Click to jump to signature section
Source: C:\Windows\SysWOW64\4AF6882x0.sys | Avira: detection malicious, Label: HEUR/AGEN.1360134 |
Source: C:\Users\user\Desktop\FDDD842\DECE08\DB30wuwts.dll | Avira: detection malicious, Label: HEUR/AGEN.1328190 |
Source: C:\Windows\SysWOW64\4EF5yCWy7.sys | Avira: detection malicious, Label: HEUR/AGEN.1360134 |
Source: C:\Windows\GED2676B.sys | Avira: detection malicious, Label: HEUR/AGEN.1360134 |
Source: C:\Users\user\Desktop\FDDD842\I2345186\CD9Axqnlo.dll | Avira: detection malicious, Label: HEUR/AGEN.1328196 |
Source: C:\Windows\SysWOW64\AECXbew3.sys | Avira: detection malicious, Label: HEUR/AGEN.1360134 |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\B6BD4F8AEC12\5809hcaUR.dll | Avira: detection malicious, Label: TR/Inject.zdewt |
Source: C:\Users\user\Desktop\FDDD842\F2370162\EC0Flgjjj.dll | Avira: detection malicious, Label: HEUR/AGEN.1328190 |
Source: C:\Users\user\Desktop\FDDD842\A01F2F\2FBF63xrk.dll | ReversingLabs: Detection: 54% |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\B6BD4F8AEC12\5809hcaUR.dll | ReversingLabs: Detection: 61% |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\B88887A\A191OHD61.exe | ReversingLabs: Detection: 23% |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\H2710751\4DB1uslgf.dll | ReversingLabs: Detection: 66% |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\H2710751\5C68DGd60.dll | ReversingLabs: Detection: 66% |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\I6750337D0A5\378B81z2x.dll | ReversingLabs: Detection: 39% |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\I6750337D0A5\7A7Awwxxw.dll | ReversingLabs: Detection: 39% |
Source: C:\Users\user\Desktop\FDDD842\DECE08\DB30wuwts.dll | ReversingLabs: Detection: 78% |
Source: C:\Users\user\Desktop\FDDD842\F2370162\EC0Flgjjj.dll | ReversingLabs: Detection: 78% |
Source: C:\Users\user\Desktop\FDDD842\I2345186\CD9Axqnlo.dll | ReversingLabs: Detection: 84% |
Source: C:\Windows\SysWOW64\4AF6882x0.sys | ReversingLabs: Detection: 83% |
Source: C:\Windows\SysWOW64\4AF6882x0.sys | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\DECE08\DB30wuwts.dll | Joe Sandbox ML: detected |
Source: C:\Windows\SysWOW64\4EF5yCWy7.sys | Joe Sandbox ML: detected |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | Joe Sandbox ML: detected |
Source: C:\Windows\GED2676B.sys | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\I2345186\CD9Axqnlo.dll | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\A01F2F\2FBF63xrk.dll | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\H2710751\5C68DGd60.dll | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\B88887A\A191OHD61.exe | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\H2710751\4DB1uslgf.dll | Joe Sandbox ML: detected |
Source: C:\Windows\SysWOW64\AECXbew3.sys | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\CF62A393AEBA\B6BD4F8AEC12\5809hcaUR.dll | Joe Sandbox ML: detected |
Source: C:\Users\user\Desktop\FDDD842\F2370162\EC0Flgjjj.dll | Joe Sandbox ML: detected |
Source: | Binary string: F:\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb<F source: GED2676B.exe, 00000001.00000003.1932855216.0000000006DD2000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1932740938.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, 5C68DGd60.dll.1.dr, 4DB1uslgf.dll.1.dr |
Source: | Binary string: ginCtrl\Release\gamePluginCtrl.pdb source: GED2676B.exe, 00000001.00000003.1932855216.0000000006DD2000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \bin\xkSHWL.pdb source: GED2676B.exe, 00000001.00000002.4377479547.00000000138EE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \DPK.pdb source: GED2676B.exe, 00000001.00000002.4423116599.000000001440F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: DPK\bin\dlq.pdb source: GED2676B.exe, 00000001.00000002.4348544413.000000000F8B4000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1845599469.0000000006D76000.00000004.00000020.00020000.00000000.sdmp, 2FBF63xrk.dll.1.dr |
Source: | Binary string: \GamePluginCtrl\Release\gamePluginCtrl.pdb source: GED2676B.exe, 00000001.00000002.4348100214.000000000F892000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: F:\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb source: GED2676B.exe, 00000001.00000003.1813815405.0000000006D76000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1932855216.0000000006DD2000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1932740938.0000000006E42000.00000004.00000020.00020000.00000000.sdmp, 5C68DGd60.dll.1.dr, 4DB1uslgf.dll.1.dr |
Source: | Binary string: \bin\xkSHWL.pdb=@ source: GED2676B.exe, 00000001.00000002.4377479547.00000000138EE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: G:\projects\G\tools\emptyDll\Release\emptyDll.pdb @ source: GED2676B.exe, 00000001.00000003.1836774009.0000000006D6F000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1836774009.0000000006D79000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1837016535.0000000006D71000.00000004.00000020.00020000.00000000.sdmp, EBE88ACE.dll.1.dr, FCEDSVSRS.dll.1.dr, 1EC2QMMLO.dll.1.dr |
Source: | Binary string: DPK\bin\DPK.pdb source: GED2676B.exe, 00000001.00000002.4397876489.0000000013D94000.00000004.00000020.00020000.00000000.sdmp, 378B81z2x.dll.1.dr, 7A7Awwxxw.dll.1.dr |
Source: | Binary string: \GamePluginCtrl\Release\gamePluginCtrl.pdb<F source: GED2676B.exe, 00000001.00000002.4348100214.000000000F892000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: DPK\bin\JDClient.pdb source: A191OHD61.exe.1.dr |
Source: | Binary string: G:\projects\G\tools\emptyDll\Release\emptyDll.pdb source: GED2676B.exe, 00000001.00000003.1836774009.0000000006D6F000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1836774009.0000000006D79000.00000004.00000020.00020000.00000000.sdmp, GED2676B.exe, 00000001.00000003.1837016535.0000000006D71000.00000004.00000020.00020000.00000000.sdmp, EBE88ACE.dll.1.dr, FCEDSVSRS.dll.1.dr, 1EC2QMMLO.dll.1.dr |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | Code function: 1_2_00468010 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,_strncpy,FindNextFileA,FindClose, | 1_2_00468010 |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | File opened: C:\Users\user | Jump to behavior |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.ini | Jump to behavior |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | File opened: C:\Users\user\AppData | Jump to behavior |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | File opened: C:\Users\user\AppData\Local | Jump to behavior |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Windows | Jump to behavior |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | File opened: C:\Users\user\AppData\Local\Microsoft | Jump to behavior |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.baidu.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: soso.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jd.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.so.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: youdao.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.1688.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hao123.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.eastmoney.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jmw.com.cnRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: foodmate.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /2024-08-06/16_26 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: shanghaics.oss-accelerate.aliyuncs.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cdstm.cnRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.tencent.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cctv.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /operate/18771 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: sf.8090cqg.comConnection: Keep-Alive |
Source: global traffic | HTTP traffic detected: POST /kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1kstoken80597805589 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: zh-cnReferer: http://yanzheng.appchizi.com/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; )Content-Length: 126Host: yanzheng.appchizi.com |
Source: global traffic | HTTP traffic detected: GET /operate/11133 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.baidu.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.qq.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jd.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.so.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sina.com.cnRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.1688.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: soso.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: youdao.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jmw.com.cnRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hao123.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.eastmoney.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: foodmate.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.tencent.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.autohome.com.cnRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cdstm.cnRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /2024-08-06/16_26 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: shanghaics.oss-accelerate.aliyuncs.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cctv.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hupu.comRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jb51.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /operate/24624 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /operate/24624 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /operate/24647 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive |
Source: global traffic | HTTP traffic detected: GET /operate/24647 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.212.11.147 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.30.151 |
Source: unknown | TCP traffic detected without corresponding DNS query: 47.242.126.205 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | TCP traffic detected without corresponding DNS query: 8.218.87.7 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: unknown | UDP traffic detected without corresponding DNS query: 114.114.114.114 |
Source: C:\Program Files (x86)\Mozilla Maintenance Service\GED2676B.exe | Code function: 1_2_0044BA30 _memset,_memset,select,recv,_strncmp,_swscanf,_memset,_swscanf,_memset,_memset,_memset, | 1_2_0044BA30 |