ1.A=b0x@\|60w}:y,?u,X~]`p[6-Y:=axD!2W<_W4R.@ x1gg'>DRu
Nov 18, 2023 07:52:21.226538897 CET	1098	IN	Data Raw: 3a 18 5c 3d b2 bf 9d f2 1c e1 56 57 e5 ad 45 ee 54 e5 18 a6 aa dc c3 9e ef 42 cf 5b 5b 3c f0 28 58 9b 01 f2 95 fd 58 b0 c7 0f 2a d1 fe 91 b9 d0 d9 8b 37 66 85 fe 53 55 4d b7 0e fa ff 7b 96 d4 b3 b8 91 74 bb 3b 3d 8a e1 db 9f 58 92 9b 8f 6b 7a cb Data Ascii: :\=VWETB[[<(XX*7fSUM{t;=XkzY/k-R>aLu\|`j\'ZPmK>GK4;7W}A}wftOjlGRw}7is~D4+ZF>DJI+N.2}iEzzb5POD
Nov 18, 2023 07:52:21.226552963 CET	1099	IN	Data Raw: 3e bd 44 b0 06 84 3e a0 bc 07 da ad 88 d3 cf cc e3 9c 06 8d 53 e8 52 57 26 fd 85 7d 76 5b b3 38 54 e3 96 d3 1a 0b cd 94 2d 7a 86 8a db 09 c2 e0 95 20 34 52 ef 44 db 90 e0 f8 b8 80 ed 07 b7 e0 4e ce 9d 07 37 e0 0e e7 fd b9 f7 8b ff ee 06 7f 20 81 Data Ascii: >D>SRW&}v[8T-z 4RDN7 ],$r@J{{Zcf=G3/q>lxf?m-5z$u!}c#'\Ng;6X]5BaI lh(bKOq >[yzWn){o]J
Nov 18, 2023 07:52:21.231101036 CET	1100	IN	Data Raw: 33 91 e5 68 e7 9d 44 77 0e dc f0 bd ef c9 f1 f0 8c eb 19 50 49 37 09 bf fa 09 4b e3 20 98 06 33 fc 5d 01 7f 2c 67 32 b8 d3 3c 1f 6b 54 14 0b 95 80 42 46 77 37 b4 c7 61 6b 1a b0 bb 5c 8d 42 de c4 df f5 bc 79 61 68 02 a4 74 cb 34 3d e1 85 f9 c5 ab Data Ascii: 3hDwPI7K 3],g2<kTBFw7ak\Byaht4=k"l3jWn)P/):apfs-`8f%1f/y='Q{(P>-0(+6$Z@}sp U/~m+PMz6q?WcmX'#At2zJQot7_b
Nov 18, 2023 07:52:21.231129885 CET	1102	IN	Data Raw: 24 65 53 c8 6c 84 8d 3c 52 63 9d 70 72 28 16 aa 56 f1 9e 2e a5 c9 34 30 02 51 49 16 4b 96 48 36 96 d1 e2 00 2c 23 38 9b 9f 78 7c f9 36 1e b1 11 56 b3 24 b3 6a 19 f6 e3 91 8c 8d 8c 49 54 9f 3f 6a c2 4a 85 79 0d 43 06 f8 65 29 56 35 63 65 00 e2 f3 Data Ascii: $eSl<Rcpr(V.40QIKH6,#8x\|6V$jIT?jJyCe)V5ce&VK)ExyCB"z'Psu[`CWX6ZW?h^pF9@KlU*Ur>vd Kcr6un\@wt;<S5'fBk@62(+dPF)
Nov 18, 2023 07:52:21.235688925 CET	1103	IN	Data Raw: c7 20 a3 47 bf 4c fe 3b 13 9d ff 6d 3e 62 9f 17 e7 b6 f3 72 dd 7b 48 f0 9d 94 74 20 89 da 75 b7 de 0a e9 29 c7 53 7b 55 64 22 ef ee 13 33 86 f5 3a 16 f6 50 46 9f 25 14 95 1e c6 a9 f8 b1 d2 3c 2f dd b8 a6 e6 a3 34 4e b8 ff 5a 32 af e9 91 bd f8 46 Data Ascii: GL;m>br{Ht u)S{Ud"3:PF%</4NZ2F]sgc\X59nxN4oyyTvX4@RFx4K]F<LYO&#2$Mxa7]NqB@\|HSki"~^B/hc,~pG
Nov 18, 2023 07:52:21.391465902 CET	1129	OUT	GET /r/www/cache/static/home/js/nu_instant_search_62c9c51.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.561413050 CET	1131	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 07:48:35 GMT Last-Modified: Thu, 26 Oct 2023 01:40:51 GMT ETag: "62c9c513bde8d5ce8f8dc0192901261f" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 860626 Accept-Ranges: bytes Content-MD5: YsnFE73o1c6PjcAZKQEmHw== x-bce-content-crc32: 60299229 x-bce-debug-id: mBCz9RQ05bq5pCHbkBqfZ8bCoQxG3M9xPVIu5CpOuH+mkmfDpEzz1RL5mhMbhE95RFNuymU6YvErAyXf6vpgLg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: b25a63e9-0d73-4e90-8944-e44fa065e622 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:35 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 24747 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 35 61 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a db 6e e3 c6 f5 dd 5f 21 73 17 12 59 8f 28 c9 b1 83 40 5a da 48 76 93 54 6d b3 6b c4 ce 93 ed 0a 23 71 24 71 4d 91 5c ce 50 b2 61 09 48 d2 14 2d 5a 04 09 fa d2 a2 e8 53 d0 26 45 8b a4 40 9b 22 c1 a2 97 9f d9 eb 5f f4 9c 19 5e 75 f1 6a 77 d3 3c 58 26 e7 72 e6 cc b9 5f d8 8f bc 9e 70 7c af 24 7c ca 85 ce 8c cb 31 0d 4b dc aa dc b0 9d 71 a9 e7 52 ce 2d 4d ce 55 fb 7e 58 0d 19 8f 5c a1 ed dd e0 01 f5 f6 6e d4 e2 7f b0 76 af d2 ba ae 6b 5d df be d0 0c 93 06 01 f3 6c 9d 1b 04 c6 cc 85 ed 86 d9 a7 36 6b 7b fa 2b f5 3a 3c 3b b0 54 43 48 30 21 d8 39 62 41 38 13 47 ce 88 f9 91 d0 fb 31 8a ba 71 79 05 b4 3b b0 12 c1 ad 3a 31 64 23 7f cc 74 63 46 b6 d9 2b c6 ec 7a 1e 6c f2 58 62 19 01 3c 36 29 bd cb 06 6f 9e 07 ba f6 d3 93 13 be 35 c5 9f eb 9a 41 84 05 47 5c 3b 9b 00 d0 31 75 75 04 1d b8 b4 c7 74 4e 34 cd 68 79 bc d3 d3 2f fb a3 a6 d6 65 43 ae 11 41 bb 4d 46 ee 45 2c bc 68 32 af e7 db ec bd 77 db 37 fd 51 e0 7b cc 13 ba 30 48 e4 2d 9b e8 da dc ec f9 a3 91 19 71 16 4e a7 00 7a 66 cc 52 4c b9 ce 08 57 b8 0a 42 ad c3 16 33 47 3e ac 84 3b Data Ascii: 5a2n_!sY(@ZHvTmk#q$qM\PaH-ZS&E@"_^ujw<X&r_p\|$\|1KqR-MU~X\nvk]l6k{+:<;TCH0!9bA8G1qy;:1d#tcF+zlXb<6)o5AG\;1uutN4hy/eCAMFE,h2w7Q{0H-qNzfRLWB3G>;
Nov 18, 2023 07:52:21.573287964 CET	1139	OUT	GET /r/www/cache/static/amd_modules/@baidu/search-sug_947981a.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.743714094 CET	1193	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:27:12 GMT Last-Modified: Thu, 26 Oct 2023 01:40:48 GMT ETag: "947981ae2c8738fa4978e847e7b8be64" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865509 Accept-Ranges: bytes Content-MD5: lHmBriyHOPpJeOhH57i+ZA== x-bce-content-crc32: 790185926 x-bce-debug-id: gkHd/kDKnFwLtNk8tCJuBnUMVdQppcHGL4iCqvZtQxitJVR4B9hf2rOEQJUMdj7uDhDdw5iL8fIgtd7OhWHFyw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: b345b1f6-79ce-4b25-bdae-8cb80f1a47b6 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:12 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 57420 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 34 62 31 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5c 7b 77 db 36 96 ff df 9f c2 61 b3 0e b9 a2 68 c9 4e 3a ad 64 5a 9b 57 27 99 6d a6 9d 38 9d 99 5d d7 ab 43 89 b0 c4 86 22 15 12 f4 23 96 be fb de df 05 48 82 94 e4 38 33 db 39 67 4f 53 8b 00 2e 5e 17 f7 8d 4b 86 e2 32 4a 84 6d fd c7 24 88 c2 e2 30 17 41 36 9d 77 f3 62 76 88 ff a3 24 14 37 96 7b 6e 65 e2 53 11 65 c2 ba 70 2f 8b 64 2a a3 34 b1 75 95 73 57 d6 ec 4f e7 62 fa f1 0d f5 7b 9b d8 54 9f 09 59 64 c9 fe 35 0d 92 5e 7b e3 71 1e 2c 96 b1 18 cf 09 60 1c 8b 64 26 e7 23 e1 a9 87 53 ff e9 6a 25 92 69 1a 8a 5f de bf 7d 99 2e 96 69 22 12 49 a3 54 00 fd ef 06 5f 05 bd de 5c d6 d9 3c bd 36 16 56 0f d7 3f 38 b8 77 b8 e3 7a b0 b3 5f fe f8 d3 8b 3f 61 94 ab 20 db 97 be 9c 47 b9 2b 7c e9 a5 4b 99 fb 62 b5 ba 5b 0f a5 17 2d a5 2f f0 77 b5 4a 8a 38 76 a5 97 89 2b 91 e5 82 6a f5 d3 6a f5 a8 4f f5 97 69 b6 a0 4a fc 54 b0 79 31 59 44 79 4e d3 51 4b 5d a8 da 17 c1 cd 9f 0b f4 52 0f ab 55 bf 47 b5 93 90 e6 c7 df 7a 9c 88 aa b8 e1 e0 80 7f bc 69 ba 58 98 cf 00 21 c0 eb 48 ce d3 42 be 23 0c d0 10 46 49 2f 52 d7 bc 8f a6 f3 ba 1d a5 66 Data Ascii: 4b13\{w6ahN:dZW'm8]C"#H839gOS.^K2Jm$0A6wbv$7{neSep/d*4usWOb{TYd5^{q,`d&#Sj%i_}.i"IT_\<6V?8wz_?a G+\|Kb[-/wJ8v+jjOiJTy1YDyNQK]RUGziX!HB#FI/Rf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	104.193.88.112	80	192.168.2.5	49743	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:20.835726976 CET	1071	OUT	GET /r/www/cache/static/plugins/every_cookie_4644b13.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.005831003 CET	1087	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:32:02 GMT Last-Modified: Thu, 26 Oct 2023 01:40:52 GMT ETag: "4644b1365b341bc21a65b69a93ed92ec" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865218 Accept-Ranges: bytes Content-MD5: RkSxNls0G8IaZbaak+2S7A== x-bce-content-crc32: 2690864632 x-bce-debug-id: 9XC9YZYakJ8+rEvRUip98jiANtuhmxWx/yjvGLIRfKAi22GmVsaa3MvLuC3iSuNyZ2qW3uKXkhx51kvLJHEgIQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: ad6df55d-0ceb-4931-a91e-916328fabcad x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:32:02 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 3421 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 35 35 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 57 61 6f db 36 10 fd de 5f 61 b3 81 40 c6 ac 2a a5 6b 96 d9 10 8c 36 ed 80 00 c3 36 34 ed a7 65 09 14 e9 1c 73 91 45 55 a4 9c 1a 96 ff fb 8e a4 64 49 4e 82 b5 18 10 24 d4 f1 78 3c de bd f7 c8 e8 72 b3 1d 2f aa 3c d1 42 e6 94 6d db e1 48 50 c1 b6 7a 29 94 7f 0f 9b 48 70 3b 4c aa f2 5c ca 7b 01 11 21 ce 92 a9 03 43 95 3e 32 7c 88 75 1c 69 da 06 63 ce be 10 f9 a1 ab de 14 10 bd 0a dd c7 c5 65 34 6e 86 aa 2a 0a 59 ea ee 7b 93 27 ef b2 8c b2 dd 3e 5d 6d d2 5d c7 e5 48 47 79 95 65 5c 46 e3 80 63 e4 4a 41 69 f6 27 13 31 13 0b 3a a6 3a 4a 65 52 ad 20 d7 fe 1d e8 8f 19 98 e1 fb cd 45 4a 81 31 a6 b1 1c 3d 8f a4 84 58 43 e3 44 c9 c5 ef 7f 7e f9 4c 30 7f 97 29 59 8a 34 85 1c 93 f7 95 de 64 e0 a7 42 15 59 bc 89 48 2e 73 b0 66 d0 ef b4 2e c5 6d a5 81 12 91 12 0e 66 f5 d0 9c 62 7a af 16 b2 24 9c 94 a0 aa 4c db 1d e2 34 7d 0f cb 78 2d 64 49 c9 cb 14 16 31 ce bc dc 1f 87 f1 23 4a 6e 65 ba 21 cc 2f 4a 28 20 4f a9 66 33 53 01 15 e5 f0 30 42 2f 98 29 b3 95 19 51 65 4e 6b 47 6c f2 e6 f4 ad d9 01 be 15 02 37 8c b0 ee f2 cb e7 f3 4b 4c 28 bf a3 Data Ascii: 550Wao6_a@k664esEUdIN$x<r/<BmHPz)Hp;L\{!C>2\|uice4nY{'>]m]HGye\FcJAi'1::JeR EJ1=XCD~L0)Y4dBYH.sf.mfbz$L4}x-dI1#Jne!/J( Of3S0B/)QeNkGl7KL(
Nov 18, 2023 07:52:21.005844116 CET	1088	IN	Data Raw: ec c5 2e 89 75 b2 a4 39 db 4a 5b 71 5b d0 5d 09 ba 2a f3 2d c6 bb d0 b0 9a ee 21 63 50 82 45 93 9e a7 3d 8f 1e 9c 0d b8 b0 e7 8d d7 60 ca db 44 56 6c bb db f1 bb c3 48 2e 10 36 c9 c4 62 6e bf 91 f6 33 19 9b de 70 db af 5e 68 56 d7 84 34 11 85 8d Data Ascii: .u9J[q[]*-!cPE=`DVlH.6bn3p^hV4(J?f8:HOrU`,R}t'@M?o%t>?+uP3ccQH=t-E:"__.MUU\|ueU,ZkkPq8=<
Nov 18, 2023 07:52:21.005881071 CET	1088	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 18, 2023 07:52:21.049580097 CET	1089	OUT	GET /r/www/cache/static/plugins/bzPopper_7bc4f0e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.219779968 CET	1092	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 05:09:37 GMT Last-Modified: Thu, 26 Oct 2023 01:40:52 GMT ETag: "7bc4f0ed3cc6d9c8638de8892a06ea63" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 870164 Accept-Ranges: bytes Content-MD5: e8Tw7TzG2chjjeiJKgbqYw== x-bce-content-crc32: 2209409488 x-bce-debug-id: UyCgqVm7RAAaAoa8pPakkB2WgEjai892iILWa6jijqGHOdz54aNoXCkD2Vqok5P1YLWcIdZw6msrFMA9XnUVHQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 0e5e9278-bbdf-431b-b131-9aad8d0c9a4e x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:09:37 GMT Ohc-Cache-HIT: sfo01-sys-jorcol04.sfo01.baidu.com [2] Ohc-File-Size: 92487 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 38 39 39 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 5a 6d 73 db 46 92 fe ae 5f 21 e1 b6 58 40 04 51 54 b6 ea 76 17 0c 82 93 1d 67 ed 9c 1d 69 2d e5 6d 19 dd d6 10 1c 92 b0 41 0c 77 00 4a 64 48 fe f7 7b 7a 5e 30 43 8a 92 7d 55 97 ca 17 02 f3 d6 d3 dd d3 2f 4f 0f 38 e2 e3 a2 e2 61 30 2f 17 93 a2 aa cf 87 bf 5d 8b f9 9c cb 20 1e 04 92 ff 7b 51 48 1e dc c5 e3 45 95 37 85 a8 c2 68 6d 5f 8f 79 c8 a3 b5 e4 cd 42 e2 7d db 76 37 21 8f 9b 76 a0 49 d7 7c 39 17 b2 a9 93 f5 76 1b f3 b0 89 9b ae e9 89 dc ab 5b 5e 11 d5 e0 bf 86 6c c8 cb f3 29 2f c1 4a 7d 7c 76 dc ac e6 5c 8c 83 be 26 1b 56 69 60 57 04 69 aa 07 8f 6f 56 b3 a1 28 3b 9d a0 56 2f fb 03 dd a2 e1 92 35 42 66 ad 34 4e 00 33 93 6f 93 03 83 1c 34 9f de 8e 77 73 51 d5 8d 5c e4 a0 9d a6 69 db 7f 62 df bb 73 29 1a 41 cb 32 cb 5b d2 6e 18 61 23 27 be fc 2c f1 e5 ef 25 fe d1 1f 2d bf f8 2c f9 c5 ef 25 ff 1f 2d 7e f1 59 e2 17 bf 97 f8 7f f8 f1 b3 cf 92 9f fd 5e f2 ff d1 e2 e7 3a 76 16 e3 f0 64 24 f2 c5 8c 57 4d 77 c2 9b 57 25 a7 d7 17 ab 37 a3 30 98 2c 98 64 55 c3 f9 d9 5c 05 ea b3 ba 59 95 3c 88 a2 f5 bd 28 46 c7 3d f0 d0 74 3a Data Ascii: 899eZmsF_!X@QTvgi-mAwJdH{z^0C}U/O8a0/] {QHE7hm_yB}v7!vI\|9v[^l)/J}\|v\&Vi`WioV(;V/5Bf4N3o4wsQ\ibs)A2[na#',%-,%-~Y^:vd$WMwW%70,dU\Y<(F=t:
Nov 18, 2023 07:52:21.219809055 CET	1093	IN	Data Raw: 21 02 ef 36 ea df 33 79 5c a5 4d 17 91 9d cb e6 b2 e9 83 34 c9 b3 a8 46 2a ee 8f 82 13 2b 90 dd 10 74 b0 48 a6 2d 03 53 ce 46 9b cd 01 7e ea 17 ab 5b 36 f9 9e cd 90 3e 68 52 10 0d 7a 77 b1 70 2b 73 c9 59 c3 cd ec 30 30 8c f6 8f 44 b7 18 a5 4f 09 Data Ascii: !63y\M4F+tH-SF~[6>hRzwp+sY00DO.q_6y]q94VY7/E9CQ"tj"e&]lsRE{2_s[Zk<}1!3.kc#A.fsCgd@7T/9{>yNK
Nov 18, 2023 07:52:21.221952915 CET	1095	IN	Data Raw: 1a 9e ec 4e 19 05 5f 7d 2c 02 9a 44 06 21 e1 45 a7 03 77 01 c0 25 c4 3c 5f d4 94 5d b7 fa e8 08 8b be 63 80 70 ea ed 06 70 47 80 a5 36 f9 1f dc ab ea d6 44 57 89 11 83 52 14 1f 9e 67 f8 d1 e2 42 37 b4 2b 38 70 2a fa 86 66 e9 b3 22 6d d9 5d 3f 30 Data Ascii: N_},D!Ew%<_]cppG6DWRgB7+8p*f"m]?0>ZFe(AqPNcsNYh:,PrMzguR>hNk#+eMPkTcvO-tX>f2FIslmO,W^36?ff;\n>ujIh:
Nov 18, 2023 07:52:21.221966028 CET	1096	IN	Data Raw: af d2 9f c2 75 bb 63 f2 31 36 b3 93 65 5c a3 c0 6e f8 64 95 78 f9 cc 9d 85 40 9d 75 93 be fe 54 bd b1 c4 16 90 f7 d2 ca 7b 83 2d de a6 ca 74 af 28 88 9e 5d aa ec 7f af 02 aa 31 e1 4b 1b 7b af cc 0b 86 fd 8b fe 2b 15 88 b1 52 41 83 7b 1d 96 b5 1b Data Ascii: uc16e\ndx@uT{-t(]1K{+RA{\p~TmQ1.A=b0x@\|60w}:y,?u,X~]`p[6-Y:=axD!2W<_W4R.@ x1gg'>DRu
Nov 18, 2023 07:52:21.226538897 CET	1098	IN	Data Raw: 3a 18 5c 3d b2 bf 9d f2 1c e1 56 57 e5 ad 45 ee 54 e5 18 a6 aa dc c3 9e ef 42 cf 5b 5b 3c f0 28 58 9b 01 f2 95 fd 58 b0 c7 0f 2a d1 fe 91 b9 d0 d9 8b 37 66 85 fe 53 55 4d b7 0e fa ff 7b 96 d4 b3 b8 91 74 bb 3b 3d 8a e1 db 9f 58 92 9b 8f 6b 7a cb Data Ascii: :\=VWETB[[<(XX*7fSUM{t;=XkzY/k-R>aLu\|`j\'ZPmK>GK4;7W}A}wftOjlGRw}7is~D4+ZF>DJI+N.2}iEzzb5POD
Nov 18, 2023 07:52:21.226552963 CET	1099	IN	Data Raw: 3e bd 44 b0 06 84 3e a0 bc 07 da ad 88 d3 cf cc e3 9c 06 8d 53 e8 52 57 26 fd 85 7d 76 5b b3 38 54 e3 96 d3 1a 0b cd 94 2d 7a 86 8a db 09 c2 e0 95 20 34 52 ef 44 db 90 e0 f8 b8 80 ed 07 b7 e0 4e ce 9d 07 37 e0 0e e7 fd b9 f7 8b ff ee 06 7f 20 81 Data Ascii: >D>SRW&}v[8T-z 4RDN7 ],$r@J{{Zcf=G3/q>lxf?m-5z$u!}c#'\Ng;6X]5BaI lh(bKOq >[yzWn){o]J
Nov 18, 2023 07:52:21.231101036 CET	1100	IN	Data Raw: 33 91 e5 68 e7 9d 44 77 0e dc f0 bd ef c9 f1 f0 8c eb 19 50 49 37 09 bf fa 09 4b e3 20 98 06 33 fc 5d 01 7f 2c 67 32 b8 d3 3c 1f 6b 54 14 0b 95 80 42 46 77 37 b4 c7 61 6b 1a b0 bb 5c 8d 42 de c4 df f5 bc 79 61 68 02 a4 74 cb 34 3d e1 85 f9 c5 ab Data Ascii: 3hDwPI7K 3],g2<kTBFw7ak\Byaht4=k"l3jWn)P/):apfs-`8f%1f/y='Q{(P>-0(+6$Z@}sp U/~m+PMz6q?WcmX'#At2zJQot7_b
Nov 18, 2023 07:52:21.231129885 CET	1102	IN	Data Raw: 24 65 53 c8 6c 84 8d 3c 52 63 9d 70 72 28 16 aa 56 f1 9e 2e a5 c9 34 30 02 51 49 16 4b 96 48 36 96 d1 e2 00 2c 23 38 9b 9f 78 7c f9 36 1e b1 11 56 b3 24 b3 6a 19 f6 e3 91 8c 8d 8c 49 54 9f 3f 6a c2 4a 85 79 0d 43 06 f8 65 29 56 35 63 65 00 e2 f3 Data Ascii: $eSl<Rcpr(V.40QIKH6,#8x\|6V$jIT?jJyCe)V5ce&VK)ExyCB"z'Psu[`CWX6ZW?h^pF9@KlU*Ur>vd Kcr6un\@wt;<S5'fBk@62(+dPF)
Nov 18, 2023 07:52:21.235688925 CET	1103	IN	Data Raw: c7 20 a3 47 bf 4c fe 3b 13 9d ff 6d 3e 62 9f 17 e7 b6 f3 72 dd 7b 48 f0 9d 94 74 20 89 da 75 b7 de 0a e9 29 c7 53 7b 55 64 22 ef ee 13 33 86 f5 3a 16 f6 50 46 9f 25 14 95 1e c6 a9 f8 b1 d2 3c 2f dd b8 a6 e6 a3 34 4e b8 ff 5a 32 af e9 91 bd f8 46 Data Ascii: GL;m>br{Ht u)S{Ud"3:PF%</4NZ2F]sgc\X59nxN4oyyTvX4@RFx4K]F<LYO&#2$Mxa7]NqB@\|HSki"~^B/hc,~pG
Nov 18, 2023 07:52:21.391465902 CET	1129	OUT	GET /r/www/cache/static/home/js/nu_instant_search_62c9c51.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.561413050 CET	1131	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 07:48:35 GMT Last-Modified: Thu, 26 Oct 2023 01:40:51 GMT ETag: "62c9c513bde8d5ce8f8dc0192901261f" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 860626 Accept-Ranges: bytes Content-MD5: YsnFE73o1c6PjcAZKQEmHw== x-bce-content-crc32: 60299229 x-bce-debug-id: mBCz9RQ05bq5pCHbkBqfZ8bCoQxG3M9xPVIu5CpOuH+mkmfDpEzz1RL5mhMbhE95RFNuymU6YvErAyXf6vpgLg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: b25a63e9-0d73-4e90-8944-e44fa065e622 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:35 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 24747 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 35 61 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 1a db 6e e3 c6 f5 dd 5f 21 73 17 12 59 8f 28 c9 b1 83 40 5a da 48 76 93 54 6d b3 6b c4 ce 93 ed 0a 23 71 24 71 4d 91 5c ce 50 b2 61 09 48 d2 14 2d 5a 04 09 fa d2 a2 e8 53 d0 26 45 8b a4 40 9b 22 c1 a2 97 9f d9 eb 5f f4 9c 19 5e 75 f1 6a 77 d3 3c 58 26 e7 72 e6 cc b9 5f d8 8f bc 9e 70 7c af 24 7c ca 85 ce 8c cb 31 0d 4b dc aa dc b0 9d 71 a9 e7 52 ce 2d 4d ce 55 fb 7e 58 0d 19 8f 5c a1 ed dd e0 01 f5 f6 6e d4 e2 7f b0 76 af d2 ba ae 6b 5d df be d0 0c 93 06 01 f3 6c 9d 1b 04 c6 cc 85 ed 86 d9 a7 36 6b 7b fa 2b f5 3a 3c 3b b0 54 43 48 30 21 d8 39 62 41 38 13 47 ce 88 f9 91 d0 fb 31 8a ba 71 79 05 b4 3b b0 12 c1 ad 3a 31 64 23 7f cc 74 63 46 b6 d9 2b c6 ec 7a 1e 6c f2 58 62 19 01 3c 36 29 bd cb 06 6f 9e 07 ba f6 d3 93 13 be 35 c5 9f eb 9a 41 84 05 47 5c 3b 9b 00 d0 31 75 75 04 1d b8 b4 c7 74 4e 34 cd 68 79 bc d3 d3 2f fb a3 a6 d6 65 43 ae 11 41 bb 4d 46 ee 45 2c bc 68 32 af e7 db ec bd 77 db 37 fd 51 e0 7b cc 13 ba 30 48 e4 2d 9b e8 da dc ec f9 a3 91 19 71 16 4e a7 00 7a 66 cc 52 4c b9 ce 08 57 b8 0a 42 ad c3 16 33 47 3e ac 84 3b Data Ascii: 5a2n_!sY(@ZHvTmk#q$qM\PaH-ZS&E@"_^ujw<X&r_p\|$\|1KqR-MU~X\nvk]l6k{+:<;TCH0!9bA8G1qy;:1d#tcF+zlXb<6)o5AG\;1uutN4hy/eCAMFE,h2w7Q{0H-qNzfRLWB3G>;
Nov 18, 2023 07:52:21.573287964 CET	1139	OUT	GET /r/www/cache/static/amd_modules/@baidu/search-sug_947981a.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:21.743714094 CET	1193	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 06:27:12 GMT Last-Modified: Thu, 26 Oct 2023 01:40:48 GMT ETag: "947981ae2c8738fa4978e847e7b8be64" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 865509 Accept-Ranges: bytes Content-MD5: lHmBriyHOPpJeOhH57i+ZA== x-bce-content-crc32: 790185926 x-bce-debug-id: gkHd/kDKnFwLtNk8tCJuBnUMVdQppcHGL4iCqvZtQxitJVR4B9hf2rOEQJUMdj7uDhDdw5iL8fIgtd7OhWHFyw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: b345b1f6-79ce-4b25-bdae-8cb80f1a47b6 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:12 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 57420 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: * Data Raw: 34 62 31 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 5c 7b 77 db 36 96 ff df 9f c2 61 b3 0e b9 a2 68 c9 4e 3a ad 64 5a 9b 57 27 99 6d a6 9d 38 9d 99 5d d7 ab 43 89 b0 c4 86 22 15 12 f4 23 96 be fb de df 05 48 82 94 e4 38 33 db 39 67 4f 53 8b 00 2e 5e 17 f7 8d 4b 86 e2 32 4a 84 6d fd c7 24 88 c2 e2 30 17 41 36 9d 77 f3 62 76 88 ff a3 24 14 37 96 7b 6e 65 e2 53 11 65 c2 ba 70 2f 8b 64 2a a3 34 b1 75 95 73 57 d6 ec 4f e7 62 fa f1 0d f5 7b 9b d8 54 9f 09 59 64 c9 fe 35 0d 92 5e 7b e3 71 1e 2c 96 b1 18 cf 09 60 1c 8b 64 26 e7 23 e1 a9 87 53 ff e9 6a 25 92 69 1a 8a 5f de bf 7d 99 2e 96 69 22 12 49 a3 54 00 fd ef 06 5f 05 bd de 5c d6 d9 3c bd 36 16 56 0f d7 3f 38 b8 77 b8 e3 7a b0 b3 5f fe f8 d3 8b 3f 61 94 ab 20 db 97 be 9c 47 b9 2b 7c e9 a5 4b 99 fb 62 b5 ba 5b 0f a5 17 2d a5 2f f0 77 b5 4a 8a 38 76 a5 97 89 2b 91 e5 82 6a f5 d3 6a f5 a8 4f f5 97 69 b6 a0 4a fc 54 b0 79 31 59 44 79 4e d3 51 4b 5d a8 da 17 c1 cd 9f 0b f4 52 0f ab 55 bf 47 b5 93 90 e6 c7 df 7a 9c 88 aa b8 e1 e0 80 7f bc 69 ba 58 98 cf 00 21 c0 eb 48 ce d3 42 be 23 0c d0 10 46 49 2f 52 d7 bc 8f a6 f3 ba 1d a5 66 Data Ascii: 4b13\{w6ahN:dZW'm8]C"#H839gOS.^K2Jm$0A6wbv$7{neSep/d*4usWOb{TYd5^{q,`d&#Sj%i_}.i"IT_\<6V?8wz_?a G+\|Kb[-/wJ8v+jjOiJTy1YDyNQK]RUGziX!HB#FI/Rf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	103.235.47.7	80	192.168.2.5	49753	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:24.240250111 CET	1320	OUT	GET /cache/fpid/lib_1_0.js?_=1700294000842 HTTP/1.1 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Ps-Dataurlconfigqid: 0xfecfa60d001d8f36 X-Requested-With: XMLHttpRequest Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r; BD_UPN=1122314751
Nov 18, 2023 07:52:24.559505939 CET	1325	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Encoding: gzip Content-Length: 23722 Content-Type: application/javascript Date: Sat, 18 Nov 2023 06:52:24 GMT Etag: "c1ba-4fcccbac76400" Expires: Tue, 15 Nov 2033 06:52:24 GMT Last-Modified: Fri, 27 Jun 2014 08:02:24 GMT Server: Apache Vary: Accept-Encoding,User-Agent Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad bd 79 7f 1b 47 96 25 fa bf 3e 85 84 f1 48 44 11 09 c5 96 19 11 a4 20 75 ae 55 ee b1 ab 6a ca ae e5 8d cc f6 0f 1b 49 c8 dc 4c 50 8b 4b 62 7f f6 77 ce cd c4 46 91 b2 e6 f7 5e 75 9b c2 72 91 19 cb 5d ce b9 71 23 f2 dd f8 fa f1 f1 d5 77 8b c9 e3 d1 e3 8f b7 87 8f f6 8e df 5e 4c 6f 16 97 17 7b fd 8f 8b e3 bd 27 7f 3d 7b 7b b2 b8 a8 e6 37 f3 e9 4d ff 1d 84 b7 3f 18 7d 3c 99 df fc f9 ed f9 c1 fa 47 93 c1 b4 fd dd cd e9 62 39 bc 78 7b be 37 e9 f7 af e7 37 6f af 2f 1e 5f bc 3d 3b 3b e4 25 c6 87 90 b8 f9 ed 6a 7e 79 fc 78 3a 1a f5 de 5e cc e6 c7 8b 8b f9 ac d7 1f 8f 9e bf fe 69 76 84 ff 7e 1a fe f4 f3 20 39 fa c3 f3 e1 fc c3 7c 8a cb 1c ce cf 96 f3 c7 e3 d1 de c5 fc fd e3 bf cd 4f ea 0f 57 7b d3 7e 7f fd 75 77 97 f1 ab f1 6b 75 34 bc 9e 5f 9d 8d a7 f3 3d 5c 0e 17 4a 8e 9e 9f 0c 7a 83 5e ff 80 8d b8 1d 9c 8e 97 df 2f ce e7 3f a2 0d 9b b6 b7 2d df ee df 70 b1 fc b6 fe ac f9 93 c1 78 30 1b cc 47 d3 e1 f4 f2 62 79 73 fd 76 7a 73 79 3d 1a fd 70 73 bd b8 38 79 f5 7a 7a 74 30 3d 3c be bc de 9b 8d d4 e1 ec c5 7c 78 36 bf 38 b9 39 3d 9c ed ef f7 3f 4e 46 17 e3 77 8b 93 31 7e 31 3c ef 5a b0 7c 3d 7f 3d 3b 3a e2 a0 4c 9e 3e 9d 0c e7 17 e3 c9 d9 7c d6 36 a4 ff 71 3c ba f3 11 05 c7 c3 8b f1 f9 fc d3 a7 f1 70 36 5f 4e af 17 57 ec c1 aa a5 93 db db ad 36 df 0e 30 b6 b3 3f 8f df b5 bf de f4 f7 64 30 eb 7f 94 f9 18 3d 3a b9 b7 2f 27 07 27 c3 37 97 8b 8b bd de f0 0f bd 3e ba 3c 1b 8d 46 c7 63 cc c3 ab 5e ef a0 f7 d3 4f b3 de 00 33 3e da 9a 91 f1 3e 65 f7 e7 fb bd 4f f2 97 6f c6 83 de 02 3f 3f de ea fb 95 b4 65 29 e3 34 c1 38 4d 5e 1c af c6 69 82 71 42 0f a7 c3 9b f9 f2 66 ef f8 f5 e4 68 a7 8f 9f 3e 6d 7f c3 51 58 2b 18 3f 39 dc e9 79 fe af bf 1c bc 47 ef 2f df 0f 73 74 fa dd fc 5f 7f 99 bc c1 c4 0e a0 b7 fc 6e 4b 6f c7 ed 58 a0 91 f8 25 e6 77 da 76 f4 f0 e6 fa b7 8f c7 d2 43 51 69 fc 8a ca 36 1d 61 ac e6 b7 d3 f1 cd f4 74 0f c3 78 bb d1 e8 f1 93 1d 8d fe 38 9b 9f 41 99 1e 1f af 5a 36 5d 4d ce f1 ed e0 62 db 76 d0 82 ee 9b ad 2b 2d 65 26 7a af a4 31 07 cf 7f 9a 3d 6f 7b 3f ee df 0e a6 97 e7 57 e3 eb 39 0c 70 b9 3d ab f3 b6 27 b3 11 1b 3c 98 0e a8 af c7 a3 6e 18 f0 83 e5 fc db 8b 1b 2a d1 93 99 58 e8 09 c6 f4 51 f7 7a 33 98 8a 12 b3 6e a2 9e 3e 5d bd 1a 6e dd 74 25 7a df 77 d2 0e 0c d3 c9 70 79 75 b6 b8 d9 a3 f1 1d 4e 46 f3 ed b7 9c fc 31 26 7f fc e2 fb f1 cd 29 ec 01 36 d8 69 c1 60 d2 bd e8 1f 8e 69 37 68 0b 54 e2 f5 f8 68 a0 55 ff 25 0c a5 7b b9 6a 82 3e dc 91 78 f1 99 44 a2 57 c3 ae 60 10 97 d7 e7 e3 3b 8e eb 2b dc 16 74 62 b2 71 2c 3f 2d e9 53 7a fd 3b ae 66 e5 69 b6 3a 4a db 82 a6 ec bd ee 29 bc dd fc 77 b4 3d 04 4e 3a 8a 36 3c ff af 3d b5 df df 1b ee f7 bf e9 e6 9a bd ea f7 f9 77 d4 5a d9 f0 1b 23 f3 b7 51 87 29 7c 1e 45 d4 d1 08 17 5e ab 1a de ef e3 56 fb d3 d7 7a f5 c2 ac 5e d8 a3 db c1 a3 c5 c5 Data Ascii: yG%>HD uUjILPKbwF^ur]q#w^Lo{'={{7M?}<Gb9x{77o/_=;;%j~yx:^iv~ 9\|OW{~uwku4_=\Jz^/?-px0Gbysvzsy=ps8yzzt0=<\|x689=?NFw1~1<Z\|==;:L>\|6q<p6_NW60?d0=:/''7><Fc^O3>>eOo??e)48M^iqBfh>mQX+?9yG/st_nKoX%wvCQi6atx8AZ6]Mbv+-e&z1=o{?W9p='<n*XQz3n>]nt%zwpyuNF1&)6i`i7hThU%{j>xDW`;+tbq,?-Sz;fi:J)w=N:6<=wZ#Q)\|E^Vz^
Nov 18, 2023 07:52:24.559523106 CET	1326	IN	Data Raw: e2 e6 07 b1 ad 83 2d c7 cf de 7e d3 aa cf db e5 fc 3a 3f 99 5f dc 6c 19 ef fa b3 c3 6f c4 43 8a 2d e0 f5 b7 f5 bb f9 f5 a8 fd ec e9 d3 e7 df ff f0 6d fd d3 f2 0f 7b f4 e5 af 7e 9a fd a1 ff 7c d1 3a eb f5 ef fb af 44 1d 9b b3 4b 8c ce aa 6b 9a b3 Data Ascii: -~:?_loC-m{~\|:DKkvh\~A-v~\]_,f_+z}Prwpz9Z2^w9lo4?_=]7\|zx9;m}h'a
Nov 18, 2023 07:52:24.559536934 CET	1328	IN	Data Raw: fd ad 7c b7 3d bf 2b 17 f7 a6 a3 e4 20 16 b7 83 d9 db f3 f3 df f4 81 ba 3d dc c9 5b 5c 76 2f 56 6e 74 27 a4 cd 06 6b a6 09 56 74 f8 e8 ce 2f b7 41 c8 e8 ae 2e 4e 76 bd ff b8 a3 95 6d 10 06 fc bf b8 c1 cf f9 db 51 17 fa c5 31 7c 9c 0c df b7 1f af Data Ascii: \|=+ =[\v/Vnt'kVt/A.NvmQ1\|Qig3n_w5z LG^4hr 7<onSgW\|uq]o/FzSJpoW7<#7PcN?n>gdKJN}
Nov 18, 2023 07:52:24.559550047 CET	1328	IN	Data Raw: f8 74 85 99 7a 00 42 03 a3 19 d2 f9 53 36 76 3c fc 23 e6 77 7c bd 20 2d df eb 7d d3 29 6f 0f 8e 7a fd 63 a1 74 13 04 51 74 6f 76 57 fb 27 e2 8a 0e 77 34 ff 64 4b f3 37 0b dc c2 3c ef 58 c1 5a cb bf e0 ff 17 d7 73 2e ee 6e fc ff 0f ff e4 a2 86 fc Data Ascii: tzBS6v<#w\| -})ozctQtovW'w4dK7<XZs.n,+tQmb*uP>jScYPP}\ ;j;`A"kS7yArl0-wE<VYjfPkM/~ODh>w>m#Gz/O.gH0
Nov 18, 2023 07:52:24.559562922 CET	1329	IN	Data Raw: e6 24 e2 0e 3b 0c 7c b8 9d 01 59 a5 f1 58 db f1 f4 a9 54 78 6c e5 d2 ba 8a 8f 4d ba ed ae c0 e1 fa a7 13 f6 a3 2f 7f 3f fb 45 bf 85 a1 f8 aa 93 03 a0 c3 77 7f 06 c6 5c 71 df 11 58 c5 c7 f6 3b d2 8e 8b 1b 7e b9 73 a1 f6 06 87 93 cd 78 c9 45 bb d1 Data Ascii: $;\|YXTxlM/?Ew\qX;~sxE[vV;;3:\nYJ'[V:]gPNe;#n{^]qoWGrjR3b6;U>ELi)~wJ#z^
Nov 18, 2023 07:52:24.559577942 CET	1331	IN	Data Raw: 14 b8 96 ff 75 30 1b 2c 07 37 83 eb 75 ed f7 af 92 bb 9a c9 df e5 fe 62 ef a6 8f 3f d7 5c 61 e0 0a d2 c5 d6 ad 06 cb 56 c1 7f 1d 5c 8f ce 99 cb 52 af 96 07 32 f1 33 16 61 f0 b5 96 d7 46 5e 1b 79 6d e5 b5 95 d7 4e 5e bb a3 36 3c ae 38 cf 3d 03 88 Data Ascii: u0,7ub?\aV\R23aF^ymN^6<8=wHGNanVgm/}Hk@y1~i/0NoQ[dx]MjShO0f2X2J2<2.2 _&-?]+gn@z{
Nov 18, 2023 07:52:24.559592009 CET	1332	IN	Data Raw: ea d5 03 ad 73 d2 3a 6d bc 09 11 6a f4 50 e3 bc b4 0d 97 4b 5d f4 62 2e f7 b7 4d b5 6d d3 2a 62 74 55 e6 d4 43 ad b3 6c 1e 26 d4 f8 a8 bd bb bf 71 ed c0 d9 34 40 77 8d 31 0f 34 cd b6 4d 83 44 6a 74 f4 f1 81 a6 65 d2 32 9f 29 13 75 80 d0 a3 7b db Data Ascii: s:mjPK]b.Mm*btUCl&q4@w14MDjte2)u{en9F`Aw6whzi\|jGCft2lD2Yu MEG>x@sgqpNuSN}imQhmpF68+
Nov 18, 2023 07:52:24.559606075 CET	1333	IN	Data Raw: ee 0c 00 97 9e 76 0f 58 bb 57 47 56 2b 10 77 86 61 fe e1 66 7e 7d 31 3e 7b fa 74 f5 6a 78 be da 35 dd 2c ce f0 11 10 5b 67 ed 5f 23 b3 b7 39 3a ab 6b ec 78 dd d8 27 ea 76 af bf 2a 32 bc de 7b dd fb db bb 37 b3 b3 bf bf b9 40 b4 ec d5 c7 ef 27 e7 Data Ascii: vXWGV+waf~}1>{tjx5,[g_#9:kx'v*2{7@'G,fg&'777>z>-<z3)wd`rwsr7:=?quFToZoy?7o.{GgJ7/KmYvet:[
Nov 18, 2023 07:52:24.559711933 CET	1335	IN	Data Raw: 2b 6b 3d ac a2 b0 39 f7 5a 6b 97 8b 18 54 b7 41 b3 52 f6 af 8c 4e 63 3a 8d c7 7c 64 b6 4c 7d b4 ba 14 ed 2d d3 3a e7 64 e9 da 72 df a9 29 93 22 a6 3e 49 33 e8 91 87 8e a3 b9 22 96 d5 d6 6a 9d c4 50 34 49 ad 68 3c 59 63 92 a6 c9 52 5d c7 3c c7 5c Data Ascii: +k=9ZkTARNc:\|dL}-:dr)">I3"jP4Ih<YcR]<\TKjC0 Ox/R6!,u%>y+V9-!M[=nR&u(U;_qk5iUh2)Fe\.`7E)/PO/=6d201eI$BU
Nov 18, 2023 07:52:24.559726000 CET	1336	IN	Data Raw: 70 f8 2e 43 d8 8d ce c1 09 04 0f 1d 03 ea 34 69 2b d6 84 bc 62 84 87 41 41 c9 11 f5 01 d1 23 22 44 5e 35 30 04 e0 7a 5a 16 5c 04 42 0e e2 5e 03 e4 87 41 85 55 e4 01 51 a6 54 f0 e3 b4 86 bc 6c 44 0c b4 40 41 f9 3d 5c 13 38 00 c4 10 98 c9 43 00 6e Data Ascii: p.C4i+bAA#"D^50zZ\B^AUQTlD@A=\8Cnqw@MaYF:+[!$p\XLyhXb!@Tt&Ha.C#<GnR"a*R@ 9zQ!e`IUE(Vr
Nov 18, 2023 07:52:24.559739113 CET	1337	IN	Data Raw: 58 ce db c8 9c c6 0a d3 00 ff 6d 01 32 c1 60 10 4a a3 e2 e6 6d ab 75 d1 14 85 cd 1b a2 1a 34 da 29 7a aa a8 a0 9b 36 85 89 a2 ad 00 4a 05 42 3e 68 b5 8a 8d 28 52 8e 46 80 b5 24 e0 5b cc 45 12 d0 02 38 83 67 09 af 57 08 36 32 0b 79 63 33 26 4b 81 Data Ascii: Xm2`Jmu4)z6JB>h(RF$[E8gW62yc3&KjXXQkUgh4&Am298@xr[]p{4O2Y49Mo&lKO`Ki_:a%"~;Gj<Oe1
Nov 18, 2023 07:52:24.770695925 CET	1414	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Encoding: gzip Content-Length: 23722 Content-Type: application/javascript Date: Sat, 18 Nov 2023 06:52:24 GMT Etag: "c1ba-4fcccbac76400" Expires: Tue, 15 Nov 2033 06:52:24 GMT Last-Modified: Fri, 27 Jun 2014 08:02:24 GMT Server: Apache Vary: Accept-Encoding,User-Agent Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad bd 79 7f 1b 47 96 25 fa bf 3e 85 84 f1 48 44 11 09 c5 96 19 11 a4 20 75 ae 55 ee b1 ab 6a ca ae e5 8d cc f6 0f 1b 49 c8 dc 4c 50 8b 4b 62 7f f6 77 ce cd c4 46 91 b2 e6 f7 5e 75 9b c2 72 91 19 cb 5d ce b9 71 23 f2 dd f8 fa f1 f1 d5 77 8b c9 e3 d1 e3 8f b7 87 8f f6 8e df 5e 4c 6f 16 97 17 7b fd 8f 8b e3 bd 27 7f 3d 7b 7b b2 b8 a8 e6 37 f3 e9 4d ff 1d 84 b7 3f 18 7d 3c 99 df fc f9 ed f9 c1 fa 47 93 c1 b4 fd dd cd e9 62 39 bc 78 7b be 37 e9 f7 af e7 37 6f af 2f 1e 5f bc 3d 3b 3b e4 25 c6 87 90 b8 f9 ed 6a 7e 79 fc 78 3a 1a f5 de 5e cc e6 c7 8b 8b f9 ac d7 1f 8f 9e bf fe 69 76 84 ff 7e 1a fe f4 f3 20 39 fa c3 f3 e1 fc c3 7c 8a cb 1c ce cf 96 f3 c7 e3 d1 de c5 fc fd e3 bf cd 4f ea 0f 57 7b d3 7e 7f fd 75 77 97 f1 ab f1 6b 75 34 bc 9e 5f 9d 8d a7 f3 3d 5c 0e 17 4a 8e 9e 9f 0c 7a 83 5e ff 80 8d b8 1d 9c 8e 97 df 2f ce e7 3f a2 0d 9b b6 b7 2d df ee df 70 b1 fc b6 fe ac f9 93 c1 78 30 1b cc 47 d3 e1 f4 f2 62 79 73 fd 76 7a 73 79 3d 1a fd 70 73 bd b8 38 79 f5 7a 7a 74 30 3d 3c be bc de 9b 8d d4 e1 ec c5 7c 78 36 bf 38 b9 39 3d 9c ed ef f7 3f 4e 46 17 e3 77 8b 93 31 7e 31 3c ef 5a b0 7c 3d 7f 3d 3b 3a e2 a0 4c 9e 3e 9d 0c e7 17 e3 c9 d9 7c d6 36 a4 ff 71 3c ba f3 11 05 c7 c3 8b f1 f9 fc d3 a7 f1 70 36 5f 4e af 17 57 ec c1 aa a5 93 db db ad 36 df 0e 30 b6 b3 3f 8f df b5 bf de f4 f7 64 30 eb 7f 94 f9 18 3d 3a b9 b7 2f 27 07 27 c3 37 97 8b 8b bd de f0 0f bd 3e ba 3c 1b 8d 46 c7 63 cc c3 ab 5e ef a0 f7 d3 4f b3 de 00 33 3e da 9a 91 f1 3e 65 f7 e7 fb bd 4f f2 97 6f c6 83 de 02 3f 3f de ea fb 95 b4 65 29 e3 34 c1 38 4d 5e 1c af c6 69 82 71 42 0f a7 c3 9b f9 f2 66 ef f8 f5 e4 68 a7 8f 9f 3e 6d 7f c3 51 58 2b 18 3f 39 dc e9 79 fe af bf 1c bc 47 ef 2f df 0f 73 74 fa dd fc 5f 7f 99 bc c1 c4 0e a0 b7 fc 6e 4b 6f c7 ed 58 a0 91 f8 25 e6 77 da 76 f4 f0 e6 fa b7 8f c7 d2 43 51 69 fc 8a ca 36 1d 61 ac e6 b7 d3 f1 cd f4 74 0f c3 78 bb d1 e8 f1 93 1d 8d fe 38 9b 9f 41 99 1e 1f af 5a 36 5d 4d ce f1 ed e0 62 db 76 d0 82 ee 9b ad 2b 2d 65 26 7a af a4 31 07 cf 7f 9a 3d 6f 7b 3f ee df 0e a6 97 e7 57 e3 eb 39 0c 70 b9 3d ab f3 b6 27 b3 11 1b 3c 98 0e a8 af c7 a3 6e 18 f0 83 e5 fc db 8b 1b 2a d1 93 99 58 e8 09 c6 f4 51 f7 7a 33 98 8a 12 b3 6e a2 9e 3e 5d bd 1a 6e dd 74 25 7a df 77 d2 0e 0c d3 c9 70 79 75 b6 b8 d9 a3 f1 1d 4e 46 f3 ed b7 9c fc 31 26 7f fc e2 fb f1 cd 29 ec 01 36 d8 69 c1 60 d2 bd e8 1f 8e 69 37 68 0b 54 e2 f5 f8 68 a0 55 ff 25 0c a5 7b b9 6a 82 3e dc 91 78 f1 99 44 a2 57 c3 ae 60 10 97 d7 e7 e3 3b 8e eb 2b dc 16 74 62 b2 71 2c 3f 2d e9 53 7a fd 3b ae 66 e5 69 b6 3a 4a db 82 a6 ec bd ee 29 bc dd fc 77 b4 3d 04 4e 3a 8a 36 3c ff af 3d b5 df df 1b ee f7 bf e9 e6 9a bd ea f7 f9 77 d4 5a d9 f0 1b 23 f3 b7 51 87 29 7c 1e 45 d4 d1 08 17 5e ab 1a de ef e3 56 fb d3 d7 7a f5 c2 ac 5e d8 a3 db c1 a3 c5 c5 Data Ascii: yG%>HD uUjILPKbwF^ur]q#w^Lo{'={{7M?}<Gb9x{77o/_=;;%j~yx:^iv~ 9\|OW{~uwku4_=\Jz^/?-px0Gbysvzsy=ps8yzzt0=<\|x689=?NFw1~1<Z\|==;:L>\|6q<p6_NW60?d0=:/''7><Fc^O3>>eOo??e)48M^iqBfh>mQX+?9yG/st_nKoX%wvCQi6atx8AZ6]Mbv+-e&z1=o{?W9p='<n*XQz3n>]nt%zwpyuNF1&)6i`i7hThU%{j>xDW`;+tbq,?-Sz;fi:J)w=N:6<=wZ#Q)\|E^Vz^

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.5	49753	103.235.47.7	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:24.240250111 CET	1320	OUT	GET /cache/fpid/lib_1_0.js?_=1700294000842 HTTP/1.1 Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Ps-Dataurlconfigqid: 0xfecfa60d001d8f36 X-Requested-With: XMLHttpRequest Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: www.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r; BD_UPN=1122314751
Nov 18, 2023 07:52:24.559505939 CET	1325	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Encoding: gzip Content-Length: 23722 Content-Type: application/javascript Date: Sat, 18 Nov 2023 06:52:24 GMT Etag: "c1ba-4fcccbac76400" Expires: Tue, 15 Nov 2033 06:52:24 GMT Last-Modified: Fri, 27 Jun 2014 08:02:24 GMT Server: Apache Vary: Accept-Encoding,User-Agent Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad bd 79 7f 1b 47 96 25 fa bf 3e 85 84 f1 48 44 11 09 c5 96 19 11 a4 20 75 ae 55 ee b1 ab 6a ca ae e5 8d cc f6 0f 1b 49 c8 dc 4c 50 8b 4b 62 7f f6 77 ce cd c4 46 91 b2 e6 f7 5e 75 9b c2 72 91 19 cb 5d ce b9 71 23 f2 dd f8 fa f1 f1 d5 77 8b c9 e3 d1 e3 8f b7 87 8f f6 8e df 5e 4c 6f 16 97 17 7b fd 8f 8b e3 bd 27 7f 3d 7b 7b b2 b8 a8 e6 37 f3 e9 4d ff 1d 84 b7 3f 18 7d 3c 99 df fc f9 ed f9 c1 fa 47 93 c1 b4 fd dd cd e9 62 39 bc 78 7b be 37 e9 f7 af e7 37 6f af 2f 1e 5f bc 3d 3b 3b e4 25 c6 87 90 b8 f9 ed 6a 7e 79 fc 78 3a 1a f5 de 5e cc e6 c7 8b 8b f9 ac d7 1f 8f 9e bf fe 69 76 84 ff 7e 1a fe f4 f3 20 39 fa c3 f3 e1 fc c3 7c 8a cb 1c ce cf 96 f3 c7 e3 d1 de c5 fc fd e3 bf cd 4f ea 0f 57 7b d3 7e 7f fd 75 77 97 f1 ab f1 6b 75 34 bc 9e 5f 9d 8d a7 f3 3d 5c 0e 17 4a 8e 9e 9f 0c 7a 83 5e ff 80 8d b8 1d 9c 8e 97 df 2f ce e7 3f a2 0d 9b b6 b7 2d df ee df 70 b1 fc b6 fe ac f9 93 c1 78 30 1b cc 47 d3 e1 f4 f2 62 79 73 fd 76 7a 73 79 3d 1a fd 70 73 bd b8 38 79 f5 7a 7a 74 30 3d 3c be bc de 9b 8d d4 e1 ec c5 7c 78 36 bf 38 b9 39 3d 9c ed ef f7 3f 4e 46 17 e3 77 8b 93 31 7e 31 3c ef 5a b0 7c 3d 7f 3d 3b 3a e2 a0 4c 9e 3e 9d 0c e7 17 e3 c9 d9 7c d6 36 a4 ff 71 3c ba f3 11 05 c7 c3 8b f1 f9 fc d3 a7 f1 70 36 5f 4e af 17 57 ec c1 aa a5 93 db db ad 36 df 0e 30 b6 b3 3f 8f df b5 bf de f4 f7 64 30 eb 7f 94 f9 18 3d 3a b9 b7 2f 27 07 27 c3 37 97 8b 8b bd de f0 0f bd 3e ba 3c 1b 8d 46 c7 63 cc c3 ab 5e ef a0 f7 d3 4f b3 de 00 33 3e da 9a 91 f1 3e 65 f7 e7 fb bd 4f f2 97 6f c6 83 de 02 3f 3f de ea fb 95 b4 65 29 e3 34 c1 38 4d 5e 1c af c6 69 82 71 42 0f a7 c3 9b f9 f2 66 ef f8 f5 e4 68 a7 8f 9f 3e 6d 7f c3 51 58 2b 18 3f 39 dc e9 79 fe af bf 1c bc 47 ef 2f df 0f 73 74 fa dd fc 5f 7f 99 bc c1 c4 0e a0 b7 fc 6e 4b 6f c7 ed 58 a0 91 f8 25 e6 77 da 76 f4 f0 e6 fa b7 8f c7 d2 43 51 69 fc 8a ca 36 1d 61 ac e6 b7 d3 f1 cd f4 74 0f c3 78 bb d1 e8 f1 93 1d 8d fe 38 9b 9f 41 99 1e 1f af 5a 36 5d 4d ce f1 ed e0 62 db 76 d0 82 ee 9b ad 2b 2d 65 26 7a af a4 31 07 cf 7f 9a 3d 6f 7b 3f ee df 0e a6 97 e7 57 e3 eb 39 0c 70 b9 3d ab f3 b6 27 b3 11 1b 3c 98 0e a8 af c7 a3 6e 18 f0 83 e5 fc db 8b 1b 2a d1 93 99 58 e8 09 c6 f4 51 f7 7a 33 98 8a 12 b3 6e a2 9e 3e 5d bd 1a 6e dd 74 25 7a df 77 d2 0e 0c d3 c9 70 79 75 b6 b8 d9 a3 f1 1d 4e 46 f3 ed b7 9c fc 31 26 7f fc e2 fb f1 cd 29 ec 01 36 d8 69 c1 60 d2 bd e8 1f 8e 69 37 68 0b 54 e2 f5 f8 68 a0 55 ff 25 0c a5 7b b9 6a 82 3e dc 91 78 f1 99 44 a2 57 c3 ae 60 10 97 d7 e7 e3 3b 8e eb 2b dc 16 74 62 b2 71 2c 3f 2d e9 53 7a fd 3b ae 66 e5 69 b6 3a 4a db 82 a6 ec bd ee 29 bc dd fc 77 b4 3d 04 4e 3a 8a 36 3c ff af 3d b5 df df 1b ee f7 bf e9 e6 9a bd ea f7 f9 77 d4 5a d9 f0 1b 23 f3 b7 51 87 29 7c 1e 45 d4 d1 08 17 5e ab 1a de ef e3 56 fb d3 d7 7a f5 c2 ac 5e d8 a3 db c1 a3 c5 c5 Data Ascii: yG%>HD uUjILPKbwF^ur]q#w^Lo{'={{7M?}<Gb9x{77o/_=;;%j~yx:^iv~ 9\|OW{~uwku4_=\Jz^/?-px0Gbysvzsy=ps8yzzt0=<\|x689=?NFw1~1<Z\|==;:L>\|6q<p6_NW60?d0=:/''7><Fc^O3>>eOo??e)48M^iqBfh>mQX+?9yG/st_nKoX%wvCQi6atx8AZ6]Mbv+-e&z1=o{?W9p='<n*XQz3n>]nt%zwpyuNF1&)6i`i7hThU%{j>xDW`;+tbq,?-Sz;fi:J)w=N:6<=wZ#Q)\|E^Vz^
Nov 18, 2023 07:52:24.559523106 CET	1326	IN	Data Raw: e2 e6 07 b1 ad 83 2d c7 cf de 7e d3 aa cf db e5 fc 3a 3f 99 5f dc 6c 19 ef fa b3 c3 6f c4 43 8a 2d e0 f5 b7 f5 bb f9 f5 a8 fd ec e9 d3 e7 df ff f0 6d fd d3 f2 0f 7b f4 e5 af 7e 9a fd a1 ff 7c d1 3a eb f5 ef fb af 44 1d 9b b3 4b 8c ce aa 6b 9a b3 Data Ascii: -~:?_loC-m{~\|:DKkvh\~A-v~\]_,f_+z}Prwpz9Z2^w9lo4?_=]7\|zx9;m}h'a
Nov 18, 2023 07:52:24.559536934 CET	1328	IN	Data Raw: fd ad 7c b7 3d bf 2b 17 f7 a6 a3 e4 20 16 b7 83 d9 db f3 f3 df f4 81 ba 3d dc c9 5b 5c 76 2f 56 6e 74 27 a4 cd 06 6b a6 09 56 74 f8 e8 ce 2f b7 41 c8 e8 ae 2e 4e 76 bd ff b8 a3 95 6d 10 06 fc bf b8 c1 cf f9 db 51 17 fa c5 31 7c 9c 0c df b7 1f af Data Ascii: \|=+ =[\v/Vnt'kVt/A.NvmQ1\|Qig3n_w5z LG^4hr 7<onSgW\|uq]o/FzSJpoW7<#7PcN?n>gdKJN}
Nov 18, 2023 07:52:24.559550047 CET	1328	IN	Data Raw: f8 74 85 99 7a 00 42 03 a3 19 d2 f9 53 36 76 3c fc 23 e6 77 7c bd 20 2d df eb 7d d3 29 6f 0f 8e 7a fd 63 a1 74 13 04 51 74 6f 76 57 fb 27 e2 8a 0e 77 34 ff 64 4b f3 37 0b dc c2 3c ef 58 c1 5a cb bf e0 ff 17 d7 73 2e ee 6e fc ff 0f ff e4 a2 86 fc Data Ascii: tzBS6v<#w\| -})ozctQtovW'w4dK7<XZs.n,+tQmb*uP>jScYPP}\ ;j;`A"kS7yArl0-wE<VYjfPkM/~ODh>w>m#Gz/O.gH0
Nov 18, 2023 07:52:24.559562922 CET	1329	IN	Data Raw: e6 24 e2 0e 3b 0c 7c b8 9d 01 59 a5 f1 58 db f1 f4 a9 54 78 6c e5 d2 ba 8a 8f 4d ba ed ae c0 e1 fa a7 13 f6 a3 2f 7f 3f fb 45 bf 85 a1 f8 aa 93 03 a0 c3 77 7f 06 c6 5c 71 df 11 58 c5 c7 f6 3b d2 8e 8b 1b 7e b9 73 a1 f6 06 87 93 cd 78 c9 45 bb d1 Data Ascii: $;\|YXTxlM/?Ew\qX;~sxE[vV;;3:\nYJ'[V:]gPNe;#n{^]qoWGrjR3b6;U>ELi)~wJ#z^
Nov 18, 2023 07:52:24.559577942 CET	1331	IN	Data Raw: 14 b8 96 ff 75 30 1b 2c 07 37 83 eb 75 ed f7 af 92 bb 9a c9 df e5 fe 62 ef a6 8f 3f d7 5c 61 e0 0a d2 c5 d6 ad 06 cb 56 c1 7f 1d 5c 8f ce 99 cb 52 af 96 07 32 f1 33 16 61 f0 b5 96 d7 46 5e 1b 79 6d e5 b5 95 d7 4e 5e bb a3 36 3c ae 38 cf 3d 03 88 Data Ascii: u0,7ub?\aV\R23aF^ymN^6<8=wHGNanVgm/}Hk@y1~i/0NoQ[dx]MjShO0f2X2J2<2.2 _&-?]+gn@z{
Nov 18, 2023 07:52:24.559592009 CET	1332	IN	Data Raw: ea d5 03 ad 73 d2 3a 6d bc 09 11 6a f4 50 e3 bc b4 0d 97 4b 5d f4 62 2e f7 b7 4d b5 6d d3 2a 62 74 55 e6 d4 43 ad b3 6c 1e 26 d4 f8 a8 bd bb bf 71 ed c0 d9 34 40 77 8d 31 0f 34 cd b6 4d 83 44 6a 74 f4 f1 81 a6 65 d2 32 9f 29 13 75 80 d0 a3 7b db Data Ascii: s:mjPK]b.Mm*btUCl&q4@w14MDjte2)u{en9F`Aw6whzi\|jGCft2lD2Yu MEG>x@sgqpNuSN}imQhmpF68+
Nov 18, 2023 07:52:24.559606075 CET	1333	IN	Data Raw: ee 0c 00 97 9e 76 0f 58 bb 57 47 56 2b 10 77 86 61 fe e1 66 7e 7d 31 3e 7b fa 74 f5 6a 78 be da 35 dd 2c ce f0 11 10 5b 67 ed 5f 23 b3 b7 39 3a ab 6b ec 78 dd d8 27 ea 76 af bf 2a 32 bc de 7b dd fb db bb 37 b3 b3 bf bf b9 40 b4 ec d5 c7 ef 27 e7 Data Ascii: vXWGV+waf~}1>{tjx5,[g_#9:kx'v*2{7@'G,fg&'777>z>-<z3)wd`rwsr7:=?quFToZoy?7o.{GgJ7/KmYvet:[
Nov 18, 2023 07:52:24.559711933 CET	1335	IN	Data Raw: 2b 6b 3d ac a2 b0 39 f7 5a 6b 97 8b 18 54 b7 41 b3 52 f6 af 8c 4e 63 3a 8d c7 7c 64 b6 4c 7d b4 ba 14 ed 2d d3 3a e7 64 e9 da 72 df a9 29 93 22 a6 3e 49 33 e8 91 87 8e a3 b9 22 96 d5 d6 6a 9d c4 50 34 49 ad 68 3c 59 63 92 a6 c9 52 5d c7 3c c7 5c Data Ascii: +k=9ZkTARNc:\|dL}-:dr)">I3"jP4Ih<YcR]<\TKjC0 Ox/R6!,u%>y+V9-!M[=nR&u(U;_qk5iUh2)Fe\.`7E)/PO/=6d201eI$BU
Nov 18, 2023 07:52:24.559726000 CET	1336	IN	Data Raw: 70 f8 2e 43 d8 8d ce c1 09 04 0f 1d 03 ea 34 69 2b d6 84 bc 62 84 87 41 41 c9 11 f5 01 d1 23 22 44 5e 35 30 04 e0 7a 5a 16 5c 04 42 0e e2 5e 03 e4 87 41 85 55 e4 01 51 a6 54 f0 e3 b4 86 bc 6c 44 0c b4 40 41 f9 3d 5c 13 38 00 c4 10 98 c9 43 00 6e Data Ascii: p.C4i+bAA#"D^50zZ\B^AUQTlD@A=\8Cnqw@MaYF:+[!$p\XLyhXb!@Tt&Ha.C#<GnR"a*R@ 9zQ!e`IUE(Vr
Nov 18, 2023 07:52:24.559739113 CET	1337	IN	Data Raw: 58 ce db c8 9c c6 0a d3 00 ff 6d 01 32 c1 60 10 4a a3 e2 e6 6d ab 75 d1 14 85 cd 1b a2 1a 34 da 29 7a aa a8 a0 9b 36 85 89 a2 ad 00 4a 05 42 3e 68 b5 8a 8d 28 52 8e 46 80 b5 24 e0 5b cc 45 12 d0 02 38 83 67 09 af 57 08 36 32 0b 79 63 33 26 4b 81 Data Ascii: Xm2`Jmu4)z6JB>h(RF$[E8gW62yc3&KjXXQkUgh4&Am298@xr[]p{4O2Y49Mo&lKO`Ki_:a%"~;Gj<Oe1
Nov 18, 2023 07:52:24.770695925 CET	1414	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Encoding: gzip Content-Length: 23722 Content-Type: application/javascript Date: Sat, 18 Nov 2023 06:52:24 GMT Etag: "c1ba-4fcccbac76400" Expires: Tue, 15 Nov 2033 06:52:24 GMT Last-Modified: Fri, 27 Jun 2014 08:02:24 GMT Server: Apache Vary: Accept-Encoding,User-Agent Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad bd 79 7f 1b 47 96 25 fa bf 3e 85 84 f1 48 44 11 09 c5 96 19 11 a4 20 75 ae 55 ee b1 ab 6a ca ae e5 8d cc f6 0f 1b 49 c8 dc 4c 50 8b 4b 62 7f f6 77 ce cd c4 46 91 b2 e6 f7 5e 75 9b c2 72 91 19 cb 5d ce b9 71 23 f2 dd f8 fa f1 f1 d5 77 8b c9 e3 d1 e3 8f b7 87 8f f6 8e df 5e 4c 6f 16 97 17 7b fd 8f 8b e3 bd 27 7f 3d 7b 7b b2 b8 a8 e6 37 f3 e9 4d ff 1d 84 b7 3f 18 7d 3c 99 df fc f9 ed f9 c1 fa 47 93 c1 b4 fd dd cd e9 62 39 bc 78 7b be 37 e9 f7 af e7 37 6f af 2f 1e 5f bc 3d 3b 3b e4 25 c6 87 90 b8 f9 ed 6a 7e 79 fc 78 3a 1a f5 de 5e cc e6 c7 8b 8b f9 ac d7 1f 8f 9e bf fe 69 76 84 ff 7e 1a fe f4 f3 20 39 fa c3 f3 e1 fc c3 7c 8a cb 1c ce cf 96 f3 c7 e3 d1 de c5 fc fd e3 bf cd 4f ea 0f 57 7b d3 7e 7f fd 75 77 97 f1 ab f1 6b 75 34 bc 9e 5f 9d 8d a7 f3 3d 5c 0e 17 4a 8e 9e 9f 0c 7a 83 5e ff 80 8d b8 1d 9c 8e 97 df 2f ce e7 3f a2 0d 9b b6 b7 2d df ee df 70 b1 fc b6 fe ac f9 93 c1 78 30 1b cc 47 d3 e1 f4 f2 62 79 73 fd 76 7a 73 79 3d 1a fd 70 73 bd b8 38 79 f5 7a 7a 74 30 3d 3c be bc de 9b 8d d4 e1 ec c5 7c 78 36 bf 38 b9 39 3d 9c ed ef f7 3f 4e 46 17 e3 77 8b 93 31 7e 31 3c ef 5a b0 7c 3d 7f 3d 3b 3a e2 a0 4c 9e 3e 9d 0c e7 17 e3 c9 d9 7c d6 36 a4 ff 71 3c ba f3 11 05 c7 c3 8b f1 f9 fc d3 a7 f1 70 36 5f 4e af 17 57 ec c1 aa a5 93 db db ad 36 df 0e 30 b6 b3 3f 8f df b5 bf de f4 f7 64 30 eb 7f 94 f9 18 3d 3a b9 b7 2f 27 07 27 c3 37 97 8b 8b bd de f0 0f bd 3e ba 3c 1b 8d 46 c7 63 cc c3 ab 5e ef a0 f7 d3 4f b3 de 00 33 3e da 9a 91 f1 3e 65 f7 e7 fb bd 4f f2 97 6f c6 83 de 02 3f 3f de ea fb 95 b4 65 29 e3 34 c1 38 4d 5e 1c af c6 69 82 71 42 0f a7 c3 9b f9 f2 66 ef f8 f5 e4 68 a7 8f 9f 3e 6d 7f c3 51 58 2b 18 3f 39 dc e9 79 fe af bf 1c bc 47 ef 2f df 0f 73 74 fa dd fc 5f 7f 99 bc c1 c4 0e a0 b7 fc 6e 4b 6f c7 ed 58 a0 91 f8 25 e6 77 da 76 f4 f0 e6 fa b7 8f c7 d2 43 51 69 fc 8a ca 36 1d 61 ac e6 b7 d3 f1 cd f4 74 0f c3 78 bb d1 e8 f1 93 1d 8d fe 38 9b 9f 41 99 1e 1f af 5a 36 5d 4d ce f1 ed e0 62 db 76 d0 82 ee 9b ad 2b 2d 65 26 7a af a4 31 07 cf 7f 9a 3d 6f 7b 3f ee df 0e a6 97 e7 57 e3 eb 39 0c 70 b9 3d ab f3 b6 27 b3 11 1b 3c 98 0e a8 af c7 a3 6e 18 f0 83 e5 fc db 8b 1b 2a d1 93 99 58 e8 09 c6 f4 51 f7 7a 33 98 8a 12 b3 6e a2 9e 3e 5d bd 1a 6e dd 74 25 7a df 77 d2 0e 0c d3 c9 70 79 75 b6 b8 d9 a3 f1 1d 4e 46 f3 ed b7 9c fc 31 26 7f fc e2 fb f1 cd 29 ec 01 36 d8 69 c1 60 d2 bd e8 1f 8e 69 37 68 0b 54 e2 f5 f8 68 a0 55 ff 25 0c a5 7b b9 6a 82 3e dc 91 78 f1 99 44 a2 57 c3 ae 60 10 97 d7 e7 e3 3b 8e eb 2b dc 16 74 62 b2 71 2c 3f 2d e9 53 7a fd 3b ae 66 e5 69 b6 3a 4a db 82 a6 ec bd ee 29 bc dd fc 77 b4 3d 04 4e 3a 8a 36 3c ff af 3d b5 df df 1b ee f7 bf e9 e6 9a bd ea f7 f9 77 d4 5a d9 f0 1b 23 f3 b7 51 87 29 7c 1e 45 d4 d1 08 17 5e ab 1a de ef e3 56 fb d3 d7 7a f5 c2 ac 5e d8 a3 db c1 a3 c5 c5 Data Ascii: yG%>HD uUjILPKbwF^ur]q#w^Lo{'={{7M?}<Gb9x{77o/_=;;%j~yx:^iv~ 9\|OW{~uwku4_=\Jz^/?-px0Gbysvzsy=ps8yzzt0=<\|x689=?NFw1~1<Z\|==;:L>\|6q<p6_NW60?d0=:/''7><Fc^O3>>eOo??e)48M^iqBfh>mQX+?9yG/st_nKoX%wvCQi6atx8AZ6]Mbv+-e&z1=o{?W9p='<n*XQz3n>]nt%zwpyuNF1&)6i`i7hThU%{j>xDW`;+tbq,?-Sz;fi:J)w=N:6<=wZ#Q)\|E^Vz^

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.5	49756	111.225.213.38	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:24.330024004 CET	1323	OUT	GET /96c9c06653ba892e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: hectorstatic.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Nov 18, 2023 07:52:24.675431013 CET	1386	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 26268 Connection: keep-alive Expires: Sat, 18 Nov 2023 07:07:42 GMT Last-Modified: Fri, 17 Nov 2023 11:27:15 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 2682 Accept-Ranges: bytes Ohc-Global-Saved-Time: Sat, 18 Nov 2023 06:07:42 GMT Ohc-Upstream-Trace: 111.225.213.51 Ohc-Cache-HIT: lf6ct51 [2], bdix189 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 26268 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 77 db 38 f2 28 f8 ff 7e 8a f4 b9 3b 91 d4 56 d2 04 f8 8e 5b fd 3b 71 e2 67 12 27 96 6d d9 96 6f 7a 0e 1f a0 ad 58 0f 8f 25 c7 76 27 d9 cf be 40 15 08 92 00 29 cb e9 9e bb 3b d3 49 44 14 50 28 14 0a f5 02 08 b6 b3 db 69 b2 18 cd a6 ed ce b7 67 ed f2 c3 d7 e8 e6 d9 bf ad 7b 3b b0 b2 de 79 2b 99 84 56 6c 1f f4 5a dd d6 01 0d 49 3c 85 9f 87 d6 35 3d 39 3e 13 3f cf 4e fb 5f a2 4d 0b 7e da 07 17 07 a7 bb e2 e7 bb 43 f7 3a 9e 40 dd e1 49 ff fa ec f0 02 7e 1e 8f 17 67 27 89 f8 f9 7e da 9f 25 93 40 fc cc de f6 83 0f 3b 77 50 61 b2 98 1f 4f 3e 40 6f 93 2d 2b dd 3e 16 3f e3 c9 fe ce 70 0a 78 8f c7 fd b7 fd 13 07 7a 3b 5e 8c d9 29 d4 4d 4f dc ab e1 c9 19 f6 46 c6 92 c8 0f 47 7b 39 de 78 f4 fa 72 f7 04 49 3f 71 ad 21 12 39 3c b9 9f bc 47 bc 09 1d 58 07 d3 2b c0 7b 92 2e 86 d8 45 ba 49 c6 c3 6d 28 8d 29 19 a7 3b 50 37 b6 f7 2e 87 14 28 8b c6 5b 5f 06 db 9b e2 e7 ee ce fc 22 99 40 69 7f 3a be 4b 76 60 c4 67 f4 f2 32 b9 02 22 e3 69 7f fe 7e 8a f4 ee 0c 1e 86 27 50 77 6f 7a 10 02 17 2f 2f 77 77 2c 49 eb 28 a1 c8 af d3 bd b7 67 72 88 3b 7b 5f e3 ed 3b e4 d7 46 f0 e1 a2 07 fd 0f b6 1e 0e 90 8b f1 f6 e0 af e4 01 68 fd 74 b8 41 72 e6 4f ee 4f cf 28 60 f8 70 75 30 7b 77 34 97 3c 98 c4 7f c1 cf 83 d3 c1 55 74 02 18 d2 ad 21 3d 3a 45 8e 5f ed d3 21 81 89 4a ec fe 65 8a 3c 10 1d ef bf ee 21 eb c2 c9 ee d6 3c 9f 92 63 9c a8 e8 64 7c 39 44 61 39 9b 84 0f e9 16 92 7e ba 6f ed 6e 03 eb d2 37 7b e1 bb 83 1e fe bc b8 93 3f df bf 11 f4 42 17 c9 c3 c6 5f d1 e9 0c 59 77 7f 99 d8 80 21 d9 49 ad c1 36 70 67 b0 b9 7f 93 20 65 7c a2 3e 9e 9d 40 29 9f e6 bf b2 b7 07 48 c3 c1 45 84 b3 73 40 f6 8f 8e 71 ce ce e8 60 2e 10 8d dc 51 bc 83 43 b4 2f 46 ef 27 d0 fa 98 f3 96 ed 40 ff 1f a6 77 f7 1f 4e 81 cd fd c9 f5 fd c0 de c4 d1 2a 91 00 49 c2 29 e1 b3 73 1c 61 ff f1 c9 e2 ae 7f 0c 78 f7 ed bb fb ec ed 19 f2 76 e3 2e 46 ce a4 9b fd eb 5c 3a 26 fb fb a9 0d 43 4c b7 c3 0f 31 ce ce d9 60 df 92 15 38 0d 7c 30 9b b8 4a 36 2e 87 c8 c5 01 1d d8 7d 4b 8a da f0 32 19 bd 06 64 57 64 5b b1 c3 bd 4e 51 16 07 83 c1 cd c1 00 d7 c3 f6 60 12 21 e9 c9 ce e0 af 33 0a a5 bb a3 bb 8b 18 85 25 b6 fb 6e 82 44 0e f9 d2 10 25 9b 83 fe 81 8d 64 6f 0f ae 06 13 c0 79 6a 2d ae 40 a0 fa e3 23 eb 0e d9 b6 75 7b Data Ascii: {w8(~;V[;qg'mozX%v'@);IDP(ig{;y+VlZI<5=9>?N_M~C:@I~g'~%@;wPaO>@o-+>?pxz;^)MOFG{9xrI?q!9<GX+{.EIm();P7.([_"@i:Kv`g2"i~'Pwoz//ww,I(gr;{_;FhtArOO(`pu0{w4<Ut!=:E_!Je<!<cd\|9Da9~on7{?B_Yw!I6pg e\|>@)HEs@q`.QC/F'@wN*I)saxv.F\:&CL1`8\|0J6.}K2dWd[NQ`!3%nD%doyj-@#u{
Nov 18, 2023 07:52:24.675445080 CET	1388	IN	Data Raw: b4 09 03 39 dc d9 78 7b 60 e5 48 a6 e9 36 88 ef 60 6b fc e9 70 13 07 32 19 df 9e 51 5c e3 f6 d0 39 da 81 66 11 b9 bc 3e a3 52 7c ef 2e 76 8f 2c c4 70 e0 a3 40 df 4a 61 ca de 6e 05 1f ee 40 56 76 b7 c7 b7 89 14 b1 e9 75 3f a2 20 83 ef de ec 39 ef Data Ascii: 9x{`H6`kp2Q\9f>R\|.v,p@Jan@Vvu? 9F:wll}.p6lp;E]*;1/TT\|p_?\vMAT8I=B1Ef&c`Gr5>&UrSubE2=iuHs:q
Nov 18, 2023 07:52:24.675575018 CET	1389	IN	Data Raw: 6d 78 29 ba ee 07 76 3a 4a af e6 92 c8 69 1f dd 90 ec ed 20 e0 9c 44 1a 06 8e e8 f4 f0 ea 56 ea 98 64 b0 bf 75 80 52 f1 71 14 7c 8d 90 1d 87 3c 70 49 50 cf 25 c7 e9 88 61 38 72 76 02 56 fb f8 c4 3d 1e a0 3e 04 1f 55 1a 8d ed 74 73 88 d1 c6 19 0d Data Ascii: mx)v:Ji DVduRq\|<pIP%a8rvV=>Uts:B-v.;w;%LJ3x>r@hz'MVOPCXRp=dIk/iGC6Hgp\&p?W$"\|/6%2J9XZ1g4%R
Nov 18, 2023 07:52:24.675586939 CET	1390	IN	Data Raw: 55 b6 31 4e 90 1c ee 35 58 d2 0a 70 bf cf 62 c8 a4 13 62 71 57 01 ed e8 56 ff f0 0c 95 96 70 d5 64 94 fe ee ed ee dd 87 23 f4 25 26 fb 73 99 47 3a da 1e 6f c6 9b 68 94 1f 5e f3 d5 2f bd ec fb 14 b5 d4 75 2a d5 39 b7 0b 91 b4 0b d3 21 4d 30 15 de Data Ascii: U1N5XpbbqWVpd#%&sG:oh^/u9!M0;2xct;5Ud7'VH]<,'2mk:;bV8/rR0dh"&8cz_C97{0JT<ZuwgpI#[
Nov 18, 2023 07:52:24.675600052 CET	1392	IN	Data Raw: 17 8b 03 0b b7 46 4e 45 6c 8c a1 dc a4 7f 70 84 f1 63 72 12 6e 46 98 56 4b 4f f7 73 96 f4 37 c3 7d a9 43 86 c2 06 3f 58 92 51 9c 25 e8 80 8f dc 3b 29 ca 7c f0 07 f2 0c 82 c8 3d 26 18 04 9c 4d b6 ae f3 79 e3 e6 42 c6 19 c2 91 91 06 5d c4 2e 67 b9 Data Ascii: FNElpcrnFVKOs7}C?XQ%;)\|=&MyB].gejI.q7y\8bDM'r^ep1bIle2{ww~_:-V._-el`]d6{0!vzr<zrurSR-8~{r#lP<U
Nov 18, 2023 07:52:24.675611973 CET	1393	IN	Data Raw: 84 46 15 b4 08 5b 53 b0 46 b4 69 a0 cf 20 75 1a 87 16 1b fc 26 49 ec 04 1e d0 40 1c 8b 7a 65 1a 10 f6 9b 82 35 d1 10 c4 c6 c8 5c 9f d8 3e f8 17 4e 10 bb 4e 65 64 00 6b 17 b0 42 83 3a 41 14 b9 a4 a7 3a c9 cb 5d cb e3 36 be a7 6a 98 22 5c 2d e1 73 Data Ascii: F[SFi u&I@ze5\>NNedkB:A:]6j"\-s^r2066^!pqpW%],q',)8ghziB?8kORZ^#O*CC95P),Z,eM5U#ufO=$,7B$h:>w[UbgG
Nov 18, 2023 07:52:24.675622940 CET	1394	IN	Data Raw: 00 d6 2e 60 eb 0d 78 49 10 99 89 2c 8b 3b 84 c0 11 1e 05 39 0e fe 62 dc 25 ac a6 b4 44 ad 76 5d ad 42 d4 82 28 b6 32 f4 7f a0 e7 c2 27 a5 89 c7 7a d3 db f1 78 dd 64 77 6e bc 5c 97 24 d2 a5 cf d5 66 68 f9 96 db 53 ac ce f7 f6 00 1d cc 13 f6 68 72 Data Ascii: .`xI,;9b%Dv]B(2'zxdwn\$fhShrYts4-%F~'8ra,f4?d&}6/^$th>T2U 4&7Rg30Ea442;*0>"?tvDN5k?hfrj.
Nov 18, 2023 07:52:24.675636053 CET	1396	IN	Data Raw: 43 63 ca dd 3f f0 0d 52 2f b2 ec 8a 23 83 b0 e7 0a d6 a8 99 cd 64 5a ec 26 a8 bf a8 1f 52 d7 ae 4a 98 80 81 84 21 b0 79 3d 98 0a cc a3 01 4b 30 ab 99 92 a0 22 b9 08 5b 53 b0 46 de a6 06 13 6c cf 75 03 14 b1 28 25 d5 2d 27 84 3d 1b 4d e7 8b 68 9a Data Ascii: Cc?R/#dZ&RJ!y=K0"[SFlu(%-'=MhYLUkH7rTjyU N[TOen2$Jm`8E&M50TMzAMLKj;nDajX.TeC4hU>TFg<9!Xsktz)&
Nov 18, 2023 07:52:24.675651073 CET	1397	IN	Data Raw: 2a 6b 11 b6 a6 60 cd 89 61 33 e8 70 a8 15 cb ec 4e 1a f9 55 67 13 60 cf 15 ac 31 c3 65 10 4b 89 e3 47 60 73 28 89 bd b0 ba f5 00 b0 7f 29 58 a3 5b 68 9e b0 e2 5e 64 8c 31 87 17 72 d9 af e6 4a 04 ac 5d c0 9a 13 67 c6 0b e9 91 f6 62 22 f5 1a 23 d7 Data Ascii: *k`a3pNUg`1eKG`s()X[h^d1rJ]gb"#3\|x5D5mQ;~UI8BOT}`=WfW#L\+nTDak.8G`kl7Cq`fe.\DUi(E`hr0
Nov 18, 2023 07:52:24.675662041 CET	1398	IN	Data Raw: 88 f5 93 04 6f a7 94 2c 8c 9b a5 21 69 98 23 78 39 e5 91 39 22 16 f3 3d 7f a9 0e 17 3d 9c ab aa 95 39 2a c5 9d 71 60 ab 09 90 b8 45 99 a9 d8 b9 fe c6 9e 96 af 25 9a 04 41 04 29 2f 9c b8 86 b5 54 dc a5 92 58 71 0c b7 c5 d4 d4 d7 37 10 c3 a0 d2 8b Data Ascii: o,!i#x99"==9*q`E%A)/TXq7IcAq;15[3O:]$3<~J&mI//Z\L\9[!DW;A&-%T\K4DF:~h1EEoT;Mv;q;xL4!
Nov 18, 2023 07:52:24.675676107 CET	1400	IN	Data Raw: 8e a1 d2 ef a3 97 bc d7 63 2c 58 59 5c 6b 9b 44 9c a8 86 84 9e a7 a3 ad db f4 8b 43 6b 69 c2 18 7b 38 57 55 eb 92 fa 0e f1 22 16 d5 64 1d 49 a9 0a b3 ad b0 f9 03 3f 7e e6 46 f0 45 15 34 be e7 f5 73 55 af 21 f4 94 74 91 0e b5 a3 84 9b 22 33 a3 52 Data Ascii: c,XY\kDCki{8WU"dI?~FE4sU!t"3R-{{1OvSCHD-%Vw]={<[/A`.\/32u]`R4Ob&A][&cxUchgbK`4\M;Di\?h
Nov 18, 2023 07:52:24.882680893 CET	1435	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 26268 Connection: keep-alive Expires: Sat, 18 Nov 2023 07:07:42 GMT Last-Modified: Fri, 17 Nov 2023 11:27:15 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 2682 Accept-Ranges: bytes Ohc-Global-Saved-Time: Sat, 18 Nov 2023 06:07:42 GMT Ohc-Upstream-Trace: 111.225.213.51 Ohc-Cache-HIT: lf6ct51 [2], bdix189 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 26268 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 77 db 38 f2 28 f8 ff 7e 8a f4 b9 3b 91 d4 56 d2 04 f8 8e 5b fd 3b 71 e2 67 12 27 96 6d d9 96 6f 7a 0e 1f a0 ad 58 0f 8f 25 c7 76 27 d9 cf be 40 15 08 92 00 29 cb e9 9e bb 3b d3 49 44 14 50 28 14 0a f5 02 08 b6 b3 db 69 b2 18 cd a6 ed ce b7 67 ed f2 c3 d7 e8 e6 d9 bf ad 7b 3b b0 b2 de 79 2b 99 84 56 6c 1f f4 5a dd d6 01 0d 49 3c 85 9f 87 d6 35 3d 39 3e 13 3f cf 4e fb 5f a2 4d 0b 7e da 07 17 07 a7 bb e2 e7 bb 43 f7 3a 9e 40 dd e1 49 ff fa ec f0 02 7e 1e 8f 17 67 27 89 f8 f9 7e da 9f 25 93 40 fc cc de f6 83 0f 3b 77 50 61 b2 98 1f 4f 3e 40 6f 93 2d 2b dd 3e 16 3f e3 c9 fe ce 70 0a 78 8f c7 fd b7 fd 13 07 7a 3b 5e 8c d9 29 d4 4d 4f dc ab e1 c9 19 f6 46 c6 92 c8 0f 47 7b 39 de 78 f4 fa 72 f7 04 49 3f 71 ad 21 12 39 3c b9 9f bc 47 bc 09 1d 58 07 d3 2b c0 7b 92 2e 86 d8 45 ba 49 c6 c3 6d 28 8d 29 19 a7 3b 50 37 b6 f7 2e 87 14 28 8b c6 5b 5f 06 db 9b e2 e7 ee ce fc 22 99 40 69 7f 3a be 4b 76 60 c4 67 f4 f2 32 b9 02 22 e3 69 7f fe 7e 8a f4 ee 0c 1e 86 27 50 77 6f 7a 10 02 17 2f 2f 77 77 2c 49 eb 28 a1 c8 af d3 bd b7 67 72 88 3b 7b 5f e3 ed 3b e4 d7 46 f0 e1 a2 07 fd 0f b6 1e 0e 90 8b f1 f6 e0 af e4 01 68 fd 74 b8 41 72 e6 4f ee 4f cf 28 60 f8 70 75 30 7b 77 34 97 3c 98 c4 7f c1 cf 83 d3 c1 55 74 02 18 d2 ad 21 3d 3a 45 8e 5f ed d3 21 81 89 4a ec fe 65 8a 3c 10 1d ef bf ee 21 eb c2 c9 ee d6 3c 9f 92 63 9c a8 e8 64 7c 39 44 61 39 9b 84 0f e9 16 92 7e ba 6f ed 6e 03 eb d2 37 7b e1 bb 83 1e fe bc b8 93 3f df bf 11 f4 42 17 c9 c3 c6 5f d1 e9 0c 59 77 7f 99 d8 80 21 d9 49 ad c1 36 70 67 b0 b9 7f 93 20 65 7c a2 3e 9e 9d 40 29 9f e6 bf b2 b7 07 48 c3 c1 45 84 b3 73 40 f6 8f 8e 71 ce ce e8 60 2e 10 8d dc 51 bc 83 43 b4 2f 46 ef 27 d0 fa 98 f3 96 ed 40 ff 1f a6 77 f7 1f 4e 81 cd fd c9 f5 fd c0 de c4 d1 2a 91 00 49 c2 29 e1 b3 73 1c 61 ff f1 c9 e2 ae 7f 0c 78 f7 ed bb fb ec ed 19 f2 76 e3 2e 46 ce a4 9b fd eb 5c 3a 26 fb fb a9 0d 43 4c b7 c3 0f 31 ce ce d9 60 df 92 15 38 0d 7c 30 9b b8 4a 36 2e 87 c8 c5 01 1d d8 7d 4b 8a da f0 32 19 bd 06 64 57 64 5b b1 c3 bd 4e 51 16 07 83 c1 cd c1 00 d7 c3 f6 60 12 21 e9 c9 ce e0 af 33 0a a5 bb a3 bb 8b 18 85 25 b6 fb 6e 82 44 0e f9 d2 10 25 9b 83 fe 81 8d 64 6f 0f ae 06 13 c0 79 6a 2d ae 40 a0 fa e3 23 eb 0e d9 b6 75 7b Data Ascii: {w8(~;V[;qg'mozX%v'@);IDP(ig{;y+VlZI<5=9>?N_M~C:@I~g'~%@;wPaO>@o-+>?pxz;^)MOFG{9xrI?q!9<GX+{.EIm();P7.([_"@i:Kv`g2"i~'Pwoz//ww,I(gr;{_;FhtArOO(`pu0{w4<Ut!=:E_!Je<!<cd\|9Da9~on7{?B_Yw!I6pg e\|>@)HEs@q`.QC/F'@wN*I)saxv.F\:&CL1`8\|0J6.}K2dWd[NQ`!3%nD%doyj-@#u{
Nov 18, 2023 07:52:24.986748934 CET	1448	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 26268 Connection: keep-alive Expires: Sat, 18 Nov 2023 07:07:42 GMT Last-Modified: Fri, 17 Nov 2023 11:27:15 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 2682 Accept-Ranges: bytes Ohc-Global-Saved-Time: Sat, 18 Nov 2023 06:07:42 GMT Ohc-Upstream-Trace: 111.225.213.51 Ohc-Cache-HIT: lf6ct51 [2], bdix189 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 26268 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 77 db 38 f2 28 f8 ff 7e 8a f4 b9 3b 91 d4 56 d2 04 f8 8e 5b fd 3b 71 e2 67 12 27 96 6d d9 96 6f 7a 0e 1f a0 ad 58 0f 8f 25 c7 76 27 d9 cf be 40 15 08 92 00 29 cb e9 9e bb 3b d3 49 44 14 50 28 14 0a f5 02 08 b6 b3 db 69 b2 18 cd a6 ed ce b7 67 ed f2 c3 d7 e8 e6 d9 bf ad 7b 3b b0 b2 de 79 2b 99 84 56 6c 1f f4 5a dd d6 01 0d 49 3c 85 9f 87 d6 35 3d 39 3e 13 3f cf 4e fb 5f a2 4d 0b 7e da 07 17 07 a7 bb e2 e7 bb 43 f7 3a 9e 40 dd e1 49 ff fa ec f0 02 7e 1e 8f 17 67 27 89 f8 f9 7e da 9f 25 93 40 fc cc de f6 83 0f 3b 77 50 61 b2 98 1f 4f 3e 40 6f 93 2d 2b dd 3e 16 3f e3 c9 fe ce 70 0a 78 8f c7 fd b7 fd 13 07 7a 3b 5e 8c d9 29 d4 4d 4f dc ab e1 c9 19 f6 46 c6 92 c8 0f 47 7b 39 de 78 f4 fa 72 f7 04 49 3f 71 ad 21 12 39 3c b9 9f bc 47 bc 09 1d 58 07 d3 2b c0 7b 92 2e 86 d8 45 ba 49 c6 c3 6d 28 8d 29 19 a7 3b 50 37 b6 f7 2e 87 14 28 8b c6 5b 5f 06 db 9b e2 e7 ee ce fc 22 99 40 69 7f 3a be 4b 76 60 c4 67 f4 f2 32 b9 02 22 e3 69 7f fe 7e 8a f4 ee 0c 1e 86 27 50 77 6f 7a 10 02 17 2f 2f 77 77 2c 49 eb 28 a1 c8 af d3 bd b7 67 72 88 3b 7b 5f e3 ed 3b e4 d7 46 f0 e1 a2 07 fd 0f b6 1e 0e 90 8b f1 f6 e0 af e4 01 68 fd 74 b8 41 72 e6 4f ee 4f cf 28 60 f8 70 75 30 7b 77 34 97 3c 98 c4 7f c1 cf 83 d3 c1 55 74 02 18 d2 ad 21 3d 3a 45 8e 5f ed d3 21 81 89 4a ec fe 65 8a 3c 10 1d ef bf ee 21 eb c2 c9 ee d6 3c 9f 92 63 9c a8 e8 64 7c 39 44 61 39 9b 84 0f e9 16 92 7e ba 6f ed 6e 03 eb d2 37 7b e1 bb 83 1e fe bc b8 93 3f df bf 11 f4 42 17 c9 c3 c6 5f d1 e9 0c 59 77 7f 99 d8 80 21 d9 49 ad c1 36 70 67 b0 b9 7f 93 20 65 7c a2 3e 9e 9d 40 29 9f e6 bf b2 b7 07 48 c3 c1 45 84 b3 73 40 f6 8f 8e 71 ce ce e8 60 2e 10 8d dc 51 bc 83 43 b4 2f 46 ef 27 d0 fa 98 f3 96 ed 40 ff 1f a6 77 f7 1f 4e 81 cd fd c9 f5 fd c0 de c4 d1 2a 91 00 49 c2 29 e1 b3 73 1c 61 ff f1 c9 e2 ae 7f 0c 78 f7 ed bb fb ec ed 19 f2 76 e3 2e 46 ce a4 9b fd eb 5c 3a 26 fb fb a9 0d 43 4c b7 c3 0f 31 ce ce d9 60 df 92 15 38 0d 7c 30 9b b8 4a 36 2e 87 c8 c5 01 1d d8 7d 4b 8a da f0 32 19 bd 06 64 57 64 5b b1 c3 bd 4e 51 16 07 83 c1 cd c1 00 d7 c3 f6 60 12 21 e9 c9 ce e0 af 33 0a a5 bb a3 bb 8b 18 85 25 b6 fb 6e 82 44 0e f9 d2 10 25 9b 83 fe 81 8d 64 6f 0f ae 06 13 c0 79 6a 2d ae 40 a0 fa e3 23 eb 0e d9 b6 75 7b Data Ascii: {w8(~;V[;qg'mozX%v'@);IDP(ig{;y+VlZI<5=9>?N_M~C:@I~g'~%@;wPaO>@o-+>?pxz;^)MOFG{9xrI?q!9<GX+{.EIm();P7.([_"@i:Kv`g2"i~'Pwoz//ww,I(gr;{_;FhtArOO(`pu0{w4<Ut!=:E_!Je<!<cd\|9Da9~on7{?B_Yw!I6pg e\|>@)HEs@q`.QC/F'@wN*I)saxv.F\:&CL1`8\|0J6.}K2dWd[NQ`!3%nD%doyj-@#u{

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	111.225.213.38	80	192.168.2.5	49756	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:24.330024004 CET	1323	OUT	GET /96c9c06653ba892e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: hectorstatic.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Nov 18, 2023 07:52:24.675431013 CET	1386	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 26268 Connection: keep-alive Expires: Sat, 18 Nov 2023 07:07:42 GMT Last-Modified: Fri, 17 Nov 2023 11:27:15 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 2682 Accept-Ranges: bytes Ohc-Global-Saved-Time: Sat, 18 Nov 2023 06:07:42 GMT Ohc-Upstream-Trace: 111.225.213.51 Ohc-Cache-HIT: lf6ct51 [2], bdix189 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 26268 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 77 db 38 f2 28 f8 ff 7e 8a f4 b9 3b 91 d4 56 d2 04 f8 8e 5b fd 3b 71 e2 67 12 27 96 6d d9 96 6f 7a 0e 1f a0 ad 58 0f 8f 25 c7 76 27 d9 cf be 40 15 08 92 00 29 cb e9 9e bb 3b d3 49 44 14 50 28 14 0a f5 02 08 b6 b3 db 69 b2 18 cd a6 ed ce b7 67 ed f2 c3 d7 e8 e6 d9 bf ad 7b 3b b0 b2 de 79 2b 99 84 56 6c 1f f4 5a dd d6 01 0d 49 3c 85 9f 87 d6 35 3d 39 3e 13 3f cf 4e fb 5f a2 4d 0b 7e da 07 17 07 a7 bb e2 e7 bb 43 f7 3a 9e 40 dd e1 49 ff fa ec f0 02 7e 1e 8f 17 67 27 89 f8 f9 7e da 9f 25 93 40 fc cc de f6 83 0f 3b 77 50 61 b2 98 1f 4f 3e 40 6f 93 2d 2b dd 3e 16 3f e3 c9 fe ce 70 0a 78 8f c7 fd b7 fd 13 07 7a 3b 5e 8c d9 29 d4 4d 4f dc ab e1 c9 19 f6 46 c6 92 c8 0f 47 7b 39 de 78 f4 fa 72 f7 04 49 3f 71 ad 21 12 39 3c b9 9f bc 47 bc 09 1d 58 07 d3 2b c0 7b 92 2e 86 d8 45 ba 49 c6 c3 6d 28 8d 29 19 a7 3b 50 37 b6 f7 2e 87 14 28 8b c6 5b 5f 06 db 9b e2 e7 ee ce fc 22 99 40 69 7f 3a be 4b 76 60 c4 67 f4 f2 32 b9 02 22 e3 69 7f fe 7e 8a f4 ee 0c 1e 86 27 50 77 6f 7a 10 02 17 2f 2f 77 77 2c 49 eb 28 a1 c8 af d3 bd b7 67 72 88 3b 7b 5f e3 ed 3b e4 d7 46 f0 e1 a2 07 fd 0f b6 1e 0e 90 8b f1 f6 e0 af e4 01 68 fd 74 b8 41 72 e6 4f ee 4f cf 28 60 f8 70 75 30 7b 77 34 97 3c 98 c4 7f c1 cf 83 d3 c1 55 74 02 18 d2 ad 21 3d 3a 45 8e 5f ed d3 21 81 89 4a ec fe 65 8a 3c 10 1d ef bf ee 21 eb c2 c9 ee d6 3c 9f 92 63 9c a8 e8 64 7c 39 44 61 39 9b 84 0f e9 16 92 7e ba 6f ed 6e 03 eb d2 37 7b e1 bb 83 1e fe bc b8 93 3f df bf 11 f4 42 17 c9 c3 c6 5f d1 e9 0c 59 77 7f 99 d8 80 21 d9 49 ad c1 36 70 67 b0 b9 7f 93 20 65 7c a2 3e 9e 9d 40 29 9f e6 bf b2 b7 07 48 c3 c1 45 84 b3 73 40 f6 8f 8e 71 ce ce e8 60 2e 10 8d dc 51 bc 83 43 b4 2f 46 ef 27 d0 fa 98 f3 96 ed 40 ff 1f a6 77 f7 1f 4e 81 cd fd c9 f5 fd c0 de c4 d1 2a 91 00 49 c2 29 e1 b3 73 1c 61 ff f1 c9 e2 ae 7f 0c 78 f7 ed bb fb ec ed 19 f2 76 e3 2e 46 ce a4 9b fd eb 5c 3a 26 fb fb a9 0d 43 4c b7 c3 0f 31 ce ce d9 60 df 92 15 38 0d 7c 30 9b b8 4a 36 2e 87 c8 c5 01 1d d8 7d 4b 8a da f0 32 19 bd 06 64 57 64 5b b1 c3 bd 4e 51 16 07 83 c1 cd c1 00 d7 c3 f6 60 12 21 e9 c9 ce e0 af 33 0a a5 bb a3 bb 8b 18 85 25 b6 fb 6e 82 44 0e f9 d2 10 25 9b 83 fe 81 8d 64 6f 0f ae 06 13 c0 79 6a 2d ae 40 a0 fa e3 23 eb 0e d9 b6 75 7b Data Ascii: {w8(~;V[;qg'mozX%v'@);IDP(ig{;y+VlZI<5=9>?N_M~C:@I~g'~%@;wPaO>@o-+>?pxz;^)MOFG{9xrI?q!9<GX+{.EIm();P7.([_"@i:Kv`g2"i~'Pwoz//ww,I(gr;{_;FhtArOO(`pu0{w4<Ut!=:E_!Je<!<cd\|9Da9~on7{?B_Yw!I6pg e\|>@)HEs@q`.QC/F'@wN*I)saxv.F\:&CL1`8\|0J6.}K2dWd[NQ`!3%nD%doyj-@#u{
Nov 18, 2023 07:52:24.675445080 CET	1388	IN	Data Raw: b4 09 03 39 dc d9 78 7b 60 e5 48 a6 e9 36 88 ef 60 6b fc e9 70 13 07 32 19 df 9e 51 5c e3 f6 d0 39 da 81 66 11 b9 bc 3e a3 52 7c ef 2e 76 8f 2c c4 70 e0 a3 40 df 4a 61 ca de 6e 05 1f ee 40 56 76 b7 c7 b7 89 14 b1 e9 75 3f a2 20 83 ef de ec 39 ef Data Ascii: 9x{`H6`kp2Q\9f>R\|.v,p@Jan@Vvu? 9F:wll}.p6lp;E]*;1/TT\|p_?\vMAT8I=B1Ef&c`Gr5>&UrSubE2=iuHs:q
Nov 18, 2023 07:52:24.675575018 CET	1389	IN	Data Raw: 6d 78 29 ba ee 07 76 3a 4a af e6 92 c8 69 1f dd 90 ec ed 20 e0 9c 44 1a 06 8e e8 f4 f0 ea 56 ea 98 64 b0 bf 75 80 52 f1 71 14 7c 8d 90 1d 87 3c 70 49 50 cf 25 c7 e9 88 61 38 72 76 02 56 fb f8 c4 3d 1e a0 3e 04 1f 55 1a 8d ed 74 73 88 d1 c6 19 0d Data Ascii: mx)v:Ji DVduRq\|<pIP%a8rvV=>Uts:B-v.;w;%LJ3x>r@hz'MVOPCXRp=dIk/iGC6Hgp\&p?W$"\|/6%2J9XZ1g4%R
Nov 18, 2023 07:52:24.675586939 CET	1390	IN	Data Raw: 55 b6 31 4e 90 1c ee 35 58 d2 0a 70 bf cf 62 c8 a4 13 62 71 57 01 ed e8 56 ff f0 0c 95 96 70 d5 64 94 fe ee ed ee dd 87 23 f4 25 26 fb 73 99 47 3a da 1e 6f c6 9b 68 94 1f 5e f3 d5 2f bd ec fb 14 b5 d4 75 2a d5 39 b7 0b 91 b4 0b d3 21 4d 30 15 de Data Ascii: U1N5XpbbqWVpd#%&sG:oh^/u9!M0;2xct;5Ud7'VH]<,'2mk:;bV8/rR0dh"&8cz_C97{0JT<ZuwgpI#[
Nov 18, 2023 07:52:24.675600052 CET	1392	IN	Data Raw: 17 8b 03 0b b7 46 4e 45 6c 8c a1 dc a4 7f 70 84 f1 63 72 12 6e 46 98 56 4b 4f f7 73 96 f4 37 c3 7d a9 43 86 c2 06 3f 58 92 51 9c 25 e8 80 8f dc 3b 29 ca 7c f0 07 f2 0c 82 c8 3d 26 18 04 9c 4d b6 ae f3 79 e3 e6 42 c6 19 c2 91 91 06 5d c4 2e 67 b9 Data Ascii: FNElpcrnFVKOs7}C?XQ%;)\|=&MyB].gejI.q7y\8bDM'r^ep1bIle2{ww~_:-V._-el`]d6{0!vzr<zrurSR-8~{r#lP<U
Nov 18, 2023 07:52:24.675611973 CET	1393	IN	Data Raw: 84 46 15 b4 08 5b 53 b0 46 b4 69 a0 cf 20 75 1a 87 16 1b fc 26 49 ec 04 1e d0 40 1c 8b 7a 65 1a 10 f6 9b 82 35 d1 10 c4 c6 c8 5c 9f d8 3e f8 17 4e 10 bb 4e 65 64 00 6b 17 b0 42 83 3a 41 14 b9 a4 a7 3a c9 cb 5d cb e3 36 be a7 6a 98 22 5c 2d e1 73 Data Ascii: F[SFi u&I@ze5\>NNedkB:A:]6j"\-s^r2066^!pqpW%],q',)8ghziB?8kORZ^#O*CC95P),Z,eM5U#ufO=$,7B$h:>w[UbgG
Nov 18, 2023 07:52:24.675622940 CET	1394	IN	Data Raw: 00 d6 2e 60 eb 0d 78 49 10 99 89 2c 8b 3b 84 c0 11 1e 05 39 0e fe 62 dc 25 ac a6 b4 44 ad 76 5d ad 42 d4 82 28 b6 32 f4 7f a0 e7 c2 27 a5 89 c7 7a d3 db f1 78 dd 64 77 6e bc 5c 97 24 d2 a5 cf d5 66 68 f9 96 db 53 ac ce f7 f6 00 1d cc 13 f6 68 72 Data Ascii: .`xI,;9b%Dv]B(2'zxdwn\$fhShrYts4-%F~'8ra,f4?d&}6/^$th>T2U 4&7Rg30Ea442;*0>"?tvDN5k?hfrj.
Nov 18, 2023 07:52:24.675636053 CET	1396	IN	Data Raw: 43 63 ca dd 3f f0 0d 52 2f b2 ec 8a 23 83 b0 e7 0a d6 a8 99 cd 64 5a ec 26 a8 bf a8 1f 52 d7 ae 4a 98 80 81 84 21 b0 79 3d 98 0a cc a3 01 4b 30 ab 99 92 a0 22 b9 08 5b 53 b0 46 de a6 06 13 6c cf 75 03 14 b1 28 25 d5 2d 27 84 3d 1b 4d e7 8b 68 9a Data Ascii: Cc?R/#dZ&RJ!y=K0"[SFlu(%-'=MhYLUkH7rTjyU N[TOen2$Jm`8E&M50TMzAMLKj;nDajX.TeC4hU>TFg<9!Xsktz)&
Nov 18, 2023 07:52:24.675651073 CET	1397	IN	Data Raw: 2a 6b 11 b6 a6 60 cd 89 61 33 e8 70 a8 15 cb ec 4e 1a f9 55 67 13 60 cf 15 ac 31 c3 65 10 4b 89 e3 47 60 73 28 89 bd b0 ba f5 00 b0 7f 29 58 a3 5b 68 9e b0 e2 5e 64 8c 31 87 17 72 d9 af e6 4a 04 ac 5d c0 9a 13 67 c6 0b e9 91 f6 62 22 f5 1a 23 d7 Data Ascii: *k`a3pNUg`1eKG`s()X[h^d1rJ]gb"#3\|x5D5mQ;~UI8BOT}`=WfW#L\+nTDak.8G`kl7Cq`fe.\DUi(E`hr0
Nov 18, 2023 07:52:24.675662041 CET	1398	IN	Data Raw: 88 f5 93 04 6f a7 94 2c 8c 9b a5 21 69 98 23 78 39 e5 91 39 22 16 f3 3d 7f a9 0e 17 3d 9c ab aa 95 39 2a c5 9d 71 60 ab 09 90 b8 45 99 a9 d8 b9 fe c6 9e 96 af 25 9a 04 41 04 29 2f 9c b8 86 b5 54 dc a5 92 58 71 0c b7 c5 d4 d4 d7 37 10 c3 a0 d2 8b Data Ascii: o,!i#x99"==9*q`E%A)/TXq7IcAq;15[3O:]$3<~J&mI//Z\L\9[!DW;A&-%T\K4DF:~h1EEoT;Mv;q;xL4!
Nov 18, 2023 07:52:24.675676107 CET	1400	IN	Data Raw: 8e a1 d2 ef a3 97 bc d7 63 2c 58 59 5c 6b 9b 44 9c a8 86 84 9e a7 a3 ad db f4 8b 43 6b 69 c2 18 7b 38 57 55 eb 92 fa 0e f1 22 16 d5 64 1d 49 a9 0a b3 ad b0 f9 03 3f 7e e6 46 f0 45 15 34 be e7 f5 73 55 af 21 f4 94 74 91 0e b5 a3 84 9b 22 33 a3 52 Data Ascii: c,XY\kDCki{8WU"dI?~FE4sU!t"3R-{{1OvSCHD-%Vw]={<[/A`.\/32u]`R4Ob&A][&cxUchgbK`4\M;Di\?h
Nov 18, 2023 07:52:24.882680893 CET	1435	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 26268 Connection: keep-alive Expires: Sat, 18 Nov 2023 07:07:42 GMT Last-Modified: Fri, 17 Nov 2023 11:27:15 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 2682 Accept-Ranges: bytes Ohc-Global-Saved-Time: Sat, 18 Nov 2023 06:07:42 GMT Ohc-Upstream-Trace: 111.225.213.51 Ohc-Cache-HIT: lf6ct51 [2], bdix189 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 26268 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 77 db 38 f2 28 f8 ff 7e 8a f4 b9 3b 91 d4 56 d2 04 f8 8e 5b fd 3b 71 e2 67 12 27 96 6d d9 96 6f 7a 0e 1f a0 ad 58 0f 8f 25 c7 76 27 d9 cf be 40 15 08 92 00 29 cb e9 9e bb 3b d3 49 44 14 50 28 14 0a f5 02 08 b6 b3 db 69 b2 18 cd a6 ed ce b7 67 ed f2 c3 d7 e8 e6 d9 bf ad 7b 3b b0 b2 de 79 2b 99 84 56 6c 1f f4 5a dd d6 01 0d 49 3c 85 9f 87 d6 35 3d 39 3e 13 3f cf 4e fb 5f a2 4d 0b 7e da 07 17 07 a7 bb e2 e7 bb 43 f7 3a 9e 40 dd e1 49 ff fa ec f0 02 7e 1e 8f 17 67 27 89 f8 f9 7e da 9f 25 93 40 fc cc de f6 83 0f 3b 77 50 61 b2 98 1f 4f 3e 40 6f 93 2d 2b dd 3e 16 3f e3 c9 fe ce 70 0a 78 8f c7 fd b7 fd 13 07 7a 3b 5e 8c d9 29 d4 4d 4f dc ab e1 c9 19 f6 46 c6 92 c8 0f 47 7b 39 de 78 f4 fa 72 f7 04 49 3f 71 ad 21 12 39 3c b9 9f bc 47 bc 09 1d 58 07 d3 2b c0 7b 92 2e 86 d8 45 ba 49 c6 c3 6d 28 8d 29 19 a7 3b 50 37 b6 f7 2e 87 14 28 8b c6 5b 5f 06 db 9b e2 e7 ee ce fc 22 99 40 69 7f 3a be 4b 76 60 c4 67 f4 f2 32 b9 02 22 e3 69 7f fe 7e 8a f4 ee 0c 1e 86 27 50 77 6f 7a 10 02 17 2f 2f 77 77 2c 49 eb 28 a1 c8 af d3 bd b7 67 72 88 3b 7b 5f e3 ed 3b e4 d7 46 f0 e1 a2 07 fd 0f b6 1e 0e 90 8b f1 f6 e0 af e4 01 68 fd 74 b8 41 72 e6 4f ee 4f cf 28 60 f8 70 75 30 7b 77 34 97 3c 98 c4 7f c1 cf 83 d3 c1 55 74 02 18 d2 ad 21 3d 3a 45 8e 5f ed d3 21 81 89 4a ec fe 65 8a 3c 10 1d ef bf ee 21 eb c2 c9 ee d6 3c 9f 92 63 9c a8 e8 64 7c 39 44 61 39 9b 84 0f e9 16 92 7e ba 6f ed 6e 03 eb d2 37 7b e1 bb 83 1e fe bc b8 93 3f df bf 11 f4 42 17 c9 c3 c6 5f d1 e9 0c 59 77 7f 99 d8 80 21 d9 49 ad c1 36 70 67 b0 b9 7f 93 20 65 7c a2 3e 9e 9d 40 29 9f e6 bf b2 b7 07 48 c3 c1 45 84 b3 73 40 f6 8f 8e 71 ce ce e8 60 2e 10 8d dc 51 bc 83 43 b4 2f 46 ef 27 d0 fa 98 f3 96 ed 40 ff 1f a6 77 f7 1f 4e 81 cd fd c9 f5 fd c0 de c4 d1 2a 91 00 49 c2 29 e1 b3 73 1c 61 ff f1 c9 e2 ae 7f 0c 78 f7 ed bb fb ec ed 19 f2 76 e3 2e 46 ce a4 9b fd eb 5c 3a 26 fb fb a9 0d 43 4c b7 c3 0f 31 ce ce d9 60 df 92 15 38 0d 7c 30 9b b8 4a 36 2e 87 c8 c5 01 1d d8 7d 4b 8a da f0 32 19 bd 06 64 57 64 5b b1 c3 bd 4e 51 16 07 83 c1 cd c1 00 d7 c3 f6 60 12 21 e9 c9 ce e0 af 33 0a a5 bb a3 bb 8b 18 85 25 b6 fb 6e 82 44 0e f9 d2 10 25 9b 83 fe 81 8d 64 6f 0f ae 06 13 c0 79 6a 2d ae 40 a0 fa e3 23 eb 0e d9 b6 75 7b Data Ascii: {w8(~;V[;qg'mozX%v'@);IDP(ig{;y+VlZI<5=9>?N_M~C:@I~g'~%@;wPaO>@o-+>?pxz;^)MOFG{9xrI?q!9<GX+{.EIm();P7.([_"@i:Kv`g2"i~'Pwoz//ww,I(gr;{_;FhtArOO(`pu0{w4<Ut!=:E_!Je<!<cd\|9Da9~on7{?B_Yw!I6pg e\|>@)HEs@q`.QC/F'@wN*I)saxv.F\:&CL1`8\|0J6.}K2dWd[NQ`!3%nD%doyj-@#u{
Nov 18, 2023 07:52:24.986748934 CET	1448	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 26268 Connection: keep-alive Expires: Sat, 18 Nov 2023 07:07:42 GMT Last-Modified: Fri, 17 Nov 2023 11:27:15 GMT Cache-Control: max-age=3600 Content-Encoding: gzip Age: 2682 Accept-Ranges: bytes Ohc-Global-Saved-Time: Sat, 18 Nov 2023 06:07:42 GMT Ohc-Upstream-Trace: 111.225.213.51 Ohc-Cache-HIT: lf6ct51 [2], bdix189 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 26268 X-Cache-Status: HIT Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cc bd 7b 77 db 38 f2 28 f8 ff 7e 8a f4 b9 3b 91 d4 56 d2 04 f8 8e 5b fd 3b 71 e2 67 12 27 96 6d d9 96 6f 7a 0e 1f a0 ad 58 0f 8f 25 c7 76 27 d9 cf be 40 15 08 92 00 29 cb e9 9e bb 3b d3 49 44 14 50 28 14 0a f5 02 08 b6 b3 db 69 b2 18 cd a6 ed ce b7 67 ed f2 c3 d7 e8 e6 d9 bf ad 7b 3b b0 b2 de 79 2b 99 84 56 6c 1f f4 5a dd d6 01 0d 49 3c 85 9f 87 d6 35 3d 39 3e 13 3f cf 4e fb 5f a2 4d 0b 7e da 07 17 07 a7 bb e2 e7 bb 43 f7 3a 9e 40 dd e1 49 ff fa ec f0 02 7e 1e 8f 17 67 27 89 f8 f9 7e da 9f 25 93 40 fc cc de f6 83 0f 3b 77 50 61 b2 98 1f 4f 3e 40 6f 93 2d 2b dd 3e 16 3f e3 c9 fe ce 70 0a 78 8f c7 fd b7 fd 13 07 7a 3b 5e 8c d9 29 d4 4d 4f dc ab e1 c9 19 f6 46 c6 92 c8 0f 47 7b 39 de 78 f4 fa 72 f7 04 49 3f 71 ad 21 12 39 3c b9 9f bc 47 bc 09 1d 58 07 d3 2b c0 7b 92 2e 86 d8 45 ba 49 c6 c3 6d 28 8d 29 19 a7 3b 50 37 b6 f7 2e 87 14 28 8b c6 5b 5f 06 db 9b e2 e7 ee ce fc 22 99 40 69 7f 3a be 4b 76 60 c4 67 f4 f2 32 b9 02 22 e3 69 7f fe 7e 8a f4 ee 0c 1e 86 27 50 77 6f 7a 10 02 17 2f 2f 77 77 2c 49 eb 28 a1 c8 af d3 bd b7 67 72 88 3b 7b 5f e3 ed 3b e4 d7 46 f0 e1 a2 07 fd 0f b6 1e 0e 90 8b f1 f6 e0 af e4 01 68 fd 74 b8 41 72 e6 4f ee 4f cf 28 60 f8 70 75 30 7b 77 34 97 3c 98 c4 7f c1 cf 83 d3 c1 55 74 02 18 d2 ad 21 3d 3a 45 8e 5f ed d3 21 81 89 4a ec fe 65 8a 3c 10 1d ef bf ee 21 eb c2 c9 ee d6 3c 9f 92 63 9c a8 e8 64 7c 39 44 61 39 9b 84 0f e9 16 92 7e ba 6f ed 6e 03 eb d2 37 7b e1 bb 83 1e fe bc b8 93 3f df bf 11 f4 42 17 c9 c3 c6 5f d1 e9 0c 59 77 7f 99 d8 80 21 d9 49 ad c1 36 70 67 b0 b9 7f 93 20 65 7c a2 3e 9e 9d 40 29 9f e6 bf b2 b7 07 48 c3 c1 45 84 b3 73 40 f6 8f 8e 71 ce ce e8 60 2e 10 8d dc 51 bc 83 43 b4 2f 46 ef 27 d0 fa 98 f3 96 ed 40 ff 1f a6 77 f7 1f 4e 81 cd fd c9 f5 fd c0 de c4 d1 2a 91 00 49 c2 29 e1 b3 73 1c 61 ff f1 c9 e2 ae 7f 0c 78 f7 ed bb fb ec ed 19 f2 76 e3 2e 46 ce a4 9b fd eb 5c 3a 26 fb fb a9 0d 43 4c b7 c3 0f 31 ce ce d9 60 df 92 15 38 0d 7c 30 9b b8 4a 36 2e 87 c8 c5 01 1d d8 7d 4b 8a da f0 32 19 bd 06 64 57 64 5b b1 c3 bd 4e 51 16 07 83 c1 cd c1 00 d7 c3 f6 60 12 21 e9 c9 ce e0 af 33 0a a5 bb a3 bb 8b 18 85 25 b6 fb 6e 82 44 0e f9 d2 10 25 9b 83 fe 81 8d 64 6f 0f ae 06 13 c0 79 6a 2d ae 40 a0 fa e3 23 eb 0e d9 b6 75 7b Data Ascii: {w8(~;V[;qg'mozX%v'@);IDP(ig{;y+VlZI<5=9>?N_M~C:@I~g'~%@;wPaO>@o-+>?pxz;^)MOFG{9xrI?q!9<GX+{.EIm();P7.([_"@i:Kv`g2"i~'Pwoz//ww,I(gr;{_;FhtArOO(`pu0{w4<Ut!=:E_!Je<!<cd\|9Da9~on7{?B_Yw!I6pg e\|>@)HEs@q`.QC/F'@wN*I)saxv.F\:&CL1`8\|0J6.}K2dWd[NQ`!3%nD%doyj-@#u{

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	103.235.46.9	80	192.168.2.5	49763	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:25.910960913 CET	1497	OUT	GET /passApi/js/wrapper.js?cdnversion=1700294981516&_=1700294000843 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: passport.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Nov 18, 2023 07:52:26.337587118 CET	1515	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Type: application/x-javascript Date: Sat, 18 Nov 2023 06:52:26 GMT Etag: W/"6556dea6-1ad1" Last-Modified: Fri, 17 Nov 2023 03:31:50 GMT Server: BWS Tracecode: 41142409920509579786111814 Vary: Accept-Encoding Transfer-Encoding: chunked Data Raw: 65 64 34 0d 0a 76 61 72 20 70 61 73 73 70 6f 72 74 3d 70 61 73 73 70 6f 72 74 7c 7c 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 3d 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 7c 7c 7b 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 3d 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 29 7b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 3d 61 26 26 61 28 29 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 3d 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 29 7b 72 65 74 75 72 6e 20 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 7d 2c 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 7b 72 65 67 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 32 22 2c 76 65 72 69 66 79 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 34 22 2c 76 65 72 69 66 79 5f 74 65 78 74 5f 75 70 73 6d 73 3a 22 31 30 36 39 20 32 39 31 33 20 30 30 30 33 20 30 30 30 20 30 30 34 22 7d 2c 77 69 6e 64 6f 77 2e 59 59 5f 54 50 4c 5f 43 4f 4e 46 49 47 3d 22 79 79 6c 69 76 65 2c 79 79 6c 69 76 65 73 65 72 76 65 72 2c 79 79 61 6e 63 68 6f 72 2c 70 63 79 79 2c 79 79 75 64 62 73 65 63 2c 62 64 67 61 6d 65 61 73 73 69 73 74 2c 79 6f 79 75 79 69 6e 2c 22 3b 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 26 26 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 74 72 79 7b 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 70 61 73 73 70 6f 72 74 3d 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 3d 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 2c 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2c 6e 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 53 43 52 49 50 54 22 29 3b 69 66 28 61 29 7b 6e 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 6e 2e 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3b 76 61 72 20 6f 3d 73 2e 73 70 6c 69 74 28 22 3f 22 29 5b 30 5d 2c 70 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 31 65 33 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 69 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 6e 2e 72 65 61 64 79 53 74 61 74 65 3f 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 6c 6f 61 64 65 64 22 3d 3d 3d 6e 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 6e 2e 72 65 61 64 Data Ascii: ed4var passport=passport\|\|window.passport\|\|{};passport._modulePool=passport._modulePool\|\|{},passport._define=passport._define\|\|function(s,a){passport._modulePool[s]=a&&a()},passport._getModule=passport._getModule\|\|function(s){return passport._modulePool[s]},window.upsmsStore={reg_upsms:"106929130003000002",verify_upsms:"106929130003000004",verify_text_upsms:"1069 2913 0003 000 004"},window.YY_TPL_CONFIG="yylive,yyliveserver,yyanchor,pcyy,yyudbsec,bdgameassist,yoyuyin,";try{if(window.localStorage&&window.localStorage.getItem("upsms-pcApi"))try{window.upsmsStore=JSON.parse(window.localStorage.getItem("upsms-pcApi"))}catch(e){}}catch(e){}var passport=window.passport\|\|{};passport._load=passport._load\|\|function(s,a,e){var t=document,n=t.createElement("SCRIPT");if(a){n.type="text/javascript",n.charset="UTF-8";var o=s.split("?")[0],p=Math.round(1e3*Math.random()),i=(new Date).getTime();n.readyState?n.onreadystatechange=function(){if("loaded"===n.readyState\|\|"complete"===n.read
Nov 18, 2023 07:52:26.337603092 CET	1516	IN	Data Raw: 79 53 74 61 74 65 29 7b 69 66 28 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 6e 75 6c 6c 2c 31 30 30 3d 3d 3d 70 29 7b 76 61 72 20 73 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2d 69 3b 28 6e 65 77 20 49 6d Data Ascii: yState){if(n.onreadystatechange=null,100===p){var s=(new Date).getTime()-i;(new Image).src=document.location.protocol+"//nsclick.baidu.com/v.gif?pid=111&type=1023&url="+encodeURIComponent(o)+"&time="+s}e&&e()}}:n.onload=function(){if(100===p){
Nov 18, 2023 07:52:26.337641001 CET	1518	IN	Data Raw: 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 73 5b 61 5d 7c 7c 73 5b 22 68 74 74 70 73 Data Ascii: ion.protocol.toLowerCase():document.location.protocol.toLowerCase(),s[a]\|\|s["https:"]},passport._use=passport._use\|\|function(s,a,e){function t(){passport._load("https://wappass.baidu.com/static/waplib/moonshad.js?tt="+(new Date).getTime(),!0,f
Nov 18, 2023 07:52:26.337652922 CET	1518	IN	Data Raw: 5f 74 61 6e 67 72 61 6d 5f 34 37 38 32 36 65 33 2e 6a 73 22 2c 6e 3d 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 6c 6f 67 69 6e 76 34 5f 63 30 65 64 37 61 63 2e 6a 73 22 29 3a 28 70 3d 22 2f 70 61 73 73 41 70 69 2f 63 73 73 2f 75 6e 69 5f 6c 6f 67 69 Data Ascii: _tangram_47826e3.js",n="/passApi/js/loginv4_c0ed7ac.js"):(p="/passApi/css/uni_login_merge_40e1964.css",o="/passApi/js/login_tangram_b4dd68c.js",n="/passApi/js/login_564f6c3.js");var c={login:n,login_tangram:o,smsloginEn:"/passApi/js/smsloginEn
Nov 18, 2023 07:52:26.337661982 CET	1518	IN	Data Raw: 0a Data Ascii:
Nov 18, 2023 07:52:26.337672949 CET	1519	IN	Data Raw: 62 66 64 0d 0a 2c 73 6d 73 6c 6f 67 69 6e 45 6e 5f 74 61 6e 67 72 61 6d 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 73 6d 73 6c 6f 67 69 6e 45 6e 5f 74 61 6e 67 72 61 6d 5f 66 65 39 63 32 38 31 2e 6a 73 22 2c 6c 6f 67 69 6e 57 4c 74 6f 50 43 3a 22 Data Ascii: bfd,smsloginEn_tangram:"/passApi/js/smsloginEn_tangram_fe9c281.js",loginWLtoPC:"/passApi/js/loginWLtoPC_e9c59c1.js",accConnect:"/passApi/js/accConnect_355e89a.js",accConnect_tangram:"/passApi/js/accConnect_tangram_238e581.js",accRealName:"/p
Nov 18, 2023 07:52:26.337685108 CET	1521	IN	Data Raw: 72 63 6f 64 65 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 49 44 43 65 72 74 69 66 79 51 72 63 6f 64 65 5f 62 32 36 66 39 66 62 2e 6a 73 22 2c 49 44 43 65 72 74 69 66 79 51 72 63 6f 64 65 5f 74 61 6e 67 72 61 6d 3a 22 2f 70 61 73 73 41 70 69 2f 6a Data Ascii: rcode:"/passApi/js/IDCertifyQrcode_b26f9fb.js",IDCertifyQrcode_tangram:"/passApi/js/IDCertifyQrcode_tangram_828b34e.js",loadingApi:"/passApi/js/loadingApi_c732d61.js",loadingApi_tangram:"/passApi/js/loadingApi_tangram_e9ba334.js",loginWap:"/pa
Nov 18, 2023 07:52:26.337699890 CET	1521	IN	Data Raw: 61 6d 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 6c 6f 67 69 6e 4d 75 6c 74 69 63 68 6f 69 63 65 5f 74 61 6e 67 72 61 6d 5f 63 30 64 63 37 39 32 2e 6a 73 22 2c 63 6f 6e 66 69 72 6d 57 69 64 67 65 74 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 63 6f Data Ascii: am:"/passApi/js/loginMultichoice_tangram_c0dc792.js",confirmWidget:"/passApi/js/confirmWidget_ed02faa.js",confirmWidget_tangram:"/passApi/js/confirmWidget_tangram_38c5a43.js",uni_rebindGuide:"/passApi/js/uni_rebindGuide_9e22e37.js",uni_rebindG
Nov 18, 2023 07:52:26.337708950 CET	1521	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 18, 2023 07:52:26.542797089 CET	1525	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Type: application/x-javascript Date: Sat, 18 Nov 2023 06:52:26 GMT Etag: W/"6556dea6-1ad1" Last-Modified: Fri, 17 Nov 2023 03:31:50 GMT Server: BWS Tracecode: 41142409920509579786111814 Vary: Accept-Encoding Transfer-Encoding: chunked Data Raw: 65 64 34 0d 0a 76 61 72 20 70 61 73 73 70 6f 72 74 3d 70 61 73 73 70 6f 72 74 7c 7c 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 3d 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 7c 7c 7b 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 3d 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 29 7b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 3d 61 26 26 61 28 29 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 3d 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 29 7b 72 65 74 75 72 6e 20 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 7d 2c 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 7b 72 65 67 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 32 22 2c 76 65 72 69 66 79 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 34 22 2c 76 65 72 69 66 79 5f 74 65 78 74 5f 75 70 73 6d 73 3a 22 31 30 36 39 20 32 39 31 33 20 30 30 30 33 20 30 30 30 20 30 30 34 22 7d 2c 77 69 6e 64 6f 77 2e 59 59 5f 54 50 4c 5f 43 4f 4e 46 49 47 3d 22 79 79 6c 69 76 65 2c 79 79 6c 69 76 65 73 65 72 76 65 72 2c 79 79 61 6e 63 68 6f 72 2c 70 63 79 79 2c 79 79 75 64 62 73 65 63 2c 62 64 67 61 6d 65 61 73 73 69 73 74 2c 79 6f 79 75 79 69 6e 2c 22 3b 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 26 26 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 74 72 79 7b 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 70 61 73 73 70 6f 72 74 3d 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 3d 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 2c 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2c 6e 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 53 43 52 49 50 54 22 29 3b 69 66 28 61 29 7b 6e 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 6e 2e 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3b 76 61 72 20 6f 3d 73 2e 73 70 6c 69 74 28 22 3f 22 29 5b 30 5d 2c 70 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 31 65 33 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 69 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 6e 2e 72 65 61 64 79 53 74 61 74 65 3f 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 6c 6f 61 64 65 64 22 3d 3d 3d 6e 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 6e 2e 72 65 61 64 Data Ascii: ed4var passport=passport\|\|window.passport\|\|{};passport._modulePool=passport._modulePool\|\|{},passport._define=passport._define\|\|function(s,a){passport._modulePool[s]=a&&a()},passport._getModule=passport._getModule\|\|function(s){return passport._modulePool[s]},window.upsmsStore={reg_upsms:"106929130003000002",verify_upsms:"106929130003000004",verify_text_upsms:"1069 2913 0003 000 004"},window.YY_TPL_CONFIG="yylive,yyliveserver,yyanchor,pcyy,yyudbsec,bdgameassist,yoyuyin,";try{if(window.localStorage&&window.localStorage.getItem("upsms-pcApi"))try{window.upsmsStore=JSON.parse(window.localStorage.getItem("upsms-pcApi"))}catch(e){}}catch(e){}var passport=window.passport\|\|{};passport._load=passport._load\|\|function(s,a,e){var t=document,n=t.createElement("SCRIPT");if(a){n.type="text/javascript",n.charset="UTF-8";var o=s.split("?")[0],p=Math.round(1e3*Math.random()),i=(new Date).getTime();n.readyState?n.onreadystatechange=function(){if("loaded"===n.readyState\|\|"complete"===n.read
Nov 18, 2023 07:52:26.665966988 CET	1526	IN	Data Raw: 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 73 5b 61 5d 7c 7c 73 5b 22 68 74 74 70 73 Data Ascii: ion.protocol.toLowerCase():document.location.protocol.toLowerCase(),s[a]\|\|s["https:"]},passport._use=passport._use\|\|function(s,a,e){function t(){passport._load("https://wappass.baidu.com/static/waplib/moonshad.js?tt="+(new Date).getTime(),!0,f
Nov 18, 2023 07:52:26.665981054 CET	1526	IN	Data Raw: 5f 74 61 6e 67 72 61 6d 5f 34 37 38 32 36 65 33 2e 6a 73 22 2c 6e 3d 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 6c 6f 67 69 6e 76 34 5f 63 30 65 64 37 61 63 2e 6a 73 22 29 3a 28 70 3d 22 2f 70 61 73 73 41 70 69 2f 63 73 73 2f 75 6e 69 5f 6c 6f 67 69 Data Ascii: _tangram_47826e3.js",n="/passApi/js/loginv4_c0ed7ac.js"):(p="/passApi/css/uni_login_merge_40e1964.css",o="/passApi/js/login_tangram_b4dd68c.js",n="/passApi/js/login_564f6c3.js");var c={login:n,login_tangram:o,smsloginEn:"/passApi/js/smsloginEn

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.5	49763	103.235.46.9	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:25.910960913 CET	1497	OUT	GET /passApi/js/wrapper.js?cdnversion=1700294981516&_=1700294000843 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: passport.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
Nov 18, 2023 07:52:26.337587118 CET	1515	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Type: application/x-javascript Date: Sat, 18 Nov 2023 06:52:26 GMT Etag: W/"6556dea6-1ad1" Last-Modified: Fri, 17 Nov 2023 03:31:50 GMT Server: BWS Tracecode: 41142409920509579786111814 Vary: Accept-Encoding Transfer-Encoding: chunked Data Raw: 65 64 34 0d 0a 76 61 72 20 70 61 73 73 70 6f 72 74 3d 70 61 73 73 70 6f 72 74 7c 7c 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 3d 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 7c 7c 7b 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 3d 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 29 7b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 3d 61 26 26 61 28 29 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 3d 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 29 7b 72 65 74 75 72 6e 20 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 7d 2c 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 7b 72 65 67 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 32 22 2c 76 65 72 69 66 79 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 34 22 2c 76 65 72 69 66 79 5f 74 65 78 74 5f 75 70 73 6d 73 3a 22 31 30 36 39 20 32 39 31 33 20 30 30 30 33 20 30 30 30 20 30 30 34 22 7d 2c 77 69 6e 64 6f 77 2e 59 59 5f 54 50 4c 5f 43 4f 4e 46 49 47 3d 22 79 79 6c 69 76 65 2c 79 79 6c 69 76 65 73 65 72 76 65 72 2c 79 79 61 6e 63 68 6f 72 2c 70 63 79 79 2c 79 79 75 64 62 73 65 63 2c 62 64 67 61 6d 65 61 73 73 69 73 74 2c 79 6f 79 75 79 69 6e 2c 22 3b 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 26 26 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 74 72 79 7b 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 70 61 73 73 70 6f 72 74 3d 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 3d 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 2c 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2c 6e 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 53 43 52 49 50 54 22 29 3b 69 66 28 61 29 7b 6e 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 6e 2e 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3b 76 61 72 20 6f 3d 73 2e 73 70 6c 69 74 28 22 3f 22 29 5b 30 5d 2c 70 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 31 65 33 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 69 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 6e 2e 72 65 61 64 79 53 74 61 74 65 3f 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 6c 6f 61 64 65 64 22 3d 3d 3d 6e 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 6e 2e 72 65 61 64 Data Ascii: ed4var passport=passport\|\|window.passport\|\|{};passport._modulePool=passport._modulePool\|\|{},passport._define=passport._define\|\|function(s,a){passport._modulePool[s]=a&&a()},passport._getModule=passport._getModule\|\|function(s){return passport._modulePool[s]},window.upsmsStore={reg_upsms:"106929130003000002",verify_upsms:"106929130003000004",verify_text_upsms:"1069 2913 0003 000 004"},window.YY_TPL_CONFIG="yylive,yyliveserver,yyanchor,pcyy,yyudbsec,bdgameassist,yoyuyin,";try{if(window.localStorage&&window.localStorage.getItem("upsms-pcApi"))try{window.upsmsStore=JSON.parse(window.localStorage.getItem("upsms-pcApi"))}catch(e){}}catch(e){}var passport=window.passport\|\|{};passport._load=passport._load\|\|function(s,a,e){var t=document,n=t.createElement("SCRIPT");if(a){n.type="text/javascript",n.charset="UTF-8";var o=s.split("?")[0],p=Math.round(1e3*Math.random()),i=(new Date).getTime();n.readyState?n.onreadystatechange=function(){if("loaded"===n.readyState\|\|"complete"===n.read
Nov 18, 2023 07:52:26.337603092 CET	1516	IN	Data Raw: 79 53 74 61 74 65 29 7b 69 66 28 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 6e 75 6c 6c 2c 31 30 30 3d 3d 3d 70 29 7b 76 61 72 20 73 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 2d 69 3b 28 6e 65 77 20 49 6d Data Ascii: yState){if(n.onreadystatechange=null,100===p){var s=(new Date).getTime()-i;(new Image).src=document.location.protocol+"//nsclick.baidu.com/v.gif?pid=111&type=1023&url="+encodeURIComponent(o)+"&time="+s}e&&e()}}:n.onload=function(){if(100===p){
Nov 18, 2023 07:52:26.337641001 CET	1518	IN	Data Raw: 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 73 5b 61 5d 7c 7c 73 5b 22 68 74 74 70 73 Data Ascii: ion.protocol.toLowerCase():document.location.protocol.toLowerCase(),s[a]\|\|s["https:"]},passport._use=passport._use\|\|function(s,a,e){function t(){passport._load("https://wappass.baidu.com/static/waplib/moonshad.js?tt="+(new Date).getTime(),!0,f
Nov 18, 2023 07:52:26.337652922 CET	1518	IN	Data Raw: 5f 74 61 6e 67 72 61 6d 5f 34 37 38 32 36 65 33 2e 6a 73 22 2c 6e 3d 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 6c 6f 67 69 6e 76 34 5f 63 30 65 64 37 61 63 2e 6a 73 22 29 3a 28 70 3d 22 2f 70 61 73 73 41 70 69 2f 63 73 73 2f 75 6e 69 5f 6c 6f 67 69 Data Ascii: _tangram_47826e3.js",n="/passApi/js/loginv4_c0ed7ac.js"):(p="/passApi/css/uni_login_merge_40e1964.css",o="/passApi/js/login_tangram_b4dd68c.js",n="/passApi/js/login_564f6c3.js");var c={login:n,login_tangram:o,smsloginEn:"/passApi/js/smsloginEn
Nov 18, 2023 07:52:26.337661982 CET	1518	IN	Data Raw: 0a Data Ascii:
Nov 18, 2023 07:52:26.337672949 CET	1519	IN	Data Raw: 62 66 64 0d 0a 2c 73 6d 73 6c 6f 67 69 6e 45 6e 5f 74 61 6e 67 72 61 6d 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 73 6d 73 6c 6f 67 69 6e 45 6e 5f 74 61 6e 67 72 61 6d 5f 66 65 39 63 32 38 31 2e 6a 73 22 2c 6c 6f 67 69 6e 57 4c 74 6f 50 43 3a 22 Data Ascii: bfd,smsloginEn_tangram:"/passApi/js/smsloginEn_tangram_fe9c281.js",loginWLtoPC:"/passApi/js/loginWLtoPC_e9c59c1.js",accConnect:"/passApi/js/accConnect_355e89a.js",accConnect_tangram:"/passApi/js/accConnect_tangram_238e581.js",accRealName:"/p
Nov 18, 2023 07:52:26.337685108 CET	1521	IN	Data Raw: 72 63 6f 64 65 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 49 44 43 65 72 74 69 66 79 51 72 63 6f 64 65 5f 62 32 36 66 39 66 62 2e 6a 73 22 2c 49 44 43 65 72 74 69 66 79 51 72 63 6f 64 65 5f 74 61 6e 67 72 61 6d 3a 22 2f 70 61 73 73 41 70 69 2f 6a Data Ascii: rcode:"/passApi/js/IDCertifyQrcode_b26f9fb.js",IDCertifyQrcode_tangram:"/passApi/js/IDCertifyQrcode_tangram_828b34e.js",loadingApi:"/passApi/js/loadingApi_c732d61.js",loadingApi_tangram:"/passApi/js/loadingApi_tangram_e9ba334.js",loginWap:"/pa
Nov 18, 2023 07:52:26.337699890 CET	1521	IN	Data Raw: 61 6d 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 6c 6f 67 69 6e 4d 75 6c 74 69 63 68 6f 69 63 65 5f 74 61 6e 67 72 61 6d 5f 63 30 64 63 37 39 32 2e 6a 73 22 2c 63 6f 6e 66 69 72 6d 57 69 64 67 65 74 3a 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 63 6f Data Ascii: am:"/passApi/js/loginMultichoice_tangram_c0dc792.js",confirmWidget:"/passApi/js/confirmWidget_ed02faa.js",confirmWidget_tangram:"/passApi/js/confirmWidget_tangram_38c5a43.js",uni_rebindGuide:"/passApi/js/uni_rebindGuide_9e22e37.js",uni_rebindG
Nov 18, 2023 07:52:26.337708950 CET	1521	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 18, 2023 07:52:26.542797089 CET	1525	IN	HTTP/1.1 200 OK Connection: keep-alive Content-Type: application/x-javascript Date: Sat, 18 Nov 2023 06:52:26 GMT Etag: W/"6556dea6-1ad1" Last-Modified: Fri, 17 Nov 2023 03:31:50 GMT Server: BWS Tracecode: 41142409920509579786111814 Vary: Accept-Encoding Transfer-Encoding: chunked Data Raw: 65 64 34 0d 0a 76 61 72 20 70 61 73 73 70 6f 72 74 3d 70 61 73 73 70 6f 72 74 7c 7c 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 3d 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 7c 7c 7b 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 3d 70 61 73 73 70 6f 72 74 2e 5f 64 65 66 69 6e 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 29 7b 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 3d 61 26 26 61 28 29 7d 2c 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 3d 70 61 73 73 70 6f 72 74 2e 5f 67 65 74 4d 6f 64 75 6c 65 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 29 7b 72 65 74 75 72 6e 20 70 61 73 73 70 6f 72 74 2e 5f 6d 6f 64 75 6c 65 50 6f 6f 6c 5b 73 5d 7d 2c 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 7b 72 65 67 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 32 22 2c 76 65 72 69 66 79 5f 75 70 73 6d 73 3a 22 31 30 36 39 32 39 31 33 30 30 30 33 30 30 30 30 30 34 22 2c 76 65 72 69 66 79 5f 74 65 78 74 5f 75 70 73 6d 73 3a 22 31 30 36 39 20 32 39 31 33 20 30 30 30 33 20 30 30 30 20 30 30 34 22 7d 2c 77 69 6e 64 6f 77 2e 59 59 5f 54 50 4c 5f 43 4f 4e 46 49 47 3d 22 79 79 6c 69 76 65 2c 79 79 6c 69 76 65 73 65 72 76 65 72 2c 79 79 61 6e 63 68 6f 72 2c 70 63 79 79 2c 79 79 75 64 62 73 65 63 2c 62 64 67 61 6d 65 61 73 73 69 73 74 2c 79 6f 79 75 79 69 6e 2c 22 3b 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 26 26 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 74 72 79 7b 77 69 6e 64 6f 77 2e 75 70 73 6d 73 53 74 6f 72 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 75 70 73 6d 73 2d 70 63 41 70 69 22 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 70 61 73 73 70 6f 72 74 3d 77 69 6e 64 6f 77 2e 70 61 73 73 70 6f 72 74 7c 7c 7b 7d 3b 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 3d 70 61 73 73 70 6f 72 74 2e 5f 6c 6f 61 64 7c 7c 66 75 6e 63 74 69 6f 6e 28 73 2c 61 2c 65 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2c 6e 3d 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 53 43 52 49 50 54 22 29 3b 69 66 28 61 29 7b 6e 2e 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 2c 6e 2e 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3b 76 61 72 20 6f 3d 73 2e 73 70 6c 69 74 28 22 3f 22 29 5b 30 5d 2c 70 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 31 65 33 2a 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 29 2c 69 3d 28 6e 65 77 20 44 61 74 65 29 2e 67 65 74 54 69 6d 65 28 29 3b 6e 2e 72 65 61 64 79 53 74 61 74 65 3f 6e 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 22 6c 6f 61 64 65 64 22 3d 3d 3d 6e 2e 72 65 61 64 79 53 74 61 74 65 7c 7c 22 63 6f 6d 70 6c 65 74 65 22 3d 3d 3d 6e 2e 72 65 61 64 Data Ascii: ed4var passport=passport\|\|window.passport\|\|{};passport._modulePool=passport._modulePool\|\|{},passport._define=passport._define\|\|function(s,a){passport._modulePool[s]=a&&a()},passport._getModule=passport._getModule\|\|function(s){return passport._modulePool[s]},window.upsmsStore={reg_upsms:"106929130003000002",verify_upsms:"106929130003000004",verify_text_upsms:"1069 2913 0003 000 004"},window.YY_TPL_CONFIG="yylive,yyliveserver,yyanchor,pcyy,yyudbsec,bdgameassist,yoyuyin,";try{if(window.localStorage&&window.localStorage.getItem("upsms-pcApi"))try{window.upsmsStore=JSON.parse(window.localStorage.getItem("upsms-pcApi"))}catch(e){}}catch(e){}var passport=window.passport\|\|{};passport._load=passport._load\|\|function(s,a,e){var t=document,n=t.createElement("SCRIPT");if(a){n.type="text/javascript",n.charset="UTF-8";var o=s.split("?")[0],p=Math.round(1e3*Math.random()),i=(new Date).getTime();n.readyState?n.onreadystatechange=function(){if("loaded"===n.readyState\|\|"complete"===n.read
Nov 18, 2023 07:52:26.665966988 CET	1526	IN	Data Raw: 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3a 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 73 5b 61 5d 7c 7c 73 5b 22 68 74 74 70 73 Data Ascii: ion.protocol.toLowerCase():document.location.protocol.toLowerCase(),s[a]\|\|s["https:"]},passport._use=passport._use\|\|function(s,a,e){function t(){passport._load("https://wappass.baidu.com/static/waplib/moonshad.js?tt="+(new Date).getTime(),!0,f
Nov 18, 2023 07:52:26.665981054 CET	1526	IN	Data Raw: 5f 74 61 6e 67 72 61 6d 5f 34 37 38 32 36 65 33 2e 6a 73 22 2c 6e 3d 22 2f 70 61 73 73 41 70 69 2f 6a 73 2f 6c 6f 67 69 6e 76 34 5f 63 30 65 64 37 61 63 2e 6a 73 22 29 3a 28 70 3d 22 2f 70 61 73 73 41 70 69 2f 63 73 73 2f 75 6e 69 5f 6c 6f 67 69 Data Ascii: _tangram_47826e3.js",n="/passApi/js/loginv4_c0ed7ac.js"):(p="/passApi/css/uni_login_merge_40e1964.css",o="/passApi/js/login_tangram_b4dd68c.js",n="/passApi/js/login_564f6c3.js");var c={login:n,login_tangram:o,smsloginEn:"/passApi/js/smsloginEn

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	104.193.88.112	80	192.168.2.5	49774	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:31.179721117 CET	1944	OUT	GET /r/www/cache/static/amd_modules/lottie-web/build/player/lottie_ad9c879.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:31.349936962 CET	1994	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:31 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 16 Sep 2023 03:40:28 GMT Last-Modified: Wed, 13 Sep 2023 01:04:11 GMT ETag: "ad9c879abeee53d70329b394dd30486f" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 5713923 Accept-Ranges: bytes Content-MD5: rZyHmr7uU9cDKbOU3TBIbw== x-bce-content-crc32: 4051085495 x-bce-debug-id: MxmM7vVhunmQfuPwB0H2I4sphD+T7oYyjKE6D5A6RoAIPlULbnKdzE2FtiyY6dXBmi7eK75kCSnivI5XUBrbyw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: a9dfeeb5-65bf-4c24-badc-b1b1cd642f0b x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 13 Sep 2023 03:40:28 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 281451 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 64 63 37 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 7d 7b db 38 92 2f fa 7f 3e 45 a2 3d e3 87 b2 28 45 72 92 9e 69 a9 69 df bc 76 e7 6c a7 93 8d b3 bd bb d7 e3 e3 87 96 28 8b 63 8a d4 90 94 5f da f6 f9 ec b7 7e 55 00 08 90 94 ec 74 f7 cc ce 9d 67 bb 9f 58 04 50 28 00 85 42 a1 50 28 00 9d 75 3a 8b e6 71 1a cd 3a 4f 82 f2 7a 15 65 f3 c7 69 78 11 9f 85 65 96 ef ec cc d7 e9 b4 8c b3 d4 2b fd a8 7b d3 c9 4e ff 12 4d cb 4e a0 21 a3 ab 55 96 97 c5 ce 4e a7 05 cd 32 9b ad 93 e8 40 7e 06 0a 34 88 bc ee b8 a3 d1 56 98 24 f7 ce 8e fc 0e c2 e5 ec 40 3e bd 4e 92 95 65 1c f5 2f a3 d3 8e 7f 74 4c f5 18 7b 65 d0 56 e0 59 92 9d 86 c9 97 45 5c 1c 54 9f e3 f2 f6 b6 88 92 b9 5f 0e 04 11 6a d0 bd f3 4a 4a f3 4d f3 a8 6d eb 22 7a 5c 94 79 4c ed 9b e8 f8 c7 d3 3c 0a cb e8 4b 78 e6 95 dd 9b 3c 2a d7 79 fa 78 96 4d d7 cb 28 2d 07 92 f8 36 89 10 22 80 3b 93 2d ba 2a a3 74 f6 29 cf ca 0c 75 13 ea 5d 84 f9 e3 dc 8f fd 22 a0 aa 44 e9 59 b9 98 cc b3 dc cb 83 e1 a4 d8 cf 27 79 2f 18 75 6f e2 a0 3c ca 8f 07 2b 9d 95 41 90 33 7c 1c a7 8f e3 ee 47 ee 81 2a 7d b0 08 8b 8f 97 29 15 b5 8a f2 f2 Data Ascii: dc7c}{8/>E=(Eriivl(c_~UtgXP(BP(u:q:Ozeixe+{NMN!UN2@~4V$@>Ne/tL{eVYE\T_jJJMm"z\yL<Kx<yxM(-6";-t)u]"DY'y/uo<+A3\|G*})
Nov 18, 2023 07:52:31.349957943 CET	1995	IN	Data Raw: 7a 30 0d 93 c4 8b fd b0 bb b3 e3 45 15 d8 51 78 1c c4 f4 a7 7b 57 55 f2 2c 2a df 44 c5 34 8f 57 d4 d5 52 45 d5 42 55 08 01 58 a8 6b b0 8f 2a 44 42 07 82 bb ba 7e 67 f8 a5 7b 53 51 83 c8 7b a7 50 5b 75 0a 08 4d 1d c9 61 fc 4b 34 7b 99 e7 e1 b5 45 Data Ascii: z0EQx{WU,D4WREBUXkDB~g{SQ{P[uMaK4{Epu7BqygD}4<(%3Zzy%q0U-pn.8KS+M];S<FkjXLg4~uT'"['UlIY.?
Nov 18, 2023 07:52:31.349968910 CET	1997	IN	Data Raw: 4d 3a 41 2f 00 c8 80 64 6a 34 93 ca e8 e6 52 a7 65 24 06 5d 0c 43 93 7f d8 9e bb eb e7 4a f5 e4 20 4d f9 96 42 18 1b fd 4a b5 5f 01 0d 45 27 5a 65 31 91 24 20 42 c8 2a d7 e1 e1 c2 52 a4 56 a4 a3 c6 a6 08 a5 51 71 6e 5b bd 0b ed d9 81 16 57 51 3e Data Ascii: M:A/dj4Re$]CJ MBJ_E'Ze1$ BRVQqn[WQ>X?CC"Rt.)n1ue??)3XUn'KXF}Pok`zdp^nVIiJ<tS!WT*)\z;z.
Nov 18, 2023 07:52:31.349981070 CET	1998	IN	Data Raw: 22 ec e4 d8 fb 38 34 42 a9 81 f1 95 02 7e 3f 33 c1 0a 88 06 ff cc 14 6b f5 4f ad d9 24 a8 ca 81 d3 b0 e0 7f 1f 7e fc 09 eb 9d 22 72 5b 4c 93 6b a3 79 f5 52 9c 4a fe db 3a c4 96 0c 0a a7 a9 aa 83 cd dd f4 ac e2 89 b2 ab 8c a1 a5 18 43 3b 8b f8 6c Data Ascii: "84B~?3kO$~"r[LkyRJ:C;l3Ise4^ldaG])F}\|I8/OF'CBq.9mbP$XIDW*cDJ"pdU.@.uJk+r\QYRLmm
Nov 18, 2023 07:52:31.350152016 CET	1999	IN	Data Raw: e7 5f e6 fc 5f 0b c0 65 3c 43 c3 6d 76 1a 60 6d 24 2c 71 49 45 36 f3 2c 58 67 dc 98 69 c1 99 d6 32 e5 26 5d 6c 4d 56 f5 64 ca 52 53 31 eb 54 2d eb 3a fd 4f b1 c1 4d b6 1a 6f 1b 8b ba 5c 5f 68 4a a3 5c 0f 3d 9d d2 f5 69 8e 5a 8d db 16 91 c0 64 e2 Data Ascii: __e<Cmv`m$,qIE6,Xgi2&]lMVdRS1T-:OMo\_hJ\=iZdg]q'aQ5_E;y%XOKjzV\|OTR_<(C7\|M6[eK+[%SN[Dj)TUVFed"I]Sy-jJE- ;:Fj
Nov 18, 2023 07:52:31.350167036 CET	2001	IN	Data Raw: 06 2b 59 c5 c1 43 fc 7c 70 7e 34 3c 1e 14 07 d5 a7 16 28 0c 39 e6 78 27 4a 06 a2 76 6c 6a 95 2d 95 bd d7 16 d5 27 99 13 9a 66 49 12 ae 0a 68 06 6a 2d 85 3d 26 78 35 a9 58 6d 07 3f c1 79 f7 55 38 c5 51 db 58 a2 b6 12 5b cf ff 2b 4a d9 da e3 e7 d4 Data Ascii: +YC\|p~4<(9x'Jvlj-'fIhj-=&x5Xm?yU8QX[+Jqu.uA^-lY2#.ZWaXdeEi4+:,w%.[\|FMnDXCV&[PJkLg}!+xdt:zhAO*uiyj1R0Tdw
Nov 18, 2023 07:52:31.350178957 CET	2002	IN	Data Raw: a3 3a e3 83 14 17 ec 8a a8 ab ed 44 de de 92 58 58 c4 b3 e8 63 ca 52 6d 15 42 85 1b 3f 11 a6 6a 24 c0 40 3e ea fa d8 99 24 b5 fa 63 9a a8 7a 58 11 8c 51 85 59 57 b5 01 10 c1 00 d3 24 2c 8a 9f 68 e4 a9 76 e8 20 d5 9f a8 a6 ea 1a cf 38 38 cf a6 6b Data Ascii: :DXXcRmB?j$@>$czXQYW$,hv 88k6H.FvdDpEL{p,Ow68?Z-4`Qz9&2.^Y1faNd(w!o_C-?fF0/9po)`7L
Nov 18, 2023 07:52:31.350189924 CET	2003	IN	Data Raw: 83 6f d8 ba 03 fa 7f 06 f3 e6 f1 f3 3f 83 f9 bf 67 30 eb 2b 71 46 5f 75 81 ce e8 9f e6 02 9d c6 6d 95 d1 ec 73 48 2b 45 f6 75 b1 de 44 c8 bd 1c 57 5f 88 d2 85 db 99 27 49 90 f0 f9 a9 83 9b 08 f7 af ac ae 31 f4 c7 09 7c b1 59 69 bd 08 52 2f f4 92 Data Ascii: o?g0+qF_umsH+EuDW_'I1\|YiR/J=8}\w3?8){uS`hPV3o`]nxe/h7S<Fr.}Rg4#Kd\|?t,e->]x\|~o!,[p\|SoIv}
Nov 18, 2023 07:52:31.350198030 CET	2005	IN	Data Raw: ee 13 50 0c 4f fd 76 2f a7 fc 1a f1 f4 90 21 d4 2e 9e 1e 22 d8 36 88 27 12 b9 5f d1 a6 9a 80 52 d4 eb 8d 7e 4f 11 05 a1 d4 77 e4 54 63 c0 cd fa 4a 4a fd fd 64 54 ef 1f 41 46 31 bd 51 91 06 45 8c 08 32 20 db 05 10 75 7b d5 ef 0f 68 56 25 83 94 e5 Data Ascii: POv/!."6'_R~OwTcJJdTAF1QE2 u{hV%obV/vv\|gh@}ZRKdA?:Z^cReurX\\\|I59I+l7l$b\|1=U"vC'fu8]6%9
Nov 18, 2023 07:52:31.350210905 CET	2006	IN	Data Raw: 8f 0e 86 e3 ac 37 22 56 f3 d2 7e d2 7d 5a cf 38 79 14 eb 36 b8 0f be 7a c4 93 78 ae 16 3f 73 fc e0 c9 5b fa 89 11 5a fa c0 a3 9e 54 bc 4b 7a 41 1d ad cf 4b 64 d5 53 31 11 2f 46 a5 0e 8e 80 6d c8 5c a8 be 98 33 f1 6d 46 45 7f 64 d2 9d 38 82 ec fa Data Ascii: 7"V~}Z8y6zx?s[ZTKzAKdS1/Fm\3mFEd8a,t7Bz\|0<~}9bKN<[(>+,,R)_Fcu{&kT SLS@>,})hFW-JLS*yvWPr-{[%GB
Nov 18, 2023 07:52:31.350220919 CET	2007	IN	Data Raw: d7 b4 d0 0b d3 57 c9 1a d3 42 7d 0e b5 de 14 e5 1b 30 88 3b ea 20 b6 fa 3e 23 1a 9f 14 4c 64 5e af d4 61 8b 92 16 8d 17 31 f3 1d f4 22 0c 28 e9 58 bb 1e 41 56 e3 b3 96 5b 53 e7 91 5c db d5 32 3d cf 88 f2 9d bd 17 84 bb 91 72 ad 0a ad 27 a0 99 6d Data Ascii: WB}0; >#Ld^a1"(XAV[S\2=r'mmj+X!6/!"&^Ml[\|f}T!s1Xl\UN"d$gx(WsZHXyB=zK!#@D(L-)oYH$6LZPV
Nov 18, 2023 07:52:31.598212957 CET	2269	OUT	GET /r/www/cache/static/amd_modules/@baidu/aging-tools-pc_63487d8.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:31.768098116 CET	2279	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:31 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 07:32:35 GMT Last-Modified: Thu, 26 Oct 2023 01:40:47 GMT ETag: "63487d8c50e44137f8b6ce2a04407f8f" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 861596 Accept-Ranges: bytes Content-MD5: Y0h9jFDkQTf4ts4qBEB/jw== x-bce-content-crc32: 3238666094 x-bce-debug-id: NAe6EO3wT96ak0qPNr/yE09Q6Yb3DKCyS+Tz4CZznZZWoF3RX/WEgC34dqYJEqvdvT8YQ27NelWCWCR0K3VAag== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2323bfb6-f847-4994-8a90-63317d70f3a1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:35 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 144135 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 39 63 37 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 69 77 53 57 96 37 fe 3e 9f 42 dc aa 07 a4 46 36 96 6d 26 39 8a 9b 90 a4 bb ba 2a 95 54 92 aa 54 da 61 79 c9 d6 b5 ad 20 24 97 24 43 28 f0 7f 19 08 f3 18 66 c2 3c 85 90 84 31 10 c0 36 f0 22 55 2b 1f a4 7d 35 bc ea af f0 9c fd db fb dc 7b ee 20 d9 4e 52 d5 fd 5f eb c9 60 9d 7d e6 b3 cf 9e ce 3e c3 cd d9 23 f9 a2 1d b7 fe 75 28 9b cf 4d ac c8 8e e6 8b a3 1d d5 52 a9 50 e9 18 1f 5e 91 cb 57 aa 2b f2 c5 9c fd a9 95 1c b0 2a d9 a2 95 b4 aa 95 42 7e c8 da 90 1c 99 28 0e 57 f3 a5 62 bc 98 ac 26 b6 69 28 66 c7 8b 89 6d f9 91 78 69 a0 b8 21 51 b6 ab 13 e5 62 8c c2 9d f6 a7 e3 a5 72 b5 d2 b7 39 5b 8e 55 33 14 95 d9 96 4f 17 93 85 f4 92 54 52 12 d3 db 26 27 fb a4 50 9e 0a 0d 67 0b 85 78 55 97 4d 56 93 5e d8 4e 28 a0 90 59 d2 e5 c5 4d ea a2 99 01 b7 77 aa 6f 6e 7a a6 38 69 74 3b b1 ad e8 26 54 cd 04 d5 8c ad 4a 65 dc 98 c4 36 6b a2 62 c7 2a d5 72 7e b8 6a f5 b9 63 ad 52 25 dc 66 bc 9a b1 74 bc 95 c9 54 b7 8e db a5 91 d8 fb 5b 37 0d 95 0a 4b 97 5a 15 04 82 09 9d f9 aa 5d ce 56 4b e5 7e b3 57 32 08 c9 59 9c 4c 47 24 16 55 9d Data Ascii: 9c7eiwSW7>BF6m&9TTay $$C(f<16"U+}5{ NR_`}>#u(MRP^W+B~(Wb&i(fmxi!Qbr9[U3OTR&'PgxUMV^N(YMwonz8it;&TJe6kb*r~jcR%ftT[7KZ]VK~W2YLG$U

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.5	49774	104.193.88.112	80	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
Nov 18, 2023 07:52:31.179721117 CET	1944	OUT	GET /r/www/cache/static/amd_modules/lottie-web/build/player/lottie_ad9c879.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:31.349936962 CET	1994	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:31 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 16 Sep 2023 03:40:28 GMT Last-Modified: Wed, 13 Sep 2023 01:04:11 GMT ETag: "ad9c879abeee53d70329b394dd30486f" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 5713923 Accept-Ranges: bytes Content-MD5: rZyHmr7uU9cDKbOU3TBIbw== x-bce-content-crc32: 4051085495 x-bce-debug-id: MxmM7vVhunmQfuPwB0H2I4sphD+T7oYyjKE6D5A6RoAIPlULbnKdzE2FtiyY6dXBmi7eK75kCSnivI5XUBrbyw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: a9dfeeb5-65bf-4c24-badc-b1b1cd642f0b x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 13 Sep 2023 03:40:28 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 281451 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 64 63 37 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 7d 7b db 38 92 2f fa 7f 3e 45 a2 3d e3 87 b2 28 45 72 92 9e 69 a9 69 df bc 76 e7 6c a7 93 8d b3 bd bb d7 e3 e3 87 96 28 8b 63 8a d4 90 94 5f da f6 f9 ec b7 7e 55 00 08 90 94 ec 74 f7 cc ce 9d 67 bb 9f 58 04 50 28 00 85 42 a1 50 28 00 9d 75 3a 8b e6 71 1a cd 3a 4f 82 f2 7a 15 65 f3 c7 69 78 11 9f 85 65 96 ef ec cc d7 e9 b4 8c b3 d4 2b fd a8 7b d3 c9 4e ff 12 4d cb 4e a0 21 a3 ab 55 96 97 c5 ce 4e a7 05 cd 32 9b ad 93 e8 40 7e 06 0a 34 88 bc ee b8 a3 d1 56 98 24 f7 ce 8e fc 0e c2 e5 ec 40 3e bd 4e 92 95 65 1c f5 2f a3 d3 8e 7f 74 4c f5 18 7b 65 d0 56 e0 59 92 9d 86 c9 97 45 5c 1c 54 9f e3 f2 f6 b6 88 92 b9 5f 0e 04 11 6a d0 bd f3 4a 4a f3 4d f3 a8 6d eb 22 7a 5c 94 79 4c ed 9b e8 f8 c7 d3 3c 0a cb e8 4b 78 e6 95 dd 9b 3c 2a d7 79 fa 78 96 4d d7 cb 28 2d 07 92 f8 36 89 10 22 80 3b 93 2d ba 2a a3 74 f6 29 cf ca 0c 75 13 ea 5d 84 f9 e3 dc 8f fd 22 a0 aa 44 e9 59 b9 98 cc b3 dc cb 83 e1 a4 d8 cf 27 79 2f 18 75 6f e2 a0 3c ca 8f 07 2b 9d 95 41 90 33 7c 1c a7 8f e3 ee 47 ee 81 2a 7d b0 08 8b 8f 97 29 15 b5 8a f2 f2 Data Ascii: dc7c}{8/>E=(Eriivl(c_~UtgXP(BP(u:q:Ozeixe+{NMN!UN2@~4V$@>Ne/tL{eVYE\T_jJJMm"z\yL<Kx<yxM(-6";-t)u]"DY'y/uo<+A3\|G*})
Nov 18, 2023 07:52:31.349957943 CET	1995	IN	Data Raw: 7a 30 0d 93 c4 8b fd b0 bb b3 e3 45 15 d8 51 78 1c c4 f4 a7 7b 57 55 f2 2c 2a df 44 c5 34 8f 57 d4 d5 52 45 d5 42 55 08 01 58 a8 6b b0 8f 2a 44 42 07 82 bb ba 7e 67 f8 a5 7b 53 51 83 c8 7b a7 50 5b 75 0a 08 4d 1d c9 61 fc 4b 34 7b 99 e7 e1 b5 45 Data Ascii: z0EQx{WU,D4WREBUXkDB~g{SQ{P[uMaK4{Epu7BqygD}4<(%3Zzy%q0U-pn.8KS+M];S<FkjXLg4~uT'"['UlIY.?
Nov 18, 2023 07:52:31.349968910 CET	1997	IN	Data Raw: 4d 3a 41 2f 00 c8 80 64 6a 34 93 ca e8 e6 52 a7 65 24 06 5d 0c 43 93 7f d8 9e bb eb e7 4a f5 e4 20 4d f9 96 42 18 1b fd 4a b5 5f 01 0d 45 27 5a 65 31 91 24 20 42 c8 2a d7 e1 e1 c2 52 a4 56 a4 a3 c6 a6 08 a5 51 71 6e 5b bd 0b ed d9 81 16 57 51 3e Data Ascii: M:A/dj4Re$]CJ MBJ_E'Ze1$ BRVQqn[WQ>X?CC"Rt.)n1ue??)3XUn'KXF}Pok`zdp^nVIiJ<tS!WT*)\z;z.
Nov 18, 2023 07:52:31.349981070 CET	1998	IN	Data Raw: 22 ec e4 d8 fb 38 34 42 a9 81 f1 95 02 7e 3f 33 c1 0a 88 06 ff cc 14 6b f5 4f ad d9 24 a8 ca 81 d3 b0 e0 7f 1f 7e fc 09 eb 9d 22 72 5b 4c 93 6b a3 79 f5 52 9c 4a fe db 3a c4 96 0c 0a a7 a9 aa 83 cd dd f4 ac e2 89 b2 ab 8c a1 a5 18 43 3b 8b f8 6c Data Ascii: "84B~?3kO$~"r[LkyRJ:C;l3Ise4^ldaG])F}\|I8/OF'CBq.9mbP$XIDW*cDJ"pdU.@.uJk+r\QYRLmm
Nov 18, 2023 07:52:31.350152016 CET	1999	IN	Data Raw: e7 5f e6 fc 5f 0b c0 65 3c 43 c3 6d 76 1a 60 6d 24 2c 71 49 45 36 f3 2c 58 67 dc 98 69 c1 99 d6 32 e5 26 5d 6c 4d 56 f5 64 ca 52 53 31 eb 54 2d eb 3a fd 4f b1 c1 4d b6 1a 6f 1b 8b ba 5c 5f 68 4a a3 5c 0f 3d 9d d2 f5 69 8e 5a 8d db 16 91 c0 64 e2 Data Ascii: __e<Cmv`m$,qIE6,Xgi2&]lMVdRS1T-:OMo\_hJ\=iZdg]q'aQ5_E;y%XOKjzV\|OTR_<(C7\|M6[eK+[%SN[Dj)TUVFed"I]Sy-jJE- ;:Fj
Nov 18, 2023 07:52:31.350167036 CET	2001	IN	Data Raw: 06 2b 59 c5 c1 43 fc 7c 70 7e 34 3c 1e 14 07 d5 a7 16 28 0c 39 e6 78 27 4a 06 a2 76 6c 6a 95 2d 95 bd d7 16 d5 27 99 13 9a 66 49 12 ae 0a 68 06 6a 2d 85 3d 26 78 35 a9 58 6d 07 3f c1 79 f7 55 38 c5 51 db 58 a2 b6 12 5b cf ff 2b 4a d9 da e3 e7 d4 Data Ascii: +YC\|p~4<(9x'Jvlj-'fIhj-=&x5Xm?yU8QX[+Jqu.uA^-lY2#.ZWaXdeEi4+:,w%.[\|FMnDXCV&[PJkLg}!+xdt:zhAO*uiyj1R0Tdw
Nov 18, 2023 07:52:31.350178957 CET	2002	IN	Data Raw: a3 3a e3 83 14 17 ec 8a a8 ab ed 44 de de 92 58 58 c4 b3 e8 63 ca 52 6d 15 42 85 1b 3f 11 a6 6a 24 c0 40 3e ea fa d8 99 24 b5 fa 63 9a a8 7a 58 11 8c 51 85 59 57 b5 01 10 c1 00 d3 24 2c 8a 9f 68 e4 a9 76 e8 20 d5 9f a8 a6 ea 1a cf 38 38 cf a6 6b Data Ascii: :DXXcRmB?j$@>$czXQYW$,hv 88k6H.FvdDpEL{p,Ow68?Z-4`Qz9&2.^Y1faNd(w!o_C-?fF0/9po)`7L
Nov 18, 2023 07:52:31.350189924 CET	2003	IN	Data Raw: 83 6f d8 ba 03 fa 7f 06 f3 e6 f1 f3 3f 83 f9 bf 67 30 eb 2b 71 46 5f 75 81 ce e8 9f e6 02 9d c6 6d 95 d1 ec 73 48 2b 45 f6 75 b1 de 44 c8 bd 1c 57 5f 88 d2 85 db 99 27 49 90 f0 f9 a9 83 9b 08 f7 af ac ae 31 f4 c7 09 7c b1 59 69 bd 08 52 2f f4 92 Data Ascii: o?g0+qF_umsH+EuDW_'I1\|YiR/J=8}\w3?8){uS`hPV3o`]nxe/h7S<Fr.}Rg4#Kd\|?t,e->]x\|~o!,[p\|SoIv}
Nov 18, 2023 07:52:31.350198030 CET	2005	IN	Data Raw: ee 13 50 0c 4f fd 76 2f a7 fc 1a f1 f4 90 21 d4 2e 9e 1e 22 d8 36 88 27 12 b9 5f d1 a6 9a 80 52 d4 eb 8d 7e 4f 11 05 a1 d4 77 e4 54 63 c0 cd fa 4a 4a fd fd 64 54 ef 1f 41 46 31 bd 51 91 06 45 8c 08 32 20 db 05 10 75 7b d5 ef 0f 68 56 25 83 94 e5 Data Ascii: POv/!."6'_R~OwTcJJdTAF1QE2 u{hV%obV/vv\|gh@}ZRKdA?:Z^cReurX\\\|I59I+l7l$b\|1=U"vC'fu8]6%9
Nov 18, 2023 07:52:31.350210905 CET	2006	IN	Data Raw: 8f 0e 86 e3 ac 37 22 56 f3 d2 7e d2 7d 5a cf 38 79 14 eb 36 b8 0f be 7a c4 93 78 ae 16 3f 73 fc e0 c9 5b fa 89 11 5a fa c0 a3 9e 54 bc 4b 7a 41 1d ad cf 4b 64 d5 53 31 11 2f 46 a5 0e 8e 80 6d c8 5c a8 be 98 33 f1 6d 46 45 7f 64 d2 9d 38 82 ec fa Data Ascii: 7"V~}Z8y6zx?s[ZTKzAKdS1/Fm\3mFEd8a,t7Bz\|0<~}9bKN<[(>+,,R)_Fcu{&kT SLS@>,})hFW-JLS*yvWPr-{[%GB
Nov 18, 2023 07:52:31.350220919 CET	2007	IN	Data Raw: d7 b4 d0 0b d3 57 c9 1a d3 42 7d 0e b5 de 14 e5 1b 30 88 3b ea 20 b6 fa 3e 23 1a 9f 14 4c 64 5e af d4 61 8b 92 16 8d 17 31 f3 1d f4 22 0c 28 e9 58 bb 1e 41 56 e3 b3 96 5b 53 e7 91 5c db d5 32 3d cf 88 f2 9d bd 17 84 bb 91 72 ad 0a ad 27 a0 99 6d Data Ascii: WB}0; >#Ld^a1"(XAV[S\2=r'mmj+X!6/!"&^Ml[\|f}T!s1Xl\UN"d$gx(WsZHXyB=zK!#@D(L-)oYH$6LZPV
Nov 18, 2023 07:52:31.598212957 CET	2269	OUT	GET /r/www/cache/static/amd_modules/@baidu/aging-tools-pc_63487d8.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
Nov 18, 2023 07:52:31.768098116 CET	2279	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:31 GMT Content-Type: text/javascript; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Expires: Sat, 11 Nov 2023 07:32:35 GMT Last-Modified: Thu, 26 Oct 2023 01:40:47 GMT ETag: "63487d8c50e44137f8b6ce2a04407f8f" Cache-Control: max-age=31536000 Content-Encoding: gzip Age: 861596 Accept-Ranges: bytes Content-MD5: Y0h9jFDkQTf4ts4qBEB/jw== x-bce-content-crc32: 3238666094 x-bce-debug-id: NAe6EO3wT96ak0qPNr/yE09Q6Yb3DKCyS+Tz4CZznZZWoF3RX/WEgC34dqYJEqvdvT8YQ27NelWCWCR0K3VAag== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2323bfb6-f847-4994-8a90-63317d70f3a1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:35 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 144135 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: * Data Raw: 39 63 37 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 69 77 53 57 96 37 fe 3e 9f 42 dc aa 07 a4 46 36 96 6d 26 39 8a 9b 90 a4 bb ba 2a 95 54 92 aa 54 da 61 79 c9 d6 b5 ad 20 24 97 24 43 28 f0 7f 19 08 f3 18 66 c2 3c 85 90 84 31 10 c0 36 f0 22 55 2b 1f a4 7d 35 bc ea af f0 9c fd db fb dc 7b ee 20 d9 4e 52 d5 fd 5f eb c9 60 9d 7d e6 b3 cf 9e ce 3e c3 cd d9 23 f9 a2 1d b7 fe 75 28 9b cf 4d ac c8 8e e6 8b a3 1d d5 52 a9 50 e9 18 1f 5e 91 cb 57 aa 2b f2 c5 9c fd a9 95 1c b0 2a d9 a2 95 b4 aa 95 42 7e c8 da 90 1c 99 28 0e 57 f3 a5 62 bc 98 ac 26 b6 69 28 66 c7 8b 89 6d f9 91 78 69 a0 b8 21 51 b6 ab 13 e5 62 8c c2 9d f6 a7 e3 a5 72 b5 d2 b7 39 5b 8e 55 33 14 95 d9 96 4f 17 93 85 f4 92 54 52 12 d3 db 26 27 fb a4 50 9e 0a 0d 67 0b 85 78 55 97 4d 56 93 5e d8 4e 28 a0 90 59 d2 e5 c5 4d ea a2 99 01 b7 77 aa 6f 6e 7a a6 38 69 74 3b b1 ad e8 26 54 cd 04 d5 8c ad 4a 65 dc 98 c4 36 6b a2 62 c7 2a d5 72 7e b8 6a f5 b9 63 ad 52 25 dc 66 bc 9a b1 74 bc 95 c9 54 b7 8e db a5 91 d8 fb 5b 37 0d 95 0a 4b 97 5a 15 04 82 09 9d f9 aa 5d ce 56 4b e5 7e b3 57 32 08 c9 59 9c 4c 47 24 16 55 9d Data Ascii: 9c7eiwSW7>BF6m&9TTay $$C(f<16"U+}5{ NR_`}>#u(MRP^W+B~(Wb&i(fmxi!Qbr9[U3OTR&'PgxUMV^N(YMwonz8it;&TJe6kb*r~jcR%ftT[7KZ]VK~W2YLG$U

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49705	157.185.145.100	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:51:59 UTC	0	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 Accept: / Referer: http://www.ip138.com Accept-Language: zh-cn Cache-Control: no-cache Host: www.ip138.com Connection: Keep-Alive
2023-11-18 06:51:59 UTC	0	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 06:51:59 GMT Content-Type: text/html Content-Length: 21290 Connection: close Content-Location: http://www.ip138.com/index.htm Last-Modified: Mon, 06 Nov 2023 02:05:12 GMT Accept-Ranges: bytes ETag: "4e6e3bad5510da1:2cfc" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Age: 3358 X-Via: 1.1 zhshx14:1 (Cdn Cache Server V2.0), 1.1 PS-WNZ-01JJT46:14 (Cdn Cache Server V2.0), 1.1 yatu3:8 (Cdn Cache Server V2.0) X-Ws-Request-Id: 65585f0f_PS-SEA-01mw0147_46815-14197
2023-11-18 06:51:59 UTC	0	IN	Data Raw: 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 6c 6c 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 Data Ascii: <!DOCTYPE html><html><head><meta charset='utf-8'><meta name="robots" content="all"/><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/><meta name="applicable-devic
2023-11-18 06:51:59 UTC	13	IN	Data Raw: 3d 22 5f 62 6c 61 6e 6b 22 3e e5 ad a9 e5 ad 90 e8 ba ab e9 ab 98 e9 a2 84 e6 b5 8b 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 73 61 6e 77 65 69 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a5 b3 e6 80 a7 e4 b8 89 e5 9b b4 e8 87 aa e6 b5 8b 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 63 68 69 6d 61 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e6 a0 87 e5 87 86 e5 b0 ba e7 a0 81 e5 af b9 e7 85 a7 e8 a1 a8 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 64 69 74 69 65 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 9f 8e e5 b8 82 e5 9c b0 e9 93 81 e7 ba bf e8 b7 af e5 9b be 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 63 68 65 62 69 61 6f 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: ="_blank"></a><a href="/sanwei/" target="_blank"></a><a href="/chima/" target="_blank"></a><a href="/ditie/" target="_blank"></a><a href="/chebiao/" target="_bla

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	157.185.145.100	443	192.168.2.5	49705	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:51:59 UTC	0	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 Accept: / Referer: http://www.ip138.com Accept-Language: zh-cn Cache-Control: no-cache Host: www.ip138.com Connection: Keep-Alive
2023-11-18 06:51:59 UTC	0	IN	HTTP/1.1 200 OK Date: Sat, 18 Nov 2023 06:51:59 GMT Content-Type: text/html Content-Length: 21290 Connection: close Content-Location: http://www.ip138.com/index.htm Last-Modified: Mon, 06 Nov 2023 02:05:12 GMT Accept-Ranges: bytes ETag: "4e6e3bad5510da1:2cfc" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Age: 3358 X-Via: 1.1 zhshx14:1 (Cdn Cache Server V2.0), 1.1 PS-WNZ-01JJT46:14 (Cdn Cache Server V2.0), 1.1 yatu3:8 (Cdn Cache Server V2.0) X-Ws-Request-Id: 65585f0f_PS-SEA-01mw0147_46815-14197
2023-11-18 06:51:59 UTC	0	IN	Data Raw: 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 6c 6c 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 62 6c 65 2d 64 65 76 69 63 Data Ascii: <!DOCTYPE html><html><head><meta charset='utf-8'><meta name="robots" content="all"/><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"/><meta name="applicable-devic
2023-11-18 06:51:59 UTC	13	IN	Data Raw: 3d 22 5f 62 6c 61 6e 6b 22 3e e5 ad a9 e5 ad 90 e8 ba ab e9 ab 98 e9 a2 84 e6 b5 8b 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 73 61 6e 77 65 69 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a5 b3 e6 80 a7 e4 b8 89 e5 9b b4 e8 87 aa e6 b5 8b 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 63 68 69 6d 61 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e6 a0 87 e5 87 86 e5 b0 ba e7 a0 81 e5 af b9 e7 85 a7 e8 a1 a8 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 64 69 74 69 65 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 9f 8e e5 b8 82 e5 9c b0 e9 93 81 e7 ba bf e8 b7 af e5 9b be 3c 2f 61 3e 0d 0a 09 09 3c 61 20 68 72 65 66 3d 22 2f 63 68 65 62 69 61 6f 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 Data Ascii: ="_blank"></a><a href="/sanwei/" target="_blank"></a><a href="/chima/" target="_blank"></a><a href="/ditie/" target="_blank"></a><a href="/chebiao/" target="_bla

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49718	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	21	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	23	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 4560 Connection: close Expires: Fri, 08 Dec 2023 06:31:41 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-11d0" Cache-Control: max-age=2592000 Age: 865236 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:41 GMT Ohc-Cache-HIT: iad01-sys-jomo7.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:17 UTC	23	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 11 3a 49 44 41 54 78 01 ed 5a 69 8c 1c c7 75 7e d5 dd 33 7b df bb 5c ae a8 e5 f2 92 48 49 36 69 51 94 45 4a b2 1d 51 97 13 19 8a 4d 23 30 02 4b 0e 84 24 80 2d c8 70 90 28 70 e4 1f 4e e0 24 70 f2 23 48 94 00 01 1c 38 88 0f 18 b0 25 1b 06 6c 58 06 a3 c3 26 69 ca d4 61 c2 e2 7d df dc 5d 72 4f 2e f7 9e e9 ae 7c df ab ee d9 19 71 29 ed cc 0e 03 18 98 42 6f 6d 75 1d af de fb de ab 57 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXH:IDATxZiu~3{\HI6iQEJQM#0K$-p(pN$p#H8%lX&ia}]rO.\|q)BomuW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	104.193.90.87	443	192.168.2.5	49718	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	21	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	23	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 4560 Connection: close Expires: Fri, 08 Dec 2023 06:31:41 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-11d0" Cache-Control: max-age=2592000 Age: 865236 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:41 GMT Ohc-Cache-HIT: iad01-sys-jomo7.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:17 UTC	23	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 11 3a 49 44 41 54 78 01 ed 5a 69 8c 1c c7 75 7e d5 dd 33 7b df bb 5c ae a8 e5 f2 92 48 49 36 69 51 94 45 4a b2 1d 51 97 13 19 8a 4d 23 30 02 4b 0e 84 24 80 2d c8 70 90 28 70 e4 1f 4e e0 24 70 f2 23 48 94 00 01 1c 38 88 0f 18 b0 25 1b 06 6c 58 06 a3 c3 26 69 ca d4 61 c2 e2 7d df dc 5d 72 4f 2e f7 9e e9 ae 7c df ab ee d9 19 71 29 ed cc 0e 03 18 98 42 6f 6d 75 1d af de fb de ab 57 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXH:IDATxZiu~3{\HI6iQEJQM#0K$-p(pN$p#H8%lX&ia}]rO.\|q)BomuW

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.5	49736	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	86	OUT	GET /static/superman/js/lib/esl-d776bfb1aa.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	135	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 16420 Connection: close Expires: Sat, 11 Nov 2023 07:37:51 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "d776bfb1aae5a93ad826135c4b1c8727" Cache-Control: max-age=31536000 Age: 861268 Accept-Ranges: bytes Content-MD5: 13a/sarlqTrYJhNcSxyHJw== x-bce-content-crc32: 1931967198 x-bce-debug-id: wcO3N5a15kqo1e1J84m2b1Peyun1LeVUxa+puK0z+pdDSKFJt0JeYDtwMWP6myQhkJMeLAhyx7a1y2fcSBtogg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2594054f-8ef6-4c3a-b0dd-9d3a3852e530 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:51 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 16420 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:19 UTC	136	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 72 6f 6f 74 29 7b 69 66 28 72 6f 6f 74 2e 65 73 6c 26 26 72 6f 6f 74 2e 72 65 71 75 69 72 65 26 26 72 6f 6f 74 2e 65 73 6c 2e 76 65 72 73 69 6f 6e 3d 3d 3d 72 6f 6f 74 2e 72 65 71 75 69 72 65 2e 76 65 72 73 69 6f 6e 29 7b 72 65 74 75 72 6e 7d 76 61 72 20 64 65 66 69 6e 65 3b 76 61 72 20 72 65 71 75 69 72 65 3b 76 61 72 20 65 73 6c 3b 28 66 75 6e 63 74 69 6f 6e 28 67 6c 6f 62 61 6c 29 7b 76 61 72 20 6d 6f 64 4d 6f 64 75 6c 65 73 3d 7b 7d 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 50 52 45 5f 44 45 46 49 4e 45 44 3d 31 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 41 4e 41 4c 59 5a 45 44 3d 32 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 50 52 45 50 41 52 45 44 3d 33 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 44 45 46 49 4e 45 44 3d 34 3b 76 61 72 20 6d 6f 64 Data Ascii: (function(root){if(root.esl&&root.require&&root.esl.version===root.require.version){return}var define;var require;var esl;(function(global){var modModules={};var MODULE_PRE_DEFINED=1;var MODULE_ANALYZED=2;var MODULE_PREPARED=3;var MODULE_DEFINED=4;var mod
2023-11-18 06:52:19 UTC	151	IN	Data Raw: 65 3d 73 63 72 69 70 74 2e 72 65 61 64 79 53 74 61 74 65 3b 69 66 28 74 79 70 65 6f 66 20 72 65 61 64 79 53 74 61 74 65 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 7c 7c 2f 5e 28 6c 6f 61 64 65 64 7c 63 6f 6d 70 6c 65 74 65 29 24 2f 2e 74 65 73 74 28 72 65 61 64 79 53 74 61 74 65 29 29 7b 73 63 72 69 70 74 2e 6f 6e 6c 6f 61 64 3d 73 63 72 69 70 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 6e 75 6c 6c 3b 73 63 72 69 70 74 3d 6e 75 6c 6c 3b 6f 6e 6c 6f 61 64 28 29 7d 7d 63 75 72 72 65 6e 74 6c 79 41 64 64 69 6e 67 53 63 72 69 70 74 3d 73 63 72 69 70 74 0a 3b 62 61 73 65 45 6c 65 6d 65 6e 74 3f 68 65 61 64 45 6c 65 6d 65 6e 74 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 63 72 69 70 74 2c 62 61 73 65 45 6c 65 6d 65 6e 74 29 3a 68 65 61 64 45 Data Ascii: e=script.readyState;if(typeof readyState==="undefined"\|\|/^(loaded\|complete)$/.test(readyState)){script.onload=script.onreadystatechange=null;script=null;onload()}}currentlyAddingScript=script;baseElement?headElement.insertBefore(script,baseElement):headE

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	104.193.88.112	443	192.168.2.5	49736	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	86	OUT	GET /static/superman/js/lib/esl-d776bfb1aa.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	135	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 16420 Connection: close Expires: Sat, 11 Nov 2023 07:37:51 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "d776bfb1aae5a93ad826135c4b1c8727" Cache-Control: max-age=31536000 Age: 861268 Accept-Ranges: bytes Content-MD5: 13a/sarlqTrYJhNcSxyHJw== x-bce-content-crc32: 1931967198 x-bce-debug-id: wcO3N5a15kqo1e1J84m2b1Peyun1LeVUxa+puK0z+pdDSKFJt0JeYDtwMWP6myQhkJMeLAhyx7a1y2fcSBtogg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2594054f-8ef6-4c3a-b0dd-9d3a3852e530 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:51 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 16420 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:19 UTC	136	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 72 6f 6f 74 29 7b 69 66 28 72 6f 6f 74 2e 65 73 6c 26 26 72 6f 6f 74 2e 72 65 71 75 69 72 65 26 26 72 6f 6f 74 2e 65 73 6c 2e 76 65 72 73 69 6f 6e 3d 3d 3d 72 6f 6f 74 2e 72 65 71 75 69 72 65 2e 76 65 72 73 69 6f 6e 29 7b 72 65 74 75 72 6e 7d 76 61 72 20 64 65 66 69 6e 65 3b 76 61 72 20 72 65 71 75 69 72 65 3b 76 61 72 20 65 73 6c 3b 28 66 75 6e 63 74 69 6f 6e 28 67 6c 6f 62 61 6c 29 7b 76 61 72 20 6d 6f 64 4d 6f 64 75 6c 65 73 3d 7b 7d 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 50 52 45 5f 44 45 46 49 4e 45 44 3d 31 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 41 4e 41 4c 59 5a 45 44 3d 32 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 50 52 45 50 41 52 45 44 3d 33 3b 76 61 72 20 4d 4f 44 55 4c 45 5f 44 45 46 49 4e 45 44 3d 34 3b 76 61 72 20 6d 6f 64 Data Ascii: (function(root){if(root.esl&&root.require&&root.esl.version===root.require.version){return}var define;var require;var esl;(function(global){var modModules={};var MODULE_PRE_DEFINED=1;var MODULE_ANALYZED=2;var MODULE_PREPARED=3;var MODULE_DEFINED=4;var mod
2023-11-18 06:52:19 UTC	151	IN	Data Raw: 65 3d 73 63 72 69 70 74 2e 72 65 61 64 79 53 74 61 74 65 3b 69 66 28 74 79 70 65 6f 66 20 72 65 61 64 79 53 74 61 74 65 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 7c 7c 2f 5e 28 6c 6f 61 64 65 64 7c 63 6f 6d 70 6c 65 74 65 29 24 2f 2e 74 65 73 74 28 72 65 61 64 79 53 74 61 74 65 29 29 7b 73 63 72 69 70 74 2e 6f 6e 6c 6f 61 64 3d 73 63 72 69 70 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 3d 6e 75 6c 6c 3b 73 63 72 69 70 74 3d 6e 75 6c 6c 3b 6f 6e 6c 6f 61 64 28 29 7d 7d 63 75 72 72 65 6e 74 6c 79 41 64 64 69 6e 67 53 63 72 69 70 74 3d 73 63 72 69 70 74 0a 3b 62 61 73 65 45 6c 65 6d 65 6e 74 3f 68 65 61 64 45 6c 65 6d 65 6e 74 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 73 63 72 69 70 74 2c 62 61 73 65 45 6c 65 6d 65 6e 74 29 3a 68 65 61 64 45 Data Ascii: e=script.readyState;if(typeof readyState==="undefined"\|\|/^(loaded\|complete)$/.test(readyState)){script.onload=script.onreadystatechange=null;script=null;onload()}}currentlyAddingScript=script;baseElement?headElement.insertBefore(script,baseElement):headE

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	104.193.90.87	443	192.168.2.5	49734	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	87	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhidao-da1cf444b0.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	200	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: image/png Content-Length: 2315 Connection: close Expires: Fri, 08 Dec 2023 05:04:22 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-90b" Cache-Control: max-age=2592000 Age: 870477 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:04:22 GMT Ohc-Cache-HIT: iad01-sys-jomo3.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:19 UTC	201	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 08 75 49 44 41 54 78 01 ed 5a 79 70 53 45 18 cf 7d 35 4d d3 33 6d 4a 69 c1 02 72 14 11 e4 66 14 90 63 10 e5 d4 a2 9c 23 8e ce e0 f0 07 02 8e 22 87 c2 a8 4c 45 64 60 74 9c 51 01 65 60 ec 14 29 ca e1 28 72 14 95 41 a8 14 a1 58 b9 0a c8 95 a6 57 48 93 a6 49 d3 24 7e 9a ce eb be 97 e6 65 77 5f 92 fa c7 eb f4 8f 6f 77 bf 6b 7f f9 f6 db dd ef ad 34 10 08 48 c4 3f 89 44 26 82 10 44 40 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHuIDATxZypSE}5M3mJirfc#"LEd`tQe`)(rAXWHI$~ew_owk4H?D&D@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.5	49734	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	87	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhidao-da1cf444b0.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	200	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: image/png Content-Length: 2315 Connection: close Expires: Fri, 08 Dec 2023 05:04:22 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-90b" Cache-Control: max-age=2592000 Age: 870477 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:04:22 GMT Ohc-Cache-HIT: iad01-sys-jomo3.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:19 UTC	201	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 08 75 49 44 41 54 78 01 ed 5a 79 70 53 45 18 cf 7d 35 4d d3 33 6d 4a 69 c1 02 72 14 11 e4 66 14 90 63 10 e5 d4 a2 9c 23 8e ce e0 f0 07 02 8e 22 87 c2 a8 4c 45 64 60 74 9c 51 01 65 60 ec 14 29 ca e1 28 72 14 95 41 a8 14 a1 58 b9 0a c8 95 a6 57 48 93 a6 49 d3 24 7e 9a ce eb be 97 e6 65 77 5f 92 fa c7 eb f4 8f 6f 77 bf 6b 7f f9 f6 db dd ef ad 34 10 08 48 c4 3f 89 44 26 82 10 44 40 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHuIDATxZypSE}5M3mJirfc#"LEd`tQe`)(rAXWHI$~ew_owk4H?D&D@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.5	49735	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	87	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newjiankang-f03b804b4b.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	219	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: image/png Content-Length: 2746 Connection: close Expires: Fri, 08 Dec 2023 07:37:53 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-aba" Cache-Control: max-age=2592000 Age: 861266 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:53 GMT Ohc-Cache-HIT: iad01-sys-jomo0.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:19 UTC	219	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0a 24 49 44 41 54 78 01 ed 5a 6b 6c 5c 47 15 be fb b0 b3 6b 7b 1d 3b 9b fa 1d d2 a4 49 9c 07 49 e3 18 52 9a 96 57 23 55 55 13 42 05 88 96 fe a1 e2 21 51 44 a4 aa 12 12 08 55 e2 1f 3f 40 45 15 42 06 15 d4 22 f1 0f 09 21 d2 04 a1 a2 2a 4d 55 45 ad 93 14 37 75 55 97 e0 26 d8 49 1d fc de d8 b5 63 7b bd 7c df 39 73 d7 7b 9d bb 5e ef de 5d 6f 2a ee 64 3d 77 e6 dc 73 e6 9e f3 cd 77 66 Data Ascii: PNGIHDRXXcsRGBDeXIfMMiXXH$IDATxZkl\Gk{;IIRW#UUB!QDU?@EB"!MUE7uU&Ic{\|9s{^]o*d=wswf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	104.193.90.87	443	192.168.2.5	49735	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	87	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newjiankang-f03b804b4b.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	219	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: image/png Content-Length: 2746 Connection: close Expires: Fri, 08 Dec 2023 07:37:53 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-aba" Cache-Control: max-age=2592000 Age: 861266 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:53 GMT Ohc-Cache-HIT: iad01-sys-jomo0.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:19 UTC	219	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0a 24 49 44 41 54 78 01 ed 5a 6b 6c 5c 47 15 be fb b0 b3 6b 7b 1d 3b 9b fa 1d d2 a4 49 9c 07 49 e3 18 52 9a 96 57 23 55 55 13 42 05 88 96 fe a1 e2 21 51 44 a4 aa 12 12 08 55 e2 1f 3f 40 45 15 42 06 15 d4 22 f1 0f 09 21 d2 04 a1 a2 2a 4d 55 45 ad 93 14 37 75 55 97 e0 26 d8 49 1d fc de d8 b5 63 7b bd 7c df 39 73 d7 7b 9d bb 5e ef de 5d 6f 2a ee 64 3d 77 e6 dc 73 e6 9e f3 cd 77 66 Data Ascii: PNGIHDRXXcsRGBDeXIfMMiXXH$IDATxZkl\Gk{;IIRW#UUB!QDU?@EB"!MUE7uU&Ic{\|9s{^]o*d=wswf

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	104.193.90.87	443	192.168.2.5	49739	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:20 UTC	252	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/yingxiaoicon-612169cc36.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:20 UTC	269	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: image/png Content-Length: 3378 Connection: close Expires: Fri, 08 Dec 2023 05:04:23 GMT Last-Modified: Mon, 13 Dec 2021 07:23:05 GMT ETag: "61b6f4d9-d32" Cache-Control: max-age=2592000 Age: 870477 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:04:23 GMT Ohc-Cache-HIT: iad01-sys-jomo3.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:20 UTC	270	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0c 9c 49 44 41 54 78 01 ed 5b 79 78 54 d5 15 ff cd 64 92 c9 be 12 20 a0 12 02 a8 21 84 00 09 c8 56 64 b1 51 5b f8 50 a4 5a 2c 52 fb 59 a4 a2 d6 d6 f5 d3 ba 54 f9 94 6a 29 5f 4b 6d 5d c0 5a a9 5b 51 16 ab 96 0a 4a 8b 24 04 c5 18 0c 11 62 44 08 18 59 42 16 b2 ce 4c 66 eb ef ce 9b 24 f3 66 79 33 f3 66 c2 5f ef 7c ef 9b b9 cb b9 ef de fb 9b 73 cf 3d e7 dc 3b 3a a7 d3 09 8d 00 bd 06 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHIDATx[yxTd !VdQ[PZ,RYTj)_Km]Z[QJ$bDYBLf$fy3f_\|s=;:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.5	49739	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:20 UTC	252	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/yingxiaoicon-612169cc36.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:20 UTC	269	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: image/png Content-Length: 3378 Connection: close Expires: Fri, 08 Dec 2023 05:04:23 GMT Last-Modified: Mon, 13 Dec 2021 07:23:05 GMT ETag: "61b6f4d9-d32" Cache-Control: max-age=2592000 Age: 870477 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:04:23 GMT Ohc-Cache-HIT: iad01-sys-jomo3.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:20 UTC	270	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0c 9c 49 44 41 54 78 01 ed 5b 79 78 54 d5 15 ff cd 64 92 c9 be 12 20 a0 12 02 a8 21 84 00 09 c8 56 64 b1 51 5b f8 50 a4 5a 2c 52 fb 59 a4 a2 d6 d6 f5 d3 ba 54 f9 94 6a 29 5f 4b 6d 5d c0 5a a9 5b 51 16 ab 96 0a 4a 8b 24 04 c5 18 0c 11 62 44 08 18 59 42 16 b2 ce 4c 66 eb ef ce 9b 24 f3 66 79 33 f3 66 c2 5f ef 7c ef 9b b9 cb b9 ef de fb 9b 73 cf 3d e7 dc 3b 3a a7 d3 09 8d 00 bd 06 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHIDATx[yxTd !VdQ[PZ,RYTj)_Km]Z[QJ$bDYBLf$fy3f_\|s=;:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.5	49740	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:20 UTC	252	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhibo-a6a0831ecd.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:20 UTC	273	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: image/png Content-Length: 4085 Connection: close Expires: Fri, 08 Dec 2023 06:07:31 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-ff5" Cache-Control: max-age=2592000 Age: 866689 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:07:31 GMT Ohc-Cache-HIT: iad01-sys-jomo4.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:20 UTC	273	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0f 5f 49 44 41 54 78 01 ed 5a d9 93 1d d7 59 ff be de ee 3a fb a2 d1 68 b4 8d d6 38 92 c0 36 38 31 04 62 12 5c c5 52 84 4a 1c 28 92 14 55 94 5f 80 ca 13 6f fc 07 79 a6 8a 87 54 91 17 1e e0 85 04 a8 3c 84 22 c6 82 50 b6 64 25 16 b6 63 ad c8 92 66 34 a3 59 ef dc 99 b9 77 e6 6e bd 1c 7e df e9 db 3d f7 ce 58 8e fa 8e 1c 0b e8 53 5d 7d 4f 9f 3e 7d fa 7c bf ef f7 2d e7 f4 65 a5 14 a5 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXH_IDATxZY:h8681b\RJ(U_oyT<"Pd%cf4Ywn~=XS]}O>}\|-e

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	104.193.90.87	443	192.168.2.5	49740	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:20 UTC	252	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhibo-a6a0831ecd.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:20 UTC	273	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: image/png Content-Length: 4085 Connection: close Expires: Fri, 08 Dec 2023 06:07:31 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-ff5" Cache-Control: max-age=2592000 Age: 866689 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:07:31 GMT Ohc-Cache-HIT: iad01-sys-jomo4.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:20 UTC	273	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0f 5f 49 44 41 54 78 01 ed 5a d9 93 1d d7 59 ff be de ee 3a fb a2 d1 68 b4 8d d6 38 92 c0 36 38 31 04 62 12 5c c5 52 84 4a 1c 28 92 14 55 94 5f 80 ca 13 6f fc 07 79 a6 8a 87 54 91 17 1e e0 85 04 a8 3c 84 22 c6 82 50 b6 64 25 16 b6 63 ad c8 92 66 34 a3 59 ef dc 99 b9 77 e6 6e bd 1c 7e df e9 db 3d f7 ce 58 8e fa 8e 1c 0b e8 53 5d 7d 4f 9f 3e 7d fa 7c bf ef f7 2d e7 f4 65 a5 14 a5 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXH_IDATxZY:h8681b\RJ(U_oyT<"Pd%cf4Ywn~=XS]}O>}\|-e

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.5	49742	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:20 UTC	252	OUT	GET /static/superman/amd_modules/tslib-c95383af0c.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:20 UTC	253	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 15964 Connection: close Expires: Sat, 11 Nov 2023 07:48:31 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "c95383af0ca41acfebc6860e7e7958bc" Cache-Control: max-age=31536000 Age: 860629 Accept-Ranges: bytes Content-MD5: yVODrwykGs/rxoYOfnlYvA== x-bce-content-crc32: 2211686602 x-bce-debug-id: nPhYgIHtWWoRs7ueSiJtOg6l5FSY1vhsRMvyAG+STgXC/xGuDjAQS2G2ua208cZecmYttn2n92MOxxFZMuB9FA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: bc9d9166-b84c-4db7-9d98-5c4d1167d106 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:31 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 15964 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:20 UTC	254	IN	Data Raw: 64 65 66 69 6e 65 28 27 74 73 6c 69 62 27 2c 20 5b 0a 20 20 20 20 27 72 65 71 75 69 72 65 27 2c 0a 20 20 20 20 27 61 6d 64 5f 6d 6f 64 75 6c 65 73 2f 74 73 6c 69 62 2f 74 73 6c 69 62 27 0a 5d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 72 65 71 75 69 72 65 2c 20 6d 6f 64 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 6d 6f 64 3b 0a 7d 29 3b 0a 76 61 72 20 5f 5f 65 78 74 65 6e 64 73 3b 0a 76 61 72 20 5f 5f 61 73 73 69 67 6e 3b 0a 76 61 72 20 5f 5f 72 65 73 74 3b 0a 76 61 72 20 5f 5f 64 65 63 6f 72 61 74 65 3b 0a 76 61 72 20 5f 5f 70 61 72 61 6d 3b 0a 76 61 72 20 5f 5f 6d 65 74 61 64 61 74 61 3b 0a 76 61 72 20 5f 5f 61 77 61 69 74 65 72 3b 0a 76 61 72 20 5f 5f 67 65 6e 65 72 61 74 6f 72 3b 0a 76 61 72 20 5f 5f 65 78 70 6f 72 74 53 74 61 72 3b 0a 76 61 72 20 5f 5f 76 Data Ascii: define('tslib', [ 'require', 'amd_modules/tslib/tslib'], function (require, mod) { return mod;});var __extends;var __assign;var __rest;var __decorate;var __param;var __metadata;var __awaiter;var __generator;var __exportStar;var __v
2023-11-18 06:52:20 UTC	269	IN	Data Raw: 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 77 61 69 74 27 2c 20 5f 5f 61 77 61 69 74 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 73 79 6e 63 47 65 6e 65 72 61 74 6f 72 27 2c 20 5f 5f 61 73 79 6e 63 47 65 6e 65 72 61 74 6f 72 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 73 79 6e 63 44 65 6c 65 67 61 74 6f 72 27 2c 20 5f 5f 61 73 79 6e 63 44 65 6c 65 67 61 74 6f 72 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 73 79 6e 63 56 61 6c 75 65 73 27 2c 20 5f 5f 61 73 79 6e 63 56 61 6c 75 65 73 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 6d 61 6b 65 54 65 6d 70 6c 61 74 65 4f 62 6a 65 63 74 27 2c 20 5f 5f 6d 61 6b 65 54 65 6d 70 6c 61 74 65 4f 62 6a 65 63 74 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 Data Ascii: exporter('__await', __await); exporter('__asyncGenerator', __asyncGenerator); exporter('__asyncDelegator', __asyncDelegator); exporter('__asyncValues', __asyncValues); exporter('__makeTemplateObject', __makeTemplateObject); export

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	104.193.88.112	443	192.168.2.5	49742	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:20 UTC	252	OUT	GET /static/superman/amd_modules/tslib-c95383af0c.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:20 UTC	253	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:20 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 15964 Connection: close Expires: Sat, 11 Nov 2023 07:48:31 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "c95383af0ca41acfebc6860e7e7958bc" Cache-Control: max-age=31536000 Age: 860629 Accept-Ranges: bytes Content-MD5: yVODrwykGs/rxoYOfnlYvA== x-bce-content-crc32: 2211686602 x-bce-debug-id: nPhYgIHtWWoRs7ueSiJtOg6l5FSY1vhsRMvyAG+STgXC/xGuDjAQS2G2ua208cZecmYttn2n92MOxxFZMuB9FA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: bc9d9166-b84c-4db7-9d98-5c4d1167d106 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:31 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 15964 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:20 UTC	254	IN	Data Raw: 64 65 66 69 6e 65 28 27 74 73 6c 69 62 27 2c 20 5b 0a 20 20 20 20 27 72 65 71 75 69 72 65 27 2c 0a 20 20 20 20 27 61 6d 64 5f 6d 6f 64 75 6c 65 73 2f 74 73 6c 69 62 2f 74 73 6c 69 62 27 0a 5d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 72 65 71 75 69 72 65 2c 20 6d 6f 64 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 6d 6f 64 3b 0a 7d 29 3b 0a 76 61 72 20 5f 5f 65 78 74 65 6e 64 73 3b 0a 76 61 72 20 5f 5f 61 73 73 69 67 6e 3b 0a 76 61 72 20 5f 5f 72 65 73 74 3b 0a 76 61 72 20 5f 5f 64 65 63 6f 72 61 74 65 3b 0a 76 61 72 20 5f 5f 70 61 72 61 6d 3b 0a 76 61 72 20 5f 5f 6d 65 74 61 64 61 74 61 3b 0a 76 61 72 20 5f 5f 61 77 61 69 74 65 72 3b 0a 76 61 72 20 5f 5f 67 65 6e 65 72 61 74 6f 72 3b 0a 76 61 72 20 5f 5f 65 78 70 6f 72 74 53 74 61 72 3b 0a 76 61 72 20 5f 5f 76 Data Ascii: define('tslib', [ 'require', 'amd_modules/tslib/tslib'], function (require, mod) { return mod;});var __extends;var __assign;var __rest;var __decorate;var __param;var __metadata;var __awaiter;var __generator;var __exportStar;var __v
2023-11-18 06:52:20 UTC	269	IN	Data Raw: 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 77 61 69 74 27 2c 20 5f 5f 61 77 61 69 74 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 73 79 6e 63 47 65 6e 65 72 61 74 6f 72 27 2c 20 5f 5f 61 73 79 6e 63 47 65 6e 65 72 61 74 6f 72 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 73 79 6e 63 44 65 6c 65 67 61 74 6f 72 27 2c 20 5f 5f 61 73 79 6e 63 44 65 6c 65 67 61 74 6f 72 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 61 73 79 6e 63 56 61 6c 75 65 73 27 2c 20 5f 5f 61 73 79 6e 63 56 61 6c 75 65 73 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 65 72 28 27 5f 5f 6d 61 6b 65 54 65 6d 70 6c 61 74 65 4f 62 6a 65 63 74 27 2c 20 5f 5f 6d 61 6b 65 54 65 6d 70 6c 61 74 65 4f 62 6a 65 63 74 29 3b 0a 20 20 20 20 65 78 70 6f 72 74 Data Ascii: exporter('__await', __await); exporter('__asyncGenerator', __asyncGenerator); exporter('__asyncDelegator', __asyncDelegator); exporter('__asyncValues', __asyncValues); exporter('__makeTemplateObject', __makeTemplateObject); export

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.5	49744	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:21 UTC	277	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newyinyue-03ecd1e9b9.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:21 UTC	310	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: image/png Content-Length: 2263 Connection: close Expires: Fri, 08 Dec 2023 05:04:21 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-8d7" Cache-Control: max-age=2592000 Age: 870480 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:04:21 GMT Ohc-Cache-HIT: iad01-sys-jomo3.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:21 UTC	311	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 08 41 49 44 41 54 78 01 ed 5a 7b 50 54 55 18 df 7b f7 c9 ee 82 2c bb 80 99 ef e8 a9 e9 a4 f9 18 73 20 51 1b 2b 1d e9 ad c5 88 96 92 1a 8a a6 e5 34 96 33 4d 99 e5 58 66 29 50 52 89 4e 99 4a 13 36 96 16 bd 4c 2c f2 81 5a ce 58 19 3e 40 f3 01 cb 73 61 b9 77 1f b7 0f 61 d6 7b ef ee 9e 73 bc f7 42 fd 71 f8 eb dc ef fb 9d ef fb ce 8f 6f bf f3 64 04 41 d0 d1 3f 9d 8e a5 24 74 30 40 89 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHAIDATxZ{PTU{,s Q+43MXf)PRNJ6L,ZX>@sawa{sBqodA?$t0@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	104.193.90.87	443	192.168.2.5	49744	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:21 UTC	277	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newyinyue-03ecd1e9b9.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:21 UTC	310	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: image/png Content-Length: 2263 Connection: close Expires: Fri, 08 Dec 2023 05:04:21 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-8d7" Cache-Control: max-age=2592000 Age: 870480 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:04:21 GMT Ohc-Cache-HIT: iad01-sys-jomo3.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:21 UTC	311	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 08 41 49 44 41 54 78 01 ed 5a 7b 50 54 55 18 df 7b f7 c9 ee 82 2c bb 80 99 ef e8 a9 e9 a4 f9 18 73 20 51 1b 2b 1d e9 ad c5 88 96 92 1a 8a a6 e5 34 96 33 4d 99 e5 58 66 29 50 52 89 4e 99 4a 13 36 96 16 bd 4c 2c f2 81 5a ce 58 19 3e 40 f3 01 cb 73 61 b9 77 1f b7 0f 61 d6 7b ef ee 9e 73 bc f7 42 fd 71 f8 eb dc ef fb 9d ef fb ce 8f 6f bf f3 64 04 41 d0 d1 3f 9d 8e a5 24 74 30 40 89 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHAIDATxZ{PTU{,s Q+43MXf)PRNJ6L,ZX>@sawa{sBqodA?$t0@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.5	49745	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:21 UTC	278	OUT	GET /static/superman/js/sbase-65630eb62e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:21 UTC	278	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 58938 Connection: close Expires: Sat, 11 Nov 2023 07:37:59 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "65630eb62e65c7568de102aab426584e" Cache-Control: max-age=31536000 Age: 861262 Accept-Ranges: bytes Content-MD5: ZWMOti5lx1aN4QKqtCZYTg== x-bce-content-crc32: 1657336178 x-bce-debug-id: wcO3N5a15kqo1e1J84m2b1Peyun1LeVUxa+puK0z+pdmbv0sMwCTE8xLDv39+4xJE2FxgXI0MsDuNrh7OeIQMw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: d54fd3ab-afd8-489f-854a-95a91821a9c1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:59 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 58938 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:21 UTC	279	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 76 65 6e 74 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 66 69 72 65 3d 66 69 72 65 3b 5f 65 78 70 6f 72 74 73 2e 6f 6e 3d 6f 6e 3b 5f 65 78 70 6f 72 74 73 2e 75 6e 3d 75 6e 3b 66 75 6e 63 74 69 6f 6e 20 66 69 72 65 28 6d 6f 64 4e 61 6d 65 2c 65 76 74 4e 61 6d 65 2c 65 76 74 41 72 67 73 29 7b 46 2e 75 73 65 28 22 73 75 70 65 72 6d 61 6e 3a 6c 69 62 Data Ascii: define("superman/lib/event",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.fire=fire;_exports.on=on;_exports.un=un;function fire(modName,evtName,evtArgs){F.use("superman:lib
2023-11-18 06:52:21 UTC	294	IN	Data Raw: 3a 32 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 4b 65 79 28 6b 65 79 29 7b 72 65 74 75 72 6e 22 5f 73 75 70 65 72 5f 22 2b 6b 65 79 2e 72 65 70 6c 61 63 65 28 2f 5b 5f 5c 73 5d 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 6d 61 74 63 68 65 72 29 7b 72 65 74 75 72 6e 20 6d 61 74 63 68 65 72 3d 3d 22 5f 22 3f 22 5f 5f 22 3a 22 5f 73 22 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 45 6c 65 6d 65 6e 74 28 29 7b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 5f 67 75 69 64 2b 22 2d 73 74 6f 72 61 67 65 22 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 49 6e 73 74 61 6e 63 65 28 29 7b 76 61 72 20 5f 73 74 6f 72 61 67 65 3b 69 66 28 77 69 6e 64 6f 77 2e 41 63 74 69 76 65 58 4f 62 6a 65 63 74 26 26 24 2e 62 72 6f 77 73 65 Data Ascii: :2};function _getKey(key){return"_super_"+key.replace(/[_\s]/g,function(matcher){return matcher=="_"?"__":"_s"})}function _getElement(){return document.getElementById(_guid+"-storage")}function _getInstance(){var _storage;if(window.ActiveXObject&&$.browse
2023-11-18 06:52:21 UTC	313	IN	Data Raw: 61 63 6b 2c 66 75 6e 63 74 69 6f 6e 28 66 75 6e 63 29 7b 66 75 6e 63 28 29 7d 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 5f 72 65 61 64 79 53 74 61 63 6b 7d 69 66 28 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 26 26 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 2e 6c 65 6e 67 74 68 3e 30 29 7b 66 6f 72 45 61 63 68 28 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 2c 66 75 6e 63 74 69 6f 6e 28 66 75 6e 63 29 7b 66 75 6e 63 28 29 7d 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 7d 7d 7d 2c 64 65 66 69 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 5f 74 68 69 73 3d 74 68 69 73 2c 64 65 70 73 3d 74 68 69 73 2e 64 65 70 73 2c 70 61 74 68 3d 74 68 69 73 2e 70 61 74 68 2c 64 65 70 Data Ascii: ack,function(func){func()});delete this._readyStack}if(this._requiredStack&&this._requiredStack.length>0){forEach(this._requiredStack,function(func){func()});delete this._requiredStack}}},define:function(){var _this=this,deps=this.deps,path=this.path,dep
2023-11-18 06:52:21 UTC	329	IN	Data Raw: 74 65 78 74 3d 74 68 69 73 3b 61 72 67 73 3d 61 72 67 75 6d 65 6e 74 73 3b 69 66 28 72 65 6d 61 69 6e 69 6e 67 3c 3d 30 7c 7c 72 65 6d 61 69 6e 69 6e 67 3e 77 61 69 74 29 7b 0a 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 74 69 6d 65 6f 75 74 29 3b 74 69 6d 65 6f 75 74 3d 6e 75 6c 6c 3b 70 72 65 76 69 6f 75 73 3d 6e 6f 77 3b 72 65 73 75 6c 74 3d 66 75 6e 63 2e 61 70 70 6c 79 28 63 6f 6e 74 65 78 74 2c 61 72 67 73 29 3b 69 66 28 21 74 69 6d 65 6f 75 74 29 63 6f 6e 74 65 78 74 3d 61 72 67 73 3d 6e 75 6c 6c 7d 65 6c 73 65 20 69 66 28 21 74 69 6d 65 6f 75 74 26 26 6f 70 74 69 6f 6e 73 2e 74 72 61 69 6c 69 6e 67 21 3d 3d 66 61 6c 73 65 29 7b 74 69 6d 65 6f 75 74 3d 73 65 74 54 69 6d 65 6f 75 74 28 6c 61 74 65 72 2c 72 65 6d 61 69 6e 69 6e 67 29 7d 72 65 74 75 72 6e Data Ascii: text=this;args=arguments;if(remaining<=0\|\|remaining>wait){clearTimeout(timeout);timeout=null;previous=now;result=func.apply(context,args);if(!timeout)context=args=null}else if(!timeout&&options.trailing!==false){timeout=setTimeout(later,remaining)}return

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	104.193.88.112	443	192.168.2.5	49745	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:21 UTC	278	OUT	GET /static/superman/js/sbase-65630eb62e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:21 UTC	278	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:21 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 58938 Connection: close Expires: Sat, 11 Nov 2023 07:37:59 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "65630eb62e65c7568de102aab426584e" Cache-Control: max-age=31536000 Age: 861262 Accept-Ranges: bytes Content-MD5: ZWMOti5lx1aN4QKqtCZYTg== x-bce-content-crc32: 1657336178 x-bce-debug-id: wcO3N5a15kqo1e1J84m2b1Peyun1LeVUxa+puK0z+pdmbv0sMwCTE8xLDv39+4xJE2FxgXI0MsDuNrh7OeIQMw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: d54fd3ab-afd8-489f-854a-95a91821a9c1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:59 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 58938 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:21 UTC	279	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 76 65 6e 74 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 66 69 72 65 3d 66 69 72 65 3b 5f 65 78 70 6f 72 74 73 2e 6f 6e 3d 6f 6e 3b 5f 65 78 70 6f 72 74 73 2e 75 6e 3d 75 6e 3b 66 75 6e 63 74 69 6f 6e 20 66 69 72 65 28 6d 6f 64 4e 61 6d 65 2c 65 76 74 4e 61 6d 65 2c 65 76 74 41 72 67 73 29 7b 46 2e 75 73 65 28 22 73 75 70 65 72 6d 61 6e 3a 6c 69 62 Data Ascii: define("superman/lib/event",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.fire=fire;_exports.on=on;_exports.un=un;function fire(modName,evtName,evtArgs){F.use("superman:lib
2023-11-18 06:52:21 UTC	294	IN	Data Raw: 3a 32 7d 3b 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 4b 65 79 28 6b 65 79 29 7b 72 65 74 75 72 6e 22 5f 73 75 70 65 72 5f 22 2b 6b 65 79 2e 72 65 70 6c 61 63 65 28 2f 5b 5f 5c 73 5d 2f 67 2c 66 75 6e 63 74 69 6f 6e 28 6d 61 74 63 68 65 72 29 7b 72 65 74 75 72 6e 20 6d 61 74 63 68 65 72 3d 3d 22 5f 22 3f 22 5f 5f 22 3a 22 5f 73 22 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 45 6c 65 6d 65 6e 74 28 29 7b 72 65 74 75 72 6e 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 5f 67 75 69 64 2b 22 2d 73 74 6f 72 61 67 65 22 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 67 65 74 49 6e 73 74 61 6e 63 65 28 29 7b 76 61 72 20 5f 73 74 6f 72 61 67 65 3b 69 66 28 77 69 6e 64 6f 77 2e 41 63 74 69 76 65 58 4f 62 6a 65 63 74 26 26 24 2e 62 72 6f 77 73 65 Data Ascii: :2};function _getKey(key){return"_super_"+key.replace(/[_\s]/g,function(matcher){return matcher=="_"?"__":"_s"})}function _getElement(){return document.getElementById(_guid+"-storage")}function _getInstance(){var _storage;if(window.ActiveXObject&&$.browse
2023-11-18 06:52:21 UTC	313	IN	Data Raw: 61 63 6b 2c 66 75 6e 63 74 69 6f 6e 28 66 75 6e 63 29 7b 66 75 6e 63 28 29 7d 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 5f 72 65 61 64 79 53 74 61 63 6b 7d 69 66 28 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 26 26 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 2e 6c 65 6e 67 74 68 3e 30 29 7b 66 6f 72 45 61 63 68 28 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 2c 66 75 6e 63 74 69 6f 6e 28 66 75 6e 63 29 7b 66 75 6e 63 28 29 7d 29 3b 64 65 6c 65 74 65 20 74 68 69 73 2e 5f 72 65 71 75 69 72 65 64 53 74 61 63 6b 7d 7d 7d 2c 64 65 66 69 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 76 61 72 20 5f 74 68 69 73 3d 74 68 69 73 2c 64 65 70 73 3d 74 68 69 73 2e 64 65 70 73 2c 70 61 74 68 3d 74 68 69 73 2e 70 61 74 68 2c 64 65 70 Data Ascii: ack,function(func){func()});delete this._readyStack}if(this._requiredStack&&this._requiredStack.length>0){forEach(this._requiredStack,function(func){func()});delete this._requiredStack}}},define:function(){var _this=this,deps=this.deps,path=this.path,dep
2023-11-18 06:52:21 UTC	329	IN	Data Raw: 74 65 78 74 3d 74 68 69 73 3b 61 72 67 73 3d 61 72 67 75 6d 65 6e 74 73 3b 69 66 28 72 65 6d 61 69 6e 69 6e 67 3c 3d 30 7c 7c 72 65 6d 61 69 6e 69 6e 67 3e 77 61 69 74 29 7b 0a 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 74 69 6d 65 6f 75 74 29 3b 74 69 6d 65 6f 75 74 3d 6e 75 6c 6c 3b 70 72 65 76 69 6f 75 73 3d 6e 6f 77 3b 72 65 73 75 6c 74 3d 66 75 6e 63 2e 61 70 70 6c 79 28 63 6f 6e 74 65 78 74 2c 61 72 67 73 29 3b 69 66 28 21 74 69 6d 65 6f 75 74 29 63 6f 6e 74 65 78 74 3d 61 72 67 73 3d 6e 75 6c 6c 7d 65 6c 73 65 20 69 66 28 21 74 69 6d 65 6f 75 74 26 26 6f 70 74 69 6f 6e 73 2e 74 72 61 69 6c 69 6e 67 21 3d 3d 66 61 6c 73 65 29 7b 74 69 6d 65 6f 75 74 3d 73 65 74 54 69 6d 65 6f 75 74 28 6c 61 74 65 72 2c 72 65 6d 61 69 6e 69 6e 67 29 7d 72 65 74 75 72 6e Data Ascii: text=this;args=arguments;if(remaining<=0\|\|remaining>wait){clearTimeout(timeout);timeout=null;previous=now;result=func.apply(context,args);if(!timeout)context=args=null}else if(!timeout&&options.trailing!==false){timeout=setTimeout(later,remaining)}return

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	104.193.88.112	443	192.168.2.5	49746	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:22 UTC	339	OUT	GET /static/superman/js/s_super_index-3fffae8d60.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:22 UTC	340	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:22 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 1022 Connection: close Expires: Sat, 11 Nov 2023 06:31:36 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "3fffae8d606970854d942b26e5e279f7" Cache-Control: max-age=31536000 Age: 865246 Accept-Ranges: bytes Content-MD5: P/+ujWBpcIVNlCsm5eJ59w== x-bce-content-crc32: 29587601 x-bce-debug-id: z2EoAFXgrzTwior75YLA8RmswqekAIhbyj6VCXc9L/r5y+IGyfvPwtquxxuoF7BkhoeNTO9pHpeN4hNQiK2QpA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 66192955-e35a-42b2-9729-465be140c564 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:36 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 1022 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:22 UTC	341	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 61 6d 4e 65 77 42 6f 78 3d 62 64 73 26 26 62 64 73 2e 63 6f 6d 6d 26 26 62 64 73 2e 63 6f 6d 6d 2e 73 61 6d 4e 65 77 42 6f 78 26 26 62 64 73 2e 63 6f 6d 6d 2e 73 61 6d 4e 65 77 42 6f 78 3d 3d 3d 31 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 6b 77 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6b 77 22 29 3b 6b 77 2e 66 6f 63 75 73 28 29 3b 69 66 28 73 61 6d 4e 65 77 42 6f 78 29 7b 76 61 72 20 62 74 6e 3d 24 28 22 23 73 75 22 29 3b 62 74 6e 2e 61 64 64 43 6c 61 73 73 28 22 62 74 6e 66 6f 63 75 73 22 29 3b 76 61 72 20 66 6f 72 6d 3d 24 28 22 23 66 6f 72 6d 22 29 3b 66 6f 72 6d 2e 61 64 64 43 6c 61 73 73 28 22 73 61 6d 5f 66 6f Data Ascii: (function(){var samNewBox=bds&&bds.comm&&bds.comm.samNewBox&&bds.comm.samNewBox===1;setTimeout(function(){try{var kw=document.getElementById("kw");kw.focus();if(samNewBox){var btn=$("#su");btn.addClass("btnfocus");var form=$("#form");form.addClass("sam_fo

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.5	49746	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:22 UTC	339	OUT	GET /static/superman/js/s_super_index-3fffae8d60.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:22 UTC	340	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:22 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 1022 Connection: close Expires: Sat, 11 Nov 2023 06:31:36 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "3fffae8d606970854d942b26e5e279f7" Cache-Control: max-age=31536000 Age: 865246 Accept-Ranges: bytes Content-MD5: P/+ujWBpcIVNlCsm5eJ59w== x-bce-content-crc32: 29587601 x-bce-debug-id: z2EoAFXgrzTwior75YLA8RmswqekAIhbyj6VCXc9L/r5y+IGyfvPwtquxxuoF7BkhoeNTO9pHpeN4hNQiK2QpA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 66192955-e35a-42b2-9729-465be140c564 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:36 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 1022 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:22 UTC	341	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 61 6d 4e 65 77 42 6f 78 3d 62 64 73 26 26 62 64 73 2e 63 6f 6d 6d 26 26 62 64 73 2e 63 6f 6d 6d 2e 73 61 6d 4e 65 77 42 6f 78 26 26 62 64 73 2e 63 6f 6d 6d 2e 73 61 6d 4e 65 77 42 6f 78 3d 3d 3d 31 3b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 6b 77 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 6b 77 22 29 3b 6b 77 2e 66 6f 63 75 73 28 29 3b 69 66 28 73 61 6d 4e 65 77 42 6f 78 29 7b 76 61 72 20 62 74 6e 3d 24 28 22 23 73 75 22 29 3b 62 74 6e 2e 61 64 64 43 6c 61 73 73 28 22 62 74 6e 66 6f 63 75 73 22 29 3b 76 61 72 20 66 6f 72 6d 3d 24 28 22 23 66 6f 72 6d 22 29 3b 66 6f 72 6d 2e 61 64 64 43 6c 61 73 73 28 22 73 61 6d 5f 66 6f Data Ascii: (function(){var samNewBox=bds&&bds.comm&&bds.comm.samNewBox&&bds.comm.samNewBox===1;setTimeout(function(){try{var kw=document.getElementById("kw");kw.focus();if(samNewBox){var btn=$("#su");btn.addClass("btnfocus");var form=$("#form");form.addClass("sam_fo

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	104.193.88.112	443	192.168.2.5	49747	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:22 UTC	340	OUT	GET /static/superman/js/min_super-f2d67e59b3.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:22 UTC	342	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:22 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 64259 Connection: close Expires: Sat, 11 Nov 2023 07:32:31 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "f2d67e59b33ebded5d94ddceda7564df" Cache-Control: max-age=31536000 Age: 861591 Accept-Ranges: bytes Content-MD5: 8tZ+WbM+ve1dlN3O2nVk3w== x-bce-content-crc32: 1079397022 x-bce-debug-id: diYG4kMFkoGvFu/C1meJ5Djn5WsXfrhXIRRFfxdpIB7FnTJOSqq6oF/LLAoj1HI3PDh2rgigAEo1Z+tX5ejagw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 93a7b271-4af8-4801-9643-8b2b86b50ed9 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:31 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 64259 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:22 UTC	343	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 63 6f 6d 6d 6f 6e 2f 72 65 73 75 6c 74 5f 70 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 65 78 70 6f 72 74 73 2e 63 72 65 61 74 65 52 65 73 75 6c 50 61 67 65 4c 69 6e 6b 3d 66 75 6e 63 74 69 6f 6e 28 6f 70 74 69 6f 6e 29 7b 69 66 28 21 6f 70 74 69 6f 6e 7c 7c 21 6f 70 74 69 6f 6e 2e 77 64 29 7b 72 65 74 75 72 6e 22 22 7d 69 66 28 21 6f 70 74 69 6f 6e 2e 74 6e 29 7b 6f 70 74 69 6f 6e 2e 74 6e 3d 22 62 61 69 64 75 74 6f 70 31 30 22 7d 72 65 74 75 72 6e 22 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 73 3f 77 64 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6f 70 74 69 6f 6e 2e 77 64 29 2b 22 26 69 65 3d 75 74 66 2d 38 26 74 6e 3d 22 2b 6f 70 74 Data Ascii: F.module("common/result_page",function(require,exports,ctx){exports.createResulPageLink=function(option){if(!option\|\|!option.wd){return""}if(!option.tn){option.tn="baidutop10"}return"//www.baidu.com/s?wd="+encodeURIComponent(option.wd)+"&ie=utf-8&tn="+opt
2023-11-18 06:52:22 UTC	358	IN	Data Raw: 29 3b 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 61 67 69 6e 67 2d 74 6f 6f 6c 73 22 2c 7b 74 6f 6f 6c 43 6c 69 63 6b 3a 22 35 31 30 30 30 30 30 30 30 30 22 2c 6e 65 77 5f 61 72 69 61 5f 73 63 72 69 70 74 5f 65 72 72 6f 72 3a 22 35 31 30 30 30 30 30 30 30 30 22 2c 6e 65 77 5f 61 72 69 61 5f 73 63 72 69 70 74 5f 6c 6f 61 64 3a 22 35 31 30 30 30 30 30 30 30 30 22 2c 6e 65 77 5f 61 72 69 61 5f 73 65 72 76 69 63 65 3a 22 35 31 30 30 30 30 30 30 30 30 22 7d 29 3b 0a 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 6c 69 62 2f 63 61 72 64 69 74 65 6d 5f 6c 6f 67 22 2c 5b 22 63 61 72 64 49 74 65 6d 4c 6f 67 22 5d 29 3b 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 6c 69 62 2f 63 61 72 64 69 74 65 6d 5f 6c 6f 67 22 2c 66 75 6e 63 Data Ascii: );F.addLog("superman:aging-tools",{toolClick:"5100000000",new_aria_script_error:"5100000000",new_aria_script_load:"5100000000",new_aria_service:"5100000000"});F.addLog("superman:lib/carditem_log",["cardItemLog"]);F.module("superman:lib/carditem_log",func
2023-11-18 06:52:22 UTC	374	IN	Data Raw: 69 73 49 45 29 7b 65 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 66 61 6c 73 65 7d 65 6c 73 65 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 64 64 53 74 79 6c 65 28 73 74 79 6c 65 53 74 72 29 7b 69 66 28 69 73 49 45 29 7b 76 61 72 20 73 74 79 6c 65 53 68 65 65 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 53 74 79 6c 65 53 68 65 65 74 28 29 3b 73 74 79 6c 65 53 68 65 65 74 2e 63 73 73 54 65 78 74 3d 73 74 79 6c 65 53 74 72 7d 65 6c 73 65 7b 76 61 72 20 73 74 79 6c 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 74 79 6c 65 22 29 3b 73 74 79 6c 65 2e 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3b 73 74 79 6c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 6f 63 75 6d 65 6e 74 2e Data Ascii: isIE){e.returnValue=false}else{e.preventDefault()}}function addStyle(styleStr){if(isIE){var styleSheet=document.createStyleSheet();styleSheet.cssText=styleStr}else{var style=document.createElement("style");style.type="text/css";style.appendChild(document.
2023-11-18 06:52:22 UTC	390	IN	Data Raw: 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 69 65 36 69 66 72 61 6d 65 2c 64 69 76 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 6f 63 4d 6f 75 73 65 44 6f 77 6e 28 65 29 7b 65 3d 65 7c 7c 77 69 6e 64 6f 77 2e 65 76 65 6e 74 3b 76 61 72 20 65 6c 6d 3d 65 2e 74 61 72 67 65 74 7c 7c 65 2e 73 72 63 45 6c 65 6d 65 6e 74 3b 69 66 28 65 6c 6d 3d 3d 69 70 74 29 72 65 74 75 72 6e 3b 77 68 69 6c 65 28 65 6c 6d 3d 65 6c 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7b 0a 69 66 28 65 6c 6d 3d 3d 64 69 76 29 7b 72 65 74 75 72 6e 7d 7d 47 6c 6f 62 61 6c 43 74 72 6c 2e 64 6d 28 7b 74 79 70 65 3a 22 6d 6f 75 73 65 64 6f 77 6e 5f 6f 74 68 65 72 22 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 77 69 6e 64 6f 77 42 6c 75 72 28 29 7b 47 6c 6f 62 61 6c 43 74 72 6c 2e 64 6d 28 7b 74 79 70 65 3a Data Ascii: de.insertBefore(ie6iframe,div)}}function docMouseDown(e){e=e\|\|window.event;var elm=e.target\|\|e.srcElement;if(elm==ipt)return;while(elm=elm.parentNode){if(elm==div){return}}GlobalCtrl.dm({type:"mousedown_other"})}function windowBlur(){GlobalCtrl.dm({type:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.5	49747	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:22 UTC	340	OUT	GET /static/superman/js/min_super-f2d67e59b3.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:22 UTC	342	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:22 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 64259 Connection: close Expires: Sat, 11 Nov 2023 07:32:31 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "f2d67e59b33ebded5d94ddceda7564df" Cache-Control: max-age=31536000 Age: 861591 Accept-Ranges: bytes Content-MD5: 8tZ+WbM+ve1dlN3O2nVk3w== x-bce-content-crc32: 1079397022 x-bce-debug-id: diYG4kMFkoGvFu/C1meJ5Djn5WsXfrhXIRRFfxdpIB7FnTJOSqq6oF/LLAoj1HI3PDh2rgigAEo1Z+tX5ejagw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 93a7b271-4af8-4801-9643-8b2b86b50ed9 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:31 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 64259 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:22 UTC	343	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 63 6f 6d 6d 6f 6e 2f 72 65 73 75 6c 74 5f 70 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 65 78 70 6f 72 74 73 2e 63 72 65 61 74 65 52 65 73 75 6c 50 61 67 65 4c 69 6e 6b 3d 66 75 6e 63 74 69 6f 6e 28 6f 70 74 69 6f 6e 29 7b 69 66 28 21 6f 70 74 69 6f 6e 7c 7c 21 6f 70 74 69 6f 6e 2e 77 64 29 7b 72 65 74 75 72 6e 22 22 7d 69 66 28 21 6f 70 74 69 6f 6e 2e 74 6e 29 7b 6f 70 74 69 6f 6e 2e 74 6e 3d 22 62 61 69 64 75 74 6f 70 31 30 22 7d 72 65 74 75 72 6e 22 2f 2f 77 77 77 2e 62 61 69 64 75 2e 63 6f 6d 2f 73 3f 77 64 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 6f 70 74 69 6f 6e 2e 77 64 29 2b 22 26 69 65 3d 75 74 66 2d 38 26 74 6e 3d 22 2b 6f 70 74 Data Ascii: F.module("common/result_page",function(require,exports,ctx){exports.createResulPageLink=function(option){if(!option\|\|!option.wd){return""}if(!option.tn){option.tn="baidutop10"}return"//www.baidu.com/s?wd="+encodeURIComponent(option.wd)+"&ie=utf-8&tn="+opt
2023-11-18 06:52:22 UTC	358	IN	Data Raw: 29 3b 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 61 67 69 6e 67 2d 74 6f 6f 6c 73 22 2c 7b 74 6f 6f 6c 43 6c 69 63 6b 3a 22 35 31 30 30 30 30 30 30 30 30 22 2c 6e 65 77 5f 61 72 69 61 5f 73 63 72 69 70 74 5f 65 72 72 6f 72 3a 22 35 31 30 30 30 30 30 30 30 30 22 2c 6e 65 77 5f 61 72 69 61 5f 73 63 72 69 70 74 5f 6c 6f 61 64 3a 22 35 31 30 30 30 30 30 30 30 30 22 2c 6e 65 77 5f 61 72 69 61 5f 73 65 72 76 69 63 65 3a 22 35 31 30 30 30 30 30 30 30 30 22 7d 29 3b 0a 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 6c 69 62 2f 63 61 72 64 69 74 65 6d 5f 6c 6f 67 22 2c 5b 22 63 61 72 64 49 74 65 6d 4c 6f 67 22 5d 29 3b 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 6c 69 62 2f 63 61 72 64 69 74 65 6d 5f 6c 6f 67 22 2c 66 75 6e 63 Data Ascii: );F.addLog("superman:aging-tools",{toolClick:"5100000000",new_aria_script_error:"5100000000",new_aria_script_load:"5100000000",new_aria_service:"5100000000"});F.addLog("superman:lib/carditem_log",["cardItemLog"]);F.module("superman:lib/carditem_log",func
2023-11-18 06:52:22 UTC	374	IN	Data Raw: 69 73 49 45 29 7b 65 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 66 61 6c 73 65 7d 65 6c 73 65 7b 65 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 64 64 53 74 79 6c 65 28 73 74 79 6c 65 53 74 72 29 7b 69 66 28 69 73 49 45 29 7b 76 61 72 20 73 74 79 6c 65 53 68 65 65 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 53 74 79 6c 65 53 68 65 65 74 28 29 3b 73 74 79 6c 65 53 68 65 65 74 2e 63 73 73 54 65 78 74 3d 73 74 79 6c 65 53 74 72 7d 65 6c 73 65 7b 76 61 72 20 73 74 79 6c 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 74 79 6c 65 22 29 3b 73 74 79 6c 65 2e 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3b 73 74 79 6c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 6f 63 75 6d 65 6e 74 2e Data Ascii: isIE){e.returnValue=false}else{e.preventDefault()}}function addStyle(styleStr){if(isIE){var styleSheet=document.createStyleSheet();styleSheet.cssText=styleStr}else{var style=document.createElement("style");style.type="text/css";style.appendChild(document.
2023-11-18 06:52:22 UTC	390	IN	Data Raw: 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 69 65 36 69 66 72 61 6d 65 2c 64 69 76 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 64 6f 63 4d 6f 75 73 65 44 6f 77 6e 28 65 29 7b 65 3d 65 7c 7c 77 69 6e 64 6f 77 2e 65 76 65 6e 74 3b 76 61 72 20 65 6c 6d 3d 65 2e 74 61 72 67 65 74 7c 7c 65 2e 73 72 63 45 6c 65 6d 65 6e 74 3b 69 66 28 65 6c 6d 3d 3d 69 70 74 29 72 65 74 75 72 6e 3b 77 68 69 6c 65 28 65 6c 6d 3d 65 6c 6d 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7b 0a 69 66 28 65 6c 6d 3d 3d 64 69 76 29 7b 72 65 74 75 72 6e 7d 7d 47 6c 6f 62 61 6c 43 74 72 6c 2e 64 6d 28 7b 74 79 70 65 3a 22 6d 6f 75 73 65 64 6f 77 6e 5f 6f 74 68 65 72 22 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 77 69 6e 64 6f 77 42 6c 75 72 28 29 7b 47 6c 6f 62 61 6c 43 74 72 6c 2e 64 6d 28 7b 74 79 70 65 3a Data Ascii: de.insertBefore(ie6iframe,div)}}function docMouseDown(e){e=e\|\|window.event;var elm=e.target\|\|e.srcElement;if(elm==ipt)return;while(elm=elm.parentNode){if(elm==div){return}}GlobalCtrl.dm({type:"mousedown_other"})}function windowBlur(){GlobalCtrl.dm({type:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	104.193.90.87	443	192.168.2.5	49719	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	21	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newxueshuicon-a5314d5c83.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	28	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 2651 Connection: close Expires: Fri, 08 Dec 2023 07:43:20 GMT Last-Modified: Wed, 15 Dec 2021 06:08:43 GMT ETag: "61b9866b-a5b" Cache-Control: max-age=2592000 Age: 860937 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:43:20 GMT Ohc-Cache-HIT: iad01-sys-jomo8.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:17 UTC	28	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 06 00 00 01 06 92 00 a2 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 09 c5 49 44 41 54 78 01 ed 5d 0d 70 55 c5 15 3e 21 bf 04 12 12 10 42 48 41 3b da a9 88 22 fe 30 08 53 da 80 44 2c 08 15 64 c6 11 06 1c 1c 75 fc a9 05 14 c7 16 a6 d3 54 47 47 47 b4 2a fe 74 c4 6a 85 29 33 62 a9 3a 29 ca 9f 22 a2 a0 83 fc e9 a8 a8 b5 56 20 41 f9 4f 08 24 e4 25 2f bd e7 5e ce be dd bd bb f7 bd fb de de 90 38 bb 33 2f f7 ec d9 73 ce 9e fb ed be bd fb f6 9e dd 64 b5 Data Ascii: PNGIHDRXXsRGBDeXIfMMiXXHIDATx]pU>!BHA;"0SD,duTGGGtj)3b:)"V AO$%/^83/sd

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.5	49719	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	21	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newxueshuicon-a5314d5c83.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	28	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 2651 Connection: close Expires: Fri, 08 Dec 2023 07:43:20 GMT Last-Modified: Wed, 15 Dec 2021 06:08:43 GMT ETag: "61b9866b-a5b" Cache-Control: max-age=2592000 Age: 860937 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:43:20 GMT Ohc-Cache-HIT: iad01-sys-jomo8.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:17 UTC	28	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 06 00 00 01 06 92 00 a2 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 09 c5 49 44 41 54 78 01 ed 5d 0d 70 55 c5 15 3e 21 bf 04 12 12 10 42 48 41 3b da a9 88 22 fe 30 08 53 da 80 44 2c 08 15 64 c6 11 06 1c 1c 75 fc a9 05 14 c7 16 a6 d3 54 47 47 47 b4 2a fe 74 c4 6a 85 29 33 62 a9 3a 29 ca 9f 22 a2 a0 83 fc e9 a8 a8 b5 56 20 41 f9 4f 08 24 e4 25 2f bd e7 5e ce be dd bd bb f7 bd fb de de 90 38 bb 33 2f f7 ec d9 73 ce 9e fb ed be bd fb f6 9e dd 64 b5 Data Ascii: PNGIHDRXXsRGBDeXIfMMiXXHIDATx]pU>!BHA;"0SD,duTGGGtj)3b:)"V AO$%/^83/sd

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	104.193.88.112	443	192.168.2.5	49749	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:22 UTC	405	OUT	GET /static/superman/js/components/hotsearch-5af0f864cf.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:23 UTC	406	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:23 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 5463 Connection: close Expires: Sat, 11 Nov 2023 06:31:32 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "5af0f864cf0fe6387a5351d482ea2d88" Cache-Control: max-age=31536000 Age: 865251 Accept-Ranges: bytes Content-MD5: WvD4ZM8P5jh6U1HUguotiA== x-bce-content-crc32: 2903567475 x-bce-debug-id: QoOdgOp6wdKjyfBbp+n3JJHWGM2dS6Bp+tg5Dg7OfGIk49o3iVU5BvQCcngHmo2gsB7Wysm3PGlhxY793aU3JQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 0aaaf603-fa03-48e2-b866-c7f3464f9528 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:32 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 5463 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:23 UTC	407	IN	Data Raw: 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 68 6f 74 73 65 61 72 63 68 22 2c 5b 22 68 6f 74 73 65 61 72 63 68 43 6c 69 63 6b 22 2c 22 68 6f 74 73 65 61 72 63 68 53 68 6f 77 22 2c 22 68 6f 74 73 65 61 72 63 68 53 65 74 22 2c 22 6e 65 77 73 43 6c 69 63 6b 22 5d 29 3b 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 22 2c 7b 63 61 74 65 67 6f 72 79 43 6c 69 63 6b 3a 22 31 32 30 30 31 30 30 30 30 31 22 7d 29 3b 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 68 6f 74 73 65 61 72 63 68 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 70 61 67 65 4e 75 6d 3d 30 3b 76 61 72 20 68 Data Ascii: F.addLog("superman:components/hotsearch",["hotsearchClick","hotsearchShow","hotsearchSet","newsClick"]);F.addLog("superman:components",{categoryClick:"1200100001"});F.module("superman:components/hotsearch",function(require,exports,ctx){var pageNum=0;var h

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.5	49749	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:22 UTC	405	OUT	GET /static/superman/js/components/hotsearch-5af0f864cf.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:23 UTC	406	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:23 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 5463 Connection: close Expires: Sat, 11 Nov 2023 06:31:32 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "5af0f864cf0fe6387a5351d482ea2d88" Cache-Control: max-age=31536000 Age: 865251 Accept-Ranges: bytes Content-MD5: WvD4ZM8P5jh6U1HUguotiA== x-bce-content-crc32: 2903567475 x-bce-debug-id: QoOdgOp6wdKjyfBbp+n3JJHWGM2dS6Bp+tg5Dg7OfGIk49o3iVU5BvQCcngHmo2gsB7Wysm3PGlhxY793aU3JQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 0aaaf603-fa03-48e2-b866-c7f3464f9528 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:32 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 5463 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:23 UTC	407	IN	Data Raw: 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 68 6f 74 73 65 61 72 63 68 22 2c 5b 22 68 6f 74 73 65 61 72 63 68 43 6c 69 63 6b 22 2c 22 68 6f 74 73 65 61 72 63 68 53 68 6f 77 22 2c 22 68 6f 74 73 65 61 72 63 68 53 65 74 22 2c 22 6e 65 77 73 43 6c 69 63 6b 22 5d 29 3b 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 22 2c 7b 63 61 74 65 67 6f 72 79 43 6c 69 63 6b 3a 22 31 32 30 30 31 30 30 30 30 31 22 7d 29 3b 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 68 6f 74 73 65 61 72 63 68 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 70 61 67 65 4e 75 6d 3d 30 3b 76 61 72 20 68 Data Ascii: F.addLog("superman:components/hotsearch",["hotsearchClick","hotsearchShow","hotsearchSet","newsClick"]);F.addLog("superman:components",{categoryClick:"1200100001"});F.module("superman:components/hotsearch",function(require,exports,ctx){var pageNum=0;var h

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	103.235.46.40	443	192.168.2.5	49751	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:23 UTC	412	OUT	GET /-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=nodepv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.13573291357195194 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
2023-11-18 06:52:24 UTC	413	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Cache-Control: no-cache Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:24 GMT Pragma: no-cache Server: nginx/1.8.0 Tracecode: 31440681140545501450111814 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.5	49751	103.235.46.40	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:23 UTC	412	OUT	GET /-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=nodepv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.13573291357195194 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
2023-11-18 06:52:24 UTC	413	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Cache-Control: no-cache Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:24 GMT Pragma: no-cache Server: nginx/1.8.0 Tracecode: 31440681140545501450111814 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	103.235.46.40	443	192.168.2.5	49750	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:23 UTC	413	OUT	GET /-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=showpv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.8813057572175726 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
2023-11-18 06:52:24 UTC	414	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Cache-Control: no-cache Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:24 GMT Pragma: no-cache Server: nginx/1.8.0 Tracecode: 31441225383709230858111814 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.5	49750	103.235.46.40	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:23 UTC	413	OUT	GET /-L-Xsjip0QIZ8tyhnq/v.gif?logactid=1234567890&showTab=10000&opType=showpv&mod=superman%3Alib&submod=index&superver=supernewplus&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.8813057572175726 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
2023-11-18 06:52:24 UTC	414	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Cache-Control: no-cache Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:24 GMT Pragma: no-cache Server: nginx/1.8.0 Tracecode: 31441225383709230858111814 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	104.193.88.112	443	192.168.2.5	49755	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:24 UTC	414	OUT	GET /static/superman/js/super_load-8301698f5e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:24 UTC	416	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 30752 Connection: close Expires: Sat, 11 Nov 2023 07:32:34 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "8301698f5eb7cde858916fe1847ab70f" Cache-Control: max-age=31536000 Age: 861590 Accept-Ranges: bytes Content-MD5: gwFpj163zehYkW/hhHq3Dw== x-bce-content-crc32: 2388938383 x-bce-debug-id: dU+d/IQkb5LiQdW8Vy3oTNV3qp7umV34OzjklLzhJY1hWJy2mCbsxW3I6zocfVES0eGtIVmdWM+zjsKeuwnDaQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 1298eb76-24e3-4b31-adfd-b480c8f2c9b0 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:34 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 30752 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:24 UTC	417	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 77 65 61 74 68 65 72 2f 77 65 61 74 68 65 72 5f 74 70 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 69 73 4e 65 77 53 74 79 6c 65 3d 62 64 73 2e 63 6f 6d 6d 26 26 62 64 73 2e 63 6f 6d 6d 2e 6e 65 77 54 6f 70 4d 65 6e 75 3d 3d 3d 31 3b 65 78 70 6f 72 74 73 2e 70 6f 6c 6c 75 74 69 6f 6e 4c 65 76 65 6c 3d 7b 30 3a 22 e4 bc 98 22 2c 31 30 3a 22 e8 89 af 22 2c 32 30 3a 22 e8 bd bb e5 ba a6 e6 b1 a1 e6 9f 93 22 2c 33 30 3a 22 e4 b8 ad e5 ba a6 e6 b1 a1 e6 9f 93 22 2c 34 30 3a 22 e9 87 8d e5 ba a6 e6 b1 a1 e6 9f 93 22 2c 35 30 3a 22 e4 b8 a5 e9 87 8d e6 b1 a1 e6 9f 93 22 7d 3b 76 61 72 20 5f 64 6f 6d 3d 24 28 22 23 73 5f 6d 6f 64 5f 77 65 61 Data Ascii: F.module("superman:weather/weather_tpl",function(require,exports,ctx){var isNewStyle=bds.comm&&bds.comm.newTopMenu===1;exports.pollutionLevel={0:"",10:"",20:"",30:"",40:"",50:""};var _dom=$("#s_mod_wea
2023-11-18 06:52:24 UTC	432	IN	Data Raw: 73 65 72 4d 65 6e 75 29 7d 29 3b 75 73 65 72 4d 65 6e 75 2e 66 69 6e 64 28 22 2e 73 2d 6d 73 67 22 29 2e 6f 6e 28 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 74 78 2e 66 69 72 65 28 22 63 61 74 65 67 6f 72 79 43 6c 69 63 6b 22 2c 7b 63 61 74 65 67 6f 72 79 3a 22 6d 73 67 22 2c 68 61 73 4e 65 77 73 3a 75 73 65 72 4d 65 6e 75 2e 66 69 6e 64 28 22 2e 73 2d 6d 73 67 2d 63 6f 75 6e 74 22 29 2e 74 65 78 74 28 29 3d 3d 3d 22 22 3f 30 3a 31 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 7b 62 69 6e 64 45 76 65 6e 74 28 29 7d 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 7d 29 3b 0a 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 6d 6e 67 72 2f 6d 65 6e 75 5f 63 6f 6d 6d 6f 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 Data Ascii: serMenu)});userMenu.find(".s-msg").on("mousedown",function(){ctx.fire("categoryClick",{category:"msg",hasNews:userMenu.find(".s-msg-count").text()===""?0:1})})}function init(){bindEvent()}exports.init=init});F.module("superman:mngr/menu_common",function(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.5	49755	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:24 UTC	414	OUT	GET /static/superman/js/super_load-8301698f5e.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:24 UTC	416	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 30752 Connection: close Expires: Sat, 11 Nov 2023 07:32:34 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "8301698f5eb7cde858916fe1847ab70f" Cache-Control: max-age=31536000 Age: 861590 Accept-Ranges: bytes Content-MD5: gwFpj163zehYkW/hhHq3Dw== x-bce-content-crc32: 2388938383 x-bce-debug-id: dU+d/IQkb5LiQdW8Vy3oTNV3qp7umV34OzjklLzhJY1hWJy2mCbsxW3I6zocfVES0eGtIVmdWM+zjsKeuwnDaQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 1298eb76-24e3-4b31-adfd-b480c8f2c9b0 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:34 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 30752 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:24 UTC	417	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 77 65 61 74 68 65 72 2f 77 65 61 74 68 65 72 5f 74 70 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 69 73 4e 65 77 53 74 79 6c 65 3d 62 64 73 2e 63 6f 6d 6d 26 26 62 64 73 2e 63 6f 6d 6d 2e 6e 65 77 54 6f 70 4d 65 6e 75 3d 3d 3d 31 3b 65 78 70 6f 72 74 73 2e 70 6f 6c 6c 75 74 69 6f 6e 4c 65 76 65 6c 3d 7b 30 3a 22 e4 bc 98 22 2c 31 30 3a 22 e8 89 af 22 2c 32 30 3a 22 e8 bd bb e5 ba a6 e6 b1 a1 e6 9f 93 22 2c 33 30 3a 22 e4 b8 ad e5 ba a6 e6 b1 a1 e6 9f 93 22 2c 34 30 3a 22 e9 87 8d e5 ba a6 e6 b1 a1 e6 9f 93 22 2c 35 30 3a 22 e4 b8 a5 e9 87 8d e6 b1 a1 e6 9f 93 22 7d 3b 76 61 72 20 5f 64 6f 6d 3d 24 28 22 23 73 5f 6d 6f 64 5f 77 65 61 Data Ascii: F.module("superman:weather/weather_tpl",function(require,exports,ctx){var isNewStyle=bds.comm&&bds.comm.newTopMenu===1;exports.pollutionLevel={0:"",10:"",20:"",30:"",40:"",50:""};var _dom=$("#s_mod_wea
2023-11-18 06:52:24 UTC	432	IN	Data Raw: 73 65 72 4d 65 6e 75 29 7d 29 3b 75 73 65 72 4d 65 6e 75 2e 66 69 6e 64 28 22 2e 73 2d 6d 73 67 22 29 2e 6f 6e 28 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 74 78 2e 66 69 72 65 28 22 63 61 74 65 67 6f 72 79 43 6c 69 63 6b 22 2c 7b 63 61 74 65 67 6f 72 79 3a 22 6d 73 67 22 2c 68 61 73 4e 65 77 73 3a 75 73 65 72 4d 65 6e 75 2e 66 69 6e 64 28 22 2e 73 2d 6d 73 67 2d 63 6f 75 6e 74 22 29 2e 74 65 78 74 28 29 3d 3d 3d 22 22 3f 30 3a 31 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 7b 62 69 6e 64 45 76 65 6e 74 28 29 7d 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 7d 29 3b 0a 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 6d 6e 67 72 2f 6d 65 6e 75 5f 63 6f 6d 6d 6f 6e 22 2c 66 75 6e 63 74 69 6f 6e 28 Data Ascii: serMenu)});userMenu.find(".s-msg").on("mousedown",function(){ctx.fire("categoryClick",{category:"msg",hasNews:userMenu.find(".s-msg-count").text()===""?0:1})})}function init(){bindEvent()}exports.init=init});F.module("superman:mngr/menu_common",function(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	104.193.88.112	443	192.168.2.5	49754	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:24 UTC	414	OUT	GET /static/superman/js/components/tips-e2ceadd14d.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:24 UTC	415	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 564 Connection: close Expires: Sat, 11 Nov 2023 06:31:33 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "e2ceadd14d8e3fb1106e48ac89843760" Cache-Control: max-age=31536000 Age: 865251 Accept-Ranges: bytes Content-MD5: 4s6t0U2OP7EQbkisiYQ3YA== x-bce-content-crc32: 385949678 x-bce-debug-id: z2EoAFXgrzTwior75YLA8RmswqekAIhbyj6VCXc9L/pKqHhjgylMavOAlqxt9ZgJ1e2+QEAXUp11QbOu2DaagA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: c079e206-b2f3-4bcf-ab27-003b26b31f81 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:33 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 564 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:24 UTC	416	IN	Data Raw: 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 74 69 70 73 22 2c 5b 22 74 69 70 73 43 6c 69 63 6b 22 2c 22 61 63 74 69 76 69 74 79 43 6c 69 63 6b 22 5d 29 3b 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 74 69 70 73 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 7b 76 61 72 20 24 6c 6d 4c 69 6e 6b 3d 24 28 22 23 6c 6d 2d 6e 65 77 20 61 22 29 3b 76 61 72 20 61 63 74 69 76 69 74 79 3d 24 28 22 23 62 6f 74 74 6f 6d 5f 6c 61 79 65 72 20 2e 61 63 74 69 76 69 74 79 22 29 3b 69 66 28 24 6c 6d 4c 69 6e 6b 2e 73 69 7a 65 28 29 3e 30 29 7b 24 6c 6d 4c 69 6e 6b 2e 6f 6e 28 22 6d 6f 75 73 Data Ascii: F.addLog("superman:components/tips",["tipsClick","activityClick"]);F.module("superman:components/tips",function(require,exports,ctx){function init(){var $lmLink=$("#lm-new a");var activity=$("#bottom_layer .activity");if($lmLink.size()>0){$lmLink.on("mous

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.5	49754	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:24 UTC	414	OUT	GET /static/superman/js/components/tips-e2ceadd14d.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:24 UTC	415	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:24 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 564 Connection: close Expires: Sat, 11 Nov 2023 06:31:33 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "e2ceadd14d8e3fb1106e48ac89843760" Cache-Control: max-age=31536000 Age: 865251 Accept-Ranges: bytes Content-MD5: 4s6t0U2OP7EQbkisiYQ3YA== x-bce-content-crc32: 385949678 x-bce-debug-id: z2EoAFXgrzTwior75YLA8RmswqekAIhbyj6VCXc9L/pKqHhjgylMavOAlqxt9ZgJ1e2+QEAXUp11QbOu2DaagA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: c079e206-b2f3-4bcf-ab27-003b26b31f81 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:33 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 564 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:24 UTC	416	IN	Data Raw: 46 2e 61 64 64 4c 6f 67 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 74 69 70 73 22 2c 5b 22 74 69 70 73 43 6c 69 63 6b 22 2c 22 61 63 74 69 76 69 74 79 43 6c 69 63 6b 22 5d 29 3b 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 74 69 70 73 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 66 75 6e 63 74 69 6f 6e 20 69 6e 69 74 28 29 7b 76 61 72 20 24 6c 6d 4c 69 6e 6b 3d 24 28 22 23 6c 6d 2d 6e 65 77 20 61 22 29 3b 76 61 72 20 61 63 74 69 76 69 74 79 3d 24 28 22 23 62 6f 74 74 6f 6d 5f 6c 61 79 65 72 20 2e 61 63 74 69 76 69 74 79 22 29 3b 69 66 28 24 6c 6d 4c 69 6e 6b 2e 73 69 7a 65 28 29 3e 30 29 7b 24 6c 6d 4c 69 6e 6b 2e 6f 6e 28 22 6d 6f 75 73 Data Ascii: F.addLog("superman:components/tips",["tipsClick","activityClick"]);F.module("superman:components/tips",function(require,exports,ctx){function init(){var $lmLink=$("#lm-new a");var activity=$("#bottom_layer .activity");if($lmLink.size()>0){$lmLink.on("mous

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	104.193.88.112	443	192.168.2.5	49758	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:24 UTC	447	OUT	GET /static/superman/js/components/qrcode-0e4b67354f.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:25 UTC	449	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:25 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 2068 Connection: close Expires: Sat, 11 Nov 2023 07:37:48 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "0e4b67354fff9b6d750438c9499673c5" Cache-Control: max-age=31536000 Age: 861277 Accept-Ranges: bytes Content-MD5: DktnNU//m211BDjJSZZzxQ== x-bce-content-crc32: 189293433 x-bce-debug-id: V2Zu2O+SDLaUhwfxPASvo20wsy3PY6uw2UPvYtntWYYUmZKDPSYa0p7RR1PoWvWA6RQPKS5ceIjB2vV0ZV9Yuw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: a7f291df-efcc-43da-86f1-57d3d315866f x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:48 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 2068 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:25 UTC	450	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 71 72 63 6f 64 65 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 6c 6f 67 69 6e 31 3b 76 61 72 20 24 71 72 63 6f 64 65 57 72 61 70 70 65 72 3d 24 28 22 23 73 5f 71 72 63 6f 64 65 5f 6e 6f 6c 6f 67 69 6e 22 29 3b 76 61 72 20 24 71 72 54 6f 6f 6c 74 69 70 3d 24 28 22 2e 71 72 63 6f 64 65 2d 74 6f 6f 6c 74 69 70 22 29 3b 76 61 72 20 63 61 6c 6c 65 64 3d 66 61 6c 73 65 3b 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 53 63 72 69 70 74 28 63 62 29 7b 24 2e 67 65 74 53 63 72 69 70 74 28 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 70 61 73 73 70 6f 72 74 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 61 73 73 41 Data Ascii: F.module("superman:components/qrcode",function(require,exports,ctx){var login1;var $qrcodeWrapper=$("#s_qrcode_nologin");var $qrTooltip=$(".qrcode-tooltip");var called=false;function loadScript(cb){$.getScript(location.protocol+"//passport.baidu.com/passA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.5	49758	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:24 UTC	447	OUT	GET /static/superman/js/components/qrcode-0e4b67354f.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:25 UTC	449	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:25 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 2068 Connection: close Expires: Sat, 11 Nov 2023 07:37:48 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "0e4b67354fff9b6d750438c9499673c5" Cache-Control: max-age=31536000 Age: 861277 Accept-Ranges: bytes Content-MD5: DktnNU//m211BDjJSZZzxQ== x-bce-content-crc32: 189293433 x-bce-debug-id: V2Zu2O+SDLaUhwfxPASvo20wsy3PY6uw2UPvYtntWYYUmZKDPSYa0p7RR1PoWvWA6RQPKS5ceIjB2vV0ZV9Yuw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: a7f291df-efcc-43da-86f1-57d3d315866f x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:48 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 2068 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:25 UTC	450	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 71 72 63 6f 64 65 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 6c 6f 67 69 6e 31 3b 76 61 72 20 24 71 72 63 6f 64 65 57 72 61 70 70 65 72 3d 24 28 22 23 73 5f 71 72 63 6f 64 65 5f 6e 6f 6c 6f 67 69 6e 22 29 3b 76 61 72 20 24 71 72 54 6f 6f 6c 74 69 70 3d 24 28 22 2e 71 72 63 6f 64 65 2d 74 6f 6f 6c 74 69 70 22 29 3b 76 61 72 20 63 61 6c 6c 65 64 3d 66 61 6c 73 65 3b 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 53 63 72 69 70 74 28 63 62 29 7b 24 2e 67 65 74 53 63 72 69 70 74 28 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 70 61 73 73 70 6f 72 74 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 61 73 73 41 Data Ascii: F.module("superman:components/qrcode",function(require,exports,ctx){var login1;var $qrcodeWrapper=$("#s_qrcode_nologin");var $qrTooltip=$(".qrcode-tooltip");var called=false;function loadScript(cb){$.getScript(location.protocol+"//passport.baidu.com/passA

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.5	49759	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	448	OUT	GET /static/superman/js/components/advert-064271ed9b.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:25 UTC	452	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:25 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4256 Connection: close Expires: Sat, 11 Nov 2023 07:48:30 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "064271ed9b70cbf13c1e7737b490408e" Cache-Control: max-age=31536000 Age: 860635 Accept-Ranges: bytes Content-MD5: BkJx7Ztwy/E8Hnc3tJBAjg== x-bce-content-crc32: 3716042200 x-bce-debug-id: nPhYgIHtWWoRs7ueSiJtOg6l5FSY1vhsRMvyAG+STgUIf7ICE9blrE7SZFcMkzvygzY/FJSLIh+uXxw1s2Cnag== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2d54e27d-a356-4e73-9cae-a612f875d856 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:30 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 4256 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:25 UTC	453	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 61 64 76 65 72 74 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 24 64 61 76 65 72 74 57 72 61 70 3d 24 28 22 23 73 5f 70 6f 70 75 70 5f 61 64 76 65 72 74 22 29 3b 76 61 72 20 64 61 74 61 3d 62 64 73 2e 63 6f 6d 6d 26 26 62 64 73 2e 63 6f 6d 6d 2e 70 6f 70 55 70 41 64 76 65 72 74 3b 76 61 72 20 74 69 6d 65 72 3d 6e 75 6c 6c 3b 76 61 72 20 66 61 64 65 54 69 6d 65 3d 36 30 30 3b 76 61 72 20 73 68 6f 77 53 74 79 6c 65 3d 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 22 61 6c 6c 20 30 2e 35 73 22 2c 22 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 22 3a 22 61 6c 6c 20 30 2e 35 73 22 2c 22 2d 6d 6f 7a 2d 74 72 61 Data Ascii: F.module("superman:components/advert",function(require,exports,ctx){var $davertWrap=$("#s_popup_advert");var data=bds.comm&&bds.comm.popUpAdvert;var timer=null;var fadeTime=600;var showStyle={transition:"all 0.5s","-webkit-transition":"all 0.5s","-moz-tra

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	104.193.88.112	443	192.168.2.5	49759	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	448	OUT	GET /static/superman/js/components/advert-064271ed9b.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:25 UTC	452	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:25 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4256 Connection: close Expires: Sat, 11 Nov 2023 07:48:30 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "064271ed9b70cbf13c1e7737b490408e" Cache-Control: max-age=31536000 Age: 860635 Accept-Ranges: bytes Content-MD5: BkJx7Ztwy/E8Hnc3tJBAjg== x-bce-content-crc32: 3716042200 x-bce-debug-id: nPhYgIHtWWoRs7ueSiJtOg6l5FSY1vhsRMvyAG+STgUIf7ICE9blrE7SZFcMkzvygzY/FJSLIh+uXxw1s2Cnag== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2d54e27d-a356-4e73-9cae-a612f875d856 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:30 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 4256 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:25 UTC	453	IN	Data Raw: 46 2e 6d 6f 64 75 6c 65 28 22 73 75 70 65 72 6d 61 6e 3a 63 6f 6d 70 6f 6e 65 6e 74 73 2f 61 64 76 65 72 74 22 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 65 78 70 6f 72 74 73 2c 63 74 78 29 7b 76 61 72 20 24 64 61 76 65 72 74 57 72 61 70 3d 24 28 22 23 73 5f 70 6f 70 75 70 5f 61 64 76 65 72 74 22 29 3b 76 61 72 20 64 61 74 61 3d 62 64 73 2e 63 6f 6d 6d 26 26 62 64 73 2e 63 6f 6d 6d 2e 70 6f 70 55 70 41 64 76 65 72 74 3b 76 61 72 20 74 69 6d 65 72 3d 6e 75 6c 6c 3b 76 61 72 20 66 61 64 65 54 69 6d 65 3d 36 30 30 3b 76 61 72 20 73 68 6f 77 53 74 79 6c 65 3d 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 22 61 6c 6c 20 30 2e 35 73 22 2c 22 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 22 3a 22 61 6c 6c 20 30 2e 35 73 22 2c 22 2d 6d 6f 7a 2d 74 72 61 Data Ascii: F.module("superman:components/advert",function(require,exports,ctx){var $davertWrap=$("#s_popup_advert");var data=bds.comm&&bds.comm.popUpAdvert;var timer=null;var fadeTime=600;var showStyle={transition:"all 0.5s","-webkit-transition":"all 0.5s","-moz-tra

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	103.235.47.7	443	192.168.2.5	49757	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	448	OUT	GET /-L-Ysjip0QIZ8tyhnq/v.gif?mod=superman%3Acomponents&submod=hotsearch&utype=undefined&superver=supernewplus&portrait=undefined&logPortrait=undefined&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.7297529188846449&m=superman%3Acomponents_hotsearchShow&showType=hotword&words=%5B%22%E4%B9%A0%E8%BF%91%E5%B9%B3%E5%9C%A8APEC%E9%A2%86%E5%AF%BC%E4%BA%BA%E4%BC%9A%E8%AE%AE%E4%B8%8A%E7%9A%84%E8%AE%B2%E8%AF%9D%22%2C%22%E4%B8%AD%E5%9B%BD%E6%8C%81%E7%BB%AD%E6%B7%B1%E5%8C%96%E4%B8%8EAPEC%E7%BB%8F%E6%B5%8E%E4%BD%93%E7%BB%8F%E8%B4%B8%E5%90%88%E4%BD%9C%22%2C%22%E4%B8%AD%E6%97%A5%E5%85%B3%E7%B3%BB%EF%BC%8C%E6%9C%80%E8%BF%91%E5%87%BA%E7%8E%B0%E4%B8%89%E4%B8%AA%E5%BE%AE%E5%A6%99%E5%8F%98%E5%8C%96%22%2C%22%E4%B8%AD%E5%9B%BD%E2%80%9C%E9%9C%B8%E6%80%BB%E2%80%9D%E7%88%BD%E5%89%A7%E5%9C%A8%E6%B5%B7%E5%A4%96%E6%9D%80%E7%96%AF%E4%BA%86%22%2C%22%E9%9F%A9%E5%9B%BD%E4%BB%8E2027%E5%B9%B4%E5%BC%80%E5%A7%8B%E7%A6%81%E9%A3%9F%E7%8B%97%E8%82%89%22%2C%22%E5%90%9E%E5%89%91%E8%A1%A8%E6%BC%94%E5%A4%A7%E5%9E%8B%E5%A4%B1%E8%AF%AF%E7%8E%B0%E5%9C%BA%22%5D&pagenum=0 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp2.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
2023-11-18 06:52:25 UTC	457	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Cache-Control: no-cache Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:25 GMT Pragma: no-cache Server: nginx/1.8.0 Tracecode: 31452325133759562506111814 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.5	49757	103.235.47.7	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	448	OUT	GET /-L-Ysjip0QIZ8tyhnq/v.gif?mod=superman%3Acomponents&submod=hotsearch&utype=undefined&superver=supernewplus&portrait=undefined&logPortrait=undefined&glogid=2149420854&type=2011&pid=315&isLogin=0&version=PCHome&terminal=PC&qid=0xfecfa60d001d8f36&sid=&super_frm=&from_login=&from_reg=&query=&curcard=2&curcardtab=&_r=0.7297529188846449&m=superman%3Acomponents_hotsearchShow&showType=hotword&words=%5B%22%E4%B9%A0%E8%BF%91%E5%B9%B3%E5%9C%A8APEC%E9%A2%86%E5%AF%BC%E4%BA%BA%E4%BC%9A%E8%AE%AE%E4%B8%8A%E7%9A%84%E8%AE%B2%E8%AF%9D%22%2C%22%E4%B8%AD%E5%9B%BD%E6%8C%81%E7%BB%AD%E6%B7%B1%E5%8C%96%E4%B8%8EAPEC%E7%BB%8F%E6%B5%8E%E4%BD%93%E7%BB%8F%E8%B4%B8%E5%90%88%E4%BD%9C%22%2C%22%E4%B8%AD%E6%97%A5%E5%85%B3%E7%B3%BB%EF%BC%8C%E6%9C%80%E8%BF%91%E5%87%BA%E7%8E%B0%E4%B8%89%E4%B8%AA%E5%BE%AE%E5%A6%99%E5%8F%98%E5%8C%96%22%2C%22%E4%B8%AD%E5%9B%BD%E2%80%9C%E9%9C%B8%E6%80%BB%E2%80%9D%E7%88%BD%E5%89%A7%E5%9C%A8%E6%B5%B7%E5%A4%96%E6%9D%80%E7%96%AF%E4%BA%86%22%2C%22%E9%9F%A9%E5%9B%BD%E4%BB%8E2027%E5%B9%B4%E5%BC%80%E5%A7%8B%E7%A6%81%E9%A3%9F%E7%8B%97%E8%82%89%22%2C%22%E5%90%9E%E5%89%91%E8%A1%A8%E6%BC%94%E5%A4%A7%E5%9E%8B%E5%A4%B1%E8%AF%AF%E7%8E%B0%E5%9C%BA%22%5D&pagenum=0 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp2.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335
2023-11-18 06:52:25 UTC	457	IN	HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Origin: * Cache-Control: no-cache Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:25 GMT Pragma: no-cache Server: nginx/1.8.0 Tracecode: 31452325133759562506111814 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.5	49761	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	458	OUT	GET /static/superman/js/components/video-meet-7833028d86.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	458	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:25 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4398 Connection: close Expires: Sat, 11 Nov 2023 07:32:34 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "7833028d860aff115ed44dc3ecf82e92" Cache-Control: max-age=31536000 Age: 861591 Accept-Ranges: bytes Content-MD5: eDMCjYYK/xFe1E3D7Pgukg== x-bce-content-crc32: 3066766385 x-bce-debug-id: LHbkwA/fccsoVDAruyO2674/jtN+NCsIFewQ+pibMBS+bImWSAZEhxPbqsfE3rxU/ugZcwRzClrbEaylIr5owg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 95272b64-08b3-4952-bf6c-f7b75fc609dd x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:34 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 4398 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:26 UTC	459	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 69 66 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3d 3d 3d 22 73 79 6d 62 6f 6c 22 29 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 7d 7d 65 6c 73 65 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 6f 62 6a 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d Data Ascii: function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj}}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	104.193.88.112	443	192.168.2.5	49761	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	458	OUT	GET /static/superman/js/components/video-meet-7833028d86.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	458	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:25 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4398 Connection: close Expires: Sat, 11 Nov 2023 07:32:34 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "7833028d860aff115ed44dc3ecf82e92" Cache-Control: max-age=31536000 Age: 861591 Accept-Ranges: bytes Content-MD5: eDMCjYYK/xFe1E3D7Pgukg== x-bce-content-crc32: 3066766385 x-bce-debug-id: LHbkwA/fccsoVDAruyO2674/jtN+NCsIFewQ+pibMBS+bImWSAZEhxPbqsfE3rxU/ugZcwRzClrbEaylIr5owg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 95272b64-08b3-4952-bf6c-f7b75fc609dd x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:34 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 4398 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:26 UTC	459	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 69 66 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3d 3d 3d 22 73 79 6d 62 6f 6c 22 29 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 7d 7d 65 6c 73 65 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 6f 62 6a 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d Data Ascii: function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj}}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	104.193.88.112	443	192.168.2.5	49762	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	458	OUT	GET /static/superman/js/components/login_guide-4fba3971ce.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	464	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 8919 Connection: close Expires: Sat, 11 Nov 2023 06:27:04 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "4fba3971ce850c09757774298f8185ed" Cache-Control: max-age=31536000 Age: 865522 Accept-Ranges: bytes Content-MD5: T7o5cc6FDAl1d3Qpj4GF7Q== x-bce-content-crc32: 177843807 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4bqueRl06dME1wniU/iosD6kXm0aLVVU6FqeJ4DIowNvA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: faadfb23-2cd0-41cb-a328-53200ecb16f1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:04 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 8919 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:26 UTC	465	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 6c 6f 67 69 6e 5f 67 75 69 64 65 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 76 65 6e 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 2c 5f 65 76 65 6e 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 3b 66 75 6e 63 74 69 6f 6e 20 5f 63 72 65 61 74 65 46 6f 72 4f 66 49 74 65 72 61 74 6f 72 48 65 6c 70 65 72 28 6f 29 7b 69 66 28 74 79 70 65 6f Data Ascii: define("superman/components/login_guide",["require","exports","superman/lib/event"],function(require,_exports,_event){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.init=init;function _createForOfIteratorHelper(o){if(typeo

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.5	49762	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:25 UTC	458	OUT	GET /static/superman/js/components/login_guide-4fba3971ce.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	464	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 8919 Connection: close Expires: Sat, 11 Nov 2023 06:27:04 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "4fba3971ce850c09757774298f8185ed" Cache-Control: max-age=31536000 Age: 865522 Accept-Ranges: bytes Content-MD5: T7o5cc6FDAl1d3Qpj4GF7Q== x-bce-content-crc32: 177843807 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4bqueRl06dME1wniU/iosD6kXm0aLVVU6FqeJ4DIowNvA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: faadfb23-2cd0-41cb-a328-53200ecb16f1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:04 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 8919 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:26 UTC	465	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 6c 6f 67 69 6e 5f 67 75 69 64 65 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 76 65 6e 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 2c 5f 65 76 65 6e 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 3b 66 75 6e 63 74 69 6f 6e 20 5f 63 72 65 61 74 65 46 6f 72 4f 66 49 74 65 72 61 74 6f 72 48 65 6c 70 65 72 28 6f 29 7b 69 66 28 74 79 70 65 6f Data Ascii: define("superman/components/login_guide",["require","exports","superman/lib/event"],function(require,_exports,_event){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.init=init;function _createForOfIteratorHelper(o){if(typeo

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.5	49722	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	22	OUT	GET /static/superman/img/qrcode/qrcode@2x-daf987ad02.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	31	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 1265 Connection: close Expires: Sat, 11 Nov 2023 06:27:03 GMT Last-Modified: Fri, 03 Nov 2023 09:16:39 GMT ETag: "daf987ad02f4984c4e7fcfe42617b171" Cache-Control: max-age=31536000 Age: 865514 Accept-Ranges: bytes Content-MD5: 2vmHrQL0mExOf8/kJhexcQ== x-bce-content-crc32: 436621703 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4Z74n1mjwq4tMe2mGdQyVgLwPZTs0fJbf9uiCHiO1rQCQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: ec42e64f-18ee-44c1-bb83-c3fad68e1c72 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:03 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 1265 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:17 UTC	31	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 01 20 05 c9 11 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 30 a0 03 00 04 00 00 00 01 00 00 00 30 00 00 00 00 db 37 6c 0c 00 00 04 5b 49 44 41 54 68 05 ed 59 b9 72 14 31 10 95 a6 28 9c 43 04 05 21 31 19 29 8e f1 17 60 88 7c 61 07 84 ac 43 af c3 5d 67 10 f8 5c 47 d8 fc 00 10 9b 94 8c 98 90 2b 73 6e 82 11 fd 34 f3 66 7b a5 b9 58 6f 19 17 35 aa f2 4a ea 7e 3a ba d5 87 46 36 a6 a2 58 d2 97 d7 7a 3f 5d 62 5e 99 d4 bd 3d 3e d8 b1 9e 01 a2 31 76 d5 99 f4 3d 88 00 27 f8 01 12 44 b4 97 d6 7b cf 50 7b 06 87 83 70 Data Ascii: PNGIHDR00 sRGBDeXIfMM*i007l[IDAThYr1(C!1)`\|aC]g\G+sn4f{Xo5J~:F6Xz?]b^=>1v='D{P{p

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	104.193.88.112	443	192.168.2.5	49722	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	22	OUT	GET /static/superman/img/qrcode/qrcode@2x-daf987ad02.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	31	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 1265 Connection: close Expires: Sat, 11 Nov 2023 06:27:03 GMT Last-Modified: Fri, 03 Nov 2023 09:16:39 GMT ETag: "daf987ad02f4984c4e7fcfe42617b171" Cache-Control: max-age=31536000 Age: 865514 Accept-Ranges: bytes Content-MD5: 2vmHrQL0mExOf8/kJhexcQ== x-bce-content-crc32: 436621703 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4Z74n1mjwq4tMe2mGdQyVgLwPZTs0fJbf9uiCHiO1rQCQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: ec42e64f-18ee-44c1-bb83-c3fad68e1c72 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:03 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 1265 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:17 UTC	31	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 01 20 05 c9 11 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 30 a0 03 00 04 00 00 00 01 00 00 00 30 00 00 00 00 db 37 6c 0c 00 00 04 5b 49 44 41 54 68 05 ed 59 b9 72 14 31 10 95 a6 28 9c 43 04 05 21 31 19 29 8e f1 17 60 88 7c 61 07 84 ac 43 af c3 5d 67 10 f8 5c 47 d8 fc 00 10 9b 94 8c 98 90 2b 73 6e 82 11 fd 34 f3 66 7b a5 b9 58 6f 19 17 35 aa f2 4a ea 7e 3a ba d5 87 46 36 a6 a2 58 d2 97 d7 7a 3f 5d 62 5e 99 d4 bd 3d 3e d8 b1 9e 01 a2 31 76 d5 99 f4 3d 88 00 27 f8 01 12 44 b4 97 d6 7b cf 50 7b 06 87 83 70 Data Ascii: PNGIHDR00 sRGBDeXIfMM*i007l[IDAThYr1(C!1)`\|aC]g\G+sn4f{Xo5J~:F6Xz?]b^=>1v='D{P{p

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.5	49764	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:26 UTC	473	OUT	GET /static/superman/js/components/content-info-12dbf9fb6d.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	474	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 6451 Connection: close Expires: Sat, 11 Nov 2023 07:37:55 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "12dbf9fb6d608609f31753654d61b30a" Cache-Control: max-age=31536000 Age: 861271 Accept-Ranges: bytes Content-MD5: Etv5+21ghgnzF1NlTWGzCg== x-bce-content-crc32: 2370318147 x-bce-debug-id: NZOys301AY04tuv4/Car1+9TPIeIuQsgximvauxAxxEVuohy3hDlPAhU7J5ukGwXJ2HnuaqKP0gvTbXY86NydA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 35384043-42d9-4ead-928e-0d99227ec0c4 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:55 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 6451 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:26 UTC	475	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 63 6f 6e 74 65 6e 74 2d 69 6e 66 6f 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 43 6f 6e 74 65 6e 74 49 6e 66 6f 3d 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 5f 63 6c 61 73 73 43 61 6c 6c 43 68 65 63 6b 28 69 6e 73 74 61 6e 63 65 2c 43 6f 6e 73 74 72 75 63 74 6f 72 29 7b 69 66 28 21 28 69 6e 73 74 61 6e 63 65 20 69 6e 73 74 Data Ascii: define("superman/components/content-info",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.ContentInfo=void 0;function _classCallCheck(instance,Constructor){if(!(instance inst

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	104.193.88.112	443	192.168.2.5	49764	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:26 UTC	473	OUT	GET /static/superman/js/components/content-info-12dbf9fb6d.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	474	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 6451 Connection: close Expires: Sat, 11 Nov 2023 07:37:55 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "12dbf9fb6d608609f31753654d61b30a" Cache-Control: max-age=31536000 Age: 861271 Accept-Ranges: bytes Content-MD5: Etv5+21ghgnzF1NlTWGzCg== x-bce-content-crc32: 2370318147 x-bce-debug-id: NZOys301AY04tuv4/Car1+9TPIeIuQsgximvauxAxxEVuohy3hDlPAhU7J5ukGwXJ2HnuaqKP0gvTbXY86NydA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 35384043-42d9-4ead-928e-0d99227ec0c4 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:55 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 6451 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:26 UTC	475	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 63 6f 6e 74 65 6e 74 2d 69 6e 66 6f 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 43 6f 6e 74 65 6e 74 49 6e 66 6f 3d 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 5f 63 6c 61 73 73 43 61 6c 6c 43 68 65 63 6b 28 69 6e 73 74 61 6e 63 65 2c 43 6f 6e 73 74 72 75 63 74 6f 72 29 7b 69 66 28 21 28 69 6e 73 74 61 6e 63 65 20 69 6e 73 74 Data Ascii: define("superman/components/content-info",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.ContentInfo=void 0;function _classCallCheck(instance,Constructor){if(!(instance inst

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	104.193.88.112	443	192.168.2.5	49765	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:26 UTC	474	OUT	GET /static/superman/js/components/ai-talk-switch-c2572e6a36.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	481	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 17292 Connection: close Expires: Sat, 11 Nov 2023 06:31:38 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "c2572e6a367115d1de6b65753d08700a" Cache-Control: max-age=31536000 Age: 865248 Accept-Ranges: bytes Content-MD5: wlcuajZxFdHea2V1PQhwCg== x-bce-content-crc32: 1502741133 x-bce-debug-id: QoOdgOp6wdKjyfBbp+n3JJHWGM2dS6Bp+tg5Dg7OfGKyS1EZ/DgxKhRogS62/GIV89mAWJL1lgZeglUR+ZoWLg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: d76303d6-8a35-4484-8c4c-b9990103c802 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:38 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 17292 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:26 UTC	482	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 61 69 2d 74 61 6c 6b 2d 73 77 69 74 63 68 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 78 74 72 61 63 74 5f 64 61 74 61 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 2c 5f 65 78 74 72 61 63 74 5f 64 61 74 61 2c 5f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e Data Ascii: define("superman/components/ai-talk-switch",["require","exports","superman/lib/extract_data","superman/lib/commonUtils"],function(require,_exports,_extract_data,_commonUtils){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.
2023-11-18 06:52:26 UTC	497	IN	Data Raw: 73 2e 68 61 73 54 69 70 45 6e 74 72 79 3b 76 61 72 20 64 79 6e 61 6d 69 63 54 65 78 74 44 6f 6d 3d 24 28 22 2e 75 6e 64 65 72 74 69 70 73 2d 61 69 2d 64 79 6e 61 6d 69 63 2d 74 65 78 74 22 29 3b 76 61 72 20 73 74 61 74 69 63 54 65 78 74 44 6f 6d 3d 24 28 0a 22 2e 75 6e 64 65 72 74 69 70 73 2d 61 69 2d 73 74 61 74 69 63 2d 74 65 78 74 22 29 3b 69 66 28 68 61 73 54 69 70 45 6e 74 72 79 26 26 64 79 6e 61 6d 69 63 54 65 78 74 44 6f 6d 26 26 64 79 6e 61 6d 69 63 54 65 78 74 44 6f 6d 2e 6c 65 6e 67 74 68 3e 30 29 7b 76 61 72 20 69 73 42 64 57 6f 72 64 4c 69 6e 6b 52 65 63 61 6c 6c 46 72 6f 6d 47 75 69 64 65 3d 74 68 69 73 2e 69 73 42 64 57 6f 72 64 4c 69 6e 6b 52 65 63 61 6c 6c 46 72 6f 6d 47 75 69 64 65 3b 64 79 6e 61 6d 69 63 54 65 78 74 3d 64 79 6e 61 6d 69 Data Ascii: s.hasTipEntry;var dynamicTextDom=$(".undertips-ai-dynamic-text");var staticTextDom=$(".undertips-ai-static-text");if(hasTipEntry&&dynamicTextDom&&dynamicTextDom.length>0){var isBdWordLinkRecallFromGuide=this.isBdWordLinkRecallFromGuide;dynamicText=dynami

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.5	49765	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:26 UTC	474	OUT	GET /static/superman/js/components/ai-talk-switch-c2572e6a36.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:26 UTC	481	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:26 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 17292 Connection: close Expires: Sat, 11 Nov 2023 06:31:38 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "c2572e6a367115d1de6b65753d08700a" Cache-Control: max-age=31536000 Age: 865248 Accept-Ranges: bytes Content-MD5: wlcuajZxFdHea2V1PQhwCg== x-bce-content-crc32: 1502741133 x-bce-debug-id: QoOdgOp6wdKjyfBbp+n3JJHWGM2dS6Bp+tg5Dg7OfGKyS1EZ/DgxKhRogS62/GIV89mAWJL1lgZeglUR+ZoWLg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: d76303d6-8a35-4484-8c4c-b9990103c802 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:38 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 17292 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:26 UTC	482	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 61 69 2d 74 61 6c 6b 2d 73 77 69 74 63 68 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 78 74 72 61 63 74 5f 64 61 74 61 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 2c 5f 65 78 74 72 61 63 74 5f 64 61 74 61 2c 5f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e Data Ascii: define("superman/components/ai-talk-switch",["require","exports","superman/lib/extract_data","superman/lib/commonUtils"],function(require,_exports,_extract_data,_commonUtils){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.
2023-11-18 06:52:26 UTC	497	IN	Data Raw: 73 2e 68 61 73 54 69 70 45 6e 74 72 79 3b 76 61 72 20 64 79 6e 61 6d 69 63 54 65 78 74 44 6f 6d 3d 24 28 22 2e 75 6e 64 65 72 74 69 70 73 2d 61 69 2d 64 79 6e 61 6d 69 63 2d 74 65 78 74 22 29 3b 76 61 72 20 73 74 61 74 69 63 54 65 78 74 44 6f 6d 3d 24 28 0a 22 2e 75 6e 64 65 72 74 69 70 73 2d 61 69 2d 73 74 61 74 69 63 2d 74 65 78 74 22 29 3b 69 66 28 68 61 73 54 69 70 45 6e 74 72 79 26 26 64 79 6e 61 6d 69 63 54 65 78 74 44 6f 6d 26 26 64 79 6e 61 6d 69 63 54 65 78 74 44 6f 6d 2e 6c 65 6e 67 74 68 3e 30 29 7b 76 61 72 20 69 73 42 64 57 6f 72 64 4c 69 6e 6b 52 65 63 61 6c 6c 46 72 6f 6d 47 75 69 64 65 3d 74 68 69 73 2e 69 73 42 64 57 6f 72 64 4c 69 6e 6b 52 65 63 61 6c 6c 46 72 6f 6d 47 75 69 64 65 3b 64 79 6e 61 6d 69 63 54 65 78 74 3d 64 79 6e 61 6d 69 Data Ascii: s.hasTipEntry;var dynamicTextDom=$(".undertips-ai-dynamic-text");var staticTextDom=$(".undertips-ai-static-text");if(hasTipEntry&&dynamicTextDom&&dynamicTextDom.length>0){var isBdWordLinkRecallFromGuide=this.isBdWordLinkRecallFromGuide;dynamicText=dynami

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	104.193.88.112	443	192.168.2.5	49766	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	499	OUT	GET /static/superman/js/components/top-right-operate/operate-827e19fac1.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:27 UTC	500	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:27 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4474 Connection: close Expires: Sat, 11 Nov 2023 07:37:46 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "827e19fac177168f6e85c6e68a2b3db0" Cache-Control: max-age=31536000 Age: 861281 Accept-Ranges: bytes Content-MD5: gn4Z+sF3Fo9uhcbmiis9sA== x-bce-content-crc32: 1109369345 x-bce-debug-id: g9d7wMELSks+FOI8VLiWUNy7Dszd66SXXFuvU+3BFIZgiZBFQiKYjA8S4H8W6gvu5MlTeNWeK7N/XuhtUcfPwA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: f9b1838b-b016-48d8-8ff0-49164c87c1f5 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:46 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 4474 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:27 UTC	501	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 74 6f 70 2d 72 69 67 68 74 2d 6f 70 65 72 61 74 65 2f 6f 70 65 72 61 74 65 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 78 74 72 61 63 74 5f 64 61 74 61 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 2c 5f 65 78 74 72 61 63 74 5f 64 61 74 61 2c 5f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d Data Ascii: define("superman/components/top-right-operate/operate",["require","exports","superman/lib/extract_data","superman/lib/commonUtils"],function(require,_exports,_extract_data,_commonUtils){"use strict";Object.defineProperty(_exports,"__esModule",{value:true}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.5	49766	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	499	OUT	GET /static/superman/js/components/top-right-operate/operate-827e19fac1.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:27 UTC	500	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:27 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4474 Connection: close Expires: Sat, 11 Nov 2023 07:37:46 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "827e19fac177168f6e85c6e68a2b3db0" Cache-Control: max-age=31536000 Age: 861281 Accept-Ranges: bytes Content-MD5: gn4Z+sF3Fo9uhcbmiis9sA== x-bce-content-crc32: 1109369345 x-bce-debug-id: g9d7wMELSks+FOI8VLiWUNy7Dszd66SXXFuvU+3BFIZgiZBFQiKYjA8S4H8W6gvu5MlTeNWeK7N/XuhtUcfPwA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: f9b1838b-b016-48d8-8ff0-49164c87c1f5 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:37:46 GMT Ohc-Cache-HIT: sfo01-sys-jorcol07.sfo01.baidu.com [2] Ohc-File-Size: 4474 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:27 UTC	501	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 74 6f 70 2d 72 69 67 68 74 2d 6f 70 65 72 61 74 65 2f 6f 70 65 72 61 74 65 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 65 78 74 72 61 63 74 5f 64 61 74 61 22 2c 22 73 75 70 65 72 6d 61 6e 2f 6c 69 62 2f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 2c 5f 65 78 74 72 61 63 74 5f 64 61 74 61 2c 5f 63 6f 6d 6d 6f 6e 55 74 69 6c 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d Data Ascii: define("superman/components/top-right-operate/operate",["require","exports","superman/lib/extract_data","superman/lib/commonUtils"],function(require,_exports,_extract_data,_commonUtils){"use strict";Object.defineProperty(_exports,"__esModule",{value:true}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	104.193.88.112	443	192.168.2.5	49767	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	499	OUT	GET /static/superman/js/components/aging-tools-35648b2e67.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:27 UTC	505	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:27 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 6505 Connection: close Expires: Sat, 11 Nov 2023 06:31:38 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "35648b2e672f9ca11c70babc2ed0d6db" Cache-Control: max-age=31536000 Age: 865249 Accept-Ranges: bytes Content-MD5: NWSLLmcvnKEccLq8LtDW2w== x-bce-content-crc32: 3060720756 x-bce-debug-id: z2EoAFXgrzTwior75YLA8RmswqekAIhbyj6VCXc9L/oBXhMohGqM2QmPp3nT0ndsayRReg5c55SDu0r1maeMUw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 6e433c5f-38c3-44d4-a650-a2f8ecea7000 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:38 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 6505 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:27 UTC	506	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 69 66 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3d 3d 3d 22 73 79 6d 62 6f 6c 22 29 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 7d 7d 65 6c 73 65 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 6f 62 6a 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d Data Ascii: function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj}}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.5	49767	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	499	OUT	GET /static/superman/js/components/aging-tools-35648b2e67.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:27 UTC	505	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:27 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 6505 Connection: close Expires: Sat, 11 Nov 2023 06:31:38 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "35648b2e672f9ca11c70babc2ed0d6db" Cache-Control: max-age=31536000 Age: 865249 Accept-Ranges: bytes Content-MD5: NWSLLmcvnKEccLq8LtDW2w== x-bce-content-crc32: 3060720756 x-bce-debug-id: z2EoAFXgrzTwior75YLA8RmswqekAIhbyj6VCXc9L/oBXhMohGqM2QmPp3nT0ndsayRReg5c55SDu0r1maeMUw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 6e433c5f-38c3-44d4-a650-a2f8ecea7000 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:38 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 6505 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:27 UTC	506	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 22 40 62 61 62 65 6c 2f 68 65 6c 70 65 72 73 20 2d 20 74 79 70 65 6f 66 22 3b 69 66 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3d 3d 3d 22 73 79 6d 62 6f 6c 22 29 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 6f 62 6a 7d 7d 65 6c 73 65 7b 5f 74 79 70 65 6f 66 3d 66 75 6e 63 74 69 6f 6e 20 5f 74 79 70 65 6f 66 28 6f 62 6a 29 7b 72 65 74 75 72 6e 20 6f 62 6a 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 6f 62 6a 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d Data Ascii: function _typeof(obj){"@babel/helpers - typeof";if(typeof Symbol==="function"&&typeof Symbol.iterator==="symbol"){_typeof=function _typeof(obj){return typeof obj}}else{_typeof=function _typeof(obj){return obj&&typeof Symbol==="function"&&obj.constructor==

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	104.193.88.112	443	192.168.2.5	49768	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	512	OUT	GET /static/superman/js/components/invoke-97e9694cb9.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:28 UTC	513	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:28 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 3567 Connection: close Expires: Sat, 11 Nov 2023 07:32:29 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "97e9694cb9c9ff941d905a4d765f6937" Cache-Control: max-age=31536000 Age: 861599 Accept-Ranges: bytes Content-MD5: l+lpTLnJ/5QdkFpNdl9pNw== x-bce-content-crc32: 3832170308 x-bce-debug-id: diYG4kMFkoGvFu/C1meJ5Djn5WsXfrhXIRRFfxdpIB4sYtZUSOeCiuD+Qud9TOMAKY+d8zJ080Mtlr3+qXsDyw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 387ef03d-af9b-4276-b6ad-ee693737230a x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:29 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 3567 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:28 UTC	514	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 69 6e 76 6f 6b 65 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 3b 66 75 6e 63 74 69 6f 6e 20 5f 63 6c 61 73 73 43 61 6c 6c 43 68 65 63 6b 28 69 6e 73 74 61 6e 63 65 2c 43 6f 6e 73 74 72 75 63 74 6f 72 29 7b 69 66 28 21 28 69 6e 73 74 61 6e 63 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 43 6f 6e 73 74 72 75 63 Data Ascii: define("superman/components/invoke",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.init=init;function _classCallCheck(instance,Constructor){if(!(instance instanceof Construc

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.5	49768	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	512	OUT	GET /static/superman/js/components/invoke-97e9694cb9.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:28 UTC	513	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:28 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 3567 Connection: close Expires: Sat, 11 Nov 2023 07:32:29 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "97e9694cb9c9ff941d905a4d765f6937" Cache-Control: max-age=31536000 Age: 861599 Accept-Ranges: bytes Content-MD5: l+lpTLnJ/5QdkFpNdl9pNw== x-bce-content-crc32: 3832170308 x-bce-debug-id: diYG4kMFkoGvFu/C1meJ5Djn5WsXfrhXIRRFfxdpIB4sYtZUSOeCiuD+Qud9TOMAKY+d8zJ080Mtlr3+qXsDyw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 387ef03d-af9b-4276-b6ad-ee693737230a x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:29 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 3567 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:28 UTC	514	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 69 6e 76 6f 6b 65 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 3b 66 75 6e 63 74 69 6f 6e 20 5f 63 6c 61 73 73 43 61 6c 6c 43 68 65 63 6b 28 69 6e 73 74 61 6e 63 65 2c 43 6f 6e 73 74 72 75 63 74 6f 72 29 7b 69 66 28 21 28 69 6e 73 74 61 6e 63 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 43 6f 6e 73 74 72 75 63 Data Ascii: define("superman/components/invoke",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.init=init;function _classCallCheck(instance,Constructor){if(!(instance instanceof Construc

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	104.193.88.112	443	192.168.2.5	49769	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	513	OUT	GET /static/superman/js/ubase-dddde7cd4e.js?v=md5 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:28 UTC	517	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:28 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 52422 Connection: close Expires: Sat, 11 Nov 2023 06:31:39 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "dddde7cd4e229228869fe227b2a42929" Cache-Control: max-age=31536000 Age: 865249 Accept-Ranges: bytes Content-MD5: 3d3nzU4ikiiGn+InsqQpKQ== x-bce-content-crc32: 2882194801 x-bce-debug-id: QoOdgOp6wdKjyfBbp+n3JJHWGM2dS6Bp+tg5Dg7OfGJJaBoLGVyP908e4dbivRW3rDukKFfw5T+5y2UN/sMF6Q== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: c76a9392-5a9e-44a6-8ad7-c45d030e202e x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:39 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 52422 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:28 UTC	518	IN	Data Raw: 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 46 2c 7b 75 6e 69 71 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 75 6e 69 71 3d 2b 6e 65 77 20 44 61 74 65 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 70 72 65 66 69 78 29 7b 72 65 74 75 72 6e 28 70 72 65 66 69 78 7c 7c 22 22 29 2b 20 2b 2b 75 6e 69 71 7d 7d 28 29 2c 6d 69 78 3a 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 2c 69 6e 68 65 72 69 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 72 67 73 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 2c 73 75 62 63 6c 61 73 73 3d 61 72 67 73 5b 30 5d 2c 73 75 62 70 72 6f 3d 73 75 62 63 6c 61 73 73 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 69 6e 69 74 69 61 6c 69 7a 65 3d 73 75 62 70 72 6f 2e Data Ascii: jQuery.extend(F,{unique:function(){var uniq=+new Date;return function(prefix){return(prefix\|\|"")+ ++uniq}}(),mix:jQuery.extend,inherit:function(){var args=Array.prototype.slice.call(arguments),subclass=args[0],subpro=subclass.prototype,oinitialize=subpro.
2023-11-18 06:52:28 UTC	533	IN	Data Raw: 5f 68 61 6e 64 6c 65 73 74 61 72 74 29 7b 73 65 6c 66 2e 68 61 6e 64 6c 65 2e 6f 66 66 28 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 73 65 6c 66 2e 5f 5f 68 61 6e 64 6c 65 73 74 61 72 74 29 3b 73 65 6c 66 2e 5f 5f 68 61 6e 64 6c 65 73 74 61 72 74 3d 6e 75 6c 6c 7d 7d 29 3b 74 68 69 73 2e 6f 6e 28 22 72 65 66 72 65 73 68 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 6c 66 2e 72 65 66 72 65 73 68 43 6f 6e 74 61 69 6e 6d 65 6e 74 28 29 0a 3b 63 61 63 68 65 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 3d 73 65 6c 66 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 7d 29 7d 2c 72 65 66 72 65 73 68 43 6f 6e 74 61 69 6e 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 61 63 68 65 3d 74 68 69 73 2e 63 61 63 68 65 3b 69 66 28 74 68 69 73 2e 63 6f Data Ascii: _handlestart){self.handle.off("mousedown",self.__handlestart);self.__handlestart=null}});this.on("refresh",function(){self.refreshContainment();cache.offsetParent=self.offsetParent.offset()})},refreshContainment:function(){var cache=this.cache;if(this.co
2023-11-18 06:52:28 UTC	549	IN	Data Raw: 72 65 73 65 74 50 6f 73 69 74 69 6f 6e 28 29 7d 29 2e 6f 6e 28 22 64 65 73 74 72 6f 79 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 6c 66 2e 63 6c 6f 73 65 28 29 7d 29 3b 73 65 6c 66 2e 61 63 74 69 6e 67 28 73 65 6c 66 2e 77 69 6e 64 6f 77 29 3b 69 66 28 6f 70 74 69 6f 6e 73 2e 62 75 74 74 6f 6e 73 29 7b 46 2e 65 61 63 68 28 6f 70 74 69 6f 6e 73 2e 62 75 74 74 6f 6e 73 2c 66 75 6e 63 74 69 6f 6e 28 69 74 65 6d 29 7b 69 66 28 46 2e 69 73 46 75 6e 63 74 69 6f 6e 28 69 74 65 6d 2e 6c 69 73 74 65 6e 65 72 29 29 7b 73 65 6c 66 2e 6f 6e 28 22 61 63 74 69 6e 67 2d 22 2b 69 74 65 6d 2e 74 79 70 65 2c 69 74 65 6d 2e 6c 69 73 74 65 6e 65 72 29 7d 7d 29 7d 7d 7d 3b 44 69 61 6c 6f 67 2e 61 6c 65 72 74 3d 66 75 6e 63 74 69 6f 6e 28 6f 70 74 69 6f 6e 73 29 7b 69 66 28 Data Ascii: resetPosition()}).on("destroy",function(){self.close()});self.acting(self.window);if(options.buttons){F.each(options.buttons,function(item){if(F.isFunction(item.listener)){self.on("acting-"+item.type,item.listener)}})}}};Dialog.alert=function(options){if(
2023-11-18 06:52:28 UTC	565	IN	Data Raw: 70 74 69 6f 6e 73 2e 64 61 74 61 54 79 70 65 2c 73 63 72 69 70 74 43 68 61 72 73 65 74 3a 6f 70 74 69 6f 6e 73 2e 63 68 61 72 73 65 74 2c 73 75 63 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 72 65 73 75 6c 74 29 7b 73 65 6c 66 2e 72 65 73 75 6c 74 28 72 65 73 75 6c 74 29 7d 7d 3b 69 66 28 6f 70 74 69 6f 6e 73 2e 64 61 74 61 54 79 70 65 3d 3d 22 6a 73 6f 6e 70 22 29 7b 61 6a 61 78 6f 70 74 69 6f 6e 73 2e 75 72 6c 3d 6f 70 74 69 6f 6e 73 2e 76 61 6c 75 65 28 6f 70 74 69 6f 6e 73 2e 75 72 6c 2c 76 61 6c 75 65 29 3b 61 6a 61 78 6f 70 74 69 6f 6e 73 2e 6a 73 6f 6e 70 3d 6f 70 74 69 6f 6e 73 2e 6a 73 6f 6e 70 7d 65 6c 73 65 7b 69 66 28 6f 70 74 69 6f 6e 73 2e 61 6a 61 78 6f 70 74 69 6f 6e 73 29 7b 0a 61 6a 61 78 6f 70 74 69 6f 6e 73 3d 46 2e 6d 69 78 28 61 6a 61 Data Ascii: ptions.dataType,scriptCharset:options.charset,success:function(result){self.result(result)}};if(options.dataType=="jsonp"){ajaxoptions.url=options.value(options.url,value);ajaxoptions.jsonp=options.jsonp}else{if(options.ajaxoptions){ajaxoptions=F.mix(aja

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.5	49769	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:27 UTC	513	OUT	GET /static/superman/js/ubase-dddde7cd4e.js?v=md5 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:28 UTC	517	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:28 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 52422 Connection: close Expires: Sat, 11 Nov 2023 06:31:39 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "dddde7cd4e229228869fe227b2a42929" Cache-Control: max-age=31536000 Age: 865249 Accept-Ranges: bytes Content-MD5: 3d3nzU4ikiiGn+InsqQpKQ== x-bce-content-crc32: 2882194801 x-bce-debug-id: QoOdgOp6wdKjyfBbp+n3JJHWGM2dS6Bp+tg5Dg7OfGJJaBoLGVyP908e4dbivRW3rDukKFfw5T+5y2UN/sMF6Q== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: c76a9392-5a9e-44a6-8ad7-c45d030e202e x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:39 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 52422 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:28 UTC	518	IN	Data Raw: 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 46 2c 7b 75 6e 69 71 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 75 6e 69 71 3d 2b 6e 65 77 20 44 61 74 65 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 70 72 65 66 69 78 29 7b 72 65 74 75 72 6e 28 70 72 65 66 69 78 7c 7c 22 22 29 2b 20 2b 2b 75 6e 69 71 7d 7d 28 29 2c 6d 69 78 3a 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 2c 69 6e 68 65 72 69 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 72 67 73 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 2c 73 75 62 63 6c 61 73 73 3d 61 72 67 73 5b 30 5d 2c 73 75 62 70 72 6f 3d 73 75 62 63 6c 61 73 73 2e 70 72 6f 74 6f 74 79 70 65 2c 6f 69 6e 69 74 69 61 6c 69 7a 65 3d 73 75 62 70 72 6f 2e Data Ascii: jQuery.extend(F,{unique:function(){var uniq=+new Date;return function(prefix){return(prefix\|\|"")+ ++uniq}}(),mix:jQuery.extend,inherit:function(){var args=Array.prototype.slice.call(arguments),subclass=args[0],subpro=subclass.prototype,oinitialize=subpro.
2023-11-18 06:52:28 UTC	533	IN	Data Raw: 5f 68 61 6e 64 6c 65 73 74 61 72 74 29 7b 73 65 6c 66 2e 68 61 6e 64 6c 65 2e 6f 66 66 28 22 6d 6f 75 73 65 64 6f 77 6e 22 2c 73 65 6c 66 2e 5f 5f 68 61 6e 64 6c 65 73 74 61 72 74 29 3b 73 65 6c 66 2e 5f 5f 68 61 6e 64 6c 65 73 74 61 72 74 3d 6e 75 6c 6c 7d 7d 29 3b 74 68 69 73 2e 6f 6e 28 22 72 65 66 72 65 73 68 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 6c 66 2e 72 65 66 72 65 73 68 43 6f 6e 74 61 69 6e 6d 65 6e 74 28 29 0a 3b 63 61 63 68 65 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 3d 73 65 6c 66 2e 6f 66 66 73 65 74 50 61 72 65 6e 74 2e 6f 66 66 73 65 74 28 29 7d 29 7d 2c 72 65 66 72 65 73 68 43 6f 6e 74 61 69 6e 6d 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 61 63 68 65 3d 74 68 69 73 2e 63 61 63 68 65 3b 69 66 28 74 68 69 73 2e 63 6f Data Ascii: _handlestart){self.handle.off("mousedown",self.__handlestart);self.__handlestart=null}});this.on("refresh",function(){self.refreshContainment();cache.offsetParent=self.offsetParent.offset()})},refreshContainment:function(){var cache=this.cache;if(this.co
2023-11-18 06:52:28 UTC	549	IN	Data Raw: 72 65 73 65 74 50 6f 73 69 74 69 6f 6e 28 29 7d 29 2e 6f 6e 28 22 64 65 73 74 72 6f 79 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 6c 66 2e 63 6c 6f 73 65 28 29 7d 29 3b 73 65 6c 66 2e 61 63 74 69 6e 67 28 73 65 6c 66 2e 77 69 6e 64 6f 77 29 3b 69 66 28 6f 70 74 69 6f 6e 73 2e 62 75 74 74 6f 6e 73 29 7b 46 2e 65 61 63 68 28 6f 70 74 69 6f 6e 73 2e 62 75 74 74 6f 6e 73 2c 66 75 6e 63 74 69 6f 6e 28 69 74 65 6d 29 7b 69 66 28 46 2e 69 73 46 75 6e 63 74 69 6f 6e 28 69 74 65 6d 2e 6c 69 73 74 65 6e 65 72 29 29 7b 73 65 6c 66 2e 6f 6e 28 22 61 63 74 69 6e 67 2d 22 2b 69 74 65 6d 2e 74 79 70 65 2c 69 74 65 6d 2e 6c 69 73 74 65 6e 65 72 29 7d 7d 29 7d 7d 7d 3b 44 69 61 6c 6f 67 2e 61 6c 65 72 74 3d 66 75 6e 63 74 69 6f 6e 28 6f 70 74 69 6f 6e 73 29 7b 69 66 28 Data Ascii: resetPosition()}).on("destroy",function(){self.close()});self.acting(self.window);if(options.buttons){F.each(options.buttons,function(item){if(F.isFunction(item.listener)){self.on("acting-"+item.type,item.listener)}})}}};Dialog.alert=function(options){if(
2023-11-18 06:52:28 UTC	565	IN	Data Raw: 70 74 69 6f 6e 73 2e 64 61 74 61 54 79 70 65 2c 73 63 72 69 70 74 43 68 61 72 73 65 74 3a 6f 70 74 69 6f 6e 73 2e 63 68 61 72 73 65 74 2c 73 75 63 63 65 73 73 3a 66 75 6e 63 74 69 6f 6e 28 72 65 73 75 6c 74 29 7b 73 65 6c 66 2e 72 65 73 75 6c 74 28 72 65 73 75 6c 74 29 7d 7d 3b 69 66 28 6f 70 74 69 6f 6e 73 2e 64 61 74 61 54 79 70 65 3d 3d 22 6a 73 6f 6e 70 22 29 7b 61 6a 61 78 6f 70 74 69 6f 6e 73 2e 75 72 6c 3d 6f 70 74 69 6f 6e 73 2e 76 61 6c 75 65 28 6f 70 74 69 6f 6e 73 2e 75 72 6c 2c 76 61 6c 75 65 29 3b 61 6a 61 78 6f 70 74 69 6f 6e 73 2e 6a 73 6f 6e 70 3d 6f 70 74 69 6f 6e 73 2e 6a 73 6f 6e 70 7d 65 6c 73 65 7b 69 66 28 6f 70 74 69 6f 6e 73 2e 61 6a 61 78 6f 70 74 69 6f 6e 73 29 7b 0a 61 6a 61 78 6f 70 74 69 6f 6e 73 3d 46 2e 6d 69 78 28 61 6a 61 Data Ascii: ptions.dataType,scriptCharset:options.charset,success:function(result){self.result(result)}};if(options.dataType=="jsonp"){ajaxoptions.url=options.value(options.url,value);ajaxoptions.jsonp=options.jsonp}else{if(options.ajaxoptions){ajaxoptions=F.mix(aja

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.5	49770	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:28 UTC	569	OUT	GET /static/superman/amd_modules/@baidu/video-meeting-1be7f62dac.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:28 UTC	570	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:28 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 256786 Connection: close Expires: Sat, 11 Nov 2023 06:27:05 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "1be7f62dac8f0de20d70df0e0539ae24" Cache-Control: max-age=31536000 Age: 865523 Accept-Ranges: bytes Content-MD5: G+f2LayPDeINcN8OBTmuJA== x-bce-content-crc32: 316237685 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4bltjaB2z4evWhUgbE9MLO+I+hK+2oilXuY4BCW2CNpYw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 8cc85069-4cda-442e-b707-b7ebd0706af8 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:05 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 256786 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:28 UTC	571	IN	Data Raw: 64 65 66 69 6e 65 28 27 61 6d 64 5f 6d 6f 64 75 6c 65 73 2f 40 62 61 69 64 75 2f 76 69 64 65 6f 2d 6d 65 65 74 69 6e 67 2f 64 69 73 74 2f 69 6e 64 65 78 27 2c 20 5b 0a 20 20 20 20 27 72 65 71 75 69 72 65 27 2c 0a 20 20 20 20 27 73 61 6e 27 2c 0a 20 20 20 20 27 74 73 6c 69 62 27 0a 5d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 72 65 71 75 69 72 65 2c 20 74 2c 20 65 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 5b 61 5d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 5b 61 5d 2e 65 78 70 6f 72 74 73 3b 0a 20 20 Data Ascii: define('amd_modules/@baidu/video-meeting/dist/index', [ 'require', 'san', 'tslib'], function (require, t, e) { return function (t) { var e = {}; function n(a) { if (e[a]) return e[a].exports;
2023-11-18 06:52:28 UTC	586	IN	Data Raw: 20 20 20 20 20 20 20 20 73 65 61 72 63 68 50 61 72 61 6d 73 3a 20 27 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 27 20 69 6e 20 61 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 74 65 72 61 62 6c 65 3a 20 27 53 79 6d 62 6f 6c 27 20 69 6e 20 61 20 26 26 20 27 69 74 65 72 61 74 6f 72 27 20 69 6e 20 53 79 6d 62 6f 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6c 6f 62 3a 20 27 46 69 6c 65 52 65 61 64 65 72 27 20 69 6e 20 61 20 26 26 20 27 42 6c 6f 62 27 20 69 6e 20 61 20 26 26 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e Data Ascii: searchParams: 'URLSearchParams' in a, iterable: 'Symbol' in a && 'iterator' in Symbol, blob: 'FileReader' in a && 'Blob' in a && function () { try { return
2023-11-18 06:52:29 UTC	602	IN	Data Raw: 20 20 20 20 20 20 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 20 3d 20 21 30 2c 20 65 2e 67 65 74 42 72 6f 77 73 65 72 20 3d 20 76 6f 69 64 20 30 2c 20 65 2e 67 65 74 42 72 6f 77 73 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 20 65 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 27 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 73 69 6f 6e 73 3a 20 30 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 6e 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: e.__esModule = !0, e.getBrowser = void 0, e.getBrowser = function () { var t = navigator.userAgent.toLowerCase(), e = { type: '', versions: 0 }, n = {
2023-11-18 06:52:29 UTC	623	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 6e 75 6c 6c 20 21 3d 3d 20 74 20 26 26 20 74 2e 61 70 70 6c 79 28 74 68 69 73 2c 20 61 72 67 75 6d 65 6e 74 73 29 20 7c 7c 20 74 68 69 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 2e 74 72 69 6d 57 68 69 74 65 73 70 61 63 65 20 3d 20 27 61 6c 6c 27 2c 20 65 2e 64 69 73 61 70 70 65 61 72 54 69 6d 65 72 20 3d 20 6e 75 6c 6c 2c 20 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 61 2e 5f 5f 65 78 74 65 6e 64 73 28 Data Ascii: function e() { var e = null !== t && t.apply(this, arguments) \|\| this; return e.trimWhitespace = 'all', e.disappearTimer = null, e; } return a.__extends(
2023-11-18 06:52:29 UTC	639	IN	Data Raw: 6c 65 63 74 44 61 74 65 27 29 2c 20 70 20 3d 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 44 61 74 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 70 72 65 76 4d 6f 6e 74 68 27 20 3d 3d 3d 20 74 20 3f 20 28 70 20 3d 20 74 68 69 73 2e 67 65 74 4c 61 73 74 44 61 79 28 73 2e 67 65 74 46 75 6c 6c 59 65 61 72 28 29 2c 20 73 2e 67 65 74 4d 6f 6e 74 68 28 29 20 2b 20 31 29 2c 20 6c 20 3d 20 72 2e 67 65 74 44 61 74 65 28 29 20 3e 3d 20 70 20 3f 20 6e 65 77 20 44 61 74 65 28 73 2e 73 65 74 44 61 74 65 28 70 29 29 20 3a 20 6e 65 77 20 44 61 74 65 28 73 2e 73 65 74 44 61 74 65 28 72 2e 67 65 74 44 61 74 65 28 29 29 29 2c 20 6e 20 26 26 20 73 2e 67 65 74 46 75 6c 6c 59 65 61 72 28 29 20 3d 3d 3d 20 69 2e 67 65 74 46 75 6c 6c Data Ascii: lectDate'), p = new Date().getDate(); 'prevMonth' === t ? (p = this.getLastDay(s.getFullYear(), s.getMonth() + 1), l = r.getDate() >= p ? new Date(s.setDate(p)) : new Date(s.setDate(r.getDate())), n && s.getFullYear() === i.getFull
2023-11-18 06:52:29 UTC	655	IN	Data Raw: 30 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 6f 69 63 65 53 74 61 74 75 73 3a 20 27 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 66 6f 3a 20 21 30 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 6e 73 74 61 72 74 4d 65 65 74 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3a 20 21 30 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 73 73 3a 20 21 31 2c 0a 20 20 20 Data Ascii: 0, voiceStatus: '', info: !0 }, canstartMeet: { name: !0, pass: !1,
2023-11-18 06:52:29 UTC	671	IN	Data Raw: 28 37 29 29 2c 20 73 20 3d 20 61 2e 5f 5f 69 6d 70 6f 72 74 44 65 66 61 75 6c 74 28 6e 28 32 36 29 29 2c 20 63 20 3d 20 61 2e 5f 5f 69 6d 70 6f 72 74 44 65 66 61 75 6c 74 28 6e 28 31 30 31 29 29 2c 20 6c 20 3d 20 6e 28 35 29 2c 20 70 20 3d 20 6e 28 38 29 2c 20 64 20 3d 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e6 97 a5 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 b8 80 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 ba 8c 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 b8 89 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e5 9b 9b 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 ba 94 27 2c 0a Data Ascii: (7)), s = a.__importDefault(n(26)), c = a.__importDefault(n(101)), l = n(5), p = n(8), d = [ '', '', '', '', '', '',
2023-11-18 06:52:29 UTC	687	IN	Data Raw: 20 20 20 62 6f 64 79 3a 20 6f 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 2e 6a 73 6f 6e 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 20 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 20 3d 3d 3d 20 65 2e 65 72 72 6e 6f 20 26 26 20 28 65 2e 64 61 74 61 2e 70 61 73 73 77 64 20 3d 20 74 2e 64 61 74 61 2e 67 65 74 28 Data Ascii: body: o }).then(function (t) { return t.json(); }).then(function (e) { 0 === e.errno && (e.data.passwd = t.data.get(
2023-11-18 06:52:29 UTC	703	IN	Data Raw: 20 20 20 20 20 5d 2c 20 6c 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 6e 75 6c 6c 20 21 3d 3d 20 74 20 26 26 20 74 2e 61 70 70 6c 79 28 74 68 69 73 2c 20 61 72 67 75 6d 65 6e 74 73 29 20 7c 7c 20 74 68 69 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 2e 74 72 69 6d 57 68 69 74 65 73 70 61 63 65 20 3d 20 27 61 6c 6c 27 2c 20 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 61 2e 5f 5f Data Ascii: ], l = function (t) { function e() { var e = null !== t && t.apply(this, arguments) \|\| this; return e.trimWhitespace = 'all', e; } return a.__
2023-11-18 06:52:29 UTC	719	IN	Data Raw: 2e 73 74 61 72 74 54 69 6d 65 2e 64 61 74 65 20 2b 20 27 20 27 20 2b 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 74 69 6d 65 20 2b 20 27 2d 27 20 2b 20 74 2e 65 6e 64 54 69 6d 65 2e 74 69 6d 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 64 61 74 65 20 21 3d 3d 20 74 2e 65 6e 64 54 69 6d 65 2e 64 61 74 65 20 26 26 20 28 72 20 3d 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 64 61 74 65 20 2b 20 27 20 27 20 2b 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 74 69 6d 65 20 2b 20 27 2d 27 20 2b 20 74 2e 65 6e 64 54 69 6d 65 2e 64 61 74 65 20 2b 20 27 20 27 20 2b 20 74 2e 65 6e 64 54 69 6d 65 2e 74 69 6d 65 29 2c 20 28 61 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 74 65 78 Data Ascii: .startTime.date + ' ' + t.startTime.time + '-' + t.endTime.time; t.startTime.date !== t.endTime.date && (r = t.startTime.date + ' ' + t.startTime.time + '-' + t.endTime.date + ' ' + t.endTime.time), (a = document.createElement('tex
2023-11-18 06:52:29 UTC	735	IN	Data Raw: 20 74 2e 65 78 70 6f 72 74 73 20 3d 20 69 2e 6c 6f 63 61 6c 73 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 28 74 2c 20 65 2c 20 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 28 65 20 3d 20 6e 28 33 29 28 21 31 29 29 2e 70 75 73 68 28 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 2e 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 73 65 6c 65 63 74 5f 32 4f 52 66 32 20 7b 5c 6e 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 37 44 39 45 30 3b 5c 6e 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 5c 6e 20 20 70 61 64 64 69 6e 67 3a 20 37 70 78 3b 5c 6e 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 5c 6e Data Ascii: t.exports = i.locals \|\| {}; }, function (t, e, n) { (e = n(3)(!1)).push([ t.i, '.select_2ORf2 {\n border: 1px solid #D7D9E0;\n box-sizing: border-box;\n padding: 7px;\n border-radius: 6px;\n
2023-11-18 06:52:29 UTC	751	IN	Data Raw: 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 65 78 74 61 72 65 61 2d 68 65 69 67 68 74 2d 6c 61 72 67 65 27 3a 20 27 74 65 78 74 61 72 65 61 2d 68 65 69 67 68 74 2d 6c 61 72 67 65 5f 6e 65 77 58 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 61 72 65 61 48 65 69 67 68 74 4c 61 72 67 65 3a 20 27 74 65 78 74 61 72 65 61 2d 68 65 69 67 68 74 2d 6c 61 72 67 65 5f 6e 65 77 58 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 77 61 74 65 72 2d 6d 61 72 6b 27 3a 20 27 77 61 74 65 72 2d 6d 61 72 6b 5f 32 7a 71 4c 37 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 61 74 65 72 4d 61 72 6b 3a 20 27 77 61 74 65 72 2d 6d 61 72 6b 5f 32 7a 71 4c 37 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 74 Data Ascii: ', 'textarea-height-large': 'textarea-height-large_newXe', textareaHeightLarge: 'textarea-height-large_newXe', 'water-mark': 'water-mark_2zqL7', waterMark: 'water-mark_2zqL7' }, t
2023-11-18 06:52:29 UTC	767	IN	Data Raw: 34 50 66 34 72 20 62 75 74 74 6f 6e 20 7b 5c 6e 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 5c 6e 20 20 6f 75 74 6c 69 6e 65 3a 20 30 3b 5c 6e 20 20 62 6f 72 64 65 72 3a 20 30 3b 5c 6e 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 5c 6e 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 5c 6e 20 20 63 6f 6c 6f 72 3a 20 23 39 31 39 35 41 33 3b 5c 6e 7d 5c 6e 2e 66 6f 6f 74 5f 34 50 66 34 72 20 62 75 74 74 6f 6e 3a 68 6f 76 65 72 20 7b 5c 6e 20 20 63 6f 6c 6f 72 3a 20 23 33 31 35 45 46 42 3b 5c 6e 7d 5c 6e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 5d 29 2c 20 65 2e 6c 6f 63 61 6c 73 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6f 74 3a 20 27 66 6f 6f Data Ascii: 4Pf4r button {\n cursor: pointer;\n outline: 0;\n border: 0;\n background: none;\n font-size: 13px;\n color: #9195A3;\n}\n.foot_4Pf4r button:hover {\n color: #315EFB;\n}\n', '' ]), e.locals = { foot: 'foo
2023-11-18 06:52:29 UTC	783	IN	Data Raw: 57 58 2b 66 6f 6b 32 76 68 34 4f 4f 6a 33 52 48 2b 35 34 62 57 54 51 4f 6d 55 56 43 53 67 57 38 4e 65 39 38 76 4f 33 35 41 67 41 38 6e 66 70 4a 35 58 6a 4c 52 46 6d 59 64 70 6d 77 44 43 4f 59 37 71 72 57 6e 69 71 2f 43 57 66 76 69 78 53 65 6e 79 48 37 78 77 54 63 5a 4b 52 38 72 4d 70 53 46 61 2f 79 46 49 2f 6f 59 39 44 2b 35 31 6c 46 61 74 67 45 78 5a 31 38 38 52 66 6b 45 53 4e 54 76 4f 47 74 2f 43 72 79 74 73 4c 46 68 6f 41 73 4c 6a 63 6c 6b 36 79 6c 38 70 56 47 6c 41 53 54 68 54 77 47 42 4a 50 4e 55 43 59 52 46 49 35 65 4d 33 77 33 78 53 55 62 4b 73 34 37 4e 57 44 50 77 6b 37 39 6f 67 70 58 2b 69 63 6d 38 76 73 58 37 58 57 6f 4a 4b 7a 49 4b 35 69 6d 38 4a 67 57 73 6d 76 5a 78 64 31 31 78 55 6e 36 56 54 65 6f 6e 48 46 48 63 34 42 6d 69 6a 31 63 31 2f 6f Data Ascii: WX+fok2vh4OOj3RH+54bWTQOmUVCSgW8Ne98vO35AgA8nfpJ5XjLRFmYdpmwDCOY7qrWniq/CWfvixSenyH7xwTcZKR8rMpSFa/yFI/oY9D+51lFatgExZ188RfkESNTvOGt/CrytsLFhoAsLjclk6yl8pVGlASThTwGBJPNUCYRFI5eM3w3xSUbKs47NWDPwk79ogpX+icm8vsX7XWoJKzIK5im8JgWsmvZxd11xUn6VTeonHFHc4Bmij1c1/o
2023-11-18 06:52:29 UTC	799	IN	Data Raw: 72 61 70 70 65 72 5f 31 68 63 41 4b 20 2e 70 6c 61 63 65 68 6f 6c 64 65 72 5f 31 68 51 65 61 20 7b 5c 6e 20 20 63 6f 6c 6f 72 3a 20 23 39 31 39 35 61 33 3b 5c 6e 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 5c 6e 20 20 6c 65 66 74 3a 20 31 30 3b 5c 6e 20 20 74 6f 70 3a 20 32 70 78 3b 5c 6e 7d 5c 6e 2e 65 6d 61 69 6c 57 72 61 70 70 65 72 5f 31 68 63 41 4b 20 2e 69 6e 70 75 74 5f 31 4a 35 71 2d 20 7b 5c 6e 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 5c 6e 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 5c 6e 20 20 77 69 64 74 68 3a 20 38 30 25 3b 5c 6e 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 74 6f 70 3b 5c 6e 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 5c 6e 20 20 70 61 64 64 69 6e 67 3a 20 33 70 78 20 38 Data Ascii: rapper_1hcAK .placeholder_1hQea {\n color: #9195a3;\n position: absolute;\n left: 10;\n top: 2px;\n}\n.emailWrapper_1hcAK .input_1J5q- {\n border: none;\n outline: none;\n width: 80%;\n vertical-align: top;\n border-radius: 4px;\n padding: 3px 8
2023-11-18 06:52:29 UTC	815	IN	Data Raw: 6f 72 5f 32 30 67 5f 58 20 73 70 61 6e 20 7b 5c 6e 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 5c 6e 7d 5c 6e 2e 69 74 65 6d 2d 77 72 61 70 70 65 72 5f 31 4c 4e 44 4f 20 2e 6d 69 64 2d 70 6c 61 63 65 5f 59 6d 79 63 69 20 2e 73 65 63 2d 66 6c 6f 6f 72 5f 32 30 67 5f 58 20 2e 6a 6f 69 6e 2d 6d 65 6d 62 65 72 5f 33 63 30 54 72 20 7b 5c 6e 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 39 30 70 78 3b 5c 6e 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 5c 6e 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 5c 6e 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 5c 6e 20 20 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 20 65 6c 6c 69 70 73 69 73 3b 5c 6e 7d 5c 6e 2e 69 74 65 6d 2d 77 72 61 70 70 65 72 5f 31 4c 4e 44 4f 20 2e 6d 69 64 2d Data Ascii: or_20g_X span {\n float: left;\n}\n.item-wrapper_1LNDO .mid-place_Ymyci .sec-floor_20g_X .join-member_3c0Tr {\n max-width: 190px;\n text-align: left;\n white-space: nowrap;\n overflow: hidden;\n text-overflow: ellipsis;\n}\n.item-wrapper_1LNDO .mid-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	104.193.88.112	443	192.168.2.5	49770	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:28 UTC	569	OUT	GET /static/superman/amd_modules/@baidu/video-meeting-1be7f62dac.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:28 UTC	570	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:28 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 256786 Connection: close Expires: Sat, 11 Nov 2023 06:27:05 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "1be7f62dac8f0de20d70df0e0539ae24" Cache-Control: max-age=31536000 Age: 865523 Accept-Ranges: bytes Content-MD5: G+f2LayPDeINcN8OBTmuJA== x-bce-content-crc32: 316237685 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4bltjaB2z4evWhUgbE9MLO+I+hK+2oilXuY4BCW2CNpYw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 8cc85069-4cda-442e-b707-b7ebd0706af8 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:05 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 256786 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:28 UTC	571	IN	Data Raw: 64 65 66 69 6e 65 28 27 61 6d 64 5f 6d 6f 64 75 6c 65 73 2f 40 62 61 69 64 75 2f 76 69 64 65 6f 2d 6d 65 65 74 69 6e 67 2f 64 69 73 74 2f 69 6e 64 65 78 27 2c 20 5b 0a 20 20 20 20 27 72 65 71 75 69 72 65 27 2c 0a 20 20 20 20 27 73 61 6e 27 2c 0a 20 20 20 20 27 74 73 6c 69 62 27 0a 5d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 72 65 71 75 69 72 65 2c 20 74 2c 20 65 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 5b 61 5d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 5b 61 5d 2e 65 78 70 6f 72 74 73 3b 0a 20 20 Data Ascii: define('amd_modules/@baidu/video-meeting/dist/index', [ 'require', 'san', 'tslib'], function (require, t, e) { return function (t) { var e = {}; function n(a) { if (e[a]) return e[a].exports;
2023-11-18 06:52:28 UTC	586	IN	Data Raw: 20 20 20 20 20 20 20 20 73 65 61 72 63 68 50 61 72 61 6d 73 3a 20 27 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 27 20 69 6e 20 61 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 74 65 72 61 62 6c 65 3a 20 27 53 79 6d 62 6f 6c 27 20 69 6e 20 61 20 26 26 20 27 69 74 65 72 61 74 6f 72 27 20 69 6e 20 53 79 6d 62 6f 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6c 6f 62 3a 20 27 46 69 6c 65 52 65 61 64 65 72 27 20 69 6e 20 61 20 26 26 20 27 42 6c 6f 62 27 20 69 6e 20 61 20 26 26 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e Data Ascii: searchParams: 'URLSearchParams' in a, iterable: 'Symbol' in a && 'iterator' in Symbol, blob: 'FileReader' in a && 'Blob' in a && function () { try { return
2023-11-18 06:52:29 UTC	602	IN	Data Raw: 20 20 20 20 20 20 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 20 3d 20 21 30 2c 20 65 2e 67 65 74 42 72 6f 77 73 65 72 20 3d 20 76 6f 69 64 20 30 2c 20 65 2e 67 65 74 42 72 6f 77 73 65 72 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 74 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 20 65 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 27 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 73 69 6f 6e 73 3a 20 30 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 6e 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: e.__esModule = !0, e.getBrowser = void 0, e.getBrowser = function () { var t = navigator.userAgent.toLowerCase(), e = { type: '', versions: 0 }, n = {
2023-11-18 06:52:29 UTC	623	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 6e 75 6c 6c 20 21 3d 3d 20 74 20 26 26 20 74 2e 61 70 70 6c 79 28 74 68 69 73 2c 20 61 72 67 75 6d 65 6e 74 73 29 20 7c 7c 20 74 68 69 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 2e 74 72 69 6d 57 68 69 74 65 73 70 61 63 65 20 3d 20 27 61 6c 6c 27 2c 20 65 2e 64 69 73 61 70 70 65 61 72 54 69 6d 65 72 20 3d 20 6e 75 6c 6c 2c 20 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 61 2e 5f 5f 65 78 74 65 6e 64 73 28 Data Ascii: function e() { var e = null !== t && t.apply(this, arguments) \|\| this; return e.trimWhitespace = 'all', e.disappearTimer = null, e; } return a.__extends(
2023-11-18 06:52:29 UTC	639	IN	Data Raw: 6c 65 63 74 44 61 74 65 27 29 2c 20 70 20 3d 20 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 44 61 74 65 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 70 72 65 76 4d 6f 6e 74 68 27 20 3d 3d 3d 20 74 20 3f 20 28 70 20 3d 20 74 68 69 73 2e 67 65 74 4c 61 73 74 44 61 79 28 73 2e 67 65 74 46 75 6c 6c 59 65 61 72 28 29 2c 20 73 2e 67 65 74 4d 6f 6e 74 68 28 29 20 2b 20 31 29 2c 20 6c 20 3d 20 72 2e 67 65 74 44 61 74 65 28 29 20 3e 3d 20 70 20 3f 20 6e 65 77 20 44 61 74 65 28 73 2e 73 65 74 44 61 74 65 28 70 29 29 20 3a 20 6e 65 77 20 44 61 74 65 28 73 2e 73 65 74 44 61 74 65 28 72 2e 67 65 74 44 61 74 65 28 29 29 29 2c 20 6e 20 26 26 20 73 2e 67 65 74 46 75 6c 6c 59 65 61 72 28 29 20 3d 3d 3d 20 69 2e 67 65 74 46 75 6c 6c Data Ascii: lectDate'), p = new Date().getDate(); 'prevMonth' === t ? (p = this.getLastDay(s.getFullYear(), s.getMonth() + 1), l = r.getDate() >= p ? new Date(s.setDate(p)) : new Date(s.setDate(r.getDate())), n && s.getFullYear() === i.getFull
2023-11-18 06:52:29 UTC	655	IN	Data Raw: 30 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 6f 69 63 65 53 74 61 74 75 73 3a 20 27 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 66 6f 3a 20 21 30 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 6e 73 74 61 72 74 4d 65 65 74 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3a 20 21 30 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 73 73 3a 20 21 31 2c 0a 20 20 20 Data Ascii: 0, voiceStatus: '', info: !0 }, canstartMeet: { name: !0, pass: !1,
2023-11-18 06:52:29 UTC	671	IN	Data Raw: 28 37 29 29 2c 20 73 20 3d 20 61 2e 5f 5f 69 6d 70 6f 72 74 44 65 66 61 75 6c 74 28 6e 28 32 36 29 29 2c 20 63 20 3d 20 61 2e 5f 5f 69 6d 70 6f 72 74 44 65 66 61 75 6c 74 28 6e 28 31 30 31 29 29 2c 20 6c 20 3d 20 6e 28 35 29 2c 20 70 20 3d 20 6e 28 38 29 2c 20 64 20 3d 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e6 97 a5 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 b8 80 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 ba 8c 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 b8 89 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e5 9b 9b 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 e4 ba 94 27 2c 0a Data Ascii: (7)), s = a.__importDefault(n(26)), c = a.__importDefault(n(101)), l = n(5), p = n(8), d = [ '', '', '', '', '', '',
2023-11-18 06:52:29 UTC	687	IN	Data Raw: 20 20 20 62 6f 64 79 3a 20 6f 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 2e 6a 73 6f 6e 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 20 28 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 30 20 3d 3d 3d 20 65 2e 65 72 72 6e 6f 20 26 26 20 28 65 2e 64 61 74 61 2e 70 61 73 73 77 64 20 3d 20 74 2e 64 61 74 61 2e 67 65 74 28 Data Ascii: body: o }).then(function (t) { return t.json(); }).then(function (e) { 0 === e.errno && (e.data.passwd = t.data.get(
2023-11-18 06:52:29 UTC	703	IN	Data Raw: 20 20 20 20 20 5d 2c 20 6c 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 65 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 6e 75 6c 6c 20 21 3d 3d 20 74 20 26 26 20 74 2e 61 70 70 6c 79 28 74 68 69 73 2c 20 61 72 67 75 6d 65 6e 74 73 29 20 7c 7c 20 74 68 69 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 2e 74 72 69 6d 57 68 69 74 65 73 70 61 63 65 20 3d 20 27 61 6c 6c 27 2c 20 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 61 2e 5f 5f Data Ascii: ], l = function (t) { function e() { var e = null !== t && t.apply(this, arguments) \|\| this; return e.trimWhitespace = 'all', e; } return a.__
2023-11-18 06:52:29 UTC	719	IN	Data Raw: 2e 73 74 61 72 74 54 69 6d 65 2e 64 61 74 65 20 2b 20 27 20 27 20 2b 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 74 69 6d 65 20 2b 20 27 2d 27 20 2b 20 74 2e 65 6e 64 54 69 6d 65 2e 74 69 6d 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 64 61 74 65 20 21 3d 3d 20 74 2e 65 6e 64 54 69 6d 65 2e 64 61 74 65 20 26 26 20 28 72 20 3d 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 64 61 74 65 20 2b 20 27 20 27 20 2b 20 74 2e 73 74 61 72 74 54 69 6d 65 2e 74 69 6d 65 20 2b 20 27 2d 27 20 2b 20 74 2e 65 6e 64 54 69 6d 65 2e 64 61 74 65 20 2b 20 27 20 27 20 2b 20 74 2e 65 6e 64 54 69 6d 65 2e 74 69 6d 65 29 2c 20 28 61 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 74 65 78 Data Ascii: .startTime.date + ' ' + t.startTime.time + '-' + t.endTime.time; t.startTime.date !== t.endTime.date && (r = t.startTime.date + ' ' + t.startTime.time + '-' + t.endTime.date + ' ' + t.endTime.time), (a = document.createElement('tex
2023-11-18 06:52:29 UTC	735	IN	Data Raw: 20 74 2e 65 78 70 6f 72 74 73 20 3d 20 69 2e 6c 6f 63 61 6c 73 20 7c 7c 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 28 74 2c 20 65 2c 20 6e 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 28 65 20 3d 20 6e 28 33 29 28 21 31 29 29 2e 70 75 73 68 28 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 2e 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 2e 73 65 6c 65 63 74 5f 32 4f 52 66 32 20 7b 5c 6e 20 20 62 6f 72 64 65 72 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 44 37 44 39 45 30 3b 5c 6e 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 5c 6e 20 20 70 61 64 64 69 6e 67 3a 20 37 70 78 3b 5c 6e 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 36 70 78 3b 5c 6e Data Ascii: t.exports = i.locals \|\| {}; }, function (t, e, n) { (e = n(3)(!1)).push([ t.i, '.select_2ORf2 {\n border: 1px solid #D7D9E0;\n box-sizing: border-box;\n padding: 7px;\n border-radius: 6px;\n
2023-11-18 06:52:29 UTC	751	IN	Data Raw: 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 74 65 78 74 61 72 65 61 2d 68 65 69 67 68 74 2d 6c 61 72 67 65 27 3a 20 27 74 65 78 74 61 72 65 61 2d 68 65 69 67 68 74 2d 6c 61 72 67 65 5f 6e 65 77 58 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 61 72 65 61 48 65 69 67 68 74 4c 61 72 67 65 3a 20 27 74 65 78 74 61 72 65 61 2d 68 65 69 67 68 74 2d 6c 61 72 67 65 5f 6e 65 77 58 65 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 77 61 74 65 72 2d 6d 61 72 6b 27 3a 20 27 77 61 74 65 72 2d 6d 61 72 6b 5f 32 7a 71 4c 37 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 61 74 65 72 4d 61 72 6b 3a 20 27 77 61 74 65 72 2d 6d 61 72 6b 5f 32 7a 71 4c 37 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 74 Data Ascii: ', 'textarea-height-large': 'textarea-height-large_newXe', textareaHeightLarge: 'textarea-height-large_newXe', 'water-mark': 'water-mark_2zqL7', waterMark: 'water-mark_2zqL7' }, t
2023-11-18 06:52:29 UTC	767	IN	Data Raw: 34 50 66 34 72 20 62 75 74 74 6f 6e 20 7b 5c 6e 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 5c 6e 20 20 6f 75 74 6c 69 6e 65 3a 20 30 3b 5c 6e 20 20 62 6f 72 64 65 72 3a 20 30 3b 5c 6e 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 5c 6e 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 5c 6e 20 20 63 6f 6c 6f 72 3a 20 23 39 31 39 35 41 33 3b 5c 6e 7d 5c 6e 2e 66 6f 6f 74 5f 34 50 66 34 72 20 62 75 74 74 6f 6e 3a 68 6f 76 65 72 20 7b 5c 6e 20 20 63 6f 6c 6f 72 3a 20 23 33 31 35 45 46 42 3b 5c 6e 7d 5c 6e 27 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 5d 29 2c 20 65 2e 6c 6f 63 61 6c 73 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6f 74 3a 20 27 66 6f 6f Data Ascii: 4Pf4r button {\n cursor: pointer;\n outline: 0;\n border: 0;\n background: none;\n font-size: 13px;\n color: #9195A3;\n}\n.foot_4Pf4r button:hover {\n color: #315EFB;\n}\n', '' ]), e.locals = { foot: 'foo
2023-11-18 06:52:29 UTC	783	IN	Data Raw: 57 58 2b 66 6f 6b 32 76 68 34 4f 4f 6a 33 52 48 2b 35 34 62 57 54 51 4f 6d 55 56 43 53 67 57 38 4e 65 39 38 76 4f 33 35 41 67 41 38 6e 66 70 4a 35 58 6a 4c 52 46 6d 59 64 70 6d 77 44 43 4f 59 37 71 72 57 6e 69 71 2f 43 57 66 76 69 78 53 65 6e 79 48 37 78 77 54 63 5a 4b 52 38 72 4d 70 53 46 61 2f 79 46 49 2f 6f 59 39 44 2b 35 31 6c 46 61 74 67 45 78 5a 31 38 38 52 66 6b 45 53 4e 54 76 4f 47 74 2f 43 72 79 74 73 4c 46 68 6f 41 73 4c 6a 63 6c 6b 36 79 6c 38 70 56 47 6c 41 53 54 68 54 77 47 42 4a 50 4e 55 43 59 52 46 49 35 65 4d 33 77 33 78 53 55 62 4b 73 34 37 4e 57 44 50 77 6b 37 39 6f 67 70 58 2b 69 63 6d 38 76 73 58 37 58 57 6f 4a 4b 7a 49 4b 35 69 6d 38 4a 67 57 73 6d 76 5a 78 64 31 31 78 55 6e 36 56 54 65 6f 6e 48 46 48 63 34 42 6d 69 6a 31 63 31 2f 6f Data Ascii: WX+fok2vh4OOj3RH+54bWTQOmUVCSgW8Ne98vO35AgA8nfpJ5XjLRFmYdpmwDCOY7qrWniq/CWfvixSenyH7xwTcZKR8rMpSFa/yFI/oY9D+51lFatgExZ188RfkESNTvOGt/CrytsLFhoAsLjclk6yl8pVGlASThTwGBJPNUCYRFI5eM3w3xSUbKs47NWDPwk79ogpX+icm8vsX7XWoJKzIK5im8JgWsmvZxd11xUn6VTeonHFHc4Bmij1c1/o
2023-11-18 06:52:29 UTC	799	IN	Data Raw: 72 61 70 70 65 72 5f 31 68 63 41 4b 20 2e 70 6c 61 63 65 68 6f 6c 64 65 72 5f 31 68 51 65 61 20 7b 5c 6e 20 20 63 6f 6c 6f 72 3a 20 23 39 31 39 35 61 33 3b 5c 6e 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 5c 6e 20 20 6c 65 66 74 3a 20 31 30 3b 5c 6e 20 20 74 6f 70 3a 20 32 70 78 3b 5c 6e 7d 5c 6e 2e 65 6d 61 69 6c 57 72 61 70 70 65 72 5f 31 68 63 41 4b 20 2e 69 6e 70 75 74 5f 31 4a 35 71 2d 20 7b 5c 6e 20 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 5c 6e 20 20 6f 75 74 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 5c 6e 20 20 77 69 64 74 68 3a 20 38 30 25 3b 5c 6e 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 74 6f 70 3b 5c 6e 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 5c 6e 20 20 70 61 64 64 69 6e 67 3a 20 33 70 78 20 38 Data Ascii: rapper_1hcAK .placeholder_1hQea {\n color: #9195a3;\n position: absolute;\n left: 10;\n top: 2px;\n}\n.emailWrapper_1hcAK .input_1J5q- {\n border: none;\n outline: none;\n width: 80%;\n vertical-align: top;\n border-radius: 4px;\n padding: 3px 8
2023-11-18 06:52:29 UTC	815	IN	Data Raw: 6f 72 5f 32 30 67 5f 58 20 73 70 61 6e 20 7b 5c 6e 20 20 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 5c 6e 7d 5c 6e 2e 69 74 65 6d 2d 77 72 61 70 70 65 72 5f 31 4c 4e 44 4f 20 2e 6d 69 64 2d 70 6c 61 63 65 5f 59 6d 79 63 69 20 2e 73 65 63 2d 66 6c 6f 6f 72 5f 32 30 67 5f 58 20 2e 6a 6f 69 6e 2d 6d 65 6d 62 65 72 5f 33 63 30 54 72 20 7b 5c 6e 20 20 6d 61 78 2d 77 69 64 74 68 3a 20 31 39 30 70 78 3b 5c 6e 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 5c 6e 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 5c 6e 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 5c 6e 20 20 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 20 65 6c 6c 69 70 73 69 73 3b 5c 6e 7d 5c 6e 2e 69 74 65 6d 2d 77 72 61 70 70 65 72 5f 31 4c 4e 44 4f 20 2e 6d 69 64 2d Data Ascii: or_20g_X span {\n float: left;\n}\n.item-wrapper_1LNDO .mid-place_Ymyci .sec-floor_20g_X .join-member_3c0Tr {\n max-width: 190px;\n text-align: left;\n white-space: nowrap;\n overflow: hidden;\n text-overflow: ellipsis;\n}\n.item-wrapper_1LNDO .mid-

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.5	49771	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:28 UTC	570	OUT	GET /static/superman/js/components/guide_tips-d9e617f782.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:29 UTC	618	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:29 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4446 Connection: close Expires: Sat, 11 Nov 2023 07:32:35 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "d9e617f782fa4f4fa3596b2c9c9f7ed3" Cache-Control: max-age=31536000 Age: 861594 Accept-Ranges: bytes Content-MD5: 2eYX94L6T0+jWWssnJ9+0w== x-bce-content-crc32: 2779019780 x-bce-debug-id: LHbkwA/fccsoVDAruyO2674/jtN+NCsIFewQ+pibMBSZUFqBj6dc7WRlThBIMdQpYL3o1md9VV9g3sSYXPWDsw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: c1b03282-643c-4bbe-9e6f-3e126243e5de x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:35 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 4446 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:29 UTC	619	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 67 75 69 64 65 5f 74 69 70 73 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 73 68 6f 77 3d 73 68 6f 77 3b 5f 65 78 70 6f 72 74 73 2e 63 6c 6f 73 65 3d 63 6c 6f 73 65 3b 5f 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 3b 76 61 72 20 61 72 72 6f 77 57 69 64 74 68 3d 31 30 3b 76 61 72 20 74 69 70 73 48 65 69 67 68 74 3d 33 34 3b Data Ascii: define("superman/components/guide_tips",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.show=show;_exports.close=close;_exports.init=init;var arrowWidth=10;var tipsHeight=34;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	104.193.88.112	443	192.168.2.5	49771	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:28 UTC	570	OUT	GET /static/superman/js/components/guide_tips-d9e617f782.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:29 UTC	618	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:29 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 4446 Connection: close Expires: Sat, 11 Nov 2023 07:32:35 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "d9e617f782fa4f4fa3596b2c9c9f7ed3" Cache-Control: max-age=31536000 Age: 861594 Accept-Ranges: bytes Content-MD5: 2eYX94L6T0+jWWssnJ9+0w== x-bce-content-crc32: 2779019780 x-bce-debug-id: LHbkwA/fccsoVDAruyO2674/jtN+NCsIFewQ+pibMBSZUFqBj6dc7WRlThBIMdQpYL3o1md9VV9g3sSYXPWDsw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: c1b03282-643c-4bbe-9e6f-3e126243e5de x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:35 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 4446 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:29 UTC	619	IN	Data Raw: 64 65 66 69 6e 65 28 22 73 75 70 65 72 6d 61 6e 2f 63 6f 6d 70 6f 6e 65 6e 74 73 2f 67 75 69 64 65 5f 74 69 70 73 22 2c 5b 22 72 65 71 75 69 72 65 22 2c 22 65 78 70 6f 72 74 73 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 72 65 71 75 69 72 65 2c 5f 65 78 70 6f 72 74 73 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 5f 65 78 70 6f 72 74 73 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 74 72 75 65 7d 29 3b 5f 65 78 70 6f 72 74 73 2e 73 68 6f 77 3d 73 68 6f 77 3b 5f 65 78 70 6f 72 74 73 2e 63 6c 6f 73 65 3d 63 6c 6f 73 65 3b 5f 65 78 70 6f 72 74 73 2e 69 6e 69 74 3d 69 6e 69 74 3b 76 61 72 20 61 72 72 6f 77 57 69 64 74 68 3d 31 30 3b 76 61 72 20 74 69 70 73 48 65 69 67 68 74 3d 33 34 3b Data Ascii: define("superman/components/guide_tips",["require","exports"],function(require,_exports){"use strict";Object.defineProperty(_exports,"__esModule",{value:true});_exports.show=show;_exports.close=close;_exports.init=init;var arrowWidth=10;var tipsHeight=34;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	104.193.88.112	443	192.168.2.5	49772	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:29 UTC	827	OUT	GET /static/superman/css/ubase-89d6b96e41.css?v=md5 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:29 UTC	827	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:29 GMT Content-Type: text/css; charset=utf-8 Content-Length: 7242 Connection: close Expires: Sat, 11 Nov 2023 06:27:01 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "89d6b96e41c39c1873ae7e3af642d33c" Cache-Control: max-age=31536000 Age: 865528 Accept-Ranges: bytes Content-MD5: ida5bkHDnBhzrn469kLTPA== x-bce-content-crc32: 3249112469 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4ag9ljj+KOtNiTRMyRdPR1kcwaL0OA1VMO6fy1+tNm1BQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: e5618088-609e-4c0a-aa56-f42d61a4849d x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:01 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 7242 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:29 UTC	828	IN	Data Raw: 2e 73 75 69 2d 64 72 61 67 67 61 62 6c 65 2d 6d 61 73 6b 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 5f 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 32 30 30 30 30 30 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 30 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 7d 0a 2e 73 75 69 2d 64 72 61 67 67 61 62 6c 65 2c 2e 73 75 69 2d 64 72 61 67 67 61 62 6c 65 2d 77 72 61 70 65 72 7b 7a 2d 69 6e 64 65 78 3a 31 39 39 39 39 39 7d 0a 2e 73 75 69 2d 63 6f 6d 70 6f 6e 65 6e 74 57 72 61 70 7b 2a 7a 6f 6f 6d 3a 31 7d 0a Data Ascii: .sui-draggable-mask{position:fixed;_position:absolute;width:100%;height:100%;z-index:200000;left:0;top:0;-moz-user-select:none;-webkit-user-select:none;-ms-user-select:none}.sui-draggable,.sui-draggable-wraper{z-index:199999}.sui-componentWrap{*zoom:1}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.5	49772	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:29 UTC	827	OUT	GET /static/superman/css/ubase-89d6b96e41.css?v=md5 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:29 UTC	827	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:29 GMT Content-Type: text/css; charset=utf-8 Content-Length: 7242 Connection: close Expires: Sat, 11 Nov 2023 06:27:01 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "89d6b96e41c39c1873ae7e3af642d33c" Cache-Control: max-age=31536000 Age: 865528 Accept-Ranges: bytes Content-MD5: ida5bkHDnBhzrn469kLTPA== x-bce-content-crc32: 3249112469 x-bce-debug-id: hptUrDv0kCSxVQes4ZSzAkFA/DBkttBqQuTdYoRiU4ag9ljj+KOtNiTRMyRdPR1kcwaL0OA1VMO6fy1+tNm1BQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: e5618088-609e-4c0a-aa56-f42d61a4849d x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:27:01 GMT Ohc-Cache-HIT: sfo01-sys-jorcol03.sfo01.baidu.com [2] Ohc-File-Size: 7242 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:29 UTC	828	IN	Data Raw: 2e 73 75 69 2d 64 72 61 67 67 61 62 6c 65 2d 6d 61 73 6b 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 5f 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 32 30 30 30 30 30 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 30 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 7d 0a 2e 73 75 69 2d 64 72 61 67 67 61 62 6c 65 2c 2e 73 75 69 2d 64 72 61 67 67 61 62 6c 65 2d 77 72 61 70 65 72 7b 7a 2d 69 6e 64 65 78 3a 31 39 39 39 39 39 7d 0a 2e 73 75 69 2d 63 6f 6d 70 6f 6e 65 6e 74 57 72 61 70 7b 2a 7a 6f 6f 6d 3a 31 7d 0a Data Ascii: .sui-draggable-mask{position:fixed;_position:absolute;width:100%;height:100%;z-index:200000;left:0;top:0;-moz-user-select:none;-webkit-user-select:none;-ms-user-select:none}.sui-draggable,.sui-draggable-wraper{z-index:199999}.sui-componentWrap{*zoom:1}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.5	49773	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:30 UTC	835	OUT	GET /static/superman//amd_modules/@baidu/ai-search-box-entry-ea20fec552.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:31 UTC	836	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:30 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 286094 Connection: close Expires: Sat, 11 Nov 2023 07:32:34 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "ea20fec552336a16019ea4941114639c" Cache-Control: max-age=31536000 Age: 861596 Accept-Ranges: bytes Content-MD5: 6iD+xVIzahYBnqSUERRjnA== x-bce-content-crc32: 1320671460 x-bce-debug-id: diYG4kMFkoGvFu/C1meJ5Djn5WsXfrhXIRRFfxdpIB4wB25VUVmiSibF5ToQD8AtVFqQwFH5bC3sJiauu1laiw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: e2ccf5a8-2ed5-4851-a06c-a4a9274156e1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:34 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 286094 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:31 UTC	836	IN	Data Raw: 64 65 66 69 6e 65 28 27 61 69 2d 73 65 61 72 63 68 2d 62 6f 78 2d 65 6e 74 72 79 27 2c 20 5b 27 72 65 71 75 69 72 65 27 5d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 72 65 71 75 69 72 65 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6e 28 69 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 5b 69 5d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 20 3d 20 65 5b 69 5d 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 3a 20 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: define('ai-search-box-entry', ['require'], function (require) { return function (t) { var e = {}; function n(i) { if (e[i]) return e[i].exports; var s = e[i] = { i: i,
2023-11-18 06:52:31 UTC	852	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 69 6e 67 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 75 6d 62 65 72 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 6f 6c 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 79 6d 62 6f 6c 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6e 79 3a 20 6b 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 72 61 79 4f 66 3a 20 6b 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 73 74 61 6e 63 65 4f 66 3a 20 6b 2c 0a 20 20 20 20 20 20 20 Data Ascii: string: k(), number: k(), bool: k(), symbol: k(), any: k, arrayOf: k, instanceOf: k,
2023-11-18 06:52:31 UTC	868	IN	Data Raw: 20 20 20 20 20 20 20 42 28 74 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 69 6e 75 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 3b 0a 20 20 20 Data Ascii: B(t) ] }; continue; } break; } return e;
2023-11-18 06:52:31 UTC	884	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 20 3f 20 37 20 3d 3d 3d 20 6d 2e 65 78 70 72 2e 74 79 70 65 20 3f 20 6d 2e 65 78 70 72 2e 73 65 67 73 2e 70 75 73 68 28 62 29 20 3a 20 41 2e 70 72 6f 70 73 5b 78 5d 2e 65 78 70 72 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 37 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 65 67 73 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: m ? 7 === m.expr.type ? m.expr.segs.push(b) : A.props[x].expr = { type: 7, segs: [
2023-11-18 06:52:31 UTC	900	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 6e 20 3d 20 74 2e 6c 65 6e 67 74 68 3b 20 6e 2d 2d 3b 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 5b 6e 5d 20 3d 3d 3d 20 65 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 21 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: if (t instanceof Array) for (var n = t.length; n--;) if (t[n] === e) return !0; },
2023-11-18 06:52:31 UTC	916	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 76 65 72 73 65 57 61 6c 6b 65 72 3a 20 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 61 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 2e 64 69 72 65 63 74 69 76 65 73 2e 69 73 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 77 69 74 63 68 20 28 72 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 66 72 61 67 6d 65 6e 74 27 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 74 65 6d 70 6c 61 74 65 27 3a 0a 20 20 20 20 20 Data Ascii: reverseWalker: s }, a); if (t.directives.is) switch (r) { case 'fragment': case 'template':
2023-11-18 06:52:31 UTC	932	IN	Data Raw: 70 3a 20 65 2e 6e 61 6d 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 2e 73 65 74 28 65 2e 65 78 70 72 2c 20 69 5b 65 2e 6e 61 6d 65 5d 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: p: e.name } })); } } n.set(e.expr, i[e.name], {
2023-11-18 06:52:31 UTC	948	IN	Data Raw: 20 3f 20 28 73 5b 61 5d 20 3d 20 2d 33 2c 20 70 2e 65 78 70 72 20 3d 20 64 29 20 3a 20 28 70 2e 6d 6f 64 69 66 69 65 72 5b 66 5d 20 3d 20 21 30 2c 20 2d 2d 73 5b 61 5d 20 7c 7c 20 61 2d 2d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 37 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 38 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 39 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ? (s[a] = -3, p.expr = d) : (p.modifier[f] = !0, --s[a] \|\| a--); break; case 37: case 38: case 39:
2023-11-18 06:52:31 UTC	964	IN	Data Raw: 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 47 74 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 66 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 2c 20 6e 20 3d 20 74 68 69 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 6e 20 3d 20 30 2c 20 69 20 3d 20 74 2e 6c 65 6e 67 74 68 3b 20 6e 20 3c 20 69 3b 20 6e 2b 2b 29 0a 20 20 20 20 20 Data Ascii: e; }, Gt.prototype.ref = function (t) { var e, n = this; function i(t) { if (t) for (var n = 0, i = t.length; n < i; n++)
2023-11-18 06:52:31 UTC	980	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 2e 67 6f 4e 65 78 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 2e 67 6f 4e 65 78 74 28 29 2c 20 74 68 69 73 2e 61 4e 6f 64 65 2e 74 65 78 74 45 78 70 72 2e 6f 72 69 67 69 Data Ascii: r.goNext(); } break; case 3: r.goNext(), this.aNode.textExpr.origi
2023-11-18 06:52:31 UTC	996	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 66 72 61 67 6d 65 6e 74 27 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2e 43 6c 61 7a 7a 20 3d 20 43 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 73 2e 64 69 72 65 63 74 69 76 65 73 2e 69 73 20 26 26 20 58 74 5b 73 2e 74 61 67 4e 61 6d 65 5d 29 20 7b 0a 20 Data Ascii: case 'fragment': s.Clazz = Ct; break; default: if (!s.directives.is && Xt[s.tagName]) {
2023-11-18 06:52:31 UTC	1012	IN	Data Raw: 20 64 2e 69 6e 73 65 72 74 69 6f 6e 73 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 64 2e 74 79 70 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 70 72 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 34 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 74 68 73 3a 20 74 68 69 73 2e 69 74 65 6d 50 61 74 68 73 2e 63 6f 6e 63 61 74 28 41 2e 73 6c 69 63 65 28 79 20 2b 20 Data Ascii: d.insertions, type: d.type, expr: { type: 4, paths: this.itemPaths.concat(A.slice(y +
2023-11-18 06:52:31 UTC	1028	IN	Data Raw: 28 21 74 68 69 73 2e 65 6c 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 6e 2e 5f 63 65 20 26 26 20 6e 2e 5f 69 20 3e 20 32 20 3f 20 28 69 20 3d 20 6e 2e 5f 64 70 2c 20 74 68 69 73 2e 65 6c 20 3d 20 28 6e 2e 5f 65 6c 20 7c 7c 20 49 74 28 6e 29 29 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 31 29 29 20 3a 20 28 69 20 3d 20 6e 2e 70 72 6f 70 73 2c 20 74 68 69 73 2e 65 6c 20 3d 20 75 28 74 68 69 73 2e 74 61 67 4e 61 6d 65 29 29 2c 20 74 68 69 73 2e 5f 73 62 69 6e 64 44 61 74 61 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: (!this.el) { var i; if (n._ce && n._i > 2 ? (i = n._dp, this.el = (n._el \|\| It(n)).cloneNode(!1)) : (i = n.props, this.el = u(this.tagName)), this._sbindData)
2023-11-18 06:52:31 UTC	1044	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 5b 65 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 28 29 2c 20 61 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 65 20 3d 20 2d 31 2c 20 6e 20 3d 20 30 3b 20 6e 20 3c 20 61 2e 6c 65 6e 67 74 68 3b 20 6e 2b 2b 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 61 5b 6e 5d 2e 69 64 65 6e 74 69 66 69 65 72 20 3d 3d 3d 20 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } return t[e]; }; }(), a = []; function o(t) { for (var e = -1, n = 0; n < a.length; n++) if (a[n].identifier === t) {
2023-11-18 06:52:31 UTC	1060	IN	Data Raw: 3a 20 2d 32 39 30 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 38 39 2e 36 35 35 31 37 32 34 31 33 37 39 33 31 31 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 33 34 38 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 39 33 2e 31 30 33 34 34 38 32 37 35 38 36 32 30 36 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 34 30 36 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 39 36 2e 35 35 31 37 32 34 31 33 37 39 33 31 30 33 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 34 36 34 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 31 30 30 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 Data Ascii: : -290px -116px;\n }\n 89.65517241379311% {\n background-position: -348px -116px;\n }\n 93.10344827586206% {\n background-position: -406px -116px;\n }\n 96.55172413793103% {\n background-position: -464px -116px;\n }\n 100% {\n backgrou
2023-11-18 06:52:31 UTC	1076	IN	Data Raw: 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 6f 61 64 69 6e 67 50 6f 69 6e 74 32 20 31 2e 32 73 20 65 61 73 65 2d 69 6e 20 69 6e 66 69 6e 69 74 65 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 6f 61 64 69 6e 67 50 6f 69 6e 74 32 20 31 2e 32 73 20 65 61 73 65 2d 69 6e 20 69 6e 66 69 6e 69 74 65 3b 5c 6e 7d 5c 6e 2e 65 6e 74 72 79 2d 73 74 61 74 75 73 2d 62 6f 78 20 2e 65 6e 74 72 79 2d 73 74 61 74 75 73 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 65 6e 74 72 79 2d 73 74 61 74 75 73 2d 6c 6f 61 64 69 6e 67 2d 74 65 78 74 20 2e 77 61 69 74 2d 6c 6f 61 64 69 6e 67 20 2e 70 6f 69 6e 74 33 20 7b 5c 6e 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 6f 61 64 69 6e 67 50 6f 69 6e 74 33 20 31 2e 32 73 20 65 61 73 65 2d Data Ascii: bkit-animation: loadingPoint2 1.2s ease-in infinite;\n animation: loadingPoint2 1.2s ease-in infinite;\n}\n.entry-status-box .entry-status-container .entry-status-loading-text .wait-loading .point3 {\n -webkit-animation: loadingPoint3 1.2s ease-
2023-11-18 06:52:31 UTC	1092	IN	Data Raw: 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 76 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 20 6e 2e 64 28 65 2c 20 27 5f 5f 72 65 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 20 6e 2e 64 28 65 2c 20 27 5f 5f 73 70 72 65 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 20 6e 2e 64 28 65 2c 20 27 5f 5f 73 70 72 65 61 64 41 72 72 61 79 73 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: tion () { return v; }), n.d(e, '__read', function () { return m; }), n.d(e, '__spread', function () { return x; }), n.d(e, '__spreadArrays', function () {
2023-11-18 06:52:31 UTC	1108	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 3a 20 43 28 74 5b 69 5d 28 65 29 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 6e 65 3a 20 21 31 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 3a 20 73 20 3f 20 73 28 65 29 20 3a 20 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 3a 20 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 45 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 53 79 6d 62 6f 6c 2e 61 73 79 6e 63 49 74 65 72 61 74 6f 72 29 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: value: C(t[i](e)), done: !1 } : s ? s(e) : e; } : s; } } function E(t) { if (!Symbol.asyncIterator)

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	104.193.88.112	443	192.168.2.5	49773	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:30 UTC	835	OUT	GET /static/superman//amd_modules/@baidu/ai-search-box-entry-ea20fec552.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:31 UTC	836	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:30 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 286094 Connection: close Expires: Sat, 11 Nov 2023 07:32:34 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "ea20fec552336a16019ea4941114639c" Cache-Control: max-age=31536000 Age: 861596 Accept-Ranges: bytes Content-MD5: 6iD+xVIzahYBnqSUERRjnA== x-bce-content-crc32: 1320671460 x-bce-debug-id: diYG4kMFkoGvFu/C1meJ5Djn5WsXfrhXIRRFfxdpIB4wB25VUVmiSibF5ToQD8AtVFqQwFH5bC3sJiauu1laiw== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: e2ccf5a8-2ed5-4851-a06c-a4a9274156e1 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:32:34 GMT Ohc-Cache-HIT: sfo01-sys-jorcol09.sfo01.baidu.com [2] Ohc-File-Size: 286094 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:31 UTC	836	IN	Data Raw: 64 65 66 69 6e 65 28 27 61 69 2d 73 65 61 72 63 68 2d 62 6f 78 2d 65 6e 74 72 79 27 2c 20 5b 27 72 65 71 75 69 72 65 27 5d 2c 20 66 75 6e 63 74 69 6f 6e 20 28 72 65 71 75 69 72 65 29 20 7b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 65 20 3d 20 7b 7d 3b 0a 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6e 28 69 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 65 5b 69 5d 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 73 20 3d 20 65 5b 69 5d 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 3a 20 69 2c 0a 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: define('ai-search-box-entry', ['require'], function (require) { return function (t) { var e = {}; function n(i) { if (e[i]) return e[i].exports; var s = e[i] = { i: i,
2023-11-18 06:52:31 UTC	852	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 69 6e 67 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 75 6d 62 65 72 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 6f 6c 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 79 6d 62 6f 6c 3a 20 6b 28 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 6e 79 3a 20 6b 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 72 72 61 79 4f 66 3a 20 6b 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 6e 73 74 61 6e 63 65 4f 66 3a 20 6b 2c 0a 20 20 20 20 20 20 20 Data Ascii: string: k(), number: k(), bool: k(), symbol: k(), any: k, arrayOf: k, instanceOf: k,
2023-11-18 06:52:31 UTC	868	IN	Data Raw: 20 20 20 20 20 20 20 42 28 74 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 5d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 69 6e 75 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 3b 0a 20 20 20 Data Ascii: B(t) ] }; continue; } break; } return e;
2023-11-18 06:52:31 UTC	884	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 20 3f 20 37 20 3d 3d 3d 20 6d 2e 65 78 70 72 2e 74 79 70 65 20 3f 20 6d 2e 65 78 70 72 2e 73 65 67 73 2e 70 75 73 68 28 62 29 20 3a 20 41 2e 70 72 6f 70 73 5b 78 5d 2e 65 78 70 72 20 3d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 37 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 65 67 73 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: m ? 7 === m.expr.type ? m.expr.segs.push(b) : A.props[x].expr = { type: 7, segs: [
2023-11-18 06:52:31 UTC	900	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 6e 20 3d 20 74 2e 6c 65 6e 67 74 68 3b 20 6e 2d 2d 3b 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 5b 6e 5d 20 3d 3d 3d 20 65 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 21 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: if (t instanceof Array) for (var n = t.length; n--;) if (t[n] === e) return !0; },
2023-11-18 06:52:31 UTC	916	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 76 65 72 73 65 57 61 6c 6b 65 72 3a 20 73 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 61 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 2e 64 69 72 65 63 74 69 76 65 73 2e 69 73 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 77 69 74 63 68 20 28 72 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 66 72 61 67 6d 65 6e 74 27 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 74 65 6d 70 6c 61 74 65 27 3a 0a 20 20 20 20 20 Data Ascii: reverseWalker: s }, a); if (t.directives.is) switch (r) { case 'fragment': case 'template':
2023-11-18 06:52:31 UTC	932	IN	Data Raw: 70 3a 20 65 2e 6e 61 6d 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6e 2e 73 65 74 28 65 2e 65 78 70 72 2c 20 69 5b 65 2e 6e 61 6d 65 5d 2c 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: p: e.name } })); } } n.set(e.expr, i[e.name], {
2023-11-18 06:52:31 UTC	948	IN	Data Raw: 20 3f 20 28 73 5b 61 5d 20 3d 20 2d 33 2c 20 70 2e 65 78 70 72 20 3d 20 64 29 20 3a 20 28 70 2e 6d 6f 64 69 66 69 65 72 5b 66 5d 20 3d 20 21 30 2c 20 2d 2d 73 5b 61 5d 20 7c 7c 20 61 2d 2d 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 37 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 38 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 39 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: ? (s[a] = -3, p.expr = d) : (p.modifier[f] = !0, --s[a] \|\| a--); break; case 37: case 38: case 39:
2023-11-18 06:52:31 UTC	964	IN	Data Raw: 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 20 47 74 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 66 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 65 2c 20 6e 20 3d 20 74 68 69 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 74 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 6e 20 3d 20 30 2c 20 69 20 3d 20 74 2e 6c 65 6e 67 74 68 3b 20 6e 20 3c 20 69 3b 20 6e 2b 2b 29 0a 20 20 20 20 20 Data Ascii: e; }, Gt.prototype.ref = function (t) { var e, n = this; function i(t) { if (t) for (var n = 0, i = t.length; n < i; n++)
2023-11-18 06:52:31 UTC	980	IN	Data Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 2e 67 6f 4e 65 78 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 33 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 2e 67 6f 4e 65 78 74 28 29 2c 20 74 68 69 73 2e 61 4e 6f 64 65 2e 74 65 78 74 45 78 70 72 2e 6f 72 69 67 69 Data Ascii: r.goNext(); } break; case 3: r.goNext(), this.aNode.textExpr.origi
2023-11-18 06:52:31 UTC	996	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 63 61 73 65 20 27 66 72 61 67 6d 65 6e 74 27 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 2e 43 6c 61 7a 7a 20 3d 20 43 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 65 66 61 75 6c 74 3a 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 73 2e 64 69 72 65 63 74 69 76 65 73 2e 69 73 20 26 26 20 58 74 5b 73 2e 74 61 67 4e 61 6d 65 5d 29 20 7b 0a 20 Data Ascii: case 'fragment': s.Clazz = Ct; break; default: if (!s.directives.is && Xt[s.tagName]) {
2023-11-18 06:52:31 UTC	1012	IN	Data Raw: 20 64 2e 69 6e 73 65 72 74 69 6f 6e 73 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 64 2e 74 79 70 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 65 78 70 72 3a 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 79 70 65 3a 20 34 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 74 68 73 3a 20 74 68 69 73 2e 69 74 65 6d 50 61 74 68 73 2e 63 6f 6e 63 61 74 28 41 2e 73 6c 69 63 65 28 79 20 2b 20 Data Ascii: d.insertions, type: d.type, expr: { type: 4, paths: this.itemPaths.concat(A.slice(y +
2023-11-18 06:52:31 UTC	1028	IN	Data Raw: 28 21 74 68 69 73 2e 65 6c 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 69 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 6e 2e 5f 63 65 20 26 26 20 6e 2e 5f 69 20 3e 20 32 20 3f 20 28 69 20 3d 20 6e 2e 5f 64 70 2c 20 74 68 69 73 2e 65 6c 20 3d 20 28 6e 2e 5f 65 6c 20 7c 7c 20 49 74 28 6e 29 29 2e 63 6c 6f 6e 65 4e 6f 64 65 28 21 31 29 29 20 3a 20 28 69 20 3d 20 6e 2e 70 72 6f 70 73 2c 20 74 68 69 73 2e 65 6c 20 3d 20 75 28 74 68 69 73 2e 74 61 67 4e 61 6d 65 29 29 2c 20 74 68 69 73 2e 5f 73 62 69 6e 64 44 61 74 61 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: (!this.el) { var i; if (n._ce && n._i > 2 ? (i = n._dp, this.el = (n._el \|\| It(n)).cloneNode(!1)) : (i = n.props, this.el = u(this.tagName)), this._sbindData)
2023-11-18 06:52:31 UTC	1044	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 74 5b 65 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 28 29 2c 20 61 20 3d 20 5b 5d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 72 20 28 76 61 72 20 65 20 3d 20 2d 31 2c 20 6e 20 3d 20 30 3b 20 6e 20 3c 20 61 2e 6c 65 6e 67 74 68 3b 20 6e 2b 2b 29 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 61 5b 6e 5d 2e 69 64 65 6e 74 69 66 69 65 72 20 3d 3d 3d 20 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: } return t[e]; }; }(), a = []; function o(t) { for (var e = -1, n = 0; n < a.length; n++) if (a[n].identifier === t) {
2023-11-18 06:52:31 UTC	1060	IN	Data Raw: 3a 20 2d 32 39 30 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 38 39 2e 36 35 35 31 37 32 34 31 33 37 39 33 31 31 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 33 34 38 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 39 33 2e 31 30 33 34 34 38 32 37 35 38 36 32 30 36 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 34 30 36 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 39 36 2e 35 35 31 37 32 34 31 33 37 39 33 31 30 33 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 34 36 34 70 78 20 2d 31 31 36 70 78 3b 5c 6e 20 20 7d 5c 6e 20 20 31 30 30 25 20 7b 5c 6e 20 20 20 20 62 61 63 6b 67 72 6f 75 Data Ascii: : -290px -116px;\n }\n 89.65517241379311% {\n background-position: -348px -116px;\n }\n 93.10344827586206% {\n background-position: -406px -116px;\n }\n 96.55172413793103% {\n background-position: -464px -116px;\n }\n 100% {\n backgrou
2023-11-18 06:52:31 UTC	1076	IN	Data Raw: 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 6f 61 64 69 6e 67 50 6f 69 6e 74 32 20 31 2e 32 73 20 65 61 73 65 2d 69 6e 20 69 6e 66 69 6e 69 74 65 3b 5c 6e 20 20 20 20 20 20 20 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 6f 61 64 69 6e 67 50 6f 69 6e 74 32 20 31 2e 32 73 20 65 61 73 65 2d 69 6e 20 69 6e 66 69 6e 69 74 65 3b 5c 6e 7d 5c 6e 2e 65 6e 74 72 79 2d 73 74 61 74 75 73 2d 62 6f 78 20 2e 65 6e 74 72 79 2d 73 74 61 74 75 73 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 65 6e 74 72 79 2d 73 74 61 74 75 73 2d 6c 6f 61 64 69 6e 67 2d 74 65 78 74 20 2e 77 61 69 74 2d 6c 6f 61 64 69 6e 67 20 2e 70 6f 69 6e 74 33 20 7b 5c 6e 20 20 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 6f 61 64 69 6e 67 50 6f 69 6e 74 33 20 31 2e 32 73 20 65 61 73 65 2d Data Ascii: bkit-animation: loadingPoint2 1.2s ease-in infinite;\n animation: loadingPoint2 1.2s ease-in infinite;\n}\n.entry-status-box .entry-status-container .entry-status-loading-text .wait-loading .point3 {\n -webkit-animation: loadingPoint3 1.2s ease-
2023-11-18 06:52:31 UTC	1092	IN	Data Raw: 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 76 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 20 6e 2e 64 28 65 2c 20 27 5f 5f 72 65 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 20 6e 2e 64 28 65 2c 20 27 5f 5f 73 70 72 65 61 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 2c 20 6e 2e 64 28 65 2c 20 27 5f 5f 73 70 72 65 61 64 41 72 72 61 79 73 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: tion () { return v; }), n.d(e, '__read', function () { return m; }), n.d(e, '__spread', function () { return x; }), n.d(e, '__spreadArrays', function () {
2023-11-18 06:52:31 UTC	1108	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 6c 75 65 3a 20 43 28 74 5b 69 5d 28 65 29 29 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 6e 65 3a 20 21 31 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 3a 20 73 20 3f 20 73 28 65 29 20 3a 20 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 3a 20 73 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 75 6e 63 74 69 6f 6e 20 45 28 74 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 21 53 79 6d 62 6f 6c 2e 61 73 79 6e 63 49 74 65 72 61 74 6f 72 29 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: value: C(t[i](e)), done: !1 } : s ? s(e) : e; } : s; } } function E(t) { if (!Symbol.asyncIterator)

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.5	49723	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	22	OUT	GET /static/superman/img/qrcode/qrcode-hover@2x-f9b106a848.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	33	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 1285 Connection: close Expires: Sat, 11 Nov 2023 07:48:25 GMT Last-Modified: Fri, 03 Nov 2023 09:16:39 GMT ETag: "f9b106a84823022dbc97874b6e2a2786" Cache-Control: max-age=31536000 Age: 860632 Accept-Ranges: bytes Content-MD5: +bEGqEgjAi28l4dLbionhg== x-bce-content-crc32: 2367946980 x-bce-debug-id: SDEFSL8tUgXAy7nriNZZ7tC6UhQBr65seaITqMaNZGzY5xEIbj5qQf4gx75H8sWacp6VJCPnzxfQRqcMz7p4kA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 47304eaa-3c74-481c-b41e-e1de2f2d570f x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:25 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 1285 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:17 UTC	33	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 01 20 05 c9 11 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 30 a0 03 00 04 00 00 00 01 00 00 00 30 00 00 00 00 db 37 6c 0c 00 00 04 6f 49 44 41 54 68 05 ed 59 3b 53 14 41 10 de d9 5b 02 3d 20 d0 48 4b 43 63 33 53 89 a5 ea 10 33 d1 d4 1f c0 43 52 8e 50 0a ce 3f 21 18 f9 b8 2b 35 c6 d4 cc 98 d0 57 66 e0 81 09 77 37 f6 37 bb 3d d7 37 b3 2f 8f 2d a1 ac dd 2a 6e 7a ba bf 79 74 4f 3f 66 97 20 c8 78 14 f3 97 56 fb df 75 a8 9e 06 a3 d1 8b de f3 79 65 04 86 d9 08 9f 04 c3 e1 3b 30 01 0e f1 63 90 c4 04 dd 5a 3f 7e Data Ascii: PNGIHDR00 sRGBDeXIfMMi007loIDAThY;SA[= HKCc3S3CRP?!+5Wfw77=7/-nzytO?f xVuye;0cZ?~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	104.193.88.112	443	192.168.2.5	49723	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:17 UTC	22	OUT	GET /static/superman/img/qrcode/qrcode-hover@2x-f9b106a848.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:17 UTC	33	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:17 GMT Content-Type: image/png Content-Length: 1285 Connection: close Expires: Sat, 11 Nov 2023 07:48:25 GMT Last-Modified: Fri, 03 Nov 2023 09:16:39 GMT ETag: "f9b106a84823022dbc97874b6e2a2786" Cache-Control: max-age=31536000 Age: 860632 Accept-Ranges: bytes Content-MD5: +bEGqEgjAi28l4dLbionhg== x-bce-content-crc32: 2367946980 x-bce-debug-id: SDEFSL8tUgXAy7nriNZZ7tC6UhQBr65seaITqMaNZGzY5xEIbj5qQf4gx75H8sWacp6VJCPnzxfQRqcMz7p4kA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 47304eaa-3c74-481c-b41e-e1de2f2d570f x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:25 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 1285 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:17 UTC	33	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 01 20 05 c9 11 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 30 a0 03 00 04 00 00 00 01 00 00 00 30 00 00 00 00 db 37 6c 0c 00 00 04 6f 49 44 41 54 68 05 ed 59 3b 53 14 41 10 de d9 5b 02 3d 20 d0 48 4b 43 63 33 53 89 a5 ea 10 33 d1 d4 1f c0 43 52 8e 50 0a ce 3f 21 18 f9 b8 2b 35 c6 d4 cc 98 d0 57 66 e0 81 09 77 37 f6 37 bb 3d d7 37 b3 2f 8f 2d a1 ac dd 2a 6e 7a ba bf 79 74 4f 3f 66 97 20 c8 78 14 f3 97 56 fb df 75 a8 9e 06 a3 d1 8b de f3 79 65 04 86 d9 08 9f 04 c3 e1 3b 30 01 0e f1 63 90 c4 04 dd 5a 3f 7e Data Ascii: PNGIHDR00 sRGBDeXIfMMi007loIDAThY;SA[= HKCc3S3CRP?!+5Wfw77=7/-nzytO?f xVuye;0cZ?~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.5	49776	103.235.46.40	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:32 UTC	1116	OUT	GET /5bU_dTmfKgQFm2e88IuM_a/w.gif?q=&rsv_ct=175&rsv_cst=2&rsv_clk_extra={"text":"AI"}&rsv_sid=&cid=&qid=&t=1700295903338&rsv_iorr=0&rsv_tn=baidu&rsv_ssl=0&path=http%3A%2F%2Fwww.baidu.com%2F&rsv_did=8c2bd1e9a3ee0934a50ab37d4ec9c37b HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
2023-11-18 06:52:33 UTC	1117	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:32 GMT Etag: "64acd0a7-0" Expires: Tue, 15 Nov 2033 06:52:32 GMT Last-Modified: Tue, 11 Jul 2023 03:46:47 GMT Server: Apache 2.0 Set-Cookie: BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; max-age=86400; domain=.baidu.com; path=/ Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	103.235.46.40	443	192.168.2.5	49776	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:32 UTC	1116	OUT	GET /5bU_dTmfKgQFm2e88IuM_a/w.gif?q=&rsv_ct=175&rsv_cst=2&rsv_clk_extra={"text":"AI"}&rsv_sid=&cid=&qid=&t=1700295903338&rsv_iorr=0&rsv_tn=baidu&rsv_ssl=0&path=http%3A%2F%2Fwww.baidu.com%2F&rsv_did=8c2bd1e9a3ee0934a50ab37d4ec9c37b HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
2023-11-18 06:52:33 UTC	1117	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:32 GMT Etag: "64acd0a7-0" Expires: Tue, 15 Nov 2033 06:52:32 GMT Last-Modified: Tue, 11 Jul 2023 03:46:47 GMT Server: Apache 2.0 Set-Cookie: BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; max-age=86400; domain=.baidu.com; path=/ Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.5	49777	103.235.46.40	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:32 UTC	1117	OUT	GET /5bU_dTmfKgQFm2e88IuM_a/w.gif?q=&rsv_ct=175&rsv_cst=4&rsv_clk_extra={"text":"AI"}&rsv_sid=&cid=&qid=&t=1700295903347&rsv_iorr=0&rsv_tn=baidu&rsv_ssl=0&path=http%3A%2F%2Fwww.baidu.com%2F&rsv_did=8c2bd1e9a3ee0934a50ab37d4ec9c37b HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
2023-11-18 06:52:33 UTC	1118	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:32 GMT Etag: "64acd0a7-0" Expires: Tue, 15 Nov 2033 06:52:32 GMT Last-Modified: Tue, 11 Jul 2023 03:46:47 GMT Server: Apache 2.0 Set-Cookie: BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; max-age=86400; domain=.baidu.com; path=/ Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	103.235.46.40	443	192.168.2.5	49777	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:32 UTC	1117	OUT	GET /5bU_dTmfKgQFm2e88IuM_a/w.gif?q=&rsv_ct=175&rsv_cst=4&rsv_clk_extra={"text":"AI"}&rsv_sid=&cid=&qid=&t=1700295903347&rsv_iorr=0&rsv_tn=baidu&rsv_ssl=0&path=http%3A%2F%2Fwww.baidu.com%2F&rsv_did=8c2bd1e9a3ee0934a50ab37d4ec9c37b HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: sp1.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
2023-11-18 06:52:33 UTC	1118	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=315360000 Content-Length: 0 Content-Type: image/gif Date: Sat, 18 Nov 2023 06:52:32 GMT Etag: "64acd0a7-0" Expires: Tue, 15 Nov 2033 06:52:32 GMT Last-Modified: Tue, 11 Jul 2023 03:46:47 GMT Server: Apache 2.0 Set-Cookie: BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; max-age=86400; domain=.baidu.com; path=/ Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	124.239.243.38	443	192.168.2.5	49775	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:34 UTC	1118	OUT	GET /basics/pc_operate/light_new_1698989816000.json HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Origin: http://www.baidu.com Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: psstatic.cdn.bcebos.com Connection: Keep-Alive
2023-11-18 06:52:35 UTC	1118	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:35 GMT Content-Type: application/json Content-Length: 21528 Connection: close Expires: Tue, 21 Nov 2023 05:40:55 GMT Last-Modified: Fri, 03 Nov 2023 05:36:55 GMT ETag: "eb81a616ea78901e20c61b1c651287d9" Age: 4285 Accept-Ranges: bytes Content-MD5: 64GmFup4kB4gxhscZRKH2Q== x-bce-content-crc32: 3647225974 x-bce-debug-id: S0obgYurCKVMA/APy2JmtMhJRGU6kkcQ/FOjZooVAee/Z2miDsY+5pqKBQ79FROWNJg17SiskoRE1Ntx5bfqdg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: f15f0331-3865-4583-91da-7f304f08252c x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Sat, 18 Nov 2023 05:40:55 GMT Ohc-Upstream-Trace: 124.239.243.55 Ohc-Cache-HIT: lf7ct55 [2], suzix114 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 21528 X-Cache-Status: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Cache-Control: max-age=31536000 Timing-Allow-Origin: *
2023-11-18 06:52:35 UTC	1119	IN	Data Raw: 7b 22 76 22 3a 22 35 2e 31 31 2e 30 22 2c 22 66 72 22 3a 32 35 2c 22 69 70 22 3a 32 35 2c 22 6f 70 22 3a 32 30 39 2c 22 77 22 3a 31 32 30 2c 22 68 22 3a 32 38 2c 22 6e 6d 22 3a 22 e4 bd 93 e9 aa 8c e6 96 87 e5 bf 83 e4 b8 80 e8 a8 80 22 2c 22 64 64 64 22 3a 30 2c 22 61 73 73 65 74 73 22 3a 5b 5d 2c 22 6c 61 79 65 72 73 22 3a 5b 7b 22 64 64 64 22 3a 30 2c 22 69 6e 64 22 3a 31 2c 22 74 79 22 3a 34 2c 22 6e 6d 22 3a 22 e5 bd a2 e7 8a b6 e5 9b be e5 b1 82 20 32 35 22 2c 22 70 61 72 65 6e 74 22 3a 33 2c 22 73 72 22 3a 31 2c 22 6b 73 22 3a 7b 22 6f 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 31 30 30 2c 22 69 78 22 3a 31 31 7d 2c 22 72 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 30 2c 22 69 78 22 3a 31 30 7d 2c 22 70 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 5b 2d 31 39 2e Data Ascii: {"v":"5.11.0","fr":25,"ip":25,"op":209,"w":120,"h":28,"nm":"","ddd":0,"assets":[],"layers":[{"ddd":0,"ind":1,"ty":4,"nm":" 25","parent":3,"sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[-19.
2023-11-18 06:52:35 UTC	1134	IN	Data Raw: 6d 6e 22 3a 22 41 44 42 45 20 56 65 63 74 6f 72 20 53 68 61 70 65 20 2d 20 47 72 6f 75 70 22 2c 22 68 64 22 3a 66 61 6c 73 65 7d 2c 7b 22 69 6e 64 22 3a 31 2c 22 74 79 22 3a 22 73 68 22 2c 22 69 78 22 3a 32 2c 22 6b 73 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 7b 22 69 22 3a 5b 5b 30 2c 30 5d 2c 5b 30 2e 36 35 39 2c 2d 31 2e 36 31 32 5d 2c 5b 30 2c 30 5d 2c 5b 2d 30 2e 33 36 34 2c 32 2e 32 33 36 5d 5d 2c 22 6f 22 3a 5b 5b 2d 30 2e 33 32 31 2c 32 2e 30 31 39 5d 2c 5b 30 2c 30 5d 2c 5b 30 2e 36 37 36 2c 2d 31 2e 36 31 32 5d 2c 5b 30 2c 30 5d 5d 2c 22 76 22 3a 5b 5b 33 38 2e 39 36 31 2c 2d 36 2e 35 31 33 5d 2c 5b 33 37 2e 34 39 32 2c 2d 31 2e 30 36 36 5d 2c 5b 33 38 2e 32 39 38 2c 2d 30 2e 35 35 39 5d 2c 5b 33 39 2e 38 35 38 2c 2d 36 2e 33 33 31 5d 5d 2c 22 63 Data Ascii: mn":"ADBE Vector Shape - Group","hd":false},{"ind":1,"ty":"sh","ix":2,"ks":{"a":0,"k":{"i":[[0,0],[0.659,-1.612],[0,0],[-0.364,2.236]],"o":[[-0.321,2.019],[0,0],[0.676,-1.612],[0,0]],"v":[[38.961,-6.513],[37.492,-1.066],[38.298,-0.559],[39.858,-6.331]],"c

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.5	49775	124.239.243.38	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:34 UTC	1118	OUT	GET /basics/pc_operate/light_new_1698989816000.json HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Origin: http://www.baidu.com Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: psstatic.cdn.bcebos.com Connection: Keep-Alive
2023-11-18 06:52:35 UTC	1118	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:35 GMT Content-Type: application/json Content-Length: 21528 Connection: close Expires: Tue, 21 Nov 2023 05:40:55 GMT Last-Modified: Fri, 03 Nov 2023 05:36:55 GMT ETag: "eb81a616ea78901e20c61b1c651287d9" Age: 4285 Accept-Ranges: bytes Content-MD5: 64GmFup4kB4gxhscZRKH2Q== x-bce-content-crc32: 3647225974 x-bce-debug-id: S0obgYurCKVMA/APy2JmtMhJRGU6kkcQ/FOjZooVAee/Z2miDsY+5pqKBQ79FROWNJg17SiskoRE1Ntx5bfqdg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: f15f0331-3865-4583-91da-7f304f08252c x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Sat, 18 Nov 2023 05:40:55 GMT Ohc-Upstream-Trace: 124.239.243.55 Ohc-Cache-HIT: lf7ct55 [2], suzix114 [2] Ohc-Response-Time: 1 0 0 0 0 0 Ohc-File-Size: 21528 X-Cache-Status: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Cache-Control: max-age=31536000 Timing-Allow-Origin: *
2023-11-18 06:52:35 UTC	1119	IN	Data Raw: 7b 22 76 22 3a 22 35 2e 31 31 2e 30 22 2c 22 66 72 22 3a 32 35 2c 22 69 70 22 3a 32 35 2c 22 6f 70 22 3a 32 30 39 2c 22 77 22 3a 31 32 30 2c 22 68 22 3a 32 38 2c 22 6e 6d 22 3a 22 e4 bd 93 e9 aa 8c e6 96 87 e5 bf 83 e4 b8 80 e8 a8 80 22 2c 22 64 64 64 22 3a 30 2c 22 61 73 73 65 74 73 22 3a 5b 5d 2c 22 6c 61 79 65 72 73 22 3a 5b 7b 22 64 64 64 22 3a 30 2c 22 69 6e 64 22 3a 31 2c 22 74 79 22 3a 34 2c 22 6e 6d 22 3a 22 e5 bd a2 e7 8a b6 e5 9b be e5 b1 82 20 32 35 22 2c 22 70 61 72 65 6e 74 22 3a 33 2c 22 73 72 22 3a 31 2c 22 6b 73 22 3a 7b 22 6f 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 31 30 30 2c 22 69 78 22 3a 31 31 7d 2c 22 72 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 30 2c 22 69 78 22 3a 31 30 7d 2c 22 70 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 5b 2d 31 39 2e Data Ascii: {"v":"5.11.0","fr":25,"ip":25,"op":209,"w":120,"h":28,"nm":"","ddd":0,"assets":[],"layers":[{"ddd":0,"ind":1,"ty":4,"nm":" 25","parent":3,"sr":1,"ks":{"o":{"a":0,"k":100,"ix":11},"r":{"a":0,"k":0,"ix":10},"p":{"a":0,"k":[-19.
2023-11-18 06:52:35 UTC	1134	IN	Data Raw: 6d 6e 22 3a 22 41 44 42 45 20 56 65 63 74 6f 72 20 53 68 61 70 65 20 2d 20 47 72 6f 75 70 22 2c 22 68 64 22 3a 66 61 6c 73 65 7d 2c 7b 22 69 6e 64 22 3a 31 2c 22 74 79 22 3a 22 73 68 22 2c 22 69 78 22 3a 32 2c 22 6b 73 22 3a 7b 22 61 22 3a 30 2c 22 6b 22 3a 7b 22 69 22 3a 5b 5b 30 2c 30 5d 2c 5b 30 2e 36 35 39 2c 2d 31 2e 36 31 32 5d 2c 5b 30 2c 30 5d 2c 5b 2d 30 2e 33 36 34 2c 32 2e 32 33 36 5d 5d 2c 22 6f 22 3a 5b 5b 2d 30 2e 33 32 31 2c 32 2e 30 31 39 5d 2c 5b 30 2c 30 5d 2c 5b 30 2e 36 37 36 2c 2d 31 2e 36 31 32 5d 2c 5b 30 2c 30 5d 5d 2c 22 76 22 3a 5b 5b 33 38 2e 39 36 31 2c 2d 36 2e 35 31 33 5d 2c 5b 33 37 2e 34 39 32 2c 2d 31 2e 30 36 36 5d 2c 5b 33 38 2e 32 39 38 2c 2d 30 2e 35 35 39 5d 2c 5b 33 39 2e 38 35 38 2c 2d 36 2e 33 33 31 5d 5d 2c 22 63 Data Ascii: mn":"ADBE Vector Shape - Group","hd":false},{"ind":1,"ty":"sh","ix":2,"ks":{"a":0,"k":{"i":[[0,0],[0.659,-1.612],[0,0],[-0.364,2.236]],"o":[[-0.321,2.019],[0,0],[0.676,-1.612],[0,0]],"v":[[38.961,-6.513],[37.492,-1.066],[38.298,-0.559],[39.858,-6.331]],"c

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.5	49760	39.156.68.81	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:37 UTC	1140	OUT	GET /static/h.gif?type=jsError&product=pcSearchResult&t=1700294901401 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: hector.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
2023-11-18 06:52:49 UTC	1141	IN	HTTP/1.1 200 OK Cache-Control: max-age=315360000 Content-Length: 43 Content-Type: image/gif; charset=utf-8 Date: Sat, 18 Nov 2023 06:52:49 GMT Expires: Tue, 21 Nov 2023 22:28:49 GMT Last-Modified: Thu, 16 Mar 2023 03:05:46 GMT Connection: close
2023-11-18 06:52:49 UTC	1141	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 01 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	39.156.68.81	443	192.168.2.5	49760	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:37 UTC	1140	OUT	GET /static/h.gif?type=jsError&product=pcSearchResult&t=1700294901401 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: hector.baidu.com Connection: Keep-Alive Cookie: BAIDUID=145E27E221F282D0311C913AF0CC3B87:FG=1; BIDUPSID=145E27E221F282D0BD0487E5415FCD62; PSTM=1700290335; BA_HECTOR=a00ka4848l01a02k0ga02g8g1ilgs0p1r
2023-11-18 06:52:49 UTC	1141	IN	HTTP/1.1 200 OK Cache-Control: max-age=315360000 Content-Length: 43 Content-Type: image/gif; charset=utf-8 Date: Sat, 18 Nov 2023 06:52:49 GMT Expires: Tue, 21 Nov 2023 22:28:49 GMT Last-Modified: Thu, 16 Mar 2023 03:05:46 GMT Connection: close
2023-11-18 06:52:49 UTC	1141	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 01 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	104.193.90.87	443	192.168.2.5	49728	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	35	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newbaike-889054f349.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	73	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: image/png Content-Length: 2315 Connection: close Expires: Fri, 08 Dec 2023 07:54:00 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-90b" Cache-Control: max-age=2592000 Age: 860298 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:54:00 GMT Ohc-Cache-HIT: iad01-sys-jomo2.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:18 UTC	73	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 08 75 49 44 41 54 78 01 ed 5b 79 6c 15 45 18 df eb 3d 68 41 40 28 57 5b ee 72 34 72 84 a3 12 e4 d0 1a c0 20 0a 12 09 57 a3 88 e1 12 8f a4 a2 41 05 a4 86 a8 09 1e 8d 01 39 15 a2 48 0b 46 62 e4 12 2c 28 72 55 ce 96 2b 14 68 29 72 96 43 ee b3 6f 0f 7f 8f 57 b7 bb fb f6 ed db 9d dd 62 d1 d9 bf 66 67 67 be f9 be df fb cd 37 33 df 7c 8f 55 14 85 a1 0f c3 70 14 84 10 02 14 88 32 26 50 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHuIDATx[ylE=hA@(W[r4r WA9HFb,(rU+h)rCoWbfgg73\|Up2&P

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.5	49728	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	35	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newbaike-889054f349.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	73	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: image/png Content-Length: 2315 Connection: close Expires: Fri, 08 Dec 2023 07:54:00 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-90b" Cache-Control: max-age=2592000 Age: 860298 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:54:00 GMT Ohc-Cache-HIT: iad01-sys-jomo2.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:18 UTC	73	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 08 75 49 44 41 54 78 01 ed 5b 79 6c 15 45 18 df eb 3d 68 41 40 28 57 5b ee 72 34 72 84 a3 12 e4 d0 1a c0 20 0a 12 09 57 a3 88 e1 12 8f a4 a2 41 05 a4 86 a8 09 1e 8d 01 39 15 a2 48 0b 46 62 e4 12 2c 28 72 55 ce 96 2b 14 68 29 72 96 43 ee b3 6f 0f 7f 8f 57 b7 bb fb f6 ed db 9d dd 62 d1 d9 bf 66 67 67 be f9 be df fb cd 37 33 df 7c 8f 55 14 85 a1 0f c3 70 14 84 10 02 14 88 32 26 50 Data Ascii: PNGIHDRXXcsRGBDeXIfMM*iXXHuIDATx[ylE=hA@(W[r4r WA9HFb,(rU+h)rCoWbfgg73\|Up2&P

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	104.193.90.87	443	192.168.2.5	49727	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	35	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newwenku-d8c9b7b0fb.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	70	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: image/png Content-Length: 2787 Connection: close Expires: Fri, 08 Dec 2023 06:07:35 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-ae3" Cache-Control: max-age=2592000 Age: 866683 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:07:35 GMT Ohc-Cache-HIT: iad01-sys-jomo4.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:18 UTC	70	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0a 4d 49 44 41 54 78 01 ed 5b 7b 50 54 d7 19 bf f7 ee 2e 8f 05 56 10 08 c8 43 10 2c 20 24 58 ab 63 4a d4 84 48 62 27 8d 46 1b 99 b6 93 da b4 9d 3e a6 63 74 32 31 ed 4c 4d 3b 99 49 2d c6 d6 69 d4 34 f6 8f 76 6c 93 89 a6 9a a4 4d 6b a5 93 99 4c 9a a0 b4 55 93 98 06 15 14 11 5c 2a a0 82 80 8b e1 b1 af db df 77 ce dd cb 5e 07 e1 ee 5d f6 d2 ce dc b3 cb bd e7 f1 9d 73 be ef 77 7e df Data Ascii: PNGIHDRXXcsRGBDeXIfMMiXXHMIDATx[{PT.VC, $XcJHb'F>ct21LM;I-i4vlMkLU\w^]sw~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.5	49727	104.193.90.87	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	35	OUT	GET /5aV1bjqh_Q23odCf/static/superman/img/topnav/newwenku-d8c9b7b0fb.png HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: dss0.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	70	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: image/png Content-Length: 2787 Connection: close Expires: Fri, 08 Dec 2023 06:07:35 GMT Last-Modified: Mon, 29 Nov 2021 08:08:24 GMT ETag: "61a48a78-ae3" Cache-Control: max-age=2592000 Age: 866683 Accept-Ranges: bytes Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:07:35 GMT Ohc-Cache-HIT: iad01-sys-jomo4.iad01.baidu.com [2] Ohc-Response-Time: 1 0 0 0 0 0
2023-11-18 06:52:18 UTC	70	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 58 00 00 00 58 08 02 00 00 00 fe f7 a7 63 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 44 65 58 49 66 4d 4d 00 2a 00 00 00 08 00 01 87 69 00 04 00 00 00 01 00 00 00 1a 00 00 00 00 00 03 a0 01 00 03 00 00 00 01 00 01 00 00 a0 02 00 04 00 00 00 01 00 00 00 58 a0 03 00 04 00 00 00 01 00 00 00 58 00 00 00 00 e7 80 48 10 00 00 0a 4d 49 44 41 54 78 01 ed 5b 7b 50 54 d7 19 bf f7 ee 2e 8f 05 56 10 08 c8 43 10 2c 20 24 58 ab 63 4a d4 84 48 62 27 8d 46 1b 99 b6 93 da b4 9d 3e a6 63 74 32 31 ed 4c 4d 3b 99 49 2d c6 d6 69 d4 34 f6 8f 76 6c 93 89 a6 9a a4 4d 6b a5 93 99 4c 9a a0 b4 55 93 98 06 15 14 11 5c 2a a0 82 80 8b e1 b1 af db df 77 ce dd cb 5e 07 e1 ee 5d f6 d2 ce dc b3 cb bd e7 f1 9d 73 be ef 77 7e df Data Ascii: PNGIHDRXXcsRGBDeXIfMMiXXHMIDATx[{PT.VC, $XcJHb'F>ct21LM;I-i4vlMkLU\w^]sw~

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.5	49729	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	36	OUT	GET /static/superman/font/iconfont-cdfecb8456.eot? HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Origin: http://www.baidu.com Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	38	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: application/vnd.ms-fontobject Content-Length: 42528 Connection: close Expires: Sat, 11 Nov 2023 05:10:12 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "cdfecb84568c0b94e1514ee0437b7809" Cache-Control: max-age=31536000 Age: 870126 Accept-Ranges: bytes Content-MD5: zf7LhFaMC5ThUU7gQ3t4CQ== x-bce-content-crc32: 1806881958 x-bce-debug-id: PO1ONjpo4Zn/PVu1KM74gzHH1i7aEc6Eu82eeCZ1bfUC1bICIQW5uUETN6l/KLjQmPc5522gIuBE9fMOFO+BTg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: a802fb9a-41cd-43d8-b700-2a286e1a937d x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:10:12 GMT Ohc-Cache-HIT: sfo01-sys-jorcol04.sfo01.baidu.com [2] Ohc-File-Size: 42528 X-Cache-Status: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Timing-Allow-Origin: *
2023-11-18 06:52:18 UTC	38	IN	Data Raw: 20 a6 00 00 78 a5 00 00 01 00 02 00 00 00 00 00 02 00 05 03 00 00 00 00 00 00 01 00 90 01 00 00 00 00 4c 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 c2 da 0d 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 69 00 63 00 6f 00 6e 00 66 00 6f 00 6e 00 74 00 00 00 0e 00 52 00 65 00 67 00 75 00 6c 00 61 00 72 00 00 00 16 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 20 00 31 00 2e 00 30 00 00 00 10 00 69 00 63 00 6f 00 6e 00 66 00 6f 00 6e 00 74 00 00 00 00 00 00 01 00 00 00 0b 00 80 00 03 00 30 47 53 55 42 20 8b 25 7a 00 00 01 38 00 00 00 54 4f 53 2f 32 3c 24 49 8c 00 00 01 8c 00 00 00 60 63 6d 61 70 90 26 0c 43 00 00 04 8c 00 00 0a 92 67 6c 79 66 dc fd 21 48 00 00 10 74 00 00 88 48 68 65 61 64 2f cf 91 5d 00 00 00 Data Ascii: xLPiconfontRegularVersion 1.0iconfont0GSUB %z8TOS/2<$I`cmap&Cglyf!HtHhead/]
2023-11-18 06:52:18 UTC	54	IN	Data Raw: 15 4c 4e 17 06 0e 28 00 00 00 00 04 00 00 ff b4 04 00 03 4b 00 16 00 21 00 38 00 4b 00 00 01 07 23 22 06 15 11 15 1e 01 3b 01 17 16 32 3e 01 35 11 34 2e 01 06 07 11 2f 01 26 2b 01 11 33 32 37 05 36 32 17 16 17 16 07 06 07 0e 01 2e 01 3f 01 3e 01 26 2f 01 26 34 37 36 16 17 16 15 14 07 0e 01 2e 01 37 36 35 34 27 26 36 01 d9 e9 aa 16 20 03 1f 14 ad eb 0d 1d 19 0f 10 1c 1e 16 b7 06 09 0a 90 90 10 0d 01 89 0e 28 0e 27 0f 0e 0e 0f 27 0e 26 1c 04 0b 05 14 10 0c 13 05 0e ce 0e 28 0e 56 5a 0c 27 20 05 0c 46 3d 0d 01 03 3f ac 20 17 fe 22 07 15 1b 8b 07 0e 1a 0e 03 28 10 1a 0e 03 87 fd 73 6d 02 04 01 8c 09 1f 0e 0e 28 42 40 40 42 27 0e 01 19 25 10 04 15 4c 4e 17 06 0e 28 94 0e 02 0e 5d b8 b5 74 10 05 18 27 10 5b 94 92 41 0f 28 00 06 00 00 ff 8a 03 b4 03 81 00 30 00 Data Ascii: LN(K!8K#";2>54./&+32762.?>&/&476.7654'&6 (''&(VZ' F=? "(sm(B@@B'%LN(]t'[A(0
2023-11-18 06:52:18 UTC	75	IN	Data Raw: 00 18 00 2b 00 00 01 32 17 1e 01 17 16 14 07 0e 01 07 06 22 27 2e 01 27 26 34 37 3e 01 37 36 01 21 07 0e 02 16 17 13 17 16 36 37 13 37 36 2e 02 02 00 68 5f 5c 8e 27 28 28 27 8e 5c 5f d0 5f 5c 8e 27 28 28 27 8e 5c 5f 01 54 fe 28 07 0a 10 08 03 06 ec 06 0d 22 0b ec 03 05 01 0a 12 03 80 28 27 8e 5c 5f d0 5f 5c 8e 27 28 28 27 8e 5c 5f d0 5f 5c 8e 27 28 fe 9e 01 02 0d 13 14 08 fe c4 05 0c 04 0d 01 3c 05 09 15 12 0a 00 01 00 00 00 00 02 e9 02 9d 00 11 00 00 01 11 14 16 33 32 37 25 3e 01 34 26 27 25 26 06 07 06 01 17 2a 1e 15 12 01 41 10 12 12 10 fe bf 19 3b 0f 0c 02 4f fe 62 1e 2a 0b cf 0a 20 26 20 0a cf 10 0d 19 12 00 03 00 00 ff d4 03 2e 03 2b 00 15 00 2a 00 3e 00 00 01 16 17 16 07 06 07 0e 01 2e 01 37 36 37 36 27 26 27 26 3e 01 16 07 1f 01 1e 01 07 06 07 0e Data Ascii: +2"'.'&47>76!6776.h_\'(('\__\'(('\_T("('\__\'(('\__\'(<327%>4&'%&A;Ob & .+*>.7676'&'&>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	104.193.88.112	443	192.168.2.5	49729	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	36	OUT	GET /static/superman/font/iconfont-cdfecb8456.eot? HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Origin: http://www.baidu.com Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	38	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: application/vnd.ms-fontobject Content-Length: 42528 Connection: close Expires: Sat, 11 Nov 2023 05:10:12 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "cdfecb84568c0b94e1514ee0437b7809" Cache-Control: max-age=31536000 Age: 870126 Accept-Ranges: bytes Content-MD5: zf7LhFaMC5ThUU7gQ3t4CQ== x-bce-content-crc32: 1806881958 x-bce-debug-id: PO1ONjpo4Zn/PVu1KM74gzHH1i7aEc6Eu82eeCZ1bfUC1bICIQW5uUETN6l/KLjQmPc5522gIuBE9fMOFO+BTg== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: a802fb9a-41cd-43d8-b700-2a286e1a937d x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 05:10:12 GMT Ohc-Cache-HIT: sfo01-sys-jorcol04.sfo01.baidu.com [2] Ohc-File-Size: 42528 X-Cache-Status: HIT Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Timing-Allow-Origin: *
2023-11-18 06:52:18 UTC	38	IN	Data Raw: 20 a6 00 00 78 a5 00 00 01 00 02 00 00 00 00 00 02 00 05 03 00 00 00 00 00 00 01 00 90 01 00 00 00 00 4c 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 c2 da 0d 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 69 00 63 00 6f 00 6e 00 66 00 6f 00 6e 00 74 00 00 00 0e 00 52 00 65 00 67 00 75 00 6c 00 61 00 72 00 00 00 16 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 20 00 31 00 2e 00 30 00 00 00 10 00 69 00 63 00 6f 00 6e 00 66 00 6f 00 6e 00 74 00 00 00 00 00 00 01 00 00 00 0b 00 80 00 03 00 30 47 53 55 42 20 8b 25 7a 00 00 01 38 00 00 00 54 4f 53 2f 32 3c 24 49 8c 00 00 01 8c 00 00 00 60 63 6d 61 70 90 26 0c 43 00 00 04 8c 00 00 0a 92 67 6c 79 66 dc fd 21 48 00 00 10 74 00 00 88 48 68 65 61 64 2f cf 91 5d 00 00 00 Data Ascii: xLPiconfontRegularVersion 1.0iconfont0GSUB %z8TOS/2<$I`cmap&Cglyf!HtHhead/]
2023-11-18 06:52:18 UTC	54	IN	Data Raw: 15 4c 4e 17 06 0e 28 00 00 00 00 04 00 00 ff b4 04 00 03 4b 00 16 00 21 00 38 00 4b 00 00 01 07 23 22 06 15 11 15 1e 01 3b 01 17 16 32 3e 01 35 11 34 2e 01 06 07 11 2f 01 26 2b 01 11 33 32 37 05 36 32 17 16 17 16 07 06 07 0e 01 2e 01 3f 01 3e 01 26 2f 01 26 34 37 36 16 17 16 15 14 07 0e 01 2e 01 37 36 35 34 27 26 36 01 d9 e9 aa 16 20 03 1f 14 ad eb 0d 1d 19 0f 10 1c 1e 16 b7 06 09 0a 90 90 10 0d 01 89 0e 28 0e 27 0f 0e 0e 0f 27 0e 26 1c 04 0b 05 14 10 0c 13 05 0e ce 0e 28 0e 56 5a 0c 27 20 05 0c 46 3d 0d 01 03 3f ac 20 17 fe 22 07 15 1b 8b 07 0e 1a 0e 03 28 10 1a 0e 03 87 fd 73 6d 02 04 01 8c 09 1f 0e 0e 28 42 40 40 42 27 0e 01 19 25 10 04 15 4c 4e 17 06 0e 28 94 0e 02 0e 5d b8 b5 74 10 05 18 27 10 5b 94 92 41 0f 28 00 06 00 00 ff 8a 03 b4 03 81 00 30 00 Data Ascii: LN(K!8K#";2>54./&+32762.?>&/&476.7654'&6 (''&(VZ' F=? "(sm(B@@B'%LN(]t'[A(0
2023-11-18 06:52:18 UTC	75	IN	Data Raw: 00 18 00 2b 00 00 01 32 17 1e 01 17 16 14 07 0e 01 07 06 22 27 2e 01 27 26 34 37 3e 01 37 36 01 21 07 0e 02 16 17 13 17 16 36 37 13 37 36 2e 02 02 00 68 5f 5c 8e 27 28 28 27 8e 5c 5f d0 5f 5c 8e 27 28 28 27 8e 5c 5f 01 54 fe 28 07 0a 10 08 03 06 ec 06 0d 22 0b ec 03 05 01 0a 12 03 80 28 27 8e 5c 5f d0 5f 5c 8e 27 28 28 27 8e 5c 5f d0 5f 5c 8e 27 28 fe 9e 01 02 0d 13 14 08 fe c4 05 0c 04 0d 01 3c 05 09 15 12 0a 00 01 00 00 00 00 02 e9 02 9d 00 11 00 00 01 11 14 16 33 32 37 25 3e 01 34 26 27 25 26 06 07 06 01 17 2a 1e 15 12 01 41 10 12 12 10 fe bf 19 3b 0f 0c 02 4f fe 62 1e 2a 0b cf 0a 20 26 20 0a cf 10 0d 19 12 00 03 00 00 ff d4 03 2e 03 2b 00 15 00 2a 00 3e 00 00 01 16 17 16 07 06 07 0e 01 2e 01 37 36 37 36 27 26 27 26 3e 01 16 07 1f 01 1e 01 07 06 07 0e Data Ascii: +2"'.'&47>76!6776.h_\'(('\__\'(('\_T("('\__\'(('\__\'(<327%>4&'%&A;Ob & .+*>.7676'&'&>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.5	49730	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	36	OUT	GET /static/superman/css/ubase_sync-d600f57804.css?v=md5 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	36	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: text/css; charset=utf-8 Content-Length: 407 Connection: close Expires: Sat, 11 Nov 2023 06:31:36 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "d600f57804631038c658b4056d63812a" Cache-Control: max-age=31536000 Age: 865242 Accept-Ranges: bytes Content-MD5: 1gD1eARjEDjGWLQFbWOBKg== x-bce-content-crc32: 99606430 x-bce-debug-id: 9XC9YZYakJ8+rEvRUip98jiANtuhmxWx/yjvGLIRfKCYRI3ctTCBxD4s0r5tmcBrdxaizjsFCe9DLrV6NGDgRA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 4d584530-4299-45f0-9f12-9f29541c5f25 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:36 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 407 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:18 UTC	37	IN	Data Raw: 2e 73 75 69 2d 73 63 72 6f 6c 6c 62 61 72 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 0a 2e 73 75 69 2d 73 63 72 6f 6c 6c 62 61 72 2d 62 61 72 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 31 65 31 65 31 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 33 65 33 65 33 3b 77 69 64 74 68 3a 37 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 72 Data Ascii: .sui-scrollbar-container{position:relative;overflow:hidden}.sui-scrollbar-bar{border-left:1px solid #e1e1e1;border-right:1px solid #e3e3e3;border-top:1px solid #e3e3e3;border-bottom:1px solid #e3e3e3;background:#e3e3e3;width:7px;position:absolute;top:0;r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	104.193.88.112	443	192.168.2.5	49730	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:18 UTC	36	OUT	GET /static/superman/css/ubase_sync-d600f57804.css?v=md5 HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:18 UTC	36	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:18 GMT Content-Type: text/css; charset=utf-8 Content-Length: 407 Connection: close Expires: Sat, 11 Nov 2023 06:31:36 GMT Last-Modified: Fri, 03 Nov 2023 09:16:37 GMT ETag: "d600f57804631038c658b4056d63812a" Cache-Control: max-age=31536000 Age: 865242 Accept-Ranges: bytes Content-MD5: 1gD1eARjEDjGWLQFbWOBKg== x-bce-content-crc32: 99606430 x-bce-debug-id: 9XC9YZYakJ8+rEvRUip98jiANtuhmxWx/yjvGLIRfKCYRI3ctTCBxD4s0r5tmcBrdxaizjsFCe9DLrV6NGDgRA== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 4d584530-4299-45f0-9f12-9f29541c5f25 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 06:31:36 GMT Ohc-Cache-HIT: sfo01-sys-jorcol06.sfo01.baidu.com [2] Ohc-File-Size: 407 X-Cache-Status: HIT Timing-Allow-Origin: * Access-Control-Allow-Origin: *
2023-11-18 06:52:18 UTC	37	IN	Data Raw: 2e 73 75 69 2d 73 63 72 6f 6c 6c 62 61 72 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 0a 2e 73 75 69 2d 73 63 72 6f 6c 6c 62 61 72 2d 62 61 72 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 31 65 31 65 31 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 33 65 33 65 33 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 33 65 33 65 33 3b 77 69 64 74 68 3a 37 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 72 Data Ascii: .sui-scrollbar-container{position:relative;overflow:hidden}.sui-scrollbar-bar{border-left:1px solid #e1e1e1;border-right:1px solid #e3e3e3;border-top:1px solid #e3e3e3;border-bottom:1px solid #e3e3e3;background:#e3e3e3;width:7px;position:absolute;top:0;r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.5	49733	104.193.88.112	443	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	86	OUT	GET /static/superman/js/lib/jquery-1-edb203c114.10.2.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	87	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 143929 Connection: close Expires: Sat, 11 Nov 2023 07:48:33 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "edb203c114d8e1115c869ca443dd6e48" Cache-Control: max-age=31536000 Age: 860626 Accept-Ranges: bytes Content-MD5: 7bIDwRTY4RFchpykQ91uSA== x-bce-content-crc32: 1196392526 x-bce-debug-id: nPhYgIHtWWoRs7ueSiJtOg6l5FSY1vhsRMvyAG+STgVGWUKR0us2rnhX+hqG5YBUFfLWetrBAOeWeaFo/3ObnQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2e09f5bd-3503-431c-b292-7a88a7681452 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:33 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 143929 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:19 UTC	88	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 77 69 6e 64 6f 77 2c 75 6e 64 65 66 69 6e 65 64 29 7b 76 61 72 20 72 65 61 64 79 4c 69 73 74 2c 72 6f 6f 74 6a 51 75 65 72 79 2c 63 6f 72 65 5f 73 74 72 75 6e 64 65 66 69 6e 65 64 3d 74 79 70 65 6f 66 20 75 6e 64 65 66 69 6e 65 64 2c 6c 6f 63 61 74 69 6f 6e 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 64 6f 63 75 6d 65 6e 74 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 64 6f 63 45 6c 65 6d 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 5f 6a 51 75 65 72 79 3d 77 69 6e 64 6f 77 2e 6a 51 75 65 72 79 2c 5f 24 3d 77 69 6e 64 6f 77 2e 24 2c 63 6c 61 73 73 32 74 79 70 65 3d 7b 7d 2c 63 6f 72 65 5f 64 65 6c 65 74 65 64 49 64 73 3d 5b 5d 2c 63 6f 72 65 5f 76 65 72 73 69 6f 6e 3d 22 31 2e 31 Data Ascii: (function(window,undefined){var readyList,rootjQuery,core_strundefined=typeof undefined,location=window.location,document=window.document,docElem=document.documentElement,_jQuery=window.jQuery,_$=window.$,class2type={},core_deletedIds=[],core_version="1.1
2023-11-18 06:52:19 UTC	103	IN	Data Raw: 6e 74 65 78 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 6d 29 29 26 26 63 6f 6e 74 61 69 6e 73 28 63 6f 6e 74 65 78 74 2c 65 6c 65 6d 29 26 26 65 6c 65 6d 2e 69 64 3d 3d 3d 6d 29 7b 72 65 73 75 6c 74 73 2e 70 75 73 68 28 65 6c 65 6d 29 3b 72 65 74 75 72 6e 20 72 65 73 75 6c 74 73 7d 7d 7d 65 6c 73 65 20 69 66 28 6d 61 74 63 68 5b 32 5d 29 7b 70 75 73 68 2e 61 70 70 6c 79 28 72 65 73 75 6c 74 73 2c 63 6f 6e 74 65 78 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 65 6c 65 63 74 6f 72 29 29 3b 72 65 74 75 72 6e 20 72 65 73 75 6c 74 73 0a 7d 65 6c 73 65 20 69 66 28 28 6d 3d 6d 61 74 63 68 5b 33 5d 29 26 26 73 75 70 70 6f 72 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e Data Ascii: ntext.ownerDocument.getElementById(m))&&contains(context,elem)&&elem.id===m){results.push(elem);return results}}}else if(match[2]){push.apply(results,context.getElementsByTagName(selector));return results}else if((m=match[3])&&support.getElementsByClassN
2023-11-18 06:52:19 UTC	119	IN	Data Raw: 74 69 6f 6e 61 6c 50 73 65 75 64 6f 28 66 75 6e 63 74 69 6f 6e 28 6d 61 74 63 68 49 6e 64 65 78 65 73 2c 6c 65 6e 67 74 68 2c 61 72 67 75 6d 65 6e 74 29 7b 76 61 72 20 69 3d 61 72 67 75 6d 65 6e 74 3c 30 3f 61 72 67 75 6d 65 6e 74 2b 6c 65 6e 67 74 68 3a 61 72 67 75 6d 65 6e 74 3b 66 6f 72 28 3b 2b 2b 69 3c 6c 65 6e 67 74 68 3b 29 7b 6d 61 74 63 68 49 6e 64 65 78 65 73 2e 70 75 73 68 28 69 29 7d 72 65 74 75 72 6e 20 6d 61 74 63 68 49 6e 64 65 78 65 73 7d 29 7d 7d 3b 45 78 70 72 2e 70 73 65 75 64 6f 73 5b 22 6e 74 68 22 5d 3d 45 78 70 72 2e 70 73 65 75 64 6f 73 5b 22 65 71 22 5d 0a 3b 66 6f 72 28 69 20 69 6e 7b 72 61 64 69 6f 3a 74 72 75 65 2c 63 68 65 63 6b 62 6f 78 3a 74 72 75 65 2c 66 69 6c 65 3a 74 72 75 65 2c 70 61 73 73 77 6f 72 64 3a 74 72 75 65 2c Data Ascii: tionalPseudo(function(matchIndexes,length,argument){var i=argument<0?argument+length:argument;for(;++i<length;){matchIndexes.push(i)}return matchIndexes})}};Expr.pseudos["nth"]=Expr.pseudos["eq"];for(i in{radio:true,checkbox:true,file:true,password:true,
2023-11-18 06:52:19 UTC	152	IN	Data Raw: 67 72 6f 75 6e 64 43 6c 69 70 3d 22 22 0a 3b 73 75 70 70 6f 72 74 2e 63 6c 65 61 72 43 6c 6f 6e 65 53 74 79 6c 65 3d 64 69 76 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 3d 3d 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3b 66 6f 72 28 69 20 69 6e 20 6a 51 75 65 72 79 28 73 75 70 70 6f 72 74 29 29 7b 62 72 65 61 6b 7d 73 75 70 70 6f 72 74 2e 6f 77 6e 4c 61 73 74 3d 69 21 3d 3d 22 30 22 3b 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 6f 6e 74 61 69 6e 65 72 2c 6d 61 72 67 69 6e 44 69 76 2c 74 64 73 2c 64 69 76 52 65 73 65 74 3d 22 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f Data Ascii: groundClip="";support.clearCloneStyle=div.style.backgroundClip==="content-box";for(i in jQuery(support)){break}support.ownLast=i!=="0";jQuery(function(){var container,marginDiv,tds,divReset="padding:0;margin:0;border:0;display:block;box-sizing:content-bo
2023-11-18 06:52:19 UTC	168	IN	Data Raw: 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 6c 65 6d 2c 76 61 6c 75 65 2c 6e 61 6d 65 29 7b 6e 6f 64 65 48 6f 6f 6b 2e 73 65 74 28 65 6c 65 6d 2c 76 61 6c 75 65 3d 3d 3d 22 22 3f 66 61 6c 73 65 3a 76 61 6c 75 65 2c 6e 61 6d 65 29 7d 7d 3b 6a 51 75 65 72 79 2e 65 61 63 68 28 5b 22 77 69 64 74 68 22 2c 22 68 65 69 67 68 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 61 6d 65 29 7b 6a 51 75 65 72 79 2e 61 74 74 72 48 6f 6f 6b 73 5b 6e 61 6d 65 5d 3d 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 6c 65 6d 2c 76 61 6c 75 65 29 7b 69 66 28 76 61 6c 75 65 3d 3d 3d 22 22 29 7b 65 6c 65 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6e 61 6d 65 2c 22 61 75 74 6f 22 29 3b 72 65 74 75 72 6e 20 76 61 6c 75 65 7d 7d 7d 7d 29 7d 69 66 28 21 6a 51 75 65 72 79 2e 73 75 70 Data Ascii: {set:function(elem,value,name){nodeHook.set(elem,value===""?false:value,name)}};jQuery.each(["width","height"],function(i,name){jQuery.attrHooks[name]={set:function(elem,value){if(value===""){elem.setAttribute(name,"auto");return value}}}})}if(!jQuery.sup
2023-11-18 06:52:19 UTC	184	IN	Data Raw: 75 65 72 79 28 74 79 70 65 73 2e 64 65 6c 65 67 61 74 65 54 61 72 67 65 74 29 2e 6f 66 66 28 68 61 6e 64 6c 65 4f 62 6a 2e 6e 61 6d 65 73 70 61 63 65 3f 68 61 6e 64 6c 65 4f 62 6a 2e 6f 72 69 67 54 79 70 65 2b 22 2e 22 2b 68 61 6e 64 6c 65 4f 62 6a 2e 6e 61 6d 65 73 70 61 63 65 3a 68 61 6e 64 6c 65 4f 62 6a 2e 6f 72 69 67 54 79 70 65 2c 68 61 6e 64 6c 65 4f 62 6a 2e 73 65 6c 65 63 74 6f 72 2c 68 61 6e 64 6c 65 4f 62 6a 2e 68 61 6e 64 6c 65 72 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 0a 69 66 28 74 79 70 65 6f 66 20 74 79 70 65 73 3d 3d 3d 22 6f 62 6a 65 63 74 22 29 7b 66 6f 72 28 74 79 70 65 20 69 6e 20 74 79 70 65 73 29 7b 74 68 69 73 2e 6f 66 66 28 74 79 70 65 2c 73 65 6c 65 63 74 6f 72 2c 74 79 70 65 73 5b 74 79 70 65 5d 29 7d 72 65 74 75 72 6e 20 74 Data Ascii: uery(types.delegateTarget).off(handleObj.namespace?handleObj.origType+"."+handleObj.namespace:handleObj.origType,handleObj.selector,handleObj.handler);return this}if(typeof types==="object"){for(type in types){this.off(type,selector,types[type])}return t
2023-11-18 06:52:19 UTC	203	IN	Data Raw: 65 70 28 67 65 74 41 6c 6c 28 6e 6f 64 65 73 2c 22 69 6e 70 75 74 22 29 2c 66 69 78 44 65 66 61 75 6c 74 43 68 65 63 6b 65 64 29 7d 69 3d 30 3b 77 68 69 6c 65 28 65 6c 65 6d 3d 6e 6f 64 65 73 5b 69 2b 2b 5d 29 7b 69 66 28 73 65 6c 65 63 74 69 6f 6e 26 26 6a 51 75 65 72 79 2e 69 6e 41 72 72 61 79 28 65 6c 65 6d 2c 73 65 6c 65 63 74 69 6f 6e 29 21 3d 3d 2d 31 29 7b 63 6f 6e 74 69 6e 75 65 7d 63 6f 6e 74 61 69 6e 73 3d 6a 51 75 65 72 79 2e 63 6f 6e 74 61 69 6e 73 28 65 6c 65 6d 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2c 65 6c 65 6d 29 3b 74 6d 70 3d 67 65 74 41 6c 6c 28 73 61 66 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 6c 65 6d 29 2c 22 73 63 72 69 70 74 22 29 3b 69 66 28 63 6f 6e 74 61 69 6e 73 29 7b 73 65 74 47 6c 6f 62 61 6c 45 76 61 6c 28 74 6d 70 Data Ascii: ep(getAll(nodes,"input"),fixDefaultChecked)}i=0;while(elem=nodes[i++]){if(selection&&jQuery.inArray(elem,selection)!==-1){continue}contains=jQuery.contains(elem.ownerDocument,elem);tmp=getAll(safe.appendChild(elem),"script");if(contains){setGlobalEval(tmp
2023-11-18 06:52:19 UTC	222	IN	Data Raw: 53 65 74 74 69 6e 67 73 2e 66 6c 61 74 4f 70 74 69 6f 6e 73 7c 7c 7b 7d 3b 66 6f 72 28 6b 65 79 20 69 6e 20 73 72 63 29 7b 69 66 28 73 72 63 5b 6b 65 79 5d 21 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 28 66 6c 61 74 4f 70 74 69 6f 6e 73 5b 6b 65 79 5d 3f 74 61 72 67 65 74 3a 64 65 65 70 7c 7c 28 64 65 65 70 3d 7b 7d 29 29 5b 6b 65 79 5d 3d 73 72 63 5b 6b 65 79 5d 7d 7d 69 66 28 64 65 65 70 29 7b 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 74 72 75 65 2c 74 61 72 67 65 74 2c 64 65 65 70 29 7d 72 65 74 75 72 6e 20 74 61 72 67 65 74 7d 0a 6a 51 75 65 72 79 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 75 72 6c 2c 70 61 72 61 6d 73 2c 63 61 6c 6c 62 61 63 6b 29 7b 69 66 28 74 79 70 65 6f 66 20 75 72 6c 21 3d 3d 22 73 74 72 69 6e 67 22 26 26 5f 6c 6f 61 64 Data Ascii: Settings.flatOptions\|\|{};for(key in src){if(src[key]!==undefined){(flatOptions[key]?target:deep\|\|(deep={}))[key]=src[key]}}if(deep){jQuery.extend(true,target,deep)}return target}jQuery.fn.load=function(url,params,callback){if(typeof url!=="string"&&_load
2023-11-18 06:52:19 UTC	238	IN	Data Raw: 2e 6f 70 74 73 2e 65 61 73 69 6e 67 29 3b 61 6e 69 6d 61 74 69 6f 6e 2e 74 77 65 65 6e 73 2e 70 75 73 68 28 74 77 65 65 6e 29 3b 72 65 74 75 72 6e 20 74 77 65 65 6e 7d 2c 73 74 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 67 6f 74 6f 45 6e 64 29 7b 76 61 72 20 69 6e 64 65 78 3d 30 2c 6c 65 6e 67 74 68 3d 67 6f 74 6f 45 6e 64 3f 61 6e 69 6d 61 74 69 6f 6e 2e 74 77 65 65 6e 73 2e 6c 65 6e 67 74 68 3a 30 3b 69 66 28 73 74 6f 70 70 65 64 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 73 74 6f 70 70 65 64 3d 74 72 75 65 3b 66 6f 72 28 3b 69 6e 64 65 78 3c 6c 65 6e 67 74 68 3b 69 6e 64 65 78 2b 2b 29 7b 61 6e 69 6d 61 74 69 6f 6e 2e 74 77 65 65 6e 73 5b 69 6e 64 65 78 5d 2e 72 75 6e 28 31 29 7d 69 66 28 67 6f 74 6f 45 6e 64 29 7b 64 65 66 65 72 72 65 64 2e 72 65 73 6f 6c 76 Data Ascii: .opts.easing);animation.tweens.push(tween);return tween},stop:function(gotoEnd){var index=0,length=gotoEnd?animation.tweens.length:0;if(stopped){return this}stopped=true;for(;index<length;index++){animation.tweens[index].run(1)}if(gotoEnd){deferred.resolv

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	104.193.88.112	443	192.168.2.5	49733	C:\Windows\SysWOW64\svchost.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-18 06:52:19 UTC	86	OUT	GET /static/superman/js/lib/jquery-1-edb203c114.10.2.js HTTP/1.1 Accept: / Referer: http://www.baidu.com/ Accept-Language: en-CH Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: pss.bdstatic.com Connection: Keep-Alive
2023-11-18 06:52:19 UTC	87	IN	HTTP/1.1 200 OK Server: JSP3/2.0.14 Date: Sat, 18 Nov 2023 06:52:19 GMT Content-Type: text/javascript; charset=utf-8 Content-Length: 143929 Connection: close Expires: Sat, 11 Nov 2023 07:48:33 GMT Last-Modified: Fri, 03 Nov 2023 09:16:40 GMT ETag: "edb203c114d8e1115c869ca443dd6e48" Cache-Control: max-age=31536000 Age: 860626 Accept-Ranges: bytes Content-MD5: 7bIDwRTY4RFchpykQ91uSA== x-bce-content-crc32: 1196392526 x-bce-debug-id: nPhYgIHtWWoRs7ueSiJtOg6l5FSY1vhsRMvyAG+STgVGWUKR0us2rnhX+hqG5YBUFfLWetrBAOeWeaFo/3ObnQ== x-bce-flow-control-type: -1 x-bce-is-transition: false x-bce-request-id: 2e09f5bd-3503-431c-b292-7a88a7681452 x-bce-storage-class: STANDARD Ohc-Global-Saved-Time: Wed, 08 Nov 2023 07:48:33 GMT Ohc-Cache-HIT: sfo01-sys-jorcol02.sfo01.baidu.com [2] Ohc-File-Size: 143929 X-Cache-Status: HIT Access-Control-Allow-Origin: * Timing-Allow-Origin: *
2023-11-18 06:52:19 UTC	88	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 77 69 6e 64 6f 77 2c 75 6e 64 65 66 69 6e 65 64 29 7b 76 61 72 20 72 65 61 64 79 4c 69 73 74 2c 72 6f 6f 74 6a 51 75 65 72 79 2c 63 6f 72 65 5f 73 74 72 75 6e 64 65 66 69 6e 65 64 3d 74 79 70 65 6f 66 20 75 6e 64 65 66 69 6e 65 64 2c 6c 6f 63 61 74 69 6f 6e 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2c 64 6f 63 75 6d 65 6e 74 3d 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2c 64 6f 63 45 6c 65 6d 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 5f 6a 51 75 65 72 79 3d 77 69 6e 64 6f 77 2e 6a 51 75 65 72 79 2c 5f 24 3d 77 69 6e 64 6f 77 2e 24 2c 63 6c 61 73 73 32 74 79 70 65 3d 7b 7d 2c 63 6f 72 65 5f 64 65 6c 65 74 65 64 49 64 73 3d 5b 5d 2c 63 6f 72 65 5f 76 65 72 73 69 6f 6e 3d 22 31 2e 31 Data Ascii: (function(window,undefined){var readyList,rootjQuery,core_strundefined=typeof undefined,location=window.location,document=window.document,docElem=document.documentElement,_jQuery=window.jQuery,_$=window.$,class2type={},core_deletedIds=[],core_version="1.1
2023-11-18 06:52:19 UTC	103	IN	Data Raw: 6e 74 65 78 74 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 6d 29 29 26 26 63 6f 6e 74 61 69 6e 73 28 63 6f 6e 74 65 78 74 2c 65 6c 65 6d 29 26 26 65 6c 65 6d 2e 69 64 3d 3d 3d 6d 29 7b 72 65 73 75 6c 74 73 2e 70 75 73 68 28 65 6c 65 6d 29 3b 72 65 74 75 72 6e 20 72 65 73 75 6c 74 73 7d 7d 7d 65 6c 73 65 20 69 66 28 6d 61 74 63 68 5b 32 5d 29 7b 70 75 73 68 2e 61 70 70 6c 79 28 72 65 73 75 6c 74 73 2c 63 6f 6e 74 65 78 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 65 6c 65 63 74 6f 72 29 29 3b 72 65 74 75 72 6e 20 72 65 73 75 6c 74 73 0a 7d 65 6c 73 65 20 69 66 28 28 6d 3d 6d 61 74 63 68 5b 33 5d 29 26 26 73 75 70 70 6f 72 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e Data Ascii: ntext.ownerDocument.getElementById(m))&&contains(context,elem)&&elem.id===m){results.push(elem);return results}}}else if(match[2]){push.apply(results,context.getElementsByTagName(selector));return results}else if((m=match[3])&&support.getElementsByClassN
2023-11-18 06:52:19 UTC	119	IN	Data Raw: 74 69 6f 6e 61 6c 50 73 65 75 64 6f 28 66 75 6e 63 74 69 6f 6e 28 6d 61 74 63 68 49 6e 64 65 78 65 73 2c 6c 65 6e 67 74 68 2c 61 72 67 75 6d 65 6e 74 29 7b 76 61 72 20 69 3d 61 72 67 75 6d 65 6e 74 3c 30 3f 61 72 67 75 6d 65 6e 74 2b 6c 65 6e 67 74 68 3a 61 72 67 75 6d 65 6e 74 3b 66 6f 72 28 3b 2b 2b 69 3c 6c 65 6e 67 74 68 3b 29 7b 6d 61 74 63 68 49 6e 64 65 78 65 73 2e 70 75 73 68 28 69 29 7d 72 65 74 75 72 6e 20 6d 61 74 63 68 49 6e 64 65 78 65 73 7d 29 7d 7d 3b 45 78 70 72 2e 70 73 65 75 64 6f 73 5b 22 6e 74 68 22 5d 3d 45 78 70 72 2e 70 73 65 75 64 6f 73 5b 22 65 71 22 5d 0a 3b 66 6f 72 28 69 20 69 6e 7b 72 61 64 69 6f 3a 74 72 75 65 2c 63 68 65 63 6b 62 6f 78 3a 74 72 75 65 2c 66 69 6c 65 3a 74 72 75 65 2c 70 61 73 73 77 6f 72 64 3a 74 72 75 65 2c Data Ascii: tionalPseudo(function(matchIndexes,length,argument){var i=argument<0?argument+length:argument;for(;++i<length;){matchIndexes.push(i)}return matchIndexes})}};Expr.pseudos["nth"]=Expr.pseudos["eq"];for(i in{radio:true,checkbox:true,file:true,password:true,
2023-11-18 06:52:19 UTC	152	IN	Data Raw: 67 72 6f 75 6e 64 43 6c 69 70 3d 22 22 0a 3b 73 75 70 70 6f 72 74 2e 63 6c 65 61 72 43 6c 6f 6e 65 53 74 79 6c 65 3d 64 69 76 2e 73 74 79 6c 65 2e 62 61 63 6b 67 72 6f 75 6e 64 43 6c 69 70 3d 3d 3d 22 63 6f 6e 74 65 6e 74 2d 62 6f 78 22 3b 66 6f 72 28 69 20 69 6e 20 6a 51 75 65 72 79 28 73 75 70 70 6f 72 74 29 29 7b 62 72 65 61 6b 7d 73 75 70 70 6f 72 74 2e 6f 77 6e 4c 61 73 74 3d 69 21 3d 3d 22 30 22 3b 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 6f 6e 74 61 69 6e 65 72 2c 6d 61 72 67 69 6e 44 69 76 2c 74 64 73 2c 64 69 76 52 65 73 65 74 3d 22 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f Data Ascii: groundClip="";support.clearCloneStyle=div.style.backgroundClip==="content-box";for(i in jQuery(support)){break}support.ownLast=i!=="0";jQuery(function(){var container,marginDiv,tds,divReset="padding:0;margin:0;border:0;display:block;box-sizing:content-bo
2023-11-18 06:52:19 UTC	168	IN	Data Raw: 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 6c 65 6d 2c 76 61 6c 75 65 2c 6e 61 6d 65 29 7b 6e 6f 64 65 48 6f 6f 6b 2e 73 65 74 28 65 6c 65 6d 2c 76 61 6c 75 65 3d 3d 3d 22 22 3f 66 61 6c 73 65 3a 76 61 6c 75 65 2c 6e 61 6d 65 29 7d 7d 3b 6a 51 75 65 72 79 2e 65 61 63 68 28 5b 22 77 69 64 74 68 22 2c 22 68 65 69 67 68 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 69 2c 6e 61 6d 65 29 7b 6a 51 75 65 72 79 2e 61 74 74 72 48 6f 6f 6b 73 5b 6e 61 6d 65 5d 3d 7b 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 6c 65 6d 2c 76 61 6c 75 65 29 7b 69 66 28 76 61 6c 75 65 3d 3d 3d 22 22 29 7b 65 6c 65 6d 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6e 61 6d 65 2c 22 61 75 74 6f 22 29 3b 72 65 74 75 72 6e 20 76 61 6c 75 65 7d 7d 7d 7d 29 7d 69 66 28 21 6a 51 75 65 72 79 2e 73 75 70 Data Ascii: {set:function(elem,value,name){nodeHook.set(elem,value===""?false:value,name)}};jQuery.each(["width","height"],function(i,name){jQuery.attrHooks[name]={set:function(elem,value){if(value===""){elem.setAttribute(name,"auto");return value}}}})}if(!jQuery.sup
2023-11-18 06:52:19 UTC	184	IN	Data Raw: 75 65 72 79 28 74 79 70 65 73 2e 64 65 6c 65 67 61 74 65 54 61 72 67 65 74 29 2e 6f 66 66 28 68 61 6e 64 6c 65 4f 62 6a 2e 6e 61 6d 65 73 70 61 63 65 3f 68 61 6e 64 6c 65 4f 62 6a 2e 6f 72 69 67 54 79 70 65 2b 22 2e 22 2b 68 61 6e 64 6c 65 4f 62 6a 2e 6e 61 6d 65 73 70 61 63 65 3a 68 61 6e 64 6c 65 4f 62 6a 2e 6f 72 69 67 54 79 70 65 2c 68 61 6e 64 6c 65 4f 62 6a 2e 73 65 6c 65 63 74 6f 72 2c 68 61 6e 64 6c 65 4f 62 6a 2e 68 61 6e 64 6c 65 72 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 0a 69 66 28 74 79 70 65 6f 66 20 74 79 70 65 73 3d 3d 3d 22 6f 62 6a 65 63 74 22 29 7b 66 6f 72 28 74 79 70 65 20 69 6e 20 74 79 70 65 73 29 7b 74 68 69 73 2e 6f 66 66 28 74 79 70 65 2c 73 65 6c 65 63 74 6f 72 2c 74 79 70 65 73 5b 74 79 70 65 5d 29 7d 72 65 74 75 72 6e 20 74 Data Ascii: uery(types.delegateTarget).off(handleObj.namespace?handleObj.origType+"."+handleObj.namespace:handleObj.origType,handleObj.selector,handleObj.handler);return this}if(typeof types==="object"){for(type in types){this.off(type,selector,types[type])}return t
2023-11-18 06:52:19 UTC	203	IN	Data Raw: 65 70 28 67 65 74 41 6c 6c 28 6e 6f 64 65 73 2c 22 69 6e 70 75 74 22 29 2c 66 69 78 44 65 66 61 75 6c 74 43 68 65 63 6b 65 64 29 7d 69 3d 30 3b 77 68 69 6c 65 28 65 6c 65 6d 3d 6e 6f 64 65 73 5b 69 2b 2b 5d 29 7b 69 66 28 73 65 6c 65 63 74 69 6f 6e 26 26 6a 51 75 65 72 79 2e 69 6e 41 72 72 61 79 28 65 6c 65 6d 2c 73 65 6c 65 63 74 69 6f 6e 29 21 3d 3d 2d 31 29 7b 63 6f 6e 74 69 6e 75 65 7d 63 6f 6e 74 61 69 6e 73 3d 6a 51 75 65 72 79 2e 63 6f 6e 74 61 69 6e 73 28 65 6c 65 6d 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2c 65 6c 65 6d 29 3b 74 6d 70 3d 67 65 74 41 6c 6c 28 73 61 66 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 6c 65 6d 29 2c 22 73 63 72 69 70 74 22 29 3b 69 66 28 63 6f 6e 74 61 69 6e 73 29 7b 73 65 74 47 6c 6f 62 61 6c 45 76 61 6c 28 74 6d 70 Data Ascii: ep(getAll(nodes,"input"),fixDefaultChecked)}i=0;while(elem=nodes[i++]){if(selection&&jQuery.inArray(elem,selection)!==-1){continue}contains=jQuery.contains(elem.ownerDocument,elem);tmp=getAll(safe.appendChild(elem),"script");if(contains){setGlobalEval(tmp
2023-11-18 06:52:19 UTC	222	IN	Data Raw: 53 65 74 74 69 6e 67 73 2e 66 6c 61 74 4f 70 74 69 6f 6e 73 7c 7c 7b 7d 3b 66 6f 72 28 6b 65 79 20 69 6e 20 73 72 63 29 7b 69 66 28 73 72 63 5b 6b 65 79 5d 21 3d 3d 75 6e 64 65 66 69 6e 65 64 29 7b 28 66 6c 61 74 4f 70 74 69 6f 6e 73 5b 6b 65 79 5d 3f 74 61 72 67 65 74 3a 64 65 65 70 7c 7c 28 64 65 65 70 3d 7b 7d 29 29 5b 6b 65 79 5d 3d 73 72 63 5b 6b 65 79 5d 7d 7d 69 66 28 64 65 65 70 29 7b 6a 51 75 65 72 79 2e 65 78 74 65 6e 64 28 74 72 75 65 2c 74 61 72 67 65 74 2c 64 65 65 70 29 7d 72 65 74 75 72 6e 20 74 61 72 67 65 74 7d 0a 6a 51 75 65 72 79 2e 66 6e 2e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 75 72 6c 2c 70 61 72 61 6d 73 2c 63 61 6c 6c 62 61 63 6b 29 7b 69 66 28 74 79 70 65 6f 66 20 75 72 6c 21 3d 3d 22 73 74 72 69 6e 67 22 26 26 5f 6c 6f 61 64 Data Ascii: Settings.flatOptions\|\|{};for(key in src){if(src[key]!==undefined){(flatOptions[key]?target:deep\|\|(deep={}))[key]=src[key]}}if(deep){jQuery.extend(true,target,deep)}return target}jQuery.fn.load=function(url,params,callback){if(typeof url!=="string"&&_load
2023-11-18 06:52:19 UTC	238	IN	Data Raw: 2e 6f 70 74 73 2e 65 61 73 69 6e 67 29 3b 61 6e 69 6d 61 74 69 6f 6e 2e 74 77 65 65 6e 73 2e 70 75 73 68 28 74 77 65 65 6e 29 3b 72 65 74 75 72 6e 20 74 77 65 65 6e 7d 2c 73 74 6f 70 3a 66 75 6e 63 74 69 6f 6e 28 67 6f 74 6f 45 6e 64 29 7b 76 61 72 20 69 6e 64 65 78 3d 30 2c 6c 65 6e 67 74 68 3d 67 6f 74 6f 45 6e 64 3f 61 6e 69 6d 61 74 69 6f 6e 2e 74 77 65 65 6e 73 2e 6c 65 6e 67 74 68 3a 30 3b 69 66 28 73 74 6f 70 70 65 64 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 73 74 6f 70 70 65 64 3d 74 72 75 65 3b 66 6f 72 28 3b 69 6e 64 65 78 3c 6c 65 6e 67 74 68 3b 69 6e 64 65 78 2b 2b 29 7b 61 6e 69 6d 61 74 69 6f 6e 2e 74 77 65 65 6e 73 5b 69 6e 64 65 78 5d 2e 72 75 6e 28 31 29 7d 69 66 28 67 6f 74 6f 45 6e 64 29 7b 64 65 66 65 72 72 65 64 2e 72 65 73 6f 6c 76 Data Ascii: .opts.easing);animation.tweens.push(tween);return tween},stop:function(gotoEnd){var index=0,length=gotoEnd?animation.tweens.length:0;if(stopped){return this}stopped=true;for(;index<length;index++){animation.tweens[index].run(1)}if(gotoEnd){deferred.resolv

Target ID:	0
Start time:	07:51:56
Start date:	18/11/2023
Path:	C:\Users\user\Desktop\7J4bYHR4n3.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\7J4bYHR4n3.exe
Imagebase:	0x400000
File size:	4'054'104 bytes
MD5 hash:	2EDB2224339E3562069277B1820851D8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:51:56
Start date:	18/11/2023
Path:	C:\Windows\SysWOW64\svchost.exe
Wow64 process (32bit):	true
Commandline:	c:\windows\syswow64\svchost.exe
Imagebase:	0x1b0000
File size:	46'504 bytes
MD5 hash:	1ED18311E3DA35942DB37D15FA40CC5B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: MALWARE_Win_BlackMoon, Description: Detects executables using BlackMoon RunTime, Source: 00000002.00000003.2018955730.0000000005100000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	15.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	7.7%
Total number of Nodes:	610
Total number of Limit Nodes:	9

Executed Functions

Function 05221000 Relevance: 39.3, APIs: 26, Instructions: 252
networkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 05221023
WSASocketW.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 05221037
setsockopt.WS2_32(00000000,0000FFFF,00000004,?,00000004), ref: 05221061
CreateIoCompletionPort.KERNEL32(?,00000000,00000000), ref: 05221071
closesocket.WS2_32(00000000), ref: 05221087
inet_addr.WS2_32(?), ref: 052210C1
htons.WS2_32(?), ref: 052210C9
bind.WS2_32(?,?,00000010), ref: 052210DB
inet_addr.WS2_32(?), ref: 052210F2
htons.WS2_32(?), ref: 052210FA
ioctlsocket.WS2_32(?,8004667E,?), ref: 05221115
connect.WS2_32(?,?,00000010), ref: 05221123
select.WS2_32(00000000,00000000,?,00000000,?), ref: 0522114E
setsockopt.WS2_32(?,0000FFFF,00001006,?,00000004), ref: 0522117B
setsockopt.WS2_32(?,0000FFFF,00001005,0000A000,00000004), ref: 0522118F
GlobalAlloc.KERNEL32(00000040,00000030,?,0000FFFF,00001005,0000A000,00000004,?,0000FFFF,00001006,?,00000004,?,?,00000010), ref: 05221195
inet_addr.WS2_32(?), ref: 052211AA
htons.WS2_32(?), ref: 052211B2
ioctlsocket.WS2_32(?,8004667E,?), ref: 052211CD
connect.WS2_32(?,?,00000010), ref: 052211DB
select.WS2_32(00000000,00000000,?,00000000,?), ref: 05221206
closesocket.WS2_32(00000000), ref: 05221218

Part of subcall function 052213CC: ioctlsocket.WS2_32(?,8004667E,?), ref: 052213E6
Part of subcall function 052213CC: send.WS2_32(?,?,00000004,00000000), ref: 05221414

setsockopt.WS2_32(?,0000FFFF,00001005,?,00000004), ref: 05221247
setsockopt.WS2_32(?,0000FFFF,00001006,0000A000,00000004), ref: 0522125B
GlobalAlloc.KERNEL32(00000040,00000030,?,?,?,0000FFFF,00001006,0000A000,00000004,?,0000FFFF,00001005,?,00000004,?,?), ref: 052212B5
PostQueuedCompletionStatus.KERNEL32(00000000,00000000,00000000,?,0000FFFF,00001006,0000A000,00000004,?,0000FFFF,00001005,?,00000004,?,?,00000010), ref: 052212D3

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: setsockopt$htonsinet_addrioctlsocket$AllocCompletionCreateGlobalclosesocketconnectselect$EventPortPostQueuedSocketStatusbindsend
String ID:
API String ID: 3200275973-0
Opcode ID: 2e32358f99d0f2869d047adc94d2a067e0bbabeec187efe246cb634d9e03ed00
Instruction ID: 94a791ef5e38a7869ac7b01e002be8c144c6a97c3485bf638c0a5200ce0d1052
Opcode Fuzzy Hash: 2e32358f99d0f2869d047adc94d2a067e0bbabeec187efe246cb634d9e03ed00
Instruction Fuzzy Hash: F4916E7991022ABFDB21CFA4DC49EEA7F79FF08350F100615FA1592290DB749A64CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 05221862 Relevance: 7.6, APIs: 5, Instructions: 64
networkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32(?,0000FFFF,00007010,00000000,00000000), ref: 0522187D
GlobalFree.KERNEL32(?), ref: 0522188B
GlobalAlloc.KERNEL32(00000040,0000FFFF,?,00000000), ref: 052218A1
WSARecv.WS2_32(?,?,00000001,?,?,?,00000000), ref: 052218DC
WSAGetLastError.WS2_32 ref: 052218E8

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: Global$AllocErrorFreeLastRecvsetsockopt
String ID:
API String ID: 140605343-0
Opcode ID: f070d9331fd4bacbaaa7add3f903d12904fbf7ceaebe60b8de29423ea777ab00
Instruction ID: 5a6b41e5355c4660ff65dfe65bc9a20eacf34c1612dc76296ae1bd3a18554f66
Opcode Fuzzy Hash: f070d9331fd4bacbaaa7add3f903d12904fbf7ceaebe60b8de29423ea777ab00
Instruction Fuzzy Hash: 8D118EB5A14305BFEB308F65D88DB66BBF8FF08345F140929E54AD22C0D678DA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05202190 Relevance: 3.3, APIs: 2, Instructions: 304
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0520229A
GetProcAddress.KERNEL32(00000000,00000000), ref: 0520249A

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID:
API String ID: 2574300362-0
Opcode ID: 099ad1d171cb91aef827f060eb5887d5ac28d73bd9d3a4477d55b261b741ff61
Instruction ID: 18fb1557d8337fcbb65da3200e19cb2ca99bb237b9abb9e4c32b6ca292bd3100
Opcode Fuzzy Hash: 099ad1d171cb91aef827f060eb5887d5ac28d73bd9d3a4477d55b261b741ff61
Instruction Fuzzy Hash: 6FD1BB70D2162DEBEF10AFD2E889BEDBF75BF08304F205055E68176185CBB616A4CB19

Uniqueness

Uniqueness Score: -1.00%

Function 05221CE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 84
threadnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 05221D07
CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 05221D31
CreateThread.KERNEL32(00000000,00000000,Function_00001C16,00000000,00000000,00000000), ref: 05221D62
SetThreadPriority.KERNEL32(00000000,0000000F), ref: 05221D71
ResumeThread.KERNEL32(00000000), ref: 05221D78
FindCloseChangeNotification.KERNEL32(00000000), ref: 05221D7F
CreateThread.KERNEL32(00000000,00000000,h N,00000000,00000000,00000000), ref: 05221DA6
CloseHandle.KERNEL32(00000000), ref: 05221DAD
WSACleanup.WS2_32 ref: 05221DB4

Strings

h N, xrefs: 05221D9F

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: Thread$Create$Close$ChangeCleanupCompletionFindHandleNotificationPortPriorityResumeStartup
String ID: h N
API String ID: 1004994631-3177515967
Opcode ID: 1d5158efcbb8c0b75f087c69430ef0be4b4b98aca46336aa4dbd2f5ed6b81843
Instruction ID: 154c48e171792fe4237dcdcdeaf5f0dd679e1646bd3caa0fef59d544b4f82674
Opcode Fuzzy Hash: 1d5158efcbb8c0b75f087c69430ef0be4b4b98aca46336aa4dbd2f5ed6b81843
Instruction Fuzzy Hash: 7021A139235635BBCB30EE65AC4ECAB7E6DEF127717400A15F56AC6180C6348652CAF2

Uniqueness

Uniqueness Score: -1.00%

Function 05221968 Relevance: 10.7, APIs: 7, Instructions: 181
memoryinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalFree.KERNEL32(?), ref: 052219AB
GlobalAlloc.KERNEL32(00000040,?,00000000), ref: 052219BE
WriteProcessMemory.KERNEL32(000000FF,00000000,?,00000004,00000000), ref: 052219E0

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: Global$AllocFreeMemoryProcessWrite
String ID:
API String ID: 1932400252-0
Opcode ID: ca9c293b1862ee34abb06ec819d37e44b925dc22d4b300f0b9e6c0f8f3815263
Instruction ID: a72f0bfef4a5503c2eb007ea4ac8caffe5116e65c9a528948e2e84a4420de034
Opcode Fuzzy Hash: ca9c293b1862ee34abb06ec819d37e44b925dc22d4b300f0b9e6c0f8f3815263
Instruction Fuzzy Hash: 7061CE39264742BFD725CF38C898F75BBF2BF0A314B088658E48A87681D731E519CB50

Uniqueness

Uniqueness Score: -1.00%

Function 05221B34 Relevance: 10.6, APIs: 7, Instructions: 80
injectionmemorysynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 05221B5E
WriteProcessMemory.KERNEL32(000000FF,00000000,?,00000004,00000000), ref: 05221B80
WriteProcessMemory.KERNEL32(000000FF,00000004,?,?,00000000), ref: 05221B90
send.WS2_32(?,?,?,00000000), ref: 05221BA3
GlobalFree.KERNEL32(?), ref: 05221BB9
GlobalFree.KERNEL32(?), ref: 05221BCE
WaitForSingleObject.KERNEL32(?,?,?,?,?,00000000), ref: 05221BED

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: Global$FreeMemoryProcessWrite$AllocObjectSingleWaitsend
String ID:
API String ID: 291951911-0
Opcode ID: 848eec3ed54ffe91221a80fe73063af0991f379aaa346b009e020b40b139d6cc
Instruction ID: 6923c66b4bdac04acb3bdc6b41e2089d79a7e68eb14f44dd25603c560c158f85
Opcode Fuzzy Hash: 848eec3ed54ffe91221a80fe73063af0991f379aaa346b009e020b40b139d6cc
Instruction Fuzzy Hash: AD218D79110355BFDB30CF14D889E6A7BB9FF54314F004A29F95AC6690E770E654CB60

Uniqueness

Uniqueness Score: -1.00%

Function 05202DDC Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 170
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcpynA.KERNEL32(00000000,00000000,00000000,?,?,?,?,00500000,00000001), ref: 05202E51
lstrcpynA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00500000,00000001), ref: 05202EAB
lstrcpynA.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00500000), ref: 05202F05
lstrcpynA.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00500000), ref: 05202F40
lstrcpynA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00500000), ref: 05202F7B

Strings

0.0.0.0, xrefs: 05202E00, 05202E05

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: lstrcpyn
String ID: 0.0.0.0
API String ID: 97706510-3771769585
Opcode ID: 05fd30a28f0ffe41eb55297eceffe9597d51f5b34056c48b7816515e9441a413
Instruction ID: 2d211ee856559e413278cf95829f3b35af1b193f1336063da7b418302b49b4f0
Opcode Fuzzy Hash: 05fd30a28f0ffe41eb55297eceffe9597d51f5b34056c48b7816515e9441a413
Instruction Fuzzy Hash: 3551C575A61308BBEF119F90DC8ABAD7B72EF09700F005055FB187A2D2D2B69560DF51

Uniqueness

Uniqueness Score: -1.00%

Function 05221C16 Relevance: 7.6, APIs: 5, Instructions: 72
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetQueuedCompletionStatus.KERNEL32(?,?,?,000000FF), ref: 05221C3E
CloseHandle.KERNEL32(?), ref: 05221C59
closesocket.WS2_32(?), ref: 05221C79
GlobalFree.KERNEL32(?), ref: 05221C8A
GlobalFree.KERNEL32(?), ref: 05221C99

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: FreeGlobal$CloseCompletionHandleQueuedStatusclosesocket
String ID:
API String ID: 4052993097-0
Opcode ID: 83647ef7713688e7b185a8cba456a040f6073b696448ed00eb5e2918e6ea2f06
Instruction ID: 42c5eb0cdf63a8fb134d356221bb6477d964192f0cd77e578e4532ef04c4408c
Opcode Fuzzy Hash: 83647ef7713688e7b185a8cba456a040f6073b696448ed00eb5e2918e6ea2f06
Instruction Fuzzy Hash: AE211C7D920219FFCB14DF95D988CAE7BB9FF04310B114599E809A7291C730EE11DB62

Uniqueness

Uniqueness Score: -1.00%

Function 05201171 Relevance: 4.6, APIs: 3, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0520118D
VirtualQueryEx.KERNEL32(00000000,00000000,00000000,0000001C), ref: 05201208
FindCloseChangeNotification.KERNEL32(00000000), ref: 05201234

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: ChangeCloseCurrentFindNotificationProcessQueryVirtual
String ID:
API String ID: 1179602206-0
Opcode ID: 37dce8cbc3cc2276c7fa6b7f6701feb77d8e82339befd98d306e83062c082500
Instruction ID: 5e3b803df86948539780c511a7b018aae2908a60a4817bcaf3c24f1c3bdc2939
Opcode Fuzzy Hash: 37dce8cbc3cc2276c7fa6b7f6701feb77d8e82339befd98d306e83062c082500
Instruction Fuzzy Hash: 5E3198B1F51308BFEB109FA4DC86B9EBBB4AF15700F045064F608BA1C2D6B59650CF91

Uniqueness

Uniqueness Score: -1.00%

Function 05205B80 Relevance: 3.9, APIs: 3, Instructions: 193
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcpynA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,05205B39,?,?,00000000), ref: 05205BEF
lstrcpynA.KERNEL32(00000000,00000000,00000000), ref: 05205C74
lstrcpynA.KERNEL32(00000000,00000000,00000000), ref: 05205CBF

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: lstrcpyn
String ID:
API String ID: 97706510-0
Opcode ID: f33ff672c0003b402a00748a34e6bf146b16158066dc67111f760c9cafa25726
Instruction ID: 2e943962a0cc55a1eb49ebdec8ecf986f95f9bf6f3b2698fff6b38176e5d5c25
Opcode Fuzzy Hash: f33ff672c0003b402a00748a34e6bf146b16158066dc67111f760c9cafa25726
Instruction Fuzzy Hash: 51610775A51309ABEF20DF90DC86B9E7BB5FF09704F141054FA04BA2C2D3B6A9508F55

Uniqueness

Uniqueness Score: -1.00%

Function 05201D26 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,00000001,00000001,00000040), ref: 05201D87

Strings

@, xrefs: 05201D40

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: AllocVirtual
String ID: @
API String ID: 4275171209-2766056989
Opcode ID: d1da2b320d15a2b50ecc8dc2bd3ca415f89f196b0b7298be83c0d1898d498f5e
Instruction ID: 3d229386ff8e41d8603e0ec72f1a39565c8b310708cbede1ccff85392eb3796d
Opcode Fuzzy Hash: d1da2b320d15a2b50ecc8dc2bd3ca415f89f196b0b7298be83c0d1898d498f5e
Instruction Fuzzy Hash: 1A016970E52308FBEB109F909D4AF9D7B71AB05700F109159FA083A2C2D7F66620CB85

Uniqueness

Uniqueness Score: -1.00%

Function 05221905 Relevance: 3.0, APIs: 2, Instructions: 40
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSARecv.WS2_32(?,?,00000001,?,00000000,?,00000000), ref: 05221940
WSAGetLastError.WS2_32 ref: 0522194B

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: ErrorLastRecv
String ID:
API String ID: 904507345-0
Opcode ID: 8f429470289e95613b294af867d046b4b865581327190d0dedbbf9fcf9840a28
Instruction ID: 958adb0f2431fc2dd479c0557be47cf0f0ce4ecb1a0b3ee23f24b30a5a255918
Opcode Fuzzy Hash: 8f429470289e95613b294af867d046b4b865581327190d0dedbbf9fcf9840a28
Instruction Fuzzy Hash: C7F08176910210AFDB10CF58D989F5E3BB8EF48714F1541A4E409F7290D774DA01CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 05221DC5 Relevance: 2.5, APIs: 2, Instructions: 35
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalAlloc.KERNEL32(00000040,0000002C), ref: 05221DCD

Part of subcall function 05221000: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000), ref: 05221023
Part of subcall function 05221000: WSASocketW.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 05221037

GlobalFree.KERNEL32(00000000), ref: 05221E10

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: Global$AllocCreateEventFreeSocket
String ID:
API String ID: 3019100287-0
Opcode ID: 8b37b476cb064e742523c1a7a406075dd246e0ab3c2900b1962d305c909e39d1
Instruction ID: ab68d4f36183ab86c8502b6bfdb1edac4d12cacbf3e64c5799cdc5a4d933d234
Opcode Fuzzy Hash: 8b37b476cb064e742523c1a7a406075dd246e0ab3c2900b1962d305c909e39d1
Instruction Fuzzy Hash: A2F0CA3A110169FBCF226E90DC05EEA3E26FF0C390F055010FF08A5020C232C870EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05201E64 Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(052019CB,00000000,00008000,?,052019CB), ref: 05201E86

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 1478073d1504222e42d5fd94277c641751949f54de088bdaaaade6ae9dc77e27
Instruction ID: 44255cbb71e0e71fb410916c100a9f22495f8bc9d66ad21cb10623bddd80f2e6
Opcode Fuzzy Hash: 1478073d1504222e42d5fd94277c641751949f54de088bdaaaade6ae9dc77e27
Instruction Fuzzy Hash: 31E09270E55308FBD710DF90DC46B5EBBB0AF05700F109160F6087A1C1D6B26624DB85

Uniqueness

Uniqueness Score: -1.00%

Function 05221C04 Relevance: 1.3, APIs: 1, Instructions: 4sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00004E20), ref: 05221C09

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 9b857eadce66918b5aff2a223f08c77eee1b9168c1997ff83046f81d8572de0c
Instruction ID: dda78e564e68f0f505068fc143a5aa7d461b4c39c4b2a75db6197da6aa25fc85
Opcode Fuzzy Hash: 9b857eadce66918b5aff2a223f08c77eee1b9168c1997ff83046f81d8572de0c
Instruction Fuzzy Hash: C9A0026DA7D2A4B6E510B760F90ED592E36BF20A437005451A717480D44FF40524C527

Uniqueness

Uniqueness Score: -1.00%

Function 105754F5 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000003.2463345216.0000000010575000.00000004.00000800.00020000.00000000.sdmp, Offset: 10575000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_3_10575000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16664bc959dd63d289ea2d90b0c33d561c90f9e78cf819d9aeeefdf53f3a96d7
Instruction ID: 7ace6fa3a66e67cada2b04c2b36f4ddd72451e1f66310a28a157b72e67fe36cd
Opcode Fuzzy Hash: 16664bc959dd63d289ea2d90b0c33d561c90f9e78cf819d9aeeefdf53f3a96d7
Instruction Fuzzy Hash: D6F02D72C482C46FC342CB658884B89BFEDAB45248F76C485E04597113C7A09942DB62

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 05206180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(05207FAE,00000001,?,000009DC,00000001,00000000,00000000,80000006,00500000,00000001), ref: 05206189
HeapAlloc.KERNEL32(02F00000,00000008,05207FAE,00000000,05207FAE,00000001,?,000009DC,00000001,00000000,00000000,80000006,00500000,00000001), ref: 0520619D
MessageBoxA.USER32(00000000,0520FE2C,error,00000010), ref: 052061B6

Strings

error, xrefs: 052061AB

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: Heap$AllocMessageProcess
String ID: error
API String ID: 445856604-1574812785
Opcode ID: 1078ce66b2348fef797ef8279c12e3742258a1f074cb712607b7a05e5e2ea969
Instruction ID: e4420e9b50136520d75c5801c350385dcf13377710be90f8a5bb54b8f8c65dff
Opcode Fuzzy Hash: 1078ce66b2348fef797ef8279c12e3742258a1f074cb712607b7a05e5e2ea969
Instruction Fuzzy Hash: 04E092B5AA37116BC7209BA4B80EF5B7EAABF04651B002114F905E22C3FE70AC10DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0520AB50 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4bfdb248b3fb90f8076a3fe4a1e75f7bd1b50aa5aafde52d762773f77742459
Instruction ID: 9a3858fda835c9898fc4a906c72183e9144b1065f1d6863502a7f492e35adcf0
Opcode Fuzzy Hash: d4bfdb248b3fb90f8076a3fe4a1e75f7bd1b50aa5aafde52d762773f77742459
Instruction Fuzzy Hash: 72F1AC725092818FC309CF18D5989E27BE2FFA8710B1F42F9D45A9B3A3D7729841CB91

Uniqueness

Uniqueness Score: -1.00%

Function 052093D0 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a6f049a6ccb2336de012f3ce20d27f2f5f94a9bb62d693583842954faabcaad
Instruction ID: 7eaea9d0b6075e5100f03a3a786f6ccb498518ccfb7a6c687cfd9cc069cffade
Opcode Fuzzy Hash: 7a6f049a6ccb2336de012f3ce20d27f2f5f94a9bb62d693583842954faabcaad
Instruction Fuzzy Hash: 47D12775225B418FD328CF29C980AA7B7E6FF89304B14992DD4DB87B92D671F846CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0520B0D0 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba94eb6c7a0d7bd69686a21b5d183d9416aa65929e10768aaa5c26b9e610178d
Instruction ID: 4f7885091267c391cac8d161378b3fee2231b2e39bd733ed396a7dcfc2999a23
Opcode Fuzzy Hash: ba94eb6c7a0d7bd69686a21b5d183d9416aa65929e10768aaa5c26b9e610178d
Instruction Fuzzy Hash: 50D19A752092518FC319CF28E5E88E67BE2BFA8740F0E42F8C94A9B363D7319945CB55

Uniqueness

Uniqueness Score: -1.00%

Function 05208F30 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3058a1fdd87829bcb7b175daa6317f241f0349664fd22712b98d6d7169e832c7
Instruction ID: 5691efa55a61c6dcd2f089c1249d2011bd63ef18368d197e9dc054107d59825f
Opcode Fuzzy Hash: 3058a1fdd87829bcb7b175daa6317f241f0349664fd22712b98d6d7169e832c7
Instruction Fuzzy Hash: 1CB12575225B418FD328CF29C9909A7B7E6BF89304B18992DD48BC7B92E671F841CB44

Uniqueness

Uniqueness Score: -1.00%

Function 05209B00 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aef15154e296c1427e0f701c6c821eabec13d4c4618c7ff3ccbc9613e806497
Instruction ID: f9789e82b260768177e028c44092b20af402db07aa342f1b3d2be9874598f2a0
Opcode Fuzzy Hash: 5aef15154e296c1427e0f701c6c821eabec13d4c4618c7ff3ccbc9613e806497
Instruction Fuzzy Hash: CE519533F74A150BA34CCD6DAC5A12637D2ABCC32070DC63DEA56D7386EE74AD129284

Uniqueness

Uniqueness Score: -1.00%

Function 05209D80 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4f27dd10139f30faea009d98bf7d04ad43b169fe1efa635cf320682f8d45aa
Instruction ID: cfb7f02ad11d5ca6bc0d0ff387403d1877e1d33bca78b8252120f7f8ffe9c6fc
Opcode Fuzzy Hash: 0b4f27dd10139f30faea009d98bf7d04ad43b169fe1efa635cf320682f8d45aa
Instruction Fuzzy Hash: BC312D3374958203F71DCA2F8CA12BAEAD34FC512872DD57E99CA87357ECBA44578144

Uniqueness

Uniqueness Score: -1.00%

Function 05207AB0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56305c04696136e4c3b295a7ca1a84022cab37cb0b5c3a4ba7e0025377afcd86
Instruction ID: a6ec3cb376e5ff9a50b95ccd08fcf0cdff66a755ea5bbf1fb629a36ff6927c95
Opcode Fuzzy Hash: 56305c04696136e4c3b295a7ca1a84022cab37cb0b5c3a4ba7e0025377afcd86
Instruction Fuzzy Hash: E0E04F75A15308DBEB14CF4AF54675ABBE8FB18304F108199FA0CE3381EF729D108684

Uniqueness

Uniqueness Score: -1.00%

Function 05207130 Relevance: 37.2, APIs: 18, Strings: 3, Instructions: 426windowstringCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,05211EF8,00000104), ref: 052071AE
strrchr.MSVCRT ref: 052071BF
_ftol.MSVCRT ref: 052072FE
GetCommandLineA.KERNEL32 ref: 05207324
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 05207391
GetMessageA.USER32(?,00000000,00000000,00000000), ref: 052073C3
TranslateMessage.USER32(?), ref: 052073CA
DispatchMessageA.USER32(?), ref: 052073D1
PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 052073E0
wsprintfA.USER32 ref: 05207623
MessageBoxA.USER32(00000000,?,blackmoon,00000010), ref: 0520763A

Strings

ERROR, xrefs: 052075C0
blackmoon, xrefs: 05207632
BlackMoon RunTime Error:%s, xrefs: 052075A8

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: Message$Peek$CommandDispatchFileLineModuleNameTranslate_ftolstrrchrwsprintf
String ID: BlackMoon RunTime Error:%s$ERROR$blackmoon
API String ID: 3335176381-532175377
Opcode ID: 9149732b8c57e5a9d3dc418abb1273839987552ac23b488777f30e504e109e07
Instruction ID: 313a694ed6ca4847bebc9f29eb746f6bf5ced107b51e71609880895f953088e9
Opcode Fuzzy Hash: 9149732b8c57e5a9d3dc418abb1273839987552ac23b488777f30e504e109e07
Instruction Fuzzy Hash: C7C17D337A55054BD3349168BC45BFBBB81EFD0322F18113AEE0AC61C1D97BA519CAA6

Uniqueness

Uniqueness Score: -1.00%

Function 052215A5 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 163stringnetworkCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 052215D0
wsprintfA.USER32 ref: 052215E5
wsprintfA.USER32 ref: 052215F6
lstrcpy.KERNEL32(?,?), ref: 0522160E
lstrcat.KERNEL32(?,052230E8), ref: 05221623
lstrcat.KERNEL32(?,?), ref: 0522162C
lstrlen.KERNEL32(?,?,?,00000010,?,00000000,00000000), ref: 05221632
wsprintfA.USER32 ref: 0522165B
wsprintfA.USER32 ref: 0522166F
wsprintfA.USER32 ref: 05221682
ioctlsocket.WS2_32(?,8004667E,?), ref: 0522169B
send.WS2_32(?,?,00000000,00000000), ref: 052216AC
recv.WS2_32(?,?,00002000,00000000), ref: 05221722

Strings

Proxy-Authorization: Basic *, xrefs: 05221669
HTTP/1.1 200 , xrefs: 0522174A
Content-length: 0, xrefs: 0522167C
Proxy-Authorization: Basic %s, xrefs: 05221655
HTTP/1.0 200 , xrefs: 0522172D
Proxy-Connection: Keep-Alive, xrefs: 052215F0
CONNECT %s:%d HTTP/1.1, xrefs: 052215CA
Host: %s:%d , xrefs: 052215DF

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: wsprintf$lstrcat$ioctlsocketlstrcpylstrlenrecvsend
String ID: CONNECT %s:%d HTTP/1.1$Content-length: 0$HTTP/1.0 200 $HTTP/1.1 200 $Host: %s:%d $Proxy-Authorization: Basic %s$Proxy-Authorization: Basic *$Proxy-Connection: Keep-Alive
API String ID: 1785896898-80360199
Opcode ID: c71dcea9ff5208045c74fb7634ee173905d8226c0aa314013c1051320b44cb7c
Instruction ID: ae47c2cb41e3221cfba2a7e1387ebd50e58cb840be828e94941ed28de170f3b4
Opcode Fuzzy Hash: c71dcea9ff5208045c74fb7634ee173905d8226c0aa314013c1051320b44cb7c
Instruction Fuzzy Hash: 6351C536A6022DBADF20CFB4DC49EEA37ECEF14210F144966FA15D2090EA74DA15CB61

Uniqueness

Uniqueness Score: -1.00%

Function 052213CC Relevance: 19.6, APIs: 13, Instructions: 136networkstringCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,8004667E,?), ref: 052213E6
send.WS2_32(?,?,00000004,00000000), ref: 05221414
recv.WS2_32(?,00000005,00000400,00000000), ref: 05221434
lstrlen.KERNEL32(00000000,00000000,?,00000005,00000400,00000000,?,?,00000004,00000000,?,8004667E,?,76A8F070), ref: 0522145E
lstrlen.KERNEL32(00000000,?,00000005,00000400,00000000,?,?,00000004,00000000,?,8004667E,?,76A8F070), ref: 05221466
wsprintfA.USER32 ref: 05221486
wsprintfA.USER32 ref: 052214A7
send.WS2_32(?,00000001,00000003,00000000), ref: 052214BE
recv.WS2_32(?,00000001,00000400,00000000), ref: 052214D8
lstrlen.KERNEL32(?,00000000,?,00000005,00000400,00000000,?,?,00000004,00000000,?,8004667E,?,76A8F070), ref: 05221503
wsprintfA.USER32 ref: 05221532
send.WS2_32(?,00000005,-00000003,00000000), ref: 05221561
recv.WS2_32(?,00000005,00000400,00000000), ref: 0522157A

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: lstrlenrecvsendwsprintf$ioctlsocket
String ID:
API String ID: 3967628004-0
Opcode ID: 5a3e5c74940b1cd10c4ee2c6b67f3d7ecd9cff489b41048754c61bac4f1aca9e
Instruction ID: 0e159006fa8613cf95f999eba413c4a9a6f2f760c2df673c98183f3adfe2a74a
Opcode Fuzzy Hash: 5a3e5c74940b1cd10c4ee2c6b67f3d7ecd9cff489b41048754c61bac4f1aca9e
Instruction Fuzzy Hash: A05171B5910168BEEF21CB64DC48BAA7FB8EF14204F0480D5EB08F2151D7754B69CF69

Uniqueness

Uniqueness Score: -1.00%

Function 052076C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 136librarywindowstringCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?), ref: 052076D2
LoadLibraryA.KERNEL32(?), ref: 052076E7
wsprintfA.USER32 ref: 052076FE
MessageBoxA.USER32(00000000,?,DLL ERROR,00000010), ref: 0520772E
atoi.MSVCRT ref: 0520776F
strchr.MSVCRT ref: 052077A9
GetProcAddress.KERNEL32(00000000,?), ref: 052077C7
wsprintfA.USER32 ref: 052077DF
MessageBoxA.USER32(00000000,?,DLL ERROR,00000010), ref: 05207813

Strings

DLL ERROR, xrefs: 05207726, 0520780B

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: Messagewsprintf$AddressHandleLibraryLoadModuleProcatoistrchr
String ID: DLL ERROR
API String ID: 4054768979-4092134112
Opcode ID: cc8712302ed82e2eec646ea01c8326048c5bc18390b52799b26026e631a2154a
Instruction ID: 22b888385da5d919b457e4809172772ed4a624212fd61aae053a97a7a2d79975
Opcode Fuzzy Hash: cc8712302ed82e2eec646ea01c8326048c5bc18390b52799b26026e631a2154a
Instruction Fuzzy Hash: E34107B16113025BD320CF64E849F6B7BE9FF94640F041528FA09D72C2EBB0E908C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 052069F0 Relevance: 16.6, APIs: 11, Instructions: 149registrystringCOMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT ref: 05206A29
strrchr.MSVCRT ref: 05206A50
RegOpenKeyA.ADVAPI32(00000000,00000000,?), ref: 05206A69
??2@YAPAXI@Z.MSVCRT ref: 05206A8C
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,?,00000400,?,?,?,?,00000698,80000004,00000000,00000000,00000000), ref: 05206AAF
??3@YAXPAX@Z.MSVCRT ref: 05206ABD
??2@YAPAXI@Z.MSVCRT ref: 05206AC7
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,00000698,80000004,00000000), ref: 05206AE4
??3@YAXPAX@Z.MSVCRT ref: 05206B0E
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000698,80000004,00000000,00000000,00000000), ref: 05206B1B
??3@YAXPAX@Z.MSVCRT ref: 05206B22

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: ??2@??3@$QueryValue$CloseOpenstrrchr
String ID:
API String ID: 1380196384-0
Opcode ID: c8be882ebcc0e805c1728107dd62bd86a9f2765d5ff8894cf1ab7659df2a9bd8
Instruction ID: c3a8072fc3b80a3dacb700add771a2a90a37faaa8f38381608399803f1e6796e
Opcode Fuzzy Hash: c8be882ebcc0e805c1728107dd62bd86a9f2765d5ff8894cf1ab7659df2a9bd8
Instruction Fuzzy Hash: 824118B16163025FD310EB68AC48E7F7BD8EF81350F141529F949D32C2DA35E909C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 052212E3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63networkstringCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,8004667E,00000000), ref: 052212FB
gethostbyname.WS2_32(?), ref: 05221304
lstrcpy.KERNEL32(?,?), ref: 0522136A
lstrlen.KERNEL32(?,?,8004667E,00000000), ref: 05221373
send.WS2_32(?,00000004,-00000009,00000000), ref: 05221388
recv.WS2_32(?,00000004,00000400,00000000), ref: 052213A6

Strings

Z, xrefs: 052213BE

Memory Dump Source

Source File: 00000002.00000002.4469532467.0000000005220000.00000040.00001000.00020000.00000000.sdmp, Offset: 05220000, based on PE: true

Associated: 00000002.00000002.4469532467.0000000005223000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A5000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469532467.00000000052A8000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5220000_svchost.jbxd

Similarity

API ID: gethostbynameioctlsocketlstrcpylstrlenrecvsend
String ID: Z
API String ID: 2560428080-1505515367
Opcode ID: 2a128c79e1e79bddfc411166f79bf4e10d572ed46ccac74f457f21e84bc25532
Instruction ID: 10aadde7f367b0a1e98c491230f3e5b33da72dc6463b73d438f45898571374a3
Opcode Fuzzy Hash: 2a128c79e1e79bddfc411166f79bf4e10d572ed46ccac74f457f21e84bc25532
Instruction Fuzzy Hash: E221A1B5A20159FFDF21CB24DD09FA9BFB9AF11201F0044E8E745A7192D6348B55CB25

Uniqueness

Uniqueness Score: -1.00%

Function 052060A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70windowCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 05206106
wsprintfA.USER32 ref: 0520611D
MessageBoxA.USER32(00000000,?,error,00000010), ref: 05206167

Strings

error, xrefs: 0520615F
program internal error number is %d. %s, xrefs: 05206117

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: wsprintf$Message
String ID: error$program internal error number is %d. %s
API String ID: 386942524-1911117719
Opcode ID: 3ca94d4d0c8d30e9231007557daae9121d559607cfb57fbe7249c3e0dffabcaf
Instruction ID: 4f58514ce77cb84f93c1ec7718d06e1fe9ce4e0da3918e976bff1b10d85c566a
Opcode Fuzzy Hash: 3ca94d4d0c8d30e9231007557daae9121d559607cfb57fbe7249c3e0dffabcaf
Instruction Fuzzy Hash: 0621F971666201AFEB20CB14EC46FB7B7A9BF45700F04541DF549972C3DA70E954CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05206220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35memorywindowCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 05206229
HeapReAlloc.KERNEL32(02F00000,00000000,?,?), ref: 05206246
HeapAlloc.KERNEL32(02F00000,00000008,?), ref: 05206256
MessageBoxA.USER32(00000000,0520FE2C,error,00000010), ref: 0520626F

Strings

error, xrefs: 05206264

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: Heap$Alloc$MessageProcess
String ID: error
API String ID: 2690588855-1574812785
Opcode ID: 6802d70db51250407f8f80c99736bdfa85af44a5bc7872cc058f6dc2b372f8e8
Instruction ID: 8f5af7b8e5e8081b4b7fc94e5cd3c4c3d5795fe1ba799215b55f4bf8a0ff0b50
Opcode Fuzzy Hash: 6802d70db51250407f8f80c99736bdfa85af44a5bc7872cc058f6dc2b372f8e8
Instruction Fuzzy Hash: A2F096B5663311AFD72097A0BD0EF277B6ABF44641F005108F945D61C2EA70AC10CB61

Uniqueness

Uniqueness Score: -1.00%

Function 052064F0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 193COMMON

Download Yara Rule

Strings

%.13g, xrefs: 05206709
%I64d, xrefs: 052066CC

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID:
String ID: %.13g$%I64d
API String ID: 0-332557321
Opcode ID: 627479d83b13730bd3a56468351382874a7990d4fad8014394fd6a9ce671ccaf
Instruction ID: f1973c5d4c983a74d588fd49cbcaca2d4e6c8f6e434ed8679ab0676c79a733f3
Opcode Fuzzy Hash: 627479d83b13730bd3a56468351382874a7990d4fad8014394fd6a9ce671ccaf
Instruction Fuzzy Hash: 975149712362014BD738CB68D889AFF73E9EF80310F14591DFA5AC21E2DAB9F4658352

Uniqueness

Uniqueness Score: -1.00%

Function 05207F00 Relevance: 7.6, APIs: 5, Instructions: 88stringCOMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 05207F23
strstr.MSVCRT ref: 05207F36
strstr.MSVCRT ref: 05207F73
LCMapStringA.KERNEL32(00000804,00400000,00000000,00000000,00000000,00000001,?,?,?,?,000009DC,00000001,00000000,00000000,80000006,00500000), ref: 05207FC1
free.MSVCRT(00000000,?,?,?,?,000009DC,00000001,00000000,00000000,80000006,00500000,00000001), ref: 05207FC8

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: strstr$Stringfreemalloc
String ID:
API String ID: 467974375-0
Opcode ID: 9d89fa7308c925e497f35e7a1ebf3ebf388021c652eb44ef00885e8dc7a21d78
Instruction ID: 199a31e678b2eb2db3c07a79497c5ae0c6a4cecc407b2a6fbae9f30c6ee4ebe8
Opcode Fuzzy Hash: 9d89fa7308c925e497f35e7a1ebf3ebf388021c652eb44ef00885e8dc7a21d78
Instruction Fuzzy Hash: 69214C737253055FC724AA286C09A7BB7CAFF85205F080438FD0AD7286EE70A909C3A1

Uniqueness

Uniqueness Score: -1.00%

Function 052061D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25memorywindowCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(05206BA5,0000000A,?,?,05205AEE,00000002,?,00000000,80000301,?,00000000,80000301), ref: 052061D9
HeapAlloc.KERNEL32(02F00000,00000000,80000301,?,05206BA5,0000000A,?,?,05205AEE,00000002,?,00000000,80000301,?,00000000,80000301), ref: 052061ED
MessageBoxA.USER32(00000000,0520FE2C,error,00000010), ref: 05206206

Strings

error, xrefs: 052061FB

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: Heap$AllocMessageProcess
String ID: error
API String ID: 445856604-1574812785
Opcode ID: 2edf2f76c69fa56ceaf6aa893053643ab31cebbeac672b818f65599c44626a1f
Instruction ID: 427477416ba23fb7d9e4308deb0996b4dc53c5825ab3491f1eb6aecd6b2860d0
Opcode Fuzzy Hash: 2edf2f76c69fa56ceaf6aa893053643ab31cebbeac672b818f65599c44626a1f
Instruction Fuzzy Hash: DDE06DB5AA23116BC7209AA4B80EB677AAAAF04641B002155F905E62C3EA70A810CA51

Uniqueness

Uniqueness Score: -1.00%

Function 05208830 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 052088B5
malloc.MSVCRT ref: 05208923
malloc.MSVCRT ref: 05208994
free.MSVCRT(00000000), ref: 052089EB

Memory Dump Source

Source File: 00000002.00000002.4469347489.0000000005201000.00000020.00001000.00020000.00000000.sdmp, Offset: 05200000, based on PE: true

Associated: 00000002.00000002.4469298224.0000000005200000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469394009.000000000520C000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.4469449282.000000000520E000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5200000_svchost.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 99297a56bed4fa6adf4bd1d103be249f132247dae7bdf004a60e5611a8885406
Instruction ID: c12a183a1bfd584554e755783727e5ed0e687ff217c131b52247f69ce370b1cc
Opcode Fuzzy Hash: 99297a56bed4fa6adf4bd1d103be249f132247dae7bdf004a60e5611a8885406
Instruction Fuzzy Hash: D251137172530A8FCB14EE6998C167BB2DABFC4210F44092DE90AC7382DB75DA088792

Uniqueness

Uniqueness Score: -1.00%

Source: Joe Sandbox View	ASN Name: CHINA169-BACKBONECHINAUNICOMChina169BackboneCN CHINA169-BACKBONECHINAUNICOMChina169BackboneCN
Source: Joe Sandbox View	ASN Name: BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtd
Source: Joe Sandbox View	ASN Name: CHINANET-BACKBONENo31Jin-rongStreetCN CHINANET-BACKBONENo31Jin-rongStreetCN

Source: Joe Sandbox View	IP Address: 104.193.88.112 104.193.88.112
Source: Joe Sandbox View	IP Address: 104.193.90.87 104.193.90.87

Source: unknown	DNS query: name: www.ip138.com
Source: unknown	DNS query: name: 2023.ip138.com

Source: global traffic	TCP traffic: 192.168.2.5:49707 -> 45.125.46.159:8712
Source: global traffic	TCP traffic: 192.168.2.5:49709 -> 202.189.4.141:9000

Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 45.125.46.159
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	TCP traffic detected without corresponding DNS query: 202.189.4.141
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	String found in binary or memory: http://10.ip138.com/
Source: svchost.exe, 00000002.00000002.4467162438.0000000003212000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://202.189.4.141:9000/img.gif
Source: search-sug_947981a[1].js.2.dr	String found in binary or memory: http://api.open.baidu.com/new_hsug/data/write
Source: svchost.exe, 00000002.00000003.2041869851.0000000006409000.00000004.00000020.00020000.00000000.sdmp, IKR5FVEW.htm.2.dr	String found in binary or memory: http://app.4399.cn/
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://b1.bdstatic.com/img/pc.gif
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://bdimg.share.baidu.com
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://bdimg.share.baidu.com/static/api/js/custom/resultshare.js
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://bjyz-mco-searchbox201609-m12xi3-044.bjyz.baidu.com:8080/tcbox?action=pblog
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://bjyz-mco-searchbox201609-m12xi3-044.bjyz.baidu.com:8080/ztbox
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://bjyz-mco-searchbox201609-m12xi3-044.bjyz.baidu.com:8080/ztbox?action=zpblog
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://bzclk.baidu.com
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://click.hm.baidu.com/app.gif?ap=1801081&ch=47556
Source: svchost.exe, 00000002.00000003.2289813335.000000000D0AA000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280973223.000000000D0AC000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2308203497.000000000D0AC000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2289984294.000000000D0AC000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2280919991.000000000D0AA000.00000004.00000800.00020000.00000000.sdmp, min_super-f2d67e59b3[1].js.2.dr	String found in binary or memory: http://dj0.baidu.com/v.gif?pid=315&type=2011&portrait=
Source: svchost.exe, 00000002.00000003.2271650243.000000000D080000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2271931408.000000000D084000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2271957584.000000000D085000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272179964.000000000D089000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272138428.000000000D088000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2271818494.000000000D082000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272052995.000000000D087000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272240684.000000000D08C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272012973.000000000D086000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272215674.000000000D08A000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2271741932.000000000D081000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2271868964.000000000D083000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2272264796.000000000D08E000.00000004.00000800.00020000.00000000.sdmp, min_super-f2d67e59b3[1].js.2.dr	String found in binary or memory: http://dj1.baidu.com/v.gif?
Source: nu_instant_search_62c9c51[1].js.2.dr	String found in binary or memory: http://e.baidu.com/?refer=888
Source: PEEPV5GT.htm.2.dr	String found in binary or memory: http://e.baidu.com/ebaidu/home?refer=887
Source: nu_instant_search_62c9c51[1].js.2.dr	String found in binary or memory: http://e.baidu.com?refer=889
Source: all_async_search_d3cea19[1].js.2.dr, min_super-f2d67e59b3[1].js.2.dr	String found in binary or memory: http://eclick.baidu.com/ps_fp.htm?
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://ecmb.bdimg.com
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://ecmb.bdimg.com/public03/pc.gif
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://f3.baidu.com
Source: super_load-8301698f5e[1].js.2.dr	String found in binary or memory: http://f3.baidu.com/index.php/feedback/zx/getData
Source: svchost.exe, 00000002.00000003.2280837594.000000000C7BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f3.baidu.comU
Source: PEEPV5GT.htm.2.dr	String found in binary or memory: http://fanyi.baidu.com/
Source: iconfont-cdfecb8456[1].eot.2.dr	String found in binary or memory: http://fontello.com
Source: iconfont-cdfecb8456[1].eot.2.dr	String found in binary or memory: http://fontello.comCreated
Source: svchost.exe, 00000002.00000003.2369403820.000000000BA58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hectorstatic.baidu.com/96c9c06653ba892e.jsp
Source: svchost.exe, 00000002.00000003.2237703811.000000000BF56000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://hectorstatic.baidu.com/cd37ed75a9387c5b.js
Source: svchost.exe, 00000002.00000002.4473170796.0000000006499000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hectorstatic.baidu.com/cd37ed75a9387c5b.jsents/hotsearch-5af0f864cf.jssg831ecd.pnghttps://dss
Source: svchost.exe, 00000002.00000003.2208025983.000000000338C000.00000004.00000020.00020000.00000000.sdmp, PEEPV5GT.htm.2.dr	String found in binary or memory: http://hi.baidu.com/
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://i.baidu.com
Source: search-sug_947981a[1].js.2.dr	String found in binary or memory: http://i.baidu.com/my/history?from=pssug
Source: nu_instant_search_62c9c51[1].js.2.dr	String found in binary or memory: http://image.baidu.com
Source: PEEPV5GT.htm.2.dr	String found in binary or memory: http://image.baidu.com/
Source: PEEPV5GT.htm.2.dr	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=
Source: svchost.exe, 00000002.00000003.2236719787.000000000BCD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://image.baidu.com/i?tn=baiduimage&ps=1&ct=201326592&lm=-1&cl=2&nc=1&ie=utf-8
Source: PEEPV5GT.htm.2.dr	String found in binary or memory: http://ir.baidu.com
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://isphijack.baidu.com/index.php?cb=isp_hijack
Source: all_async_search_d3cea19[1].js.2.dr	String found in binary or memory: http://j.br.baidu.com/v1/t/ui/p/browser/tn/10105001/ch_dl_url
Source: svchost.exe, 00000002.00000003.2280837594.000000000C7A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://j.br.baidu.com/v1/t/ui/p/browser/tn/10105001/ch_dl_urlx

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 7J4bYHR4n3.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\W6P0LOFN\www.baidu[1].xml

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\FDKIT3IR.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\advert-064271ed9b[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\ai-search-box-entry-ea20fec552[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\content-info-12dbf9fb6d[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\invoke-97e9694cb9[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\lottie_ad9c879[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newjiankang-f03b804b4b[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\newzhibo-a6a0831ecd[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\nu_instant_search_62c9c51[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\peak-result[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\polyfill_9354efa[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\result@2[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\result[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\sbase-65630eb62e[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\tips-e2ceadd14d[1].js

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\IKR5FVEW.htm

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\PCfb_5bf082d29588c07f842ccde3f97243ea[1].png

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\aging-tools-35648b2e67[1].js

Windows Analysis Report
7J4bYHR4n3.exe

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre